That is great to hear, and I hadn't thought about when the IPs might be
announced elsewhere. Under that context, the amount of spam from the
IPXO network is actually probably fairly small relative to what it could
be. Look forward to seeing how the operation continues to grow, sounds
like you understand the problems you've inherited.
On 2022-11-25 08:33, Gustavas Davidavičius via mailop wrote:
Hello,
There seems to be some misunderstanding in what IPXO is and how it
operates.
When I first tested the IPXO network they required me to pay them a
custom fee to exclude my services from their internal mail scanner.
They would otherwise downgrade connections from SSL and intercept the
SMTP traffic, then scan the contents of emails for spam. I can't
imagine that still functions <..>
I believe you are referring to Heficed. I'm not sure when this
happened, but it must have been way before IPXO was born, because it's
been almost 2 years now, that Heficed no longer allows switching the
mailing filter off under any circumstances. I'm not sure if there was
some fee before I joined the company, but when I had joined there was
just a handful of exceptions made, which later turned into no
exceptions.
That system still works, if a certain spam threshold is reached,
Heficed completely blocks all SMTP traffic.
IPXO is what used to be the Heficed IP Marketplace, as a separate
entity. It's purely an IP lease platform - without any hardware to run
those IPs on. A person renting IP space will have to either have their
own infrastructure or use some hosting services to use the IPs.
Anyone from IPXO on the list that might explain what the network
operators are doing to combat spam these days?
Since the leased IP space is not used anywhere within our owned
infrastructure, we do not get to see or control what goes out into the
internet. Due to this reason, we are primarily reactionary in our
approach - all the IP space has our Abuse-c, so we could observe all
the abuse reports generated and act upon them. We of course forward all
of them to the lessees, who are all primarily resellers and take
actions if the reported abuse does not get acted upon.
Of course, this approach is very limited so we are currently developing
multiple solutions that will allow as to be more proactive in our
approach - e.g. we are working on an automated alerting system for rDNS
changes, to be able to notice such cases as reported below, before it
gets to be used for nefarious purposes. Until we get that finished and
running, reports as that one does help us out, please never hesitate to
report at abuse-t...@ipxo.com.
I hope this brings at least a tiny bit of clarity,
Gustavas D
IPXO Abuse Prevention Team
-----Original Message-----
From: mailop <mailop-boun...@mailop.org> On Behalf Of Jarland Donnell
via mailop
Sent: Thursday, November 24, 2022 6:07 PM
To: mailop@mailop.org
Subject: Re: [mailop] Another interesting batch of suspicious activity
on an IPXO network..
When I first tested the IPXO network they required me to pay them a
custom fee to exclude my services from their internal mail scanner.
They would otherwise downgrade connections from SSL and intercept the
SMTP traffic, then scan the contents of emails for spam. I can't
imagine that still functions given the amount of spam sent from their
networks, and most companies that deploy systems like that purchase
very expensive appliances rather than build their own, which would be
quite a waste of money to just give up on so quickly.
Anyone from IPXO on the list that might explain what the network
operators are doing to combat spam these days?
On 2022-11-24 09:40, Michael Peddemors via mailop wrote:
I don't think all these companies are operating on this network..
Eg..
host -t TXT hostedexchange.co.il
hostedexchange.co.il descriptive text "v=spf1 ip4:212.143.142.84
ip4:194.90.28.61 -all"
Obvious attempts to hide activity using legitimate companies?
