Page MenuHomePhabricator

Google Mail marking Phabricator and Gerrit notification emails as spam
Closed, ResolvedPublic

Description

Reported by multiple people on irc starting sometime 2015-10-13.

Gmail UI indicates that messages were marked as spam for violations of https://support.google.com/mail/answer/81126?hl=en#authentication

Headers from one message marked as spam:

1Delivered-To: bdavis@wikimedia.org
2Received: by 10.107.188.2 with SMTP id m2csp2122801iof;
3 Tue, 13 Oct 2015 13:21:10 -0700 (PDT)
4X-Received: by 10.140.129.22 with SMTP id 22mr44762058qhb.74.1444767670179;
5 Tue, 13 Oct 2015 13:21:10 -0700 (PDT)
6Return-Path: <no-reply@phabricator.wikimedia.org>
7Received: from mx1001.wikimedia.org (mx1001.wikimedia.org. [208.80.154.76])
8 by mx.google.com with ESMTPS id b78si4529689qkj.48.2015.10.13.13.21.10
9 for <bdavis@wikimedia.org>
10 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
11 Tue, 13 Oct 2015 13:21:10 -0700 (PDT)
12Received-SPF: neutral (google.com: 2620:0:861:103:10:64:32:150 is neither permitted nor denied by best guess record for domain of no-reply@phabricator.wikimedia.org) client-ip=2620:0:861:103:10:64:32:150;
13Authentication-Results: mx.google.com;
14 spf=neutral (google.com: 2620:0:861:103:10:64:32:150 is neither permitted nor denied by best guess record for domain of no-reply@phabricator.wikimedia.org) smtp.mailfrom=no-reply@phabricator.wikimedia.org
15Received: from iridium.eqiad.wmnet ([2620:0:861:103:10:64:32:150]:64228 helo=localhost.localdomain)
16 by mx1001.wikimedia.org with esmtp (Exim 4.84)
17 (envelope-from <no-reply@phabricator.wikimedia.org>)
18 id 1Zm64L-00021n-NT
19 for bdavis@wikimedia.org; Tue, 13 Oct 2015 20:21:09 +0000
20Date: Tue, 13 Oct 2015 20:21:09 +0000
21To: bdavis@wikimedia.org
22From: Tgr <no-reply@phabricator.wikimedia.org>
23Reply-to: T115388+public+667f89c1c7804555@phabricator.wikimedia.org
24Subject: [Maniphest] T115388: Convert hooks.txt to YAML [Outreachy microtask]
25Message-ID: <maniphest-task-PHID-TASK-zaepdvc7vr2q5vyzqbgo@phabricator.wikimedia.org>
26X-Priority: 3
27X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
28X-Phabricator-Sent-This-Message: Yes
29X-Mail-Transport-Agent: MetaMTA
30X-Auto-Response-Suppress: All
31X-Phabricator-Mail-Tags: <maniphest-other>, <maniphest-status>, <maniphest-priority>, <maniphest-cc>, <maniphest-projects>
32Thread-Topic: T115388: Convert hooks.txt to YAML [Outreachy microtask]
33X-Herald-Rules: <9>, <1>, <11>
34X-Phabricator-Projects: <#documentation>, <#mediawiki-documentation>
35X-Phabricator-To: <PHID-USER-a6p24cvyblhfzc7we7nc>
36X-Phabricator-Cc: <PHID-USER-ll6tmaogat2b5q7tnqas>
37X-Phabricator-Cc: <PHID-USER-gbl4hfak3cfurt3c7skd>
38X-Phabricator-Cc: <PHID-USER-hgn5uw2jafgjgfvxibhh>
39X-Phabricator-Cc: <PHID-USER-a6p24cvyblhfzc7we7nc>
40X-Phabricator-Cc: <PHID-USER-aklqcs2xae5ghg6icqmd>
41Precedence: bulk
42Thread-Index: NzI0NWQ4NDJmOWU1OWJjMzY5NGU4NmZhMTUx
43MIME-Version: 1.0
44Content-Transfer-Encoding: 8bit
45Content-Type: text/plain; charset="utf-8"

Event Timeline

bd808 raised the priority of this task from to Needs Triage.
bd808 updated the task description. (Show Details)
bd808 added a project: acl*sre-team.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptOct 13 2015, 10:30 PM
greg triaged this task as High priority.Oct 13 2015, 10:50 PM
greg added a project: Mail.

Ironically, the messages from this task are being marked as spam as well. See below, my spam folder is filled more with Phab email than real spam:

greg added a comment.Oct 13 2015, 10:55 PM

Btw, I just got this when in gmail's web UI to mark them not as spam:

Anyone else?

