162.251.248.0/24 <http://162.251.248.0/24> 162.251.249.0/24 <http://162.251.249.0/24> 162.251.250.0/24 <http://162.251.250.0/24> 162.251.251.0/24 <http://162.251.251.0/24> 162.251.252.0/24 <http://162.251.252.0/24> 162.251.253.0/24 <http://162.251.253.0/24> 162.251.254.0/24 <http://162.251.254.0/24> 162.251.255.0/24 <http://162.251.255.0/24>
What a waste of database space when that IP range can be written as: 162.251.248.0/21 112 bytes saved. If spamhaus is really listing /24’s they should really recode their database to be able to accept any prefix length, along with a automatic combiner which combines /24’s into /23’s, /23’s into /22’s and so on, as long as the combined prefix covers the individual prefixes in full. Från: Edgaras | SENDER via mailop <mailop@mailop.org> Skickat: den 2 mars 2022 10:56 Till: mailop <mailop@mailop.org> Ämne: [mailop] What the f**k, Google? Hi all, sorry, I can't describe the stupidity and incompetence of Gmail systems lately without resorting to expletives. Seriously everyone, see for yourselves. Gmail is now accepting mail from Spamhaus EDROP listed spam ranges: 176.56.220.0/24 <http://176.56.220.0/24> 176.56.221.0/24 <http://176.56.221.0/24> 176.56.222.0/24 <http://176.56.222.0/24> Which are all included here in https://www.spamhaus.org/sbl/query/SBL442803 None of those networks are included in our SPF, which has -all. From,To,CC,Subject,Date headers are all oversigned to prevent DKIM replay attacks. And yet Gmail still somehow accepts mail from these ranges, and thinks it's authenticated. Google, how much more of a stink there has to be for someone to pay attention to this issue? I did not publicize this issue on purpose - so that other spammers would not take advantage of this weakness in your spam filter. Do we have to announce this on Hacker News, Reddit and elsewhere? I don't think that it's only our domain's reputation being abused this way, and a lot of people are exposed to spam/scams, so we will have to go public if this does not get fixed urgently. PS: The following networks are also participating in this attack, so it's safe to presume they are under the control of the same spam gang, which operates the above-mentioned networks in DROP list. Spamhaus, I know you're on the list - feel free to escalate those listings to DROP: 103.110.248.0/24 <http://103.110.248.0/24> 103.110.249.0/24 <http://103.110.249.0/24> 103.110.251.0/24 <http://103.110.251.0/24> 103.205.17.0/24 <http://103.205.17.0/24> 103.205.18.0/24 <http://103.205.18.0/24> 103.205.19.0/24 <http://103.205.19.0/24> 103.217.82.0/24 <http://103.217.82.0/24> 162.251.248.0/24 <http://162.251.248.0/24> 162.251.249.0/24 <http://162.251.249.0/24> 162.251.250.0/24 <http://162.251.250.0/24> 162.251.251.0/24 <http://162.251.251.0/24> 162.251.252.0/24 <http://162.251.252.0/24> 162.251.253.0/24 <http://162.251.253.0/24> 162.251.254.0/24 <http://162.251.254.0/24> 162.251.255.0/24 <http://162.251.255.0/24> <https://cdn.sender.net/system_images/logo_secondary.png> Edgar Vaitkevičius, founder / CEO <mailto:ed...@sender.net> ed...@sender.net
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop