> This will probably help Gmail understand the threat more, at the very > least, if they haven't been watching for this already. I hope that they will pay attention now that this is being exploited all over the place. When I reported this a month ago, nothing happened.
> For all we know, when they parse this, they see the SPF pass, and don't > check the later SPF fail, but given that they get a lot of forwarded > email from banks etc, that their customers want, they probably have > decided to allow this behavior. Well, legitimate email forwarders are supposed to be properly configured for that. > You do have an argument that if you advertise a -all on the SPF record, > you are expecting Gmail to reject it. Exactly. That should be a strong signal that the message is not authorized by the supposed sending domain. > And of course, the IP itself. interesting that it is only on a couple of > RBL's.. but Gmail should be able to note the volume of identical mail... Spammers using these networks are probably focusing on exploiting Gmail weakness and targeting their @gmail.com addresses specifically. That would explain the lack of other RBL listings. > But this should NOT affect the domain reputation IMHO, there may be > other things that are affecting it. Precisely! > I would question why you choose to use a MAIL FROM, with a different > domain than you use in the header from, eg I think it's their VERP implementation. [image: Sender] Edgar Vaitkevičius, founder / CEO ed...@sender.net On Wed, Mar 2, 2022 at 8:45 PM Michael Peddemors <mich...@linuxmagic.com> wrote: > This will probably help Gmail understand the threat more, at the very > least, if they haven't been watching for this already. > > For all we know, when they parse this, they see the SPF pass, and don't > check the later SPF fail, but given that they get a lot of forwarded > email from banks etc, that their customers want, they probably have > decided to allow this behavior. > > (And even you probably want your forwarded email to get to the customer) > > There are some curious things, eg ordering and placement of their trace > headers above the Return-Path, and I won't talk about that.. > > You do have an argument that if you advertise a -all on the SPF record, > you are expecting Gmail to reject it. > > Also, you have an argument that Gmail should be stripping (and/or > questioning) the fast there is an existing Return-Path header, which > should be suspicious/stripped. > > And of course, the IP itself. interesting that it is only on a couple of > RBL's.. but Gmail should be able to note the volume of identical mail... > or this obvious forged relay attempt, but at this point (and yeah, it is > the same attack vector that has been reported here and in other places > over the last couple months) we should leave it to the Gmail folks to > comment on.. > > But this should NOT affect the domain reputation IMHO, there may be > other things that are affecting it. > > I would question why you choose to use a MAIL FROM, with a different > domain than you use in the header from, eg > > Return-Path: > <bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com> > > vs > > From: "<clipped>" <no-re...