Thank you everyone for your response. I don't mind the false positives, it's part of the game and shows that it's not perfect. But not having a way to interact with it and not having a way to reach out, explain the situation and know more about what is happening/what will happen is a pita.
We sometimes get our emails listed at Sorbs, and no matter what, they always respond, and even in time. I believe that email is one of the last remaining protocols that was built in the beginning to be open and impartial, and many big players are trying to rig the game in their favor. Running an MTA today requires a lot of knowledge and ideally a big team with investment to support all the tricks. It shouldn't be the case. @Todd, thank you for that link! It seems that it was exactly the issue we were facing. I'll seek to implement ways to mitigate these in the future (but already, banning the free domains helped a lot) Le mer. 6 avr. 2022 à 08:40, Todd Herr via mailop <[email protected]> a écrit : > > On Tue, Apr 5, 2022 at 6:35 AM Cyril - ImprovMX via mailop < > [email protected]> wrote: > >> >> After a discussion with OVH about this potential issue, I discovered that >> the problem was worst than that. By comparing all the emails from >> Spamcop.net reports, I discovered that they were from a few emails, but >> then, they had new headers added on top. This included a new "To", >> "Subject" and "Date" header. An email sent 4 days ago was sent again, with >> an updated date. The initial "Subject" was basic things like "hello" and >> the new Subject added at the top was more spammy (the typical horny stuff). >> >> Clearly, someone used the reputation of ImprovMX.com to deliver emails by >> forging them before delivery. >> >> > What you're describing sounds exactly like a DKIM replay attack. > > Socketlabs, among others, have some ideas on how to mitigate such things. > Perhaps you might find those ideas useful - > https://www.socketlabs.com/blog/dkim-replay-attacks-preventive-measures-to-protect-email-deliverability/ > > -- > > *Todd Herr * | Technical Director, Standards and Ecosystem > *e:* [email protected] > *m:* 703.220.4153 > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
