Re: [mailop] [E] Duplicated DMARC reports from Google and Yahoo

[Brandon Long via mailop]

Four copies?  That's odd.  If you give me the message-id and date for one
of those, I can have someone take a look.  Last I knew, the job that
send reports has some redundancy, but there's supposed to be a final step
which compares whether a given message had already been sent, it's possible
that part broke at some point... it always felt kind of a fragile hack.

Brandon

On Thu, Aug 5, 2021 at 9:09 AM Jaroslaw Rafa via mailop 
wrote:

> Dnia  5.08.2021 o godz. 08:03:39 Marcel Becker via mailop pisze:
> > If they are indeed the same (ie: the actual report in the attachment is
> the
> > same and not for a different recipient domain) feel free to share
> examples
> > with me.
>
> Well, those from Yahoo are actually from different domains (yahoo.fr,
> yahoo.co.uk etc.) - I did not check very thoroughly, just assumed it's the
> same case as with Google. I apologize :). But for Google, it is still true,
> I checked it very detailed and multiple times - they are exactly the same
> and I usually get 4 copies of DMARC reports from Google.
> --
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brett Schenker via mailop]

Coming from the political/non-profit side of things, when the revenue drops
is when they pay attention. If open rates are 0 or blocks are through the
roof, they take notice and will change their habits. The people that click
spend don't want to explain to their bosses why things have tanked.

On Thu, Aug 5, 2021 at 7:24 PM Anne P. Mitchell, Esq. via mailop <
mailop@mailop.org> wrote:

>
> Brielle wrote:
>
> > Litigation is WAY overused to resolve issues.
>
> I generally agree.  However, on the other hand it's a pretty good way to
> get the attention of people who *know* they are doing wrong, and continue
> to do it unrepentingly all the way to the bank.
>
> Anne "Cartoony at Large" Mitchell
>
> --
> Anne P. Mitchell,  Esq.
> Dean of Cyberlaw and Cyber Security, Lincoln Law School
> Author: Section 6* of the Federal Email Marketing Law (CAN-SPAM)
>  *Why yes, I *did* have a certain unrepentant coffee entity in mind
>when I wrote the vendor liability section of CAN-SPAM
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: MAPS Anti-Spam Blacklist
> Location: Boulder, Colorado
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:41 AM, John Levine wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?


Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.



So, just an update...

I can confirm, for sure, that there's no actual Zoom / Sendgrid 
unsubscribe link in the spams based on the most recent spams that I 
allowed in to analyze.  Only 'unsubscribe' link (notice the quotes) is a 
highly questionable Google Forms 'unsubscribe' run by the spammer 
themselves.


In fact, and you are going to LOVE this, the spams, being sent through 
IPs with zoom RNDS, owned by Sendgrid, _don't even have any content that 
links to anything on zoom_.


All the content directs you to go to Google Forms (forms.gle) which then 
take down personal information which purports to be for the supposed 
zoom webinar.


I'm not kidding.  Zoom (by way of Sendgrid) are essentially allowing 
people to use their platform to send spam with no content linking 
directly back to Zoom - only to Google Forms (in this case).


What is going on over there, Zoom?  That's insane that you are allowing 
customers to basically use your Sendgrid account to pretty much send 
anything they want with no forced Zoom/Sendgrid unsubscribe link that 
the spammers have no control over.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Chris via mailop]

There's also the notion of Canspam Act.  Where *both* the notion of 
spamming, and no unsubscribe options are illegal.


A few years ago, I constructed a complaint that resulted in a fairly 
large company receiving a fine.


I've got lots of samples in domains defunct for 20+ years, and others 
where users have never existed, maybe I should do it again.  I'm not 
sure if I'm seeing the vietnamese stuff, but there certainly is a lot of 
"loan shit".


Do note that Canspam makes little distinction between ESPs, customers 
and 3rd parties.


I'll have to talk to my contacts and see if this is on the menu at this 
time.


On 2021-08-05 11:41 a.m., John Levine via mailop wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?


Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] HIPAA compliant email (was Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?)

[John Levine via mailop]

It appears that Dave Warren via mailop  said:
>I have not yet found a doctor's office able to S/MIME or PGP, not that I 
>have either configured, but I would immediately and happily set it up if 
>I could get away from phone calls and long talky voicemail messages 
>(which just end up transcribed in my email anyway).

My doctor does the check the web site thing that works surprisingly well.