@test.ascendbywix.com> > > > > > On 2022-03-02 10:18 a.m., Edgaras | SENDER wrote: > > > Add just the headers from a single abuse email here on the thread.. > > Here you go, latest victim (Wix) abused by azeddinebenlarbi...@gmail.com > > <mailto:azeddinebenlarbi...@gmail.com>: > > > > Delivered-To: trappy.mctrapf...@gmail.com > > <mailto:trappy.mctrapf...@gmail.com> > > Received: by 2002:ac9:5a7:0:0:0:0:0 with SMTP id 36csp448821ocw; > > Wed, 2 Mar 2022 09:00:00 -0800 (PST) > > X-Google-Smtp-Source: > > > ABdhPJyxgfRpUsqWbBr/re0QDp8Iuv7ucxtW/eurO7tWJljvtHlCTV1lhn/G7sQ8oaAejLhkikay > > X-Received: by 2002:a17:906:2ac9:b0:6ce:dc0f:9139 with SMTP id > > m9-20020a1709062ac900b006cedc0f9139mr24070631eje.206.1646240400450; > > Wed, 02 Mar 2022 09:00:00 -0800 (PST) > > ARC-Seal: i=2; a=rsa-sha256; t=1646240400; cv=pass; > > d=google.com <http://google.com>; s=arc-20160816; > > > > b=l3yLyzfYcfCR9yaygSwMGchxrJnNoDvQiZ7ulrnSnSJDNm0Z6OzuvvxQRxFitXfKkC > > > > rv+M/at6NjqHvthAySYJHllze6pEFIgdYPLDbajCqIin8a09vhX6YsWdsGK8OMin/Zlr > > > > McvJ3AxyItbQ5vASGm2pROGaky8iG+isG1TIu1HtmVbGk75ihEllQDx8yxgKh7rsZ2Nb > > > > 42quNIa1SZ50v3wgs5o6F07ZCWGc9xR6t7UGhAOscbrTYYUWzCcjXNG3s2zqwhAV0kuz > > > > +ML+Idfy5jUvcrNWiKA1eBnELSskInJoYdzHddUq8E9tf+609ECu58A2pdizVkGWu/Za > > fhKQ== > > ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; > > d=google.com <http://google.com>; s=arc-20160816; > > h=to:feedback-id:reply-to:subject:subject:message-id:message-id > > :mime-version:from:date:dkim-signature:dkim-signature; > > bh=unij9luYZjytYq8AnlTGrziLaTBYROHjkIEkJHrCZEI=; > > > > b=L2r7W1Ax8bOAZ/mPCFbyQiXSepDAqF4Z3BDl11dszqt3si4yReg9zYoIqc7wGFOXBV > > > > QuKBtFWs3FTE9fGqBFEwgaDiObCUWdVL08BMI7Uw9EZPL8ej3Mhk5oipUMi3gcSpDbgz > > > > uK6UChfO33wOx8uXoiDVZ8QmBoUEPiBvH/NLVYPHVdcVw9sIDS4/Rv/i+DCuAou2KQua > > > > emuPHs4W0SDrKRCYpOfYTilzse9RWiTgoCTjTL3whe/uZuWwYgeljZF682+Np+i7+OoZ > > > > YhyyHOijqWNwDR3dLPMXOpg7/u01xguZsjgTFoBMXYvPKWn3V/AXPoVjqC67CJ81vatf > > Jlhw== > > ARC-Authentication-Results: i=2; mx.google.com <http://mx.google.com>; > > dkim=pass header.i=@test.ascendbywix.com > > <http://test.ascendbywix.com> header.s=s1 header.b=P9JGN5Pt; > > dkim=pass header.i=@sendgrid.info <http://sendgrid.info> > > header.s=smtpapi header.b="PzohlIQ/"; > > arc=pass (i=1 spf=pass spfdomain=sg.test.ascendbywix.com > > <http://sg.test.ascendbywix.com> dkim=pass dkdomain=test.ascendbywix.com > > <http://test.ascendbywix.com> dkim=pass dkdomain=sendgrid.info > > <http://sendgrid.info> dmarc=pass fromdomain=test.ascendbywix.com > > <http://test.ascendbywix.com>); > > spf=fail (google.com <http://google.com>: domain of > > bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com> does not designate 81.7.6.53 > > as permitted sender) > > smtp.mailfrom="bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com>"; > > dmarc=pass (p=REJECT sp=REJECT dis=NONE) > > header.from=test.ascendbywix.com <http://test.ascendbywix.com> > > Return-Path: > > <bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com>> > > Received: from takataka.gr <http://takataka.gr> ([81.7.6.53]) > > by mx.google.com <http://mx.google.com> with ESMTP id > > r1-20020a1709061ba100b006d07f388e25si10294892ejg.908.2022.03.02.09.00.00 > > for <trappy.mctrapf...