# 84.32.92.4 1
mail01.info.messe-muenchen.de
# 84.32.92.6 1 mail.suminet.com
# 84.32.92.13 1 out3.mail.studentaid.gov
# 84.32.92.14 1 out4.mail.studentaid.gov
# 84.32.92.16 1 out9.mail.studentaid.gov
# 84.32.92.18 1 out2.mail.studentaid.gov
# 84.32.92.22 1 stl-mta-dmz-02-pub.dol.gov
# 84.32.92.30 1 mail.bpd.ci.buffalo.ny.us
# 84.32.92.36 2 lmta224.e.sharkninja.com
# 84.32.92.40 1 mail.beind.com
# 84.32.92.42 1 mail2.cncloud.co.il
# 84.32.92.45 1 kinneret4.kinneret.co.il
# 84.32.92.46 1 relay2.mpv.co.il
# 84.32.92.48 1 mail.hishtil.com
# 84.32.92.50 1 owa.s-wear.co.il
# 84.32.92.53 1 webstore.od.co.il
# 84.32.92.56 1 mail.gestec.co.il
# 84.32.92.62 1 smtp.hostedexchange.co.il
# 84.32.92.65 1 mail.almog-ltd.com
# 84.32.92.77 1 mail69.publicators.com
# 84.32.92.80 1 fbsnd01104-jc.im.kddi.ne.jp
# 84.32.92.83 1 fbsnd01101-jc.im.kddi.ne.jp
.. might as well include the rest, in case someone on the list
operates one of these domains..
84.32.92.85 1 snd00102-jc.im.kddi.ne.jp
84.32.92.88 1 echtclxmr12ac10.ech.jpx.co.jp
84.32.92.89 1 echtclxmr11ac10.ech.jpx.co.jp
84.32.92.98 1 jmg2-aq.joshin.co.jp
84.32.92.99 1 jmg2-ap.joshin.co.jp
84.32.92.101 1 jmg2-an.joshin.co.jp
84.32.92.103 1 jmg2-al.joshin.co.jp
84.32.92.106 1 jmg-ao.joshin.co.jp
84.32.92.107 1 jmg-an.joshin.co.jp
84.32.92.113 1 john2.cantamen.de
84.32.92.116 1 mout01.cdn.csl-computer.net
84.32.92.117 1
dwn-thor.deutsche-wirtschafts-nachrichten.de
84.32.92.122 1 dev.otec.org
84.32.92.126 1 mailer.acog.org
84.32.92.137 1 e-bind.us
84.32.92.142 1 ozmtabm02.ms.com
84.32.92.146 1 ozmtaint01.ms.com
84.32.92.154 1 mail01.www-101.aig.com
84.32.92.159 2 mail1611.isramail.co.il
84.32.92.162 1 mail03.marketing.nuance.com
84.32.92.165 1 mail03.info.messe-muenchen.de
84.32.92.167 1 gg9.uniki.de
84.32.92.168 1 mail.balkanautomotive.rs
84.32.92.173 1 dedi138.your-server.de
84.32.92.182 1 gateway.rocketmarketing.it
84.32.92.184 1 nl-he-1.abelssoft.de
84.32.92.189 1 auris.cityhost.com.ua
84.32.92.191 1 mailgw2.solucionait.com
84.32.92.192 1 mx.dominos.ua
84.32.92.199 1 a-06.wlk-msg.de
84.32.92.201 1 gateway.sxm.it
84.32.92.210 1 mta27-87.sears.com
84.32.92.211 1 mta26-87.sears.com
84.32.92.220 1 mta16-87.toms.com
84.32.92.221 1 vmta15.87.lstrk.net
84.32.92.223 1 vmta13.87.lstrk.net
84.32.92.224 1 vmta12.87.lstrk.net
84.32.92.227 1 vmta255.86.lstrk.net
84.32.92.230 1 vmta249.86.lstrk.net
84.32.92.233 1 vmta245.86.lstrk.net
84.32.92.235 1 vmta243.86.lstrk.net
84.32.92.239 1 vmta238.86.lstrk.net
84.32.92.243 1 vmta234.86.lstrk.net
84.32.92.246 1 vmta231.86.lstrk.net
--
"Catch the Magic of Linux..."
----------------------------------------------------------------------
-- Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company
- For More Info http://www.wizard.ca "LinuxMagic" a Registered
TradeMark of Wizard Tower TechnoServices Ltd.
----------------------------------------------------------------------
--
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and
intended solely for the use of the individual or entity to which they
are addressed.
Please note that any views or opinions presented in this email are
solely those of the author and are not intended to represent those of
the company.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