I am not certain the 'lack of identity' is what's causing these emails to be marked as spam.

What exactly do you mean by that?

Cheers,

Joel

greg added a comment.Oct 13 2015, 10:59 PM

I am not certain the 'lack of identity' is what's causing these emails to be marked as spam.
What exactly do you mean by that?

The gmail web UI is linking to https://support.google.com/mail/answer/81126?hl=en#authentication for "why is this being marked as spam?".

All replies to this task have ended up in gmail's spam folder for me as well:

Well, gerrit and Phabricator emails are certainly very bad. Multiple bugs have been reported in the last few years with actionable suggestions (some of which can also be acted upon by WMF on the configuration side), but they all were ignored.

Elitre added a subscriber: Elitre.Oct 14 2015, 12:12 PM

Btw, I just got this when in gmail's web UI to mark them not as spam:


Anyone else?

Didn't get that pop-up so far.

New fun today, one message from T115440: Phabricator email notifications marked as spam by GMail marked as a possible phishing scam.

greg added a comment.Oct 14 2015, 3:51 PM

FWIW, I also had a ton of Shinken alerts in my spam folder as well.

I filed a similar ticket[0] back in August for Phabricator and mailing list messages. The issue actually seemed to have resolved itself for the past month or so but it appears to be back as of yesterday.

[0] https://wmf.zendesk.com/requests/8235

I filed a similar ticket[0] back in August for Phabricator and mailing list messages. The issue actually seemed to have resolved itself for the past month or so but it appears to be back as of yesterday.
[0] https://wmf.zendesk.com/requests/8235

Only you and WMF OIT can see that

daniel added a subscriber: daniel.Oct 14 2015, 7:51 PM

You can whitelist mails from wikimedia.org via gmail's web interface:
http://email.about.com/od/gmailtips/qt/et_whitelist.htm

faidon added a subscriber: faidon.Oct 16 2015, 7:54 PM

Well, gerrit and Phabricator emails are certainly very bad. Multiple bugs have been reported in the last few years with actionable suggestions (some of which can also be acted upon by WMF on the configuration side), but they all were ignored.

Can you be a little more specific?

FWIW, we haven't changed anything recently - @JKrauska, this is probably something you should contact Google Apps about, we're customers after all.

I seem to recall that WMF Office IT enabled 'aggressive' spam filtering on @ wikimedia.org Gmail on August 27. I understand that they have the option to whitelist mail from certain domains to bypass the spam filters.

You can whitelist mails from wikimedia.org via gmail's web interface:
http://email.about.com/od/gmailtips/qt/et_whitelist.htm

If you do this, and you also use googlehangout/chat at all, Then do also checkmark the "Don't include chats" box. (Otherwise your email inbox will become a mess)

Well, gerrit and Phabricator emails are certainly very bad. Multiple bugs have been reported in the last few years with actionable suggestions (some of which can also be acted upon by WMF on the configuration side), but they all were ignored.

Can you be a little more specific?

Not really, I'm not going to waste time triaging Phabricator and Gerrit reports; I already spent enough time filing them. Perhaps the maintainers of those components should retriage the mail-related reports.

(I've also been getting translatewiki.net discussions' notifications in my Spam folder for a while. I remember bringing this up on IRC but can't remember what I was told about it.)

greg added a comment.Oct 19 2015, 4:24 PM

Just for observation purposes: so far, it seems the only people confirming this on this task are WMF employees, ie, those with their email being filtered for their @wikimedia.org account hosted by g-apps. Is this overly simplistic?

JKrauska added a comment.EditedOct 19 2015, 4:53 PM

@Nemo_bis: can you cross reference the 'bad'ness of the emails that's been reported?

All of the messages in my Spam box have this..

"Why is this message in Spam? It is in violation of Google's recommended email sender guidelines. Learn more"

Where Learn more links to this.
https://support.google.com/mail/answer/81126?hl=en#authentication

Which is quite lengthly -- but I'll try to dive deeper.

Spam classification

Authentication & Identification
To ensure that Gmail can identify you:

Use a consistent IP address to send bulk mail.
JK: Mail is coming from iridium, directly to mx1001
JK: Received: from iridium.eqiad.wmnet ([2620:0:861:103:10:64:32:150]:61963 helo=localhost.localdomain)
by mx1001.wikimedia.org with esmtp (Exim 4.84)

Keep valid reverse DNS records for the IP address(es) from which you send mail, pointing to your domain.
JK: IPv6 listed above, looks ok.

