email - What exactly is a X-YMailISG header?

24
2014-04
  • iainH

    Finally ... our emails are being seen by Yahoo! not as junk anymore. Hurray!

    However I notice that the Yahoo! receiving MTA adds in a X-YMailISG header. It's very large ... 2**10 bits?

    Now that I've invested too large a chunk of my waking life in crafting our email headers I'm curious to know what an X-YMailISG header is. Can anybody tell me? Does it pose any security / authenticity issues? There's very little intelligible from Google results.

    Background:

    After many days tweaking TXT records in our domain's DNS zone file for SPF and DKIM, I have at last succeeded in generating email from our Drupal site that Yahoo! no longer marks as
    X-YahooFilteredBulk and the excellent service [email protected] returns results that show the emails passing SPF, DKIM and Sender-ID checks and appearing to SpamAssassin as ham. Yahoo! even adds a Received-SPF: pass header.

    Useful links:
    http://www.goldfisch.at/knowwiki/howtos/dkim-filter
    http://old.openspf.org/wizard.html

    Strangely enough the SPF TXT record needed / allowed a blank key / name field in our registrar's DNS management panel whereas the DKIM record needed the {selector}._domainkey as the key /name of the DKIM strings.

  • Answers
  • RobM

    In general X-headers can refer to any non-standard header added during the sending of an email. X-headers can be added at any stage. Some examples of X-headers are:

    X-Mailer:

    X-Spam-Reason:

    X-DomainKeys:

    One of the names Yahoo uses for its own mail system is "YMail", so YMailISG is probably going to be something they add to email passing through their system, most like a message ID of some kind. Beyond that, if Yahoo don't document it anywhere public, anything else from here on in is just going to be guesswork.

  • Aaron

    I don't think it poses any security "issues", but it seems to be something unique to Yahoo. It seems to be a long way around of putting a unique "serial number" on a message. You'd have to ask them for more information.

  • Joe Sniderman

    X-YMailISG is added by Yahoo to all incoming messages. On the flip side, X-YMailOSG is added by Yahoo to all outgoing messages.

    I believe (but am not 100% sure) that ISG and OSG stand for Inbound Spam Guard and Outbound Spam Guard, respectively.


  • Related Question

    exchange - Emails are going to spam
  • Questioner

    Hey guys, I am currently running exchange 2010, I have implemented SPF record, and tried to implement dkim/domain keys using domain sink, but it doesn't seem to work. The problem I am having is that all my emails go to spam, whenever I email some one whether it is msn/yahoo/gmail. For Msn i fixed it, since I subscribed to senders framework program.

    here are the orignal copies of Gmail and yahoo:

    Yahoo: From Sami Sheikh Wed Jan 27 14:15:51 2010 X-Apparently-To: [email protected] via 98.136.167.166; Wed, 27 Jan 2010 06:19:52 -0800 Return-Path: X-YahooFilteredBulk: 67.55.9.182 X-YMailISG: 58M0TdIWLDvbv_d_qz4ABPsuq0Fmn1fLYMy08ZnNKPgA1aH3sVNx_KKFsiBK8ZOTBVDwBVnpTvRNkuTZc2UDsNMbj6nV9hfE43MQz3tXRV3.rh62wcp4oqT8AuzKKU5JSxU5g2AH4NzOmT5nGNiRyNEi6xazlMZTDm0rnfWbVECGV4RHzwM1TEadla6Bq_itel6hNinq_6MnPRxu2vX_fddmlCAG1Fi6X0ivjkKPqSr..MvpO8MnlTQTZZjRSoxLZUOqg0vjTPEPary5d_xf3MaS6IsRIScPMMk- X-Originating-IP: [67.55.9.182] Authentication-Results: mta1066.mail.mud.yahoo.com from=; domainkeys=neutral (no sig); from=SamChrisNetwork.info; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO sam.samchrisnetwork.info) (67.55.9.182) by mta1066.mail.mud.yahoo.com with SMTP; Wed, 27 Jan 2010 06:19:52 -0800 Received: from Sam.SamChrisNetwork.info ([fe80::b8d3:44f5:68fe:dc55]) by Sam.SamChrisNetwork.info ([fe80::b8d3:44f5:68fe:dc55%24]) with mapi; Wed, 27 Jan 2010 09:15:52 -0500 From: Sami Sheikh To: "[email protected]" Subject: Test Thread-Topic: Test Thread-Index: AcqfWzrrj8hB3VnJTHC0K4Ev4D+qpw== Date: Wed, 27 Jan 2010 14:15:51 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-ID: <660dccae-e8e8-4aa0-b13d-5c57052b5335> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Length: 26