Now and then I send them a picture via the web site of something that looks
odd, e.g., a rash.  Sometimes they say it looks fine, now and then they say
better come in.  It's avoided a lot of needless visits and long phone calls.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Anne P. Mitchell, Esq. via mailop]

Brielle wrote:

> Litigation is WAY overused to resolve issues.

I generally agree.  However, on the other hand it's a pretty good way to get 
the attention of people who *know* they are doing wrong, and continue to do it 
unrepentingly all the way to the bank.

Anne "Cartoony at Large" Mitchell

--
Anne P. Mitchell,  Esq.
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6* of the Federal Email Marketing Law (CAN-SPAM)   
 *Why yes, I *did* have a certain unrepentant coffee entity in mind 
   when I wrote the vendor liability section of CAN-SPAM
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] HIPAA compliant email (was Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?)

[Dave Warren via mailop]

On 2021-08-05 09:47, John Levine via mailop wrote:

It appears that Luis E. Muñoz via mailop  said:

Out of curiosity, and recognizing that this would be a separate thread,
what makes email non-compliant, considering that fax seems to be
compliant? Just in case, this is a serious question of mine.


It's supposed to be end-to-end encrypted, for some version of end-to-end.

Since vanishingly few patients are au courant with S/MIME and PGP, in practice
it means that they take the Paypal approach, and the mail only says you have a
message, log into our web site to see what it is.  If the patient wants to send
a message to the doctor, log into the web site and hit the New Message button.

I do know a few physicians who correspond directly with some patients under the
theory that the patient has knowingly waived the encryption but I don't think 
it's
ever had a legal test.


Even more annoying is a secure request to "please send the requested 
private medical data to some.doctor6...@gmail.com", which could be 
knowingly waiving the encryption requirement if I did, but wouldn't be 
knowingly waiving the encryption requirement if my grandmother did.


I have not yet found a doctor's office able to S/MIME or PGP, not that I 
have either configured, but I would immediately and happily set it up if 
I could get away from phone calls and long talky voicemail messages 
(which just end up transcribed in my email anyway).


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:41 AM, John Levine via mailop wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?

Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.


As much as part of me would get a kick out of that...  I also don't know 
how much of a positive outcome it would have.


Admittedly, I come from this as a very rabid spam fighter...  But also 
these days as someone who maintains and consults e-commerce stuff 
(including marketing, somewhat to my own disappointment).


I want to work with people to solve these issues much in the way I hope 
someone would work with me if I was in a similar situation.


Litigation is WAY overused to resolve issues.

Unfortunately, as long as the promise of dump trucks of cash prove to be 
more of an influencing factor than being part of a properly functioning 
global internet...


Sigh.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Once again, please fix your PTR records? Someone asleep at the wheel over at GoSecure?

[Michael Peddemors via mailop]

208.80.201.171  x1  vx1.email-protect.gosecure.net
208.80.201.172  x1  
208.80.201.173  x5  
208.80.201.174  x3  
208.80.202.5x21 smtp.email-protect.gosecure.net
208.80.202.7x29 smtp.email-protect.gosecure.net
208.80.203.5x30 smtp.email-protect.gosecure.net
208.80.203.6x20 smtp.email-protect.gosecure.net

Note, they also seem to have a problem with too many emails going out to 
too many invalid email addresses.. (Hey, that's how we can tell when 
SendGrid IP(s) are up to bad things ;)



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming? - the MEME

[G. Miliotis via mailop]

On 2021-08-05 21:51, Brielle via mailop wrote:



Looks like some of the topics of the spam is starting to gravitate 
towards current events...


ESP to spamming customer: "improve the quality of your mailings, stop 
sending people mail they don't want or we will have to ask you again to 
stop, repeatedly - btw your invoice is due"


spamming customer: goes through queue, deletes old spam mailings. Sends 
new spam dealing with current events, considers it "relevant" and 
therefore desirable. Sees nothing wrong with this.


The Internet: still doesn't block ESP

Users: Maybe I should buy one of those Vietnamese coronavirus masks - 
some die of coronavirus


Mail admins: FML

E-mail as a whole: In the ICU


Enjoy your summer everyone!
--GM



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 8:53 AM, Brielle via mailop wrote:

On 8/4/21 5:40 PM, Luke via mailop wrote:
The account in question was told they need to clean up their act about 
4 weeks ago.


Thank you for following up with this information.  Its much appreciated.