Use the same address in the 'From:' header on every bulk mail you send.
JK: From: greg <no-reply@phabricator.wikimedia.org>
JK: address stays the same, friendly name will change, not sure if that'll cause grief..

We also recommend the following:

Sign messages with DKIM. We do not authenticate messages signed with keys using fewer than 1024 bits.
JK: No DKIM sig on the message I looked at. Perhaps we could add this.

Publish an SPF record.
JK: There's no SPF for phabricator.wikimedia.org
JK: Since we're using a subdomain here, a more restrictive/explicit SPF might help?
JK: Received-SPF: neutral (google.com: 2620:0:861:103:10:64:32:150 is neither permitted nor denied by best guess record for domain of no-reply@phabricator.wikimedia.org) client-ip=2620:0:861:103:10:64:32:150;

Publish a DMARC policy.
JK: We have one. https://dmarcian.com/dmarc-inspector/wikimedia.org
Learn more about email authentication.

Additional guidelines for IPv6

The sending IP must have a PTR record (i.e., a reverse DNS of the sending IP) and it should match the IP obtained via the forward DNS resolution of the hostname specified in the PTR record. Otherwise, mail will be marked as spam or possibly rejected.
JK: We have this for 2620:0:861:103:10:64:32:150
JK: 0.5.1.0.2.3.0.0.4.6.0.0.0.1.0.0.3.0.1.0.1.6.8.0.0.0.0.0.0.2.6.2.ip6.arpa name = iridium.eqiad.wmnet.

The sending domain should pass either SPF check or DKIM check. Otherwise, mail might be marked as spam.

Subscription
Each user on your distribution list should opt to receive messages from you in one of the following ways (opt-in):

Through an email asking to subscribe to your list.
By manually checking a box on a web form, or within a piece of software.
We also recommend that you verify each email address before subscribing them to your list.
JK: I don't think phabricator has explicit opt-in policies, it seems you just get the mail..

The following methods of address collection are not considered 'opt-in' and are not recommended:

Using an email address list purchased from a third-party.
Setting a checkbox on a web form or within a piece of software to subscribe all users by default (requiring users to explicitly opt-out of mailings).

Unsubscribing
A user must be able to unsubscribe from your mailing list through one of the following means:

A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required).
JK: THIS WE DO NOT HAVE, AND SEEMS TO BE A GOOD IDEA

By replying to your email with an unsubscribe request.
Because Gmail can help users automatically unsubscribe from your email, we strongly recommend the following:

Provide a 'List-Unsubscribe' header which points to an email address or a URL where the user can unsubscribe easily from future mailings. (Note: This is not a substitute method for unsubscribing.)
To help ensure that your messages aren't flagged as spam, we also recommend that you:
JK: WE DON'T HAVE THIS EITHER

Automatically unsubscribe users whose addresses bounce multiple pieces of mail.
JK: NOT SURE IF WE DO THIS

Periodically send confirmation messages to users.
Include each mailing list they are signed up for, and offer the opportunity to unsubscribe from those in which they are no longer interested.
It's possible that your users forward mail from other accounts, so we recommend that you:

Explicitly indicate the email address subscribed to your list.
Support a URL method of unsubscribing from your mailing list (this is beneficial if your mailing list manager can't tell who is unsubscribing based on the 'Reply-to:' address).

Format
All messages must be formatted according to RFC 5322 and, if using HTML, HTML standards.

Messages must have a valid 'Message-ID:' header field.
JK: Seems they do.

Messages should indicate that they are bulk mail, using the 'Precedence: bulk' header field.
JK: Precedence: bulk (YEP)

Attempts to hide the true sender of the message or the true landing page for any web links in the message may result in non-delivery.

The subject of each message should be relevant to the body's content and not be misleading.

The authenticating domain, envelope From domain, payload From domain, reply-to domain, and sender domain should not violate the highly-restrictive Unicode Security Profile guidelines for international domain names.

Delivery
While Gmail works hard to deliver all legitimate mail to a user's inbox, it's possible that some legitimate messages may be marked as spam. Gmail does not accept 'whitelisting' requests from bulk senders, and we can't guarantee that all of your messages will bypass our spam filters. To make sure our users receive all the mail they'd like to, we've provided them with a method for sending us feedback about messages flagged as spam -- users have the option of clicking a 'Not spam' button for each message flagged by our spam filters. We listen to users' reports, and correct problems in order to provide them with the best user experience. As long as our users don't consider your mail as spam, you shouldn't have inbox delivery problems.

