Hello all,
I’m not sure if this is the right place to say so, but I’ve noticed email to this mailing list being persistently classified as spam when it arrives at my Gmail account, despite me telling Gmail it looks safe. I’ve had to set up a filter to whitelist the tilde.club domain. Of course, if this is a problem for you too, you probably won’t see this message. Seasons greetings and a pre-emptive Happy New Year to you anyway!
James from Lab6
Sent from my iSeries
That is a problem that is caused by the uptight spam filter on Gmail which relies among other things on DKIM signatures and SPF which does not really play well with mail lists and tilde.club itself does not process DKIM signatures. There are a few mail protocol extensions that kind of mitigate that issue, but the only thing that is really working is to use a tilde.club email to send the mails
On 30/12/2025 14:03, lab6 wrote:
Hello all,
I’m not sure if this is the right place to say so, but I’ve noticed email to this mailing list being persistently classified as spam when it arrives at my Gmail account, despite me telling Gmail it looks safe. I’ve had to set up a filter to whitelist the tilde.club domain. Of course, if this is a problem for you too, you probably won’t see this message. Seasons greetings and a pre-emptive Happy New Year to you anyway!
James from Lab6
Sent from my iSeries
Also, the IP for tilde.club is on an email server blacklist.
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a142.44.150.184&r...
Should be a process to get removed from that list, I know there is from Barracuda's blacklist as well as SpamHaus.
It could be that just not having a proper DKIM sig may trigger that blacklist though. There's a lot of blacklists out there and many work differently from one another.
Will
On Tue, 30 Dec 2025, Alexander wrote:
That is a problem that is caused by the uptight spam filter on Gmail which relies among other things on DKIM signatures and SPF which does not really play well with mail lists and tilde.club itself does not process DKIM signatures. There are a few mail protocol extensions that kind of mitigate that issue, but the only thing that is really working is to use a tilde.club email to send the mails
On 30/12/2025 14:03, lab6 wrote:
Hello all,
I’m not sure if this is the right place to say so, but I’ve noticed email to this mailing list being persistently classified as spam when it arrives at my Gmail account, despite me telling Gmail it looks safe. I’ve had to set up a filter to whitelist the tilde.club domain. Of course, if this is a problem for you too, you probably won’t see this message. Seasons greetings and a pre-emptive Happy New Year to you anyway!
James from Lab6
Sent from my iSeries
I've had the same problem with that blacklist, and I was advised that it's essentially an extortion racket: you pay to get off for some period of time, and then you end up back on. Which is exactly what happened to me.
My domain is hosted on Digital Ocean, and I was able to fix it by moving my DNS to Cloudflare, then enabling the Cloudflare DNS proxy feature so my domain would no longer be associated with an offending IP range.
On Tue, Dec 30, 2025 at 12:42 PM Loach505@tilde.club loach505@tilde.club wrote:
Also, the IP for tilde.club is on an email server blacklist.
https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a142.44.150.184&r...
Should be a process to get removed from that list, I know there is from Barracuda's blacklist as well as SpamHaus.
It could be that just not having a proper DKIM sig may trigger that blacklist though. There's a lot of blacklists out there and many work differently from one another.
Will
On Tue, 30 Dec 2025, Alexander wrote:
That is a problem that is caused by the uptight spam filter on Gmail
which
relies among other things on DKIM signatures and SPF which does not
really
play well with mail lists and tilde.club itself does not process DKIM signatures. There are a few mail protocol extensions that kind of
mitigate
that issue, but the only thing that is really working is to use a
tilde.club
email to send the mails
On 30/12/2025 14:03, lab6 wrote:
Hello all,
I’m not sure if this is the right place to say so, but I’ve noticed
to this mailing list being persistently classified as spam when it
arrives
at my Gmail account, despite me telling Gmail it looks safe. I’ve had
to
set up a filter to whitelist the tilde.club domain. Of course, if this
is
a problem for you too, you probably won’t see this message. Seasons greetings and a pre-emptive Happy New Year to you anyway!