    Gmail:

    Delivered-To: [email protected] Received: by 10.204.102.18 with SMTP id e18cs53728bko; Thu, 28 Jan 2010 09:58:46 -0800 (PST) Received: by 10.224.116.70 with SMTP id l6mr6467857qaq.157.1264701525683; Thu, 28 Jan 2010 09:58:45 -0800 (PST) Return-Path: Received: from sam.samchrisnetwork.info (dsl-67-55-9-182.acanac.net [67.55.9.182]) by mx.google.com with ESMTP id 15si2150271qyk.91.2010.01.28.09.58.45; Thu, 28 Jan 2010 09:58:45 -0800 (PST) Received-SPF: pass (google.com: domain of [email protected] designates 67.55.9.182 as permitted sender) client-ip=67.55.9.182; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 67.55.9.182 as permitted sender) smtp.mail=[email protected] Received: from Sam.SamChrisNetwork.info ([fe80::b8d3:44f5:68fe:dc55]) by Sam.SamChrisNetwork.info ([fe80::b8d3:44f5:68fe:dc55%24]) with mapi; Thu, 28 Jan 2010 12:58:15 -0500 From: Sami Sheikh To: "[email protected]" Subject: test Thread-Topic: test Thread-Index: AcqgQ3ZLj8tW8+jFSA+Vgz5dd1gwMQ== Date: Thu, 28 Jan 2010 17:58:14 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: multipart/alternative; boundary="_000_D8C475B722E95D449334E73DD06751ECB0AF10SamSamChrisNetwor_" MIME-Version: 1.0

    --_000_D8C475B722E95D449334E73DD06751ECB0AF10SamSamChrisNetwor_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

    test

    --_000_D8C475B722E95D449334E73DD06751ECB0AF10SamSamChrisNetwor_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

    test<= /p>=

    --_000_D8C475B722E95D449334E73DD06751ECB0AF10SamSamChrisNetwor

    report from Port25:

    This message is an automatic response from Port25's authentication verifier service at verifier.port25.com. The service allows email senders to perform a simple check of various sender authentication mechanisms. It is provided free of charge, in the hope that it is useful to the email community. While it is not officially supported, we welcome any feedback you may have at .

    Thank you for using the verifier,

    The Port25 Solutions, Inc. team

    ==========================================================

    Summary of Results

    SPF check: pass DomainKeys check: neutral DKIM check: neutral Sender-ID check: pass SpamAssassin check: ham

    ==========================================================

    Details:

    HELO hostname: sam.samchrisnetwork.info Source IP: 67.55.9.182 mail-from: [email protected]


    SPF check details:

    Result: pass ID(s) verified: smtp.mail=[email protected] DNS record(s): SamChrisNetwork.info. 3600 IN TXT "v=spf1 ip4:67.55.9.182/24 mx a:sam.samchrisnetwork.info mx:mail.samchrisnetwork.info mx:sam.samchrisnetwork.info ~all"


    DomainKeys check details:

    Result: neutral (message not signed) ID(s) verified: header.From=[email protected] DNS record(s):


    DKIM check details:

    Result: neutral (message not signed) ID(s) verified:

    NOTE: DKIM checking has been performed based on the latest DKIM specs (RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for older versions. If you are using Port25's PowerMTA, you need to use version 3.2r11 or later to get a compatible version of DKIM.


