<div dir="ltr">I think I have now accumulated enough spam/nonspam classified emails to make a statistically signification observation: it seems like all emails classified as spam from these lists were send from ipv6:<div><br></div><div><table style="border-collapse:collapse;margin:0px auto;width:1523px;font-family:arial,helvetica,sans-serif"><tbody><tr><th style="border-bottom:thin solid rgb(224,224,224);border-top:thin solid rgb(224,224,224);font-weight:normal;border-left:thin solid rgb(224,224,224);padding:12px 20px;text-align:left">SPF:</th><td style="border-bottom:thin solid rgb(224,224,224);border-top:thin solid rgb(224,224,224);border-right:thin solid rgb(224,224,224);padding:8px"><span class="inbox-inbox-inbox-inbox-pass" style="text-transform:uppercase">PASS</span><span class="inbox-inbox-inbox-inbox-Apple-converted-space"> </span>with IP 2600:3c03:0:0:f03c:91ff:fe61:86ce<span class="inbox-inbox-inbox-inbox-Apple-converted-space"> </span></td></tr></tbody></table><div class="gmail_extra"><br></div><div class="gmail_extra">All emails from <a href="http://bufferbloat.net">bufferbloat.net</a> lists are failing DKIM (because of the mailing list footer breaking the DKIM signature) which might be worth fixing, and failing DMARC because all mailing lists fails DMARC (however google does not have a strict DMARC policy so that shouldn't matter, I hope).</div><div class="gmail_extra"><br></div><div class="gmail_extra">By the way, it's not just you, either. I have emails from others on these lists in my spam folder.</div><div class="gmail_extra"><br></div><div class="gmail_extra">The distinguishing factor seems to be whether the email was sent from the <a href="http://lists.bufferbloat.net">lists.bufferbloat.net</a> ipv6 address. Unless this address corresponds to some kind of tunnel broker possibly also used by spammers, I can only assume this is some kind of bug (after all, it was spf validated so the address shouldn't matter at that point?).</div></div><div class="gmail_extra"><br></div><div class="gmail_extra">I'm going to see if I can file some sort of a bug with special googler powers, but I probably won't be allowed to tell you anything if they reply.</div><br><div class="gmail_quote"><div dir="ltr">On Tue, 27 Sep 2016 at 12:14 Jonathan Morton <<a href="mailto:chromatix99@gmail.com">chromatix99@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
> On 27 Sep, 2016, at 19:04, Dave Taht <<a>dave.taht@gmail.com</a>> wrote:<br>
><br>
> Annoying. Perhaps my link to the blog in my .sig? Perhaps they object<br>
> to my verbosity?<br>
<br>
This seems relevant in the headers:<br>
<br>
Authentication-Results: <a rel="noreferrer">mx.google.com</a>; dkim=neutral (body hash did not verify) header.i=@<a rel="noreferrer">gmail.com</a>; spf=pass (<a rel="noreferrer">google.com</a>: best guess record for domain of <a>cake-bounces@lists.bufferbloat.net</a> designates 45.79.142.77 as permitted sender) smtp.mailfrom=<a>cake-bounces@lists.bufferbloat.net</a>; dmarc=fail (p=NONE dis=NONE) header.from=<a rel="noreferrer">gmail.com</a><br>
<br>
I forget exactly how DKIM and DMARC work, but DKIM seems to be stymied by the list adding its own message footer (which is nevertheless best-practice). I don’t know how relevant a DMARC fail is to their filter, or how relevant it *should* be.<br>
<br>
Could the listserver replace an original, verified DKIM certificate with its own after adding the footer?<br>
<br>
On the upside, I was able to add a filter specifically saying “never send to Spam folder”, and it appears to be working so far. But everyone probably needs to do that; it’s not a scalable solution, only a workaround.<br>
<br>
- Jonathan Morton<br>
<br>
_______________________________________________<br>
Cake mailing list<br>
<a>Cake@lists.bufferbloat.net</a><br>
<a rel="noreferrer">https://lists.bufferbloat.net/listinfo/cake</a><br>
</blockquote></div></div>