And another wave today, yet again from CloudFilter.
We spoke with AWS Abuse and they decline all responsibility, claiming
their client is filtering 99.9% of the mail traffic and that's the
best they can do.
We told them that they, AWS, are ultimately responsible for what goes
through their IPs but I don't think they care too much.
I guess we have no choice but to filter stuff from cloudfilter.net
now.
Received: from omta034.useast.a.cloudfilter.net
(omta034.useast.a.cloudfilter.net [44.202.169.33])
by mx.emailarray.com (Haraka) with ESMTPS id
A94A689F-5CF1-4129-BD87-2E608BA5D643.2
envelope-from
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384
verify=FAIL);
Wed, 07 Aug 2024 10:24:28 -0400
Received: from eig-obgw-6001a.ext.cloudfilter.net ([10.0.30.140])
by cmsmtp with ESMTPS
id bZ5fsgUIF1zuHbhaVsQNeu; Wed, 07 Aug 2024 14:24:28 +0000
Received: from gator2020.hostgator.com ([50.87.144.40])
by cmsmtp with ESMTPS
id bhaVsB4pGZlJQbhaVsU8Xb; Wed, 07 Aug 2024 14:24:27 +0000
X-Authority-Analysis: v=2.4 cv=DMBE4DNb c=1 sm=1 tr=0 ts=66b3839b
a=ueSkPEc9ueNp9A22YARoSQ==:117 a=zC5AX3HYMT+EoHwkre0kbA==:17
a=yoJbH4e0A30A:10 a=5KLPUuaC_9wA:10 a=M51BFTxLslgA:10
a=r77TgQKjGQsHNAKrUKIA:9 a=nfzXN_1D1vkDWGjo8XUA:9 a=_W_S_7VecoQA:10
a=lqcHg5cX4UMA:10 a=wPNLvfGTeEIA:10 a=vWwkikaltYQp0TN3N84A:9
a=HXjIzolwW10A:10 a=T6a71-JsGAwA:10 a=n9Fe_nV6AAAA:8
a=vXiE34uwAAAA:8
a=mynJFlJUAAAA:8 a=SSmOFEACAAAA:8 a=L3Y5zZzAAAAA:8 a=RqOAJGx8AAAA:8
a=d_t_tmITr0b0QPWdVagA:9 a=n3BslyFRqc0A:10 a=rls1ZAiwvL0A:10
a=wlHTxKAh8-WCeF7hZiUK:22 a=M9YSxTOCAEJbVCuXNoiI:22
a=zVbuR8iKQoxsB8yWCZ44:22
a=CkH0bDIUNILjiUS69-rs:22
Received: from [221.155.150.165] (port=34334 helo=[197.211.61.137])
by gator2020.hostgator.com with esmtpsa (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96.2)
(envelope-from )
Scott
On Tuesday, 06/08/2024 at 13:58 Ken Simpson via mailop wrote:
Hi Scott,
The use of AWS IPs is quite unique. Many receivers treat AWS IPs with
great suspicion, but it's not per se impossible to use them to send
email. You can ask Amazon to remove them from the PBL and with some
forms filled in, Amazon will allow you to deliver email from their
IPs. But handling abuse via the Amazon team is a pain, since it goes
through a level of indirection.
Regards,
Ken
On Tue, Aug 6, 2024 at 10:05 AM Scott Q. wrote:
Well, I'm pretty sure Endurance is a customer of CloudMark, not
Amazon, hence why I was trying to reach them here.
They probably use Amazon IPs because they don't want their really high
quality IPs tainted by these mail customers...
Scott
On Tuesday, 06/08/2024 at 12:37 Ken Simpson via mailop wrote:
Hi Scott,
webhostbox.net [1] is a domain name associated with the Endurance
International Group [2] (now part of Newfold Digital). HostGator,
Bluehost, Site5, and many other older hosting brands are incorporated
under the EIG banner. These older hosts often run ancient installs of
WordPress, Drupal, and other platforms that are easily exploited by
spamming and phishing groups.