@gmail.com > > <mailto:trappy.mctrapf...@gmail.com>>; > > Wed, 02 Mar 2022 09:00:00 -0800 (PST) > > Received-SPF: fail (google.com <http://google.com>: domain of > > bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com> does not designate 81.7.6.53 > > as permitted sender) client-ip=81.7.6.53; > > Authentication-Results: mx.google.com <http://mx.google.com>; > > dkim=pass header.i=@test.ascendbywix.com > > <http://test.ascendbywix.com> header.s=s1 header.b=P9JGN5Pt; > > dkim=pass header.i=@sendgrid.info <http://sendgrid.info> > > header.s=smtpapi header.b="PzohlIQ/"; > > arc=pass (i=1 spf=pass spfdomain=sg.test.ascendbywix.com > > <http://sg.test.ascendbywix.com> dkim=pass dkdomain=test.ascendbywix.com > > <http://test.ascendbywix.com> dkim=pass dkdomain=sendgrid.info > > <http://sendgrid.info> dmarc=pass fromdomain=test.ascendbywix.com > > <http://test.ascendbywix.com>); > > spf=fail (google.com <http://google.com>: domain of > > bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com> does not designate 81.7.6.53 > > as permitted sender) > > smtp.mailfrom="bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com>"; > > dmarc=pass (p=REJECT sp=REJECT dis=NONE) > > header.from=test.ascendbywix.com <http://test.ascendbywix.com> > > Received: by 2002:a4a:390e:0:0:0:0:0 with SMTP id m14csp2497925ooa; > > Tue, 1 Mar 2022 01:20:28 -0800 (PST) > > X-Received: by 2002:a25:b3c7:0:b0:623:e9fe:e108 with SMTP id > > x7-20020a25b3c7000000b00623e9fee108mr24017231ybf.335.1646126428656; > > Tue, 01 Mar 2022 01:20:28 -0800 (PST) > > ARC-Seal: i=1; a=rsa-sha256; t=1646126428; cv=none; > > d=google.com <http://google.com>; s=arc-20160816; > > > > b=klrOQobiQW3z0we7NWks+cp02ocQHUJPSDgVAWXTvkjyJxD+ihHvo9ERutsIQzrG8K > > > > 1zVjI45xZs4cE7O6cB6Ylech/BF0+6XA4LmbHa7P69SfszZ0BJvkHMbQIKGSQ2EgkuIj > > > > wsxPqXOGAEUfcv3loqu+yhHvfF/e1FB7yJgASvLFU36gkWSy/cz91O1eeGfFGrgKSP9V > > > > n8CBONOor1cpwVaFhRTEPQ0ByIJRx/10feTaguiwCpoovac0/uajp+wgV3kBu8yMQOsL > > > > yFDfTH30/w8Lmo9A3R7yExiXctr88AkYrMIXSg5S3JZlCLieLxEfSirEDH4Hchgiiwzs > > KU2A== > > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; > > d=google.com <http://google.com>; s=arc-20160816; > > > h=to:feedback-id:reply-to:subject:message-id:mime-version:from:date > > :dkim-signature:dkim-signature; > > bh=unij9luYZjytYq8AnlTGrziLaTBYROHjkIEkJHrCZEI=; > > > > b=e7JNdh6KCXyb8EhXXTQo9p1qZ9yFuguH3aBwGC+IaK009NPSfnv8r7NBCK8FiiOESN > > > > m14bKwy+o9XaLGAw3F7UO2TE9q74/sOgB2L1IdGZ7F+pKvKGlQVRoKGFl1cy5CTZ9QXX > > > > kL3YX3J97nd3eOLe2QgR55G19Cxqa/wcgdfaJjzDrN/9aTSAvhX/K8UkVyLmGF/wxSL+ > > > > s6ZJchYDxaORmFRaUK79sN/oafqXYPH84/32Nc1IWHC9PL1ecItttkLij8SwUvDMjInv > > > > mtcY9WoZbTIBvgTNRaxeEZwfuLweaV9VUwub2RNNOwLfRezbW3z6aezBUUiMd2FR5wc3 > > bJqA== > > ARC-Authentication-Results: i=1; mx.google.com <http://mx.google.com>; > > dkim=pass header.i=@test.ascendbywix.com > > <http://test.ascendbywix.com> header.s=s1 header.b=P9JGN5Pt; > > dkim=pass header.i=@sendgrid.info <http://sendgrid.info> > > header.s=smtpapi header.b="PzohlIQ/"; > > spf=pass (google.com <http://google.com>: domain of > > bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com> designates 167.89.28.151 as > > permitted sender) > > smtp.mailfrom="bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com>"; > > dmarc=pass (p=REJECT sp=REJECT dis=NONE) > > header.from=test.ascendbywix.com <http://test.ascendbywix.com> > > Return-Path: > > <bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com>> > > Received: from o29.sg.ascendbywix.com <http://o29.sg.ascendbywix.com> > > (o29.sg.ascendbywix.com <http://o29.sg.ascendbywix.com>. > [167.89.28.151]) > > by mx.google.com <http://mx.google.com> with ESMTPS id > > h36-20020a81b664000000b002d13ff5f75bsi10543989ywk.53.2022.03.01.01.20.28 > > for <azeddinebenlarbi...@gmail.com > > <mailto:azeddinebenlarbi...@gmail.com>> > > (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); > > Tue, 01 Mar 2022 01:20:28 -0800 (PST) > > Received-SPF: pass (google.com <http://google.com>: domain of > > bounces+3348031-0178-azeddinebenlarbi329= > gmail....@sg.test.ascendbywix.com > > <mailto:gmail....@sg.test.ascendbywix.com> designates 167.89.28.151 as > > permitted sender) client-ip=167.89.28.151; > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > > d=test.ascendbywix.com <http://test.ascendbywix.com>; > > h=content-type:from:mime-version:subject:reply-to:x-feedback-id:to; > > s=s1; bh=unij9luYZjytYq8AnlTGrziLaTBYROHjkIEkJHrCZEI=; > > b=P9JGN5PtXZbUGegZNFWrm7KJmx47g20Z8Ik7Og1sKYSNE+nWnEnfhUtHbbO9v4bb85xB > > ZcCAJJiVqZSABX+/YUzpVnvGvlcxP/4ZVlD/Vzdzk5sPdgAWg41fCbOolfXpVz3e+Mq50Q > > +em3llnjq+CliRMnmC4hSPRWlKLDfWKu8KPs38okaL7HK3WxxGpAO/6SC76aGOY/YxFSnV > > uxfdG8QEWX79tCpfI8pmUVZvv8MSTAOocAAcbbvenIeJE5PfPeBVjCreSqwogEO0OGguN2 > > 8V2akKKqvbMKRlaafPiZ8HBFaE1YkDSFGKkrmsFIoF8JNDOQC0RiIvzpB6KupVtw== > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sendgrid.info > > <http://sendgrid.info>; > > h=content-type:from:mime-version:subject:reply-to:x-feedback-id:to; > > s=smtpapi; bh=unij9luYZjytYq8AnlTGrziLaTBYROHjkIEkJHrCZEI=; > > b=PzohlIQ/O/Yd5uXr0V5xE/tfkG5TBjtSk4TSct0hwy6dCgV69aE8sYHkcUS4DPajzXNX > > hWJToy7b8T5/A4gy8ji+FqUOrIfqa+jFzUSU018/ujKqpllz8CCosZGve/CH+HsUZA+suC > > pCsvtJHoQAtJJDZoeBc28UibGfVFlHAzA= > > Received: by filterdrecv-656998cfdd-dxhv8 with SMTP id > > filterdrecv-656998cfdd-dxhv8-1-621DE55C-B > > 2022-03-01 09:20:28.239436093 +0000 UTC m=+13859590.117375723 > > Received: from MzM0ODAzMQ (unknown) by ismtpd0061p1las1.sendgrid.net > > <http://ismtpd0061p1las1.sendgrid.net> (SG) with HTTP id > > nMh2xC0YSDuucmswZAyctA Tue, 01 Mar 2022 09:20:28.133 +0000 (UTC) > > Content-Type: multipart/alternative; > > boundary=5652e9e37bf97e2f5afd29ae0726f708c4d7d8a6ca2b68e83d110805e607 > > Date: Tue, 01 Mar 2022 09:20:28 +0000 (UTC) > > From: "🔞Suck_me💋" <no-re...@test.ascendbywix.com > > <mailto:no-re...@test.ascendbywix.com>> > > Mime-Version: 1.0 > > Message-ID: > > <tair7mckqcfthnsohjrktzdgpzrwo...@ismtpd0061p1las1.sendgrid.net > > <mailto:tair7mckqcfthnsohjrktzdgpzrwo...@ismtpd0061p1las1.sendgrid.net>> > > Message-ID: <nmh2xc0ysduucmswzay...@ismtpd0061p1las1.sendgrid.net > > <mailto:nmh2xc0ysduucmswzay...