Just another followup, having looked through my logs, new subject lines 
from the Zoom/Sendgrid spams for those keeping score...


Khẩu Trang Diệt Virus Corona 99% - Luôn Đồng Hành Cùng Việt Nam Vượt Qua 
Đại Dịch - "Masks Kill Corona Virus 99% - Always Accompanying Vietnam to 
Overcome the Pandemic"


✅ [Tin buổi sáng] NHỮNG BẤT ĐỘNG SẢN NÀO CÓ NGUY CƠ GIẢM GIÁ? - "✅ 
[Morning News] WHAT REAL ESTATE RISK OF DISCOUNT?"



Looks like some of the topics of the spam is starting to gravitate 
towards current events...


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Duplicated DMARC reports from Google and Yahoo

[John Levine via mailop]

It appears that Andreas Schamanek via mailop  said:
>
>On Thu, 5 Aug 2021, at 13:50, Jaroslaw Rafa via mailop wrote:
>
>> In my case, the address to receive DMARC reports is exempt from 
>> greylisting, so this could not be the reason. My server is also not 
>> too busy, so it's quite improbable that they get a 4xx reply due to 
>> queueing.
>
>+1
>
>I'd be surprised if these duplicate reports were not a widespread 
>observation.

I also see them but since the dups have the same serial number, they are not 
hard to skip.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] HIPAA compliant email (was Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?)

[Matt Harris via mailop]

On Thu, Aug 5, 2021 at 10:24 AM Luis E. Muñoz via mailop 
wrote:

>
>
> On 5 Aug 2021, at 10:26, yuv via mailop wrote:
>
> > If anyone can suggest an email relay system that is compliant with US
> > HIPAA , I would love to connect
> > my internal email system to it and outsource email deliverability
> > problems.
>
> Out of curiosity, and recognizing that this would be a separate thread,
> what makes email non-compliant, considering that fax seems to be
> compliant? Just in case, this is a serious question of mine.
>

IANAL, but...

As a very general rule, if you're a covered entity and you're going to
transmit EPHI through or have an organization store EPHI, then you'd need
to have a Business Associate Agreement (BAA) with that organization (the
BAA outlines the responsibilities of each organization) and they'd have to
take certain steps to ensure that they are compliant, which includes things
like training for their staff who touch such things, policies and
procedures regarding how that EPHI is stored and/or transmitted, etc. EPHI
is electronic patient health information and is specifically defined in
HIPAA itself so the rules are rather clear on what types of data need to be
covered and what don't.

There is nothing that specifically makes email non-compliant and there are
in fact covered entities who transmit EPHI via email. It's a bit
frowned-upon, however, because of the encryption requirement for EPHI in
transit, so most organizations run HTTPS based portals instead. Of course,
the credentials used to access those portals usually require only access to
the associated email address to be reset. That said, when email is used,
the EPHI is generally stored in an encrypted file which is attached, such
as an encrypted zip file, in order to satisfy the encryption requirement.
I've seen this done where the encrypted zip file was attached to an email,
the text of which included the passphrase required to decrypt it. ;)

- mdh

Matt Harris|Infrastructure Lead
816-256-5446|Direct
Looking for help?
Helpdesk|Email Support
We build customized end-to-end technology solutions powered by NetFire Cloud.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:38 AM, Jaroslaw Rafa via mailop wrote:

Definitely your memory fails, or your understanding fails;). First, I was
not talking about "everyone who runs junk / spam filters", but specifically
about Google.


Bringing against one just opens the door for more.  The minute you 
create that opening, it's over.


This is why the mere mention of a lawsuit will make you the target of 
very unpleasant words and disgust.



Second, it was a part of a longer thread where somebody came
up earlier with an idea of a lawsuit, I only was discussing it further...

> 

Actually, to quote you from that thread (now that I have my laptop in 
front of me)...



Of course, nobody can succeed individually in a lawsuit against Google. But
maybe *all* senders who are facing this issue should unite and sue Google
together. Even if the lawsuit itself fails, it would probably get big media
coverage (especially if it will be presented as "discrimination" of small
senders by a big company, etc.), and that media coverage itself could cause
Google to rethink their policy... 


So yeah, you actually did kinda endorse this idea of a lawsuit.

But, I guess its all up to a matter of interpretation.




Specifically against google knowing it would fail… but you just wanted the
publicity.

And it was exactly explained in that email you are referring to why the
publicity. Because it's the only thing that can cause big companies running
over-aggressive and uncontrollable spam filters to change their behavior.