James from Lab6
Sent from my iSeries
With SpamHaus you can create an account to whitelist your domain and IP's. Though, you have to show ownership over the IP's in question to do this with. This is how Xfinity and others are able to avoid these problems, they have their IP ranges whitelisted. If you don't have control over the IP's you use, you're just assigned them from your provider, encourage your host to take measures like I described with SpamHaus.
You can also try to ensure your domain verification is solid. Like, ensure DKIM and SPF is working properly in your DNS, and if you have a website on it, ensure your SSL certificates are legit and refer to your domain. This should be easy with LetsEncrypt. Anything to help show that the domain and it's IP's it's using are legit, not used for fraud.
Alternatively, you can always find an email server you trust to relay through. That'll help, but, you risk the relay monitoring your email. Email is inherently insecure, so relying upon it for secrecy is a fools errand anyways.
Will
On 1/12/26 9:27 PM, Adam Rice wrote:
I've had the same problem with that blacklist, and I was advised that it's essentially an extortion racket: you pay to get off for some period of time, and then you end up back on. Which is exactly what happened to me.
My domain is hosted on Digital Ocean, and I was able to fix it by moving my DNS to Cloudflare, then enabling the Cloudflare DNS proxy feature so my domain would no longer be associated with an offending IP range.
On Tue, Dec 30, 2025 at 12:42 PM Loach505@tilde.club loach505@tilde.club wrote:
Also, the IP for tilde.club is on an email server blacklist. https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a142.44.150.184&run=toolpage <https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a142.44.150.184&run=toolpage> Should be a process to get removed from that list, I know there is from Barracuda's blacklist as well as SpamHaus. It could be that just not having a proper DKIM sig may trigger that blacklist though. There's a lot of blacklists out there and many work differently from one another. Will On Tue, 30 Dec 2025, Alexander wrote: > That is a problem that is caused by the uptight spam filter on Gmail which > relies among other things on DKIM signatures and SPF which does not really > play well with mail lists and tilde.club itself does not process DKIM > signatures. There are a few mail protocol extensions that kind of mitigate > that issue, but the only thing that is really working is to use a tilde.club > email to send the mails > > > On 30/12/2025 14:03, lab6 wrote: >> Hello all, >> >> I’m not sure if this is the right place to say so, but I’ve noticed email >> to this mailing list being persistently classified as spam when it arrives >> at my Gmail account, despite me telling Gmail it looks safe. I’ve had to >> set up a filter to whitelist the tilde.club domain. Of course, if this is >> a problem for you too, you probably won’t see this message. Seasons >> greetings and a pre-emptive Happy New Year to you anyway! >> >> James from Lab6 >> >> Sent from my iSeries > >
Alternatively, you can always find an email server you trust to relay through. That'll help, but, you risk the relay monitoring your email. Email is inherently insecure, so relying upon it for secrecy is a fools errand anyways.
I realize that the last email was really about a question related to spam filters, rather than about email security. So sorry in advance for the bikeshedding. Still, since the idea that "[e]mail is inherently insecure" is so widespread, I want to take this opportunity to voice my disagreement. So here are two reasons for why I think that email is actually a lot better than its reputation: First, TLS adoption is pretty comprehensive in the modern email ecosystem. And second, end-to-end-encrypted email can be both reasonably secure and easy to use; at least if you use the right app for it.
To elaborate on the first reason: TLS adoption. Delivering an email takes three hops: hop 1 from Alice to Provider A, hop 2 from Provider A to Provider B, and hop 3 from Provider B to Bob. All providers I know of have been offering SMTPS for hop 1 and IMAPS for hop 3 for well over a decade now. I am not even sure how many providers still offer support for the non-TLS-variants of those two protocols. And even if providers offer both TLS-enabled and non-TLS variants of those protocols, all reasonably configured user agents should use the TLS-enabled version anyhow. Which then leaves us with hop 2 between Provider A and Provider B. When TLS encryption was only just starting to appear, email providers would often fall back on plain SMTP for hop 2 if one of them did not support TLS yet. However, I do not think that this is the case any more; and for a good reason: My own email provider (posteo.de) offers a setting to enforce TLS for hop 2. If I enable this setting for outgoing email, and posteo cannot deliver the message via SMTPS, instead of trying to fall back on non-TLS SMTP, it will inform me that delivery of the message has failed. Likewise, if I enable this setting for incoming email, and some provider tries to deliver an email via non-TLS SMTP, posteo will reject that message and inform both the sender and myself that delivery has failed. I enabled both settings a couple of years ago. And how many deliveries have failed due to missing TLS support? Zero. Not a single one. This means that in the last couple of years, not a single being has tried to get an email to me without using TLS for hop 2. Not even the spammers (and I have actually received quite a bit of spam).