There are two important factors that, under normal circumstances, help messages arrive in Gmail users' inboxes:

The 'From:' address is listed in the user's Contacts list.
A user clicks 'Not Spam' to alert Gmail that messages sent from that address are solicited.
If you send both promotional mail and transactional mail relating to your organization, we recommend separating mail by purpose as much as possible. You can do this by:

Using separate email addresses for each function.
Sending mail from different domains and/or IP addresses for each function.
By using these tips, it's more likely that the important transactional mail will be delivered to a user's inbox. Our guidelines are meant to help you build a good reputation within the Gmail system, resulting in continual delivery to Gmail inboxes.

Third-Party Senders
If others use your service to send mail (for example: ISPs), you are responsible for monitoring your users and/or clients' behavior.

You must have an email address available for users and/or clients to report abuse (abuse@yourdomain.com).
You must maintain up-to-date contact information in your WHOIS record, and on abuse.net.
You must terminate, in a timely fashion, all users and/or clients who use your service to send spam mail.

Affiliate Marketing Programs
Affiliate marketing programs reward third-parties for bringing visitors to your site. Unfortunately, these programs are attractive to hard-core spammers and can potentially do more harm than good. Please note the following:

If your brand becomes associated with affiliate marketing spam, it can affect the mail sent by you and your other affiliates.
It is your responsibility to monitor your affiliates and remove them if they send spam.

If you are sending mail in accordance with our guidelines and Gmail continues to mark your messages as spam, troubleshoot further.

(and I ran out of steam)

Hrm.

Not sure if this is a big deal, but we don't seem to have forward records for
iridium.eqiad.wmnet
or
iridium.wikimedia.org

This address
2620:0:861:103:10:64:32:150
I assume references an internal ipv4 addressing
10.64.32.150?

Should we be using an 'external' address when sending mail from iridium to mx1001 for better SPF handling?

--J

greg added a comment.Oct 19 2015, 6:14 PM

Thanks @JKrauska!

I'm only replying to a subset of your investigation:

Unsubscribing
A user must be able to unsubscribe from your mailing list through one of the following means:
A prominent link in the body of an email leading users to a page confirming his or her unsubscription (no input from the user, other than confirmation, should be required).
JK: THIS WE DO NOT HAVE, AND SEEMS TO BE A GOOD IDEA
By replying to your email with an unsubscribe request.
Because Gmail can help users automatically unsubscribe from your email, we strongly recommend the following:
Provide a 'List-Unsubscribe' header which points to an email address or a URL where the user can unsubscribe easily from future mailings. (Note: This is not a substitute method for unsubscribing.)
To help ensure that your messages aren't flagged as spam, we also recommend that you:
JK: WE DON'T HAVE THIS EITHER
Automatically unsubscribe users whose addresses bounce multiple pieces of mail.
JK: NOT SURE IF WE DO THIS

I think doing the first and the last (of those above) make sense (and I can do some leg work with upstream on them):

  • Having a "Stop receiving emails for this task" and/or "Stop receiving all $host Phabricator emails" links is good.
  • Auto-unsubing addresses that bounce multiple times

The middle one (list-unsubscribe header) doesn't make sense to my pedantic brain (they aren't mailing lists); anyone know if other non-mailing lists implement this?

The other things you went through someone else should respond to :)

greg added a comment.Oct 26 2015, 10:35 PM

I haven't been seeing any more of my phab+gerrit mails going into spam.

Anyone else?

I haven't been seeing any more of my phab+gerrit mails going into spam.
Anyone else?

Me neither, works fine now.

The middle one (list-unsubscribe header) doesn't make sense to my pedantic brain (they aren't mailing lists); anyone know if other non-mailing lists implement this?

MediaWiki... ;) T58315: Set List-Unsubscribe header for email notifications (and maybe List-Help, List-Subscribe etc.).

greg closed this task as Resolved.Oct 26 2015, 10:53 PM
greg claimed this task.

Calling this good. If anyone wants to take up the issues raised by @JKrauska they should be separate tasks.

Restricted Application added a project: User-greg. · View Herald TranscriptOct 26 2015, 10:53 PM

I filed the standard DKIM/SPF tasks we (eventually) do for all domains, but I'm not going to file the defects in Phabricator itself.

@Nemo_bis: can you cross reference the 'bad'ness of the emails that's been reported?

No, sorry. See:

I'm not going to waste time triaging Phabricator and Gerrit reports; I already spent enough time filing them. Perhaps the maintainers of those components should retriage the mail-related reports.