See, I have problems with deliiverability to Google and Hotmail all the 
time - both personal, and ecommerce order shipment notifications and the 
likes.


The only difference is, that I wouldn't ever dream of floating the idea 
of trying to force them legally to allow me to deliver mail, even if it 
was just for publicity reasons.


I can berate and criticize them here, on other mailing lists, on Reddit, 
on twitter, and elsewhere and have just as much of an effect without the 
whole cart00ney aspect.


Everyone knows I'm an extremely aggressive spam fighter.  Hell, I 
berated a guy who was dying from something that was trying to push his 
FUSSP a few years ago.


Yep, I'm that huge of an asshole.

But...  I respect Google's and Microsoft's right to handle their 
filtering their own way - even if I feel that as a much bigger 
gatekeeper they need to be much much more careful.



--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 08:57:22 Marcel Becker via mailop pisze:
> 
> > running over-aggressive spam filters, knowing that there will be many false
> > positives and not caring about them.
> >
> 
> This is an assumption you make. On the flip side though -- given the 90% I
> mentioned --  making the smallest changes to decrease false positives,
> might have disastrous effects on spam (or worse) hitting users' inboxes.
> They are usually not happy about this either -- or do things they should
> not be doing.

That leads us to the only correct conclusion - the root cause of the
problem is that the big email providers have just become too big, up to the
point where it is impossible to manage their spam filtering correctly,
because they either will be filtering out legitimate emails or letting spam
go through. And because they are so big, most new users choose their email
service, just because they are so big and popular, what makes things even
worse (for the small senders, of course the big providers are happy with
increasing number of their users ;)).

Don't let us be fooled with numbers like 90%. Even if the false positive
rate is 0,001%, with the volume of the email those big providers are
processing, it is still a substantial number of people whose email didn't
get through, and it is a *real problem* for these people. Knowing the
numbers you quote doesn't help them in any way with their problem.

As someone already mentioned in this discussion, email was never meant to be
so centralized. And because of this centralization, all the problem
happened.

Time for anti-monopoly law to come into play...?
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Duplicated DMARC reports from Google and Yahoo

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 08:03:39 Marcel Becker via mailop pisze:
> If they are indeed the same (ie: the actual report in the attachment is the
> same and not for a different recipient domain) feel free to share examples
> with me.

Well, those from Yahoo are actually from different domains (yahoo.fr,
yahoo.co.uk etc.) - I did not check very thoroughly, just assumed it's the
same case as with Google. I apologize :). But for Google, it is still true,
I checked it very detailed and multiple times - they are exactly the same
and I usually get 4 copies of DMARC reports from Google.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Marcel Becker via mailop]

On Thu, Aug 5, 2021 at 8:41 AM Jaroslaw Rafa via mailop 
wrote:

discriminating small senders, by not trusting those senders by default
>

More than 90% of the stuff hitting us is garbage. So I think not trusting
anybody by default is not a bad idea.


> running over-aggressive spam filters, knowing that there will be many false
> positives and not caring about them.
>

This is an assumption you make. On the flip side though -- given the 90% I
mentioned --  making the smallest changes to decrease false positives,
might have disastrous effects on spam (or worse) hitting users' inboxes.
They are usually not happy about this either -- or do things they should
not be doing.

- Marcel
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[John Levine via mailop]

It appears that Brielle via mailop  said:
>There's also the matter of the lack of unsubscribe...  Has zoom 
>explained why they are allowing their customers to send unconfirmed 
>opt-out mail with no unsubscribe option?

Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] HIPAA compliant email (was Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?)

[John Levine via mailop]

It appears that Luis E. Muñoz via mailop  said:
>Out of curiosity, and recognizing that this would be a separate thread, 
>what makes email non-compliant, considering that fax seems to be 
>compliant? Just in case, this is a serious question of mine.

It's supposed to be end-to-end encrypted, for some version of end-to-end.

Since vanishingly few patients are au courant with S/MIME and PGP, in practice
it means that they take the Paypal approach, and the mail only says you have a
message, log into our web site to see what it is.  If the patient wants to send
a message to the doctor, log into the web site and hit the New Message button.