The Cloudmark organization is generally responsive to abuse
complaints; however, the cloudfilter.net [3] hosts seem to be owned by
Amazon Web Services, so your best bet might be to send spam reports to
AWS (honestly I'm surprised Proofpoint doesn't use their own IPs for
this):
# whois.arin.net [4]
NetRange: 35.71.64.0 - 35.95.255.255
CIDR: 35.71.64.0/18 [5], 35.71.128.0/17 [6],
35.72.0.0/13 [7], 35.80.0.0/12 [8]
NetName: AT-88-Z
NetHandle: NET-35-71-64-0-1
Parent: NET35 (NET-35-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Amazon Technologies Inc. (AT-88-Z)
RegDate: 2019-04-15
Updated: 2024-02-01
Ref: https://rdap.arin.net/registry/ip/35.71.64.0
OrgName: Amazon Technologies Inc.
OrgId: AT-88-Z
Address: 410 Terry Ave N.
City: Seattle
StateProv: WA
PostalCode: 98109
Country: US
RegDate: 2011-12-08
Updated: 2024-01-24
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email) Without
these we will be unable to identify the correct owner of the IP
address at that point in time.
Ref: https://rdap.arin.net/registry/entity/AT-88-Z
Regards,
Ken
On Tue, Aug 6, 2024 at 6:47 AM Scott Q. via mailop wrote:
If anyone from CloudMark, or if not, ProofPoint is on the list. Your
client webhostbox.net [1] is Spamming like crazy and getting through
your outbound filters. Literally every day thousands and thousands of
phishing messages.
Here's another sample
Received: from omta38.uswest2.a.cloudfilter.net [9]
(omta38.uswest2.a.cloudfilter.net [9] [35.89.44.37])
by mx.emailarray.com [10] (Haraka) with ESMTPS id
0FCEA3A7-F363-4114-AABC-3E17D23B4849.1
envelope-from
(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384
verify=FAIL);
Tue, 06 Aug 2024 09:15:04 -0400
Received: from eig-obgw-6003a.ext.cloudfilter.net [11] ([10.0.30.151])
by cmsmtp with ESMTPS
id bDoksc7G2umtXbK1mssqkF; Tue, 06 Aug 2024 13:15:02 +0000
Received: from cp-in-20.webhostbox.net [12] ([216.10.240.60])
by cmsmtp with ESMTPS
id bK1jsXHUdV2ivbK1ks7EwD; Tue, 06 Aug 2024 13:15:01 +0000
Maybe up the filtering for this particular client of yours ? They
appear to get compromised easily and don't do much about it.
Thank you!
Scott _______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
--
Ken Simpson
CEO, MailChannels [13]
Facebook [14] | Twitter [15] | LinkedIn [16] | Help Center
[17]
Our latest case study video: watch here! [18]
--
Ken Simpson
CEO, MailChannels [13]
Facebook [14] | Twitter [15] | LinkedIn [16] | Help Center
[17]
Our latest case study video: watch here! [18]
Links:
------
[1] http://webhostbox.net
[2] https://en.wikipedia.org/wiki/Endurance_International_Group
[3] http://cloudfilter.net
[4] http://whois.arin.net
[5] http://35.71.64.0/18
[6] http://35.71.128.0/17
[7] http://35.72.0.0/13
[8] http://35.80.0.0/12
[9] http://omta38.uswest2.a.cloudfilter.net
[10] http://mx.emailarray.com
[11] http://eig-obgw-6003a.ext.cloudfilter.net
[12] http://cp-in-20.webhostbox.net
[13]
https://www.mailchannels.com/?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Website
[14] http://bit.ly/2dnoP3K
[15] http://bit.ly/2ehoWni
[16] http://bit.ly/2dw87lU
[17]
https://mailchannels.zendesk.com/hc/en-us?utm_source=Email%20Signature&utm_medium=Ken%20Simpson&utm_campaign=Help%20Center
[18] https://www.youtube.com/watch?v=psb41xDIL9k
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