    Sender-ID check details:

    Result: pass ID(s) verified: header.From=[email protected] DNS record(s): SamChrisNetwork.info. 3600 IN TXT "v=spf1 ip4:67.55.9.182/24 mx a:sam.samchrisnetwork.info mx:mail.samchrisnetwork.info mx:sam.samchrisnetwork.info ~all"


    SpamAssassin check details:

    SpamAssassin v3.2.5 (2008-06-10)

    Result: ham (0.6 points, 5.0 required)

    pts rule name description


    -0.0 SPF_PASS SPF: sender matches SPF record -0.7 BAYES_20 BODY: Bayesian spam probability is 5 to 20% [score: 0.1146] 1.4 AWL AWL: From: address is in the auto white-list

    ========================================================== Explanation of the possible results (adapted from

    draft-kucherawy-sender-auth-header-04.txt):

    "pass" the message passed the authentication test.

    "fail" the message failed the authentication test.

    "softfail" the message failed the authentication test, and the authentication method has either an explicit or implicit policy which doesn't require successful authentication of all messages from that domain.

    "neutral" the authentication method completed without errors, but was unable to reach either a positive or a negative result about the message.

    "temperror" a temporary (recoverable) error occurred attempting to authenticate the sender; either the process couldn't be completed locally, or there was a temporary failure retrieving data required for the authentication. A later retry may produce a more final result.

    "permerror" a permanent (unrecoverable) error occurred attempting to authenticate the sender; either the process couldn't be completed locally, or there was a permanent failure retrieving data required for the authentication.

    ==========================================================

    Original Email

    Return-Path: Received: from sam.samchrisnetwork.info (67.55.9.182) by verifier.port25.com (PowerMTA(TM) v3.6a1) id hc0mn60hse8h for ; Wed, 27 Jan 2010 07:11:31 -0500 (envelope-from ) Authentication-Results: verifier.port25.com smtp.mail=[email protected]; mfrom=pass; Authentication-Results: verifier.port25.com header.From=[email protected]; domainkeys=neutral (message not signed); Authentication-Results: verifier.port25.com; dkim=neutral (message not signed); Authentication-Results: verifier.port25.com header.From=[email protected]; pra=pass; Received: from Sam.SamChrisNetwork.info ([fe80::b8d3:44f5:68fe:dc55]) by Sam.SamChrisNetwork.info ([fe80::b8d3:44f5:68fe:dc55%24]) with mapi; Wed, 27 Jan 2010 09:12:06 -0500 From: Sami Sheikh To: "[email protected]" Subject: Test Thread-Topic: Test Thread-Index: AcqfWrTNJAbICp6MQsiQwUi89zjagw== Date: Wed, 27 Jan 2010 14:12:04 +0000 Message-ID: <[email protected]> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0

    Test

    Sent from my iPhone


  • Related Answers
  • Dave Drager

    The following is based off of the IP I see in your logs as the mail sending IP of 67.55.9.182.

    You have a PTR entry, which is good.

    ;; ANSWER SECTION:
    182.9.55.67.in-addr.arpa. 14400 IN      PTR     dsl-67-55-9-182.acanac.net.
    

    However your forward and reverse should match ideally. The reverse entry leads me to believe that you are running this off of a DSL ISP connection. That is enough to get your mail marked as spam in some systems. They do not like seeing mail coming from "home" or "consumer" connections.

    Your IP is also listed in several blacklists:

    67.55.9.182 is listed in dnsbl-3.uceprotect.net 
    67.55.9.182 is listed in bl.spamcannibal.org 
    

    This will also result in your mail being sent to the spam bin.

    Resolve the above issues and you will likely see your mail being accepted as ham. Hope that helps and let me know if you have any questions.