I do know a few physicians who correspond directly with some patients under the
theory that the patient has knowingly waived the encryption but I don't think 
it's
ever had a legal test.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 08:30:17 Brielle via mailop pisze:
> *squints her eyes as she recognizes the name Jaroslaw Rafa*
> 
> I may not have the best memory these days, but I seem to remember you are
> the one who wanted to bring lawsuits against everyone who runs junk / spam
> filters.
> 
> Message-ID: <20191007155046.gb21...@rafa.eu.org>

Definitely your memory fails, or your understanding fails ;). First, I was
not talking about "everyone who runs junk / spam filters", but specifically
about Google. Second, it was a part of a longer thread where somebody came
up earlier with an idea of a lawsuit, I only was discussing it further. Third, 
the
hypothetical lawsuit should be not because of running junk/spam filters, but
because of - which I specifically mentioned - discriminating small
senders, by not trusting those senders by default just because they are too
small, which results in classifying mail from these senders as spam,
regardless if it is actually spam or not. (I still suffer this problem from
Google from time to time; especially when I post a lot to mailing lists like
this one, my mails start suddenly going to spam at Gmail).

This is exactly the bad practice I was talking about in this very thread -
running over-aggressive spam filters, knowing that there will be many false
positives and not caring about them. For me, a false positive is a worst
thing in spam filtering. In my opinion, one should avoid false positives *at
all cost*, even if it should mean slightly less effective spam filtering.
Because false positives break communications - that's what I just wrote
about.

> Specifically against google knowing it would fail… but you just wanted the
> publicity.

And it was exactly explained in that email you are referring to why the
publicity. Because it's the only thing that can cause big companies running
over-aggressive and uncontrollable spam filters to change their behavior.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Duplicated DMARC reports from Google and Yahoo

[Marcel Becker via mailop]

Hi,

On Thu, Aug 5, 2021 at 3:46 AM Jaroslaw Rafa via mailop 
wrote:

>
> Those from Google come usually in 4 copies, with those from Yahoo the
> number
> varies from 2 to 14 (that seems to be maximum number I got).
>

If they are indeed the same (ie: the actual report in the attachment is the
same and not for a different recipient domain) feel free to share examples
with me.

Cheers,
Marcel
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] HIPAA compliant email (was Re: So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?)

[Luis E . Muñoz via mailop]

On 5 Aug 2021, at 10:26, yuv via mailop wrote:


If anyone can suggest an email relay system that is compliant with US
HIPAA , I would love to connect
my internal email system to it and outsource email deliverability
problems.


Out of curiosity, and recognizing that this would be a separate thread, 
what makes email non-compliant, considering that fax seems to be 
compliant? Just in case, this is a serious question of mine.


Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/4/21 5:40 PM, Luke via mailop wrote:
The account in question was told they need to clean up their act about 4 
weeks ago. A week later we saw their overall sending volume drop by more 
than 66%. Bounces and spam report percentages dropped. That data, along 
with some unscientific subject line analysis, it is clear that they have 
made significant positive changes to their sending. Clearly they still 
have work to do. We appreciate the continued communication, and we will 
continue to push them to close this abuse vector on their service.


Thank you for following up with this information.  Its much appreciated.

How does their bounce handling work in cases like this?

My system is sending hard rejects as soon as the primary system filter 
sees a certain pattern in the body of the webinar spams, so the sendgrid 
side should be seeing this as a perm failure.


There's also the matter of the lack of unsubscribe...  Has zoom 
explained why they are allowing their customers to send unconfirmed 
opt-out mail with no unsubscribe option?



--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[yuv via mailop]

On Thu, 2021-08-05 at 22:52 +1000, Noel Butler via mailop wrote:
> On 05/08/2021 19:07, Jaroslaw Rafa via mailop wrote:
> 
> > I would never block an entire server/provider, no matter big or
> > small, unless the server/provider sends spam *only* and not any
> > legitimate emails.
> > 
> pt  NEWSFLASH  the blocking is to the advantage of end users
> 

One mailop's spammer is another mailop's end user.  Hold off your
fire...


> you run your spam infested network the way you want, and i'll run
> mine the way I want.

THIS is the main reason why internet email is doomed for failure and
why I second the following, earlier statement in another thread:

On Fri, 2021-07-30 at 19:19 +0800, Philip Paeps via mailop wrote:
> On 2021-07-30 18:10:23 (+0800), G. Miliotis via mailop wrote:
> > We're just managing our misery here.
> 
> That's a great tag line for mailop@. :-)


Truth is: internet email sits on a fault line that is more poisonous
than the magma fumes emanating from geophysical fault lines.  Email
works fairly well as an internal service because one mailop rules all
users.  Email fails utterly when mailops serve interests on opposite
sides of the fault line.