To conclude the first reason: Email takes three hops to be delivered; and all three hops are protected via TLS. Therefore, the same security guarantees that make HTTPS "secure" (TM) ensure that only four parties can read an email from Alice to Bob. That is: Alice, Provider A, Provider B, and Bob. On the one hand, this might not seem like a particularly strong guarantee of confidentiality, since it assumes that both Alice and Bob trust their providers. However, exactly this caveat of having to trust the provider is commonly accepted in our computing environments without being labelled as "inherently insecure". If Some User decides to use Some Big Cloud Provider to sync data between their devices -- or as a backup solution --, this is commonly accepted without anyone calling it "inherently insecure." If some Random Company hosts their online shop on some VPS in some Third Party Data Centre, this is also commonly viewed as being entirely acceptable. So yes, standard TLS-encrypted email can only be called "secure" as long as users trust their email providers. But no, this does not make email "inherently insecure." It just means that the security guarantees the system provides are comparable to what you get with using HTTPS to connect to virtual machines hosted in data centres -- which, in most contexts, would be regarded as the epitome of security (TM).
To elaborate on the second reason: I realize that OpenPGP has been the target of a good amount of criticism. And I will in no way try to argue that this criticism has been ill-informed. Indeed, I believe that a lot of this criticism has been quite to the point. Both the criticism focussed on the cryptographic setup and especially the criticism focussed on the UI/UX part. However, since the standards surrounding OpenPGP-encrypted email are so comprehensive, they also include a number of things that are not entirely bad. Delta Chat (https://delta.chat/), for instance, is an email client that uses a very small subset of OpenPGP-encrypted email to implement pretty reasonable end-to-end encryption. If you are interested in what modern end-to-end-encrypted email can look like, you might really want to check out what they are doing. Some of the highlights include: using cv25519/ed25519 (only) for encryption and signatures, using QR-Codes to exchange fingerprints, and spoofing envelope headers to protect message metadata and even to implement masked sending for end-to-end-encrypted email. And all that with a UI that is at least as beginner-friendly as Whatsapp's. So if both Alice and Bob agree to use Delta Chat for their communication, they do not even need to trust Provider A and Provider B any more. This is not to say that Delta Chat is infallible; and their decision to stay at least one-way compatible with existing implementations of OpenPGP does imply certain ramifications in other areas, such as future secrecy or post quantum security. So depending on which kind of attacker you are trying to guard against, Delta Chat might not be what you are looking for. Still, I would certainly argue that the security guarantees Delta Chat provides for end-to-end-encrypted email are way too good for it to be labelled an "inherently insecure" cryptographic system. Particularly so if we call systems like SSH or HTTPS "secure" at the same time.
So, this is my quick rant about the myth that email is "inherently insecure". I am not saying that email is perfect. I am not saying that the mechanisms mentioned above solve all cryptographic problems. But if I am lucky, I might have managed to make some of you question the myth that every email is essentially a world-readable post-card. Email might not be the most secure system there is; but it is still a lot better than what most people seem to assume.
Best
Frank
The blacklist in question is due to OVH not being strict enough on spammers. Only way to get off that list is to move from OVH to a better provider which has a better reputation. Or pay whitelisted.org 45 bucks a month to not be strangled in with the bad reputation OVH has. So unfortunately not really an option due to affordability. (not that 45 is a ton of moey but I'm already tapped out running these services as it is)
tildeclub@lists.tildeverse.org
-
Adam Rice -
Alexander -
deepend@tilde.club -
Frank Seifferth -
lab6 -
Loach505@tilde.club -
Will Pearson