@ismtpd0061p1las1.sendgrid.net>> > > Subject: TRAPPY.MCTRAPFACE.....Jag är ledig för sex🔥Ikväll🔞Låt oss > > träffas och knulla..🔞---Ikväll💋***3127795457 > > Subject: se > > Reply-To: "🔞Suck_me💋" <cont...@studiosyears.co.uk > > <mailto:cont...@studiosyears.co.uk>> > > x-abuse-id: 4ceea4f1-8b3b-4aa3-b1e2-ac4327b529b9 > > Feedback-ID: > > > 4ceea4f1-8b3b-4aa3-b1e2-ac4327b529b9:2295fca2-d8cd-445d-99b7-65050cd44b8e:wixshoutout > > X-Feedback-ID: 3348031:SG > > X-SG-EID: > > > apC/pe/zbzDqnTT6zV9Wv1gEFqcnmG9YbKBQJEAVDcUgYP2u6TscjIHGdeOzzNKDpD2n7PUlpQzsLQFjZpSvEGF9cf1cv1gx0gn4QXMWEDLl+Q29zeCVlHp9jSG2xlNUkQz/KX4O3yiYOrYCD0qtNO491F2cmq2qsMSgSqqPwbXoiCNEegG8FoiwLeBMcbdCqTQZb/S/gk13BhEIHFfu9tng3n70tLqNwfsVF3aVWc7xsaOw0fFkfJ0GoDoZ876w7cyU5joVw0tikCjABXwRBA== > > X-SG-ID: > > > N2C25iY2uzGMFz6rgvQsb8raWjw0ZPf1VmjsCkspi/LP5qbstBs+tNXeqRqWNMElXL97lzut3o+IPcAkA9CcXv8yKhwJejT9wnW1jUPmsdJ8/FV6Ck4y3YBgP5saSmoKs3fV2XzcfEGH1Cn5CId7xqmdBEMoGjiDP1gV3OFd9cykfBHNuIrQZ5FJ/D3Z2BF1k4sgTxm4TgHAjfvC/pp5+AyVzKkROwJ599/XwPA+iZY/GypC2PdgTIrroJVGBMhW/QUtCsniD57PrmYBF9ZS1pjgg+6eORATab9qgV2pf0aW0xZCQpvd6FGGdhFwH314 > > To: azeddinebenlarbi...@gmail.com <mailto:azeddinebenlarbi...@gmail.com> > > X-Entity-ID: syRQ9ETube4F+FdaRpBU1w== > > > > > > Sender Edgar Vaitkevičius, founder / CEO > > ed...@sender.net <mailto:ed...@sender.net> > > > > > > > > > > On Wed, Mar 2, 2022 at 7:42 PM Michael Peddemors via mailop > > <mailop@mailop.org <mailto:mailop@mailop.org>> wrote: > > > > Add just the headers from a single abuse email here on the thread.. > > sanitize as needed.. seems that they of course can only use part of > the > > information as a forgery (eg SendGrid headers) > > > > I think this is an attack vector that was seen back even a few months > > ago, however that type of an attack quickly gets an IP on an RBL.. > > normally. > > > > On 2022-03-02 9:12 a.m., Edgaras | SENDER via mailop wrote: > > > Hi Simon, > > > > > > > Which domains, IP addresses and DKIM signatures are you > > responsible for > > > > (or not) in the examples? > > > Our domain that is impacted: sendersrv.com <http://sendersrv.com> > > <http://sendersrv.com <http://sendersrv.com>> > > > SPF: v=spf1 ip4:185.3.229.125 ip4:185.3.229.126 ip4:185.3.229.127 > > > ip4:185.3.229.128/27 <http://185.3.229.128/27> > > <http://185.3.229.128/27 <http://185.3.229.128/27>> > > ip4:141.136.38.0/24 <http://141.136.38.0/24> > > > <http://141.136.38.0/24 <http://141.136.38.0/24>> > > ip4:141.136.40.0/24 <http://141.136.40.0/24> <http://141.136.40.0/24 > > <http://141.136.40.0/24>> > > > ip4:195.191.140.0/24 <http://195.191.140.0/24> > > <http://195.191.140.0/24 <http://195.191.140.0/24>> > > ip4:195.191.176.0/24 <http://195.191.176.0/24> > > > <http://195.191.176.0/24 <http://195.191.176.0/24>> -all > > > IP addresses, which we do not control and which are being to send > > out > > > spam are mentioned in my initial email: > > > 176.56.220.0/24 <http://176.56.220.0/24> <http://176.56.220.0/24 > > <http://176.56.220.0/24>> > > > 176.56.221.0/24 <http://176.56.221.0/24> <http://176.56.221.0/24 > > <http://176.56.221.0/24>> > > > 176.56.222.0/24 <http://176.56.222.0/24> <http://176.56.222.0/24 > > <http://176.56.222.0/24>> > > > 103.110.248.0/24 <http://103.110.248.0/24> > > <http://103.110.248.0/24 <http://103.110.248.0/24>> > > > .... > > > > > > I added other samples that we discovered just to show that the > > problem > > > is not only affecting us. > > > Other abused domains are: > > > sendgrid.info <http://sendgrid.info> <http://sendgrid.info > > <http://sendgrid.info>>, spam sent from 104.168.76.42 (no > > > rDNS!) > > > getresponse-mail.com <http://getresponse-mail.com> > > <http://getresponse-mail.com <http://getresponse-mail.com>>, from > > 119.235.249.182 > > > (again no rDNS, SPF hard fails...) > > > sfr.fr <http://sfr.fr> <http://sfr.fr <http://sfr.fr>>, from > > 85.120.225.105 (SPF fails) > > > ... > > > BTW, I only redacted the spamtrap email address, all other > > headers are > > > left as is. > > > To clarify further, I will walk through the case where an attacker > > > abuses GetResponse (getresponse2.eml). > > > What happens here: > > > 1. Attacker creates an account at Getresponse using a throwaway > spam > > > site storagemodels.org.uk <http://storagemodels.org.uk> > > <http://storagemodels.org.uk <http://storagemodels.org.uk>> > > > 2. Sends a single email from Getresponse (using > > > re...@storagemodels.org.uk <mailto:re...@storagemodels.org.uk> > > <mailto:re...@storagemodels.org.uk > > <mailto:re...@storagemodels.org.uk>>) > > > to himself (arsalanpir...@gmail.com > > <mailto:arsalanpir...@gmail.com> <mailto:arsalanpir...@gmail.com > > <mailto:arsalanpir...@gmail.com>> is > > > the attacker's Gmail address) > > > 3. The email is signed with getresponse-mail.com > > <http://getresponse-mail.com> > > > <http://getresponse-mail.com <http://getresponse-mail.com>>, a > > domain with a good reputation at Gmail. > > > 4. Attacker then proceeds to spam from 119.235.249.182, spam > > mails count > > > against the reputation of getresponse-mail.com > > <http://getresponse-mail.com> <http://getresponse-mail.com > > <http://getresponse-mail.com>> > > > 5. Mails are delivered to countless Gmail users. > > > > > > What's worrying is that even if the headers are oversigned, DMARC > > set to > > > reject, it does nothing to stop this attack. There's literally > > nothing > > > you can do as a sender to prevent your reputation from being > trashed. > > > > > > > > > Sender Edgar Vaitkevičius, founder / CEO > > > ed...@sender.net <mailto:ed...@sender.net> > > <mailto:ed...@sender.net <mailto:ed...@sender.net>> > > > > > > > > > > > > > > > On Wed, Mar 2, 2022 at 6:39 PM Simon Arlott via mailop > > > <mailop@mailop.org <mailto:mailop@mailop.org> > > <mailto:mailop@mailop.org <mailto:mailop@mailop.org>>> wrote: > > > > > > On 02/03/2022 15:44, Edgaras | SENDER via mailop wrote: > > > > Sorry for losing my nerve, but it is harming our > > reputation for a > > > month > > > > now, tried all possible channels to report this, and the > > issue is > > > being > > > > completely ignored. > > > > > > These examples have the same problem that the original one in > > January > > > did. They're just copies of emails without any explanation as > > to who > > > you are and which domain's reputation is