Trying to deliver internet email today is more complex and difficult
than trying to effect legal service on an absconding defendant.  "The
dog ate the envelope" is no excuse, even if the dog is some fancy
experimental M$ AI trying to second guess recipient's interest and
punish bad actors according to its own rules, arguably arbitrary.

When an end user cannot rely on internet email to deliver messages,
they will look for alternatives.  Internet email is being bypassed left
and right by messaging platforms with tighter controls.  Spammers are
trying to infiltrate those platforms too, but with much less success
than internet email.

If anyone can suggest an email relay system that is compliant with US
HIPAA , I would love to connect
my internal email system to it and outsource email deliverability
problems.

Regards,
Yuv
--
Yuval Levy, JD, MBA, CFA
Ontario-licensed lawyer


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Hans-Martin Mosner via mailop]

5. August 2021 14:52, "Noel Butler via mailop" mailto:mailop@mailop.org?to=%22Noel%20Butler%20via%20mailop%22%20)>
 schrieb:
pt NEWSFLASH the blocking is to the advantage of end users
(sorry for inital empty response, mail program malfunction)

If you block only spammers you'd be right. But SendGrid is one of the sorry 
cases where you have spam and legit, sometimes important e-mails coming from 
the same network. Your users won't be happy if you reject their order 
confirmations or online tickets.

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Hans-Martin Mosner via mailop]

5. August 2021 14:52, "Noel Butler via mailop" mailto:mailop@mailop.org?to=%22Noel%20Butler%20via%20mailop%22%20)>
 schrieb:
pt NEWSFLASH the blocking is to the advantage of end users
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Noel Butler via mailop]

On 05/08/2021 19:07, Jaroslaw Rafa via mailop wrote:


Dnia  5.08.2021 o godz. 11:18:55 Noel Butler via mailop pisze:


This only happens because as demonstrated here many are too scared
to block the bigger mail senders/providers - and since these gutless
so and so's publicly admit it, the big boys know it, so have little
reason to be motivated to "clean up their act".


I would never block an entire server/provider, no matter big or small,
unless the server/provider sends spam *only* and not any legitimate 
emails.


If there are even few legitimate emails from this IP address, I would 
never
block it. Because email is all about communications, and I don't want 
to

sacrifice actual communications in order to fight spam aggresively.

I don't care about providers, I do care about end users. Someone who 
wants
to send an email and someone who wants to receive it. Their ability to 
send
and receive emails should NOT be harmed in any way because I want to 
fight

spam. Yes, obviously I do want to fight spam, but NEVER at the cost of
someone losing actual email.


pt  NEWSFLASH  the blocking is to the advantage of end users

nobody wakes up one morning and says who are we gonna blacklist today 
for no reason, if you are not doing your best to stop the trash getting 
to your users, you are not doing your job, or, you just DGAF about them


We've done this since the 90's and nobodys said " oh how dare you" well, 
nobody but the spammers - yes I've had 2 in my lifetime who had the 
nerve  to call us, admit they were spamming and demand we unblock 
them... I dunno, must have had a bad batch of drugs I guess.


and in case you still aint grasped it,  I block these f'wits for the 
benefit of and to protect users, many of whom are not geeks and in their 
80s and wouldnt know how to tell a phishing email.


you run your spam infested network the way you want, and i'll run mine 
the way I want.


--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Duplicated DMARC reports from Google and Yahoo

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 13:00:38 Peter Nicolai Mathias Hansteen via mailop 
pisze:
> 
> queries, I have always sort of shrugged this phenomenon off with thinking
> it’s likely that their sending setup for those reports has not been told
> about greylisting, or for that matter, queueing.

In my case, the address to receive DMARC reports is exempt from greylisting,
so this could not be the reason. My server is also not too busy, so it's
quite improbable that they get a 4xx reply due to queueing.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Duplicated DMARC reports from Google and Yahoo

[Peter Nicolai Mathias Hansteen via mailop]

> 5. aug. 2021 kl. 12:41 skrev Jaroslaw Rafa via mailop :
> 
> Could anybody explain why are these reports sent multiple times? This never
> happened with regular mail I receive from either Google or Yahoo.

I see exactly the same as you described.

However since both firms you mention rarely if ever respond directly to 
queries, I have always sort of shrugged this phenomenon off with thinking it’s 
likely that their sending setup for those reports has not been told about 
greylisting, or for that matter, queueing.

