Hello, There seems to be some misunderstanding in what IPXO is and how it operates.
>> When I first tested the IPXO network they required me to pay them a custom >> fee to exclude my services from their internal mail scanner. They would >> otherwise downgrade connections from SSL and intercept the SMTP traffic, >> then scan the contents of emails for spam. I can't imagine that still >> functions <..> I believe you are referring to Heficed. I'm not sure when this happened, but it must have been way before IPXO was born, because it's been almost 2 years now, that Heficed no longer allows switching the mailing filter off under any circumstances. I'm not sure if there was some fee before I joined the company, but when I had joined there was just a handful of exceptions made, which later turned into no exceptions. That system still works, if a certain spam threshold is reached, Heficed completely blocks all SMTP traffic. IPXO is what used to be the Heficed IP Marketplace, as a separate entity. It's purely an IP lease platform - without any hardware to run those IPs on. A person renting IP space will have to either have their own infrastructure or use some hosting services to use the IPs. >> Anyone from IPXO on the list that might explain what the network operators >> are doing to combat spam these days? Since the leased IP space is not used anywhere within our owned infrastructure, we do not get to see or control what goes out into the internet. Due to this reason, we are primarily reactionary in our approach - all the IP space has our Abuse-c, so we could observe all the abuse reports generated and act upon them. We of course forward all of them to the lessees, who are all primarily resellers and take actions if the reported abuse does not get acted upon. Of course, this approach is very limited so we are currently developing multiple solutions that will allow as to be more proactive in our approach - e.g. we are working on an automated alerting system for rDNS changes, to be able to notice such cases as reported below, before it gets to be used for nefarious purposes. Until we get that finished and running, reports as that one does help us out, please never hesitate to report at abuse-t...@ipxo.com. I hope this brings at least a tiny bit of clarity, Gustavas D IPXO Abuse Prevention Team -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Jarland Donnell via mailop Sent: Thursday, November 24, 2022 6:07 PM To: mailop@mailop.org Subject: Re: [mailop] Another interesting batch of suspicious activity on an IPXO network.. When I first tested the IPXO network they required me to pay them a custom fee to exclude my services from their internal mail scanner. They would otherwise downgrade connections from SSL and intercept the SMTP traffic, then scan the contents of emails for spam. I can't imagine that still functions given the amount of spam sent from their networks, and most companies that deploy systems like that purchase very expensive appliances rather than build their own, which would be quite a waste of money to just give up on so quickly. Anyone from IPXO on the list that might explain what the network operators are doing to combat spam these days? On 2022-11-24 09:40, Michael Peddemors via mailop wrote: > I don't think all these companies are operating on this network.. > > Eg.. > > host -t TXT hostedexchange.co.il > hostedexchange.co.il descriptive text "v=spf1 ip4:212.143.142.84 > ip4:194.90.28.61 -all" > > Obvious attempts to hide activity using legitimate companies? > > # 84.32.92.4 1 mail01.info.messe-muenchen.de > # 84.32.92.6 1 mail.suminet.com > # 84.32.92.13 1 out3.mail.studentaid.gov > # 84.32.92.14 1 out4.mail.studentaid.gov > # 84.32.92.16 1 out9.mail.studentaid.gov > # 84.32.92.18 1 out2.mail.studentaid.gov > # 84.32.92.22 1 stl-mta-dmz-02-pub.dol.gov > # 84.32.92.30 1 mail.bpd.ci.buffalo.ny.us > # 84.32.92.36 2 lmta224.e.sharkninja.com > # 84.32.92.40 1 mail.beind.com > # 84.32.92.42 1 mail2.cncloud.co.il > # 84.32.92.45 1 kinneret4.kinneret.co.il > # 84.32.92.46 1 relay2.mpv.co.il > # 84.32.92.48 1 mail.hishtil.com > # 84.32.92.50 1 owa.s-wear.co.il > # 84.32.92.53 1 webstore.od.co.il > # 84.32.92.56 1 mail.gestec.co.il > # 84.32.92.62 1 smtp.hostedexchange.co.il > # 84.32.92.65 1 mail.almog-ltd.com > # 84.32.92.77 1 mail69.publicators.com > # 84.32.92.80 1 fbsnd01104-jc.im.kddi.ne.jp > # 84.32.92.83 1 fbsnd01101-jc.im.kddi.ne.jp > > .. might as well include the rest, in case someone on the list > operates one of these domains.. > > 84.32.92.85 1 snd00102-jc.im.kddi.ne.jp > 84.32.92.88 1 echtclxmr12ac10.ech.jpx.co.jp > 84.32.92.89 1 echtclxmr11ac10.ech.jpx.co.jp > 84.32.92.98 1 jmg2-aq.joshin.co.jp > 84.32.92.99 1 jmg2-ap.joshin.co.jp > 84.32.92.101 1 jmg2-an.joshin.co.jp > 84.32.92.103 1 jmg2-al.joshin.co.jp > 84.32.92.106 1 jmg-ao.joshin.co.jp > 84.32.92.107 1 jmg-an.joshin.co.jp > 84.32.92.113 1 john2.cantamen.de > 84.32.92.116 1 mout01.cdn.csl-computer.net > 84.32.92.117 1 > dwn-thor.deutsche-wirtschafts-nachrichten.de > 84.32.92.122 1 dev.otec.org > 84.32.92.126 1 mailer.acog.org > 84.32.92.137 1 e-bind.us > 84.32.92.142 1 ozmtabm02.ms.com > 84.32.92.146 1 ozmtaint01.ms.com > 84.32.92.154 1 mail01.www-101.aig.com > 84.32.92.159 2 mail1611.isramail.co.il > 84.32.92.162 1 mail03.marketing.nuance.com > 84.32.92.165 1 mail03.info.messe-muenchen.de > 84.32.92.167 1 gg9.uniki.de > 84.32.92.168 1 mail.balkanautomotive.rs > 84.32.92.173 1 dedi138.your-server.de > 84.32.92.182 1 gateway.rocketmarketing.it > 84.32.92.184 1 nl-he-1.abelssoft.de > 84.32.92.189 1 auris.cityhost.com.ua > 84.32.92.191 1 mailgw2.solucionait.com > 84.32.92.192 1 mx.dominos.ua > 84.32.92.199 1 a-06.wlk-msg.de > 84.32.92.201 1 gateway.sxm.it > 84.32.92.210 1 mta27-87.sears.com > 84.32.92.211 1 mta26-87.sears.com > 84.32.92.220 1 mta16-87.toms.com > 84.32.92.221 1 vmta15.87.lstrk.net > 84.32.92.223 1 vmta13.87.lstrk.net > 84.32.92.224 1 vmta12.87.lstrk.net > 84.32.92.227 1 vmta255.86.lstrk.net > 84.32.92.230 1 vmta249.86.lstrk.net > 84.32.92.233 1 vmta245.86.lstrk.net > 84.32.92.235 1 vmta243.86.lstrk.net > 84.32.92.239 1 vmta238.86.lstrk.net > 84.32.92.243 1 vmta234.86.lstrk.net > 84.32.92.246 1 vmta231.86.lstrk.net > > -- > "Catch the Magic of Linux..." > ---------------------------------------------------------------------- > -- Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company > - For More Info http://www.wizard.ca "LinuxMagic" a Registered > TradeMark of Wizard Tower TechnoServices Ltd. > ---------------------------------------------------------------------- > -- > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and > intended solely for the use of the individual or entity to which they > are addressed. > Please note that any views or opinions presented in this email are > solely those of the author and are not intended to represent those of > the company. > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