being impacted. > > > > > > Which domains, IP addresses and DKIM signatures are you > > responsible for > > > (or not) in the examples? > > > > > > If you need to redact something then replace it with > > "example.com <http://example.com> > > > <http://example.com <http://example.com>>", > > > "example.net <http://example.net> <http://example.net > > <http://example.net>>", "example.org <http://example.org> > > > <http://example.org <http://example.org>>", etc. and state > > how each of them fit into > > > this. Provide a copy of the SPF/DKIM records (where relevant) > > for any > > > redacted domains (the immediate sending IP may not be in the > > SPF record > > > but maybe an earlier one or Google is). > > > > > > Which domain's reputation is being impacted? > > > > > > Without that information it's very hard to identify exactly > > what is > > > going on. You've stated previously that "first an attacker > > sent a test > > > email from our platform" but these ones don't appear to > > originate from > > > you. > > > > > > -- > > > Simon Arlott > > > _______________________________________________ > > > mailop mailing list > > > mailop@mailop.org <mailto:mailop@mailop.org> > > <mailto:mailop@mailop.org <mailto:mailop@mailop.org>> > > > https://list.mailop.org/listinfo/mailop > > <https://list.mailop.org/listinfo/mailop> > > > <https://list.mailop.org/listinfo/mailop > > <https://list.mailop.org/listinfo/mailop>> > > > > > > > > > _______________________________________________ > > > mailop mailing list > > > mailop@mailop.org <mailto:mailop@mailop.org> > > > https://list.mailop.org/listinfo/mailop > > <https://list.mailop.org/listinfo/mailop> > > > > > > > > > > > -- > > "Catch the Magic of Linux..." > > > ------------------------------------------------------------------------ > > Michael Peddemors, President/CEO LinuxMagic Inc. > > Visit us at http://www.linuxmagic.com <http://www.linuxmagic.com> > > @linuxmagic > > A Wizard IT Company - For More Info http://www.wizard.ca > > <http://www.wizard.ca> > > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices > Ltd. > > > ------------------------------------------------------------------------ > > 604-682-0300 Beautiful British Columbia, Canada > > > > This email and any electronic data contained are confidential and > > intended > > solely for the use of the individual or entity to which they are > > addressed. > > Please note that any views or opinions presented in this email are > > solely > > those of the author and are not intended to represent those of the > > company. > > _______________________________________________ > > mailop mailing list > > mailop@mailop.org <mailto:mailop@mailop.org> > > https://list.mailop.org/listinfo/mailop > > <https://list.mailop.org/listinfo/mailop> > > > > > > -- > "Catch the Magic of Linux..." > ------------------------------------------------------------------------ > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > ------------------------------------------------------------------------ > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company. >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