Then again, if the source address we see is among the ones the sender domains 
publish as allowed senders in their SPF records, greylisting here should not be 
a factor (the setup we use is described after a somewhat wordy preamble in 
https://bsdly.blogspot.com/2018/11/goodness-enumerated-by-robots-or.html 
).

All the best,
Peter


—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.






signature.asc
Description: Message signed with OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Duplicated DMARC reports from Google and Yahoo

[Hans-Martin Mosner via mailop]

Am 05.08.21 um 12:41 schrieb Jaroslaw Rafa via mailop:
> Could anybody explain why are these reports sent multiple times? This never
> happened with regular mail I receive from either Google or Yahoo.

I'm seeing the same, and my guess is that they use a sloppy distributed system 
for sending out the reports which doesn't
properly ensure that reports are only sent once. My tool for handling and 
viewing them filters out the dupes, so I don't
even see them except when I look into that mailbox.

Deliver-only-once isn't really an important feature for DMARC reports.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Duplicated DMARC reports from Google and Yahoo

[Jaroslaw Rafa via mailop]

Hello,
recently I browsed through the DMARC reports I receive (I usually don't care
about them, as I have p=none in my DMARC policy; the DMARC record exists
*only* to satisfy Google's requirement for senders sending mail to Gmail,
as said here: https://support.google.com/mail/answer/81126?hl=en ) and I
noticed that DMARC reports from Google and Yahoo come duplicated multiple
times. I don't see this with any other domain.

Those from Google come usually in 4 copies, with those from Yahoo the number
varies from 2 to 14 (that seems to be maximum number I got). They have the
same timestamp in "Date:" header and exactly the same ZIP file with the
actual report attached, but the timestamp on "Received:" header is
different, they are sent from different IP addresses, and in the case of
Yahoo they have different Message-Ids (in case of Google the Message-Id is
identical, but Google's internal header "X-Gm-Message-State:" is different,
and also Google's internal "X-Received:" shows different IP address, SMTP id
and timestamp). So they are not duplicated somehow in my system, but are
actually sent multiple times. Server logs also confirm that they are sent
multiple times. The connection is closed properly each time like with any
other email, nothing unusual reported in the logs, so there seems to be no
reason for the sending system to repeat sending.

Could anybody explain why are these reports sent multiple times? This never
happened with regular mail I receive from either Google or Yahoo.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 11:18:55 Noel Butler via mailop pisze:
> 
> This only happens because as demonstrated here many are too scared
> to block the bigger mail senders/providers - and since these gutless
> so and so's publicly admit it, the big boys know it, so have little
> reason to be motivated to "clean up their act".

I would never block an entire server/provider, no matter big or small,
unless the server/provider sends spam *only* and not any legitimate emails.

If there are even few legitimate emails from this IP address, I would never
block it. Because email is all about communications, and I don't want to
sacrifice actual communications in order to fight spam aggresively.

I don't care about providers, I do care about end users. Someone who wants
to send an email and someone who wants to receive it. Their ability to send
and receive emails should NOT be harmed in any way because I want to fight
spam. Yes, obviously I do want to fight spam, but NEVER at the cost of
someone losing actual email.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Luke via mailop]

Hey Carl,

Not quite. In SendGrid-speak the term bounce is reserved for invalid
address responses. I know it isn't normal. I often forget to change my
register when I write out in the real world. The example you provided is
what we'd call a Block. So, when I said bounce percentages dropped I meant
strictly invalid address responses, which is usually (but not always)
related to a positive change in sending behavior or in the case of
multi-tenant users, kicking bad actors off their system.

On Wed, Aug 4, 2021 at 6:02 PM Carl Byington via mailop 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Wed, 2021-08-04 at 16:40 -0700, Luke via mailop wrote:
> > Bounces and spam report percentages dropped.
>
> I am probably not the only one that has SA blocking all mail from some
> of those senders.
>
> header SENDGRID4 X-Entity-ID =~ /7mxhBNMkQ9yfwz0A5\+NG7Q==/
>
> So are you tracking rejects where the recipient mail server replies with
> something like
>
> 550 5.7.1 Mail rejected - spam assassin score 19
>
> as a response to the smtp DATA command?
>
>
> -BEGIN PGP SIGNATURE-
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYQsx7hUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsEB7QCeIwIThGL0IEt08IIYGqRNY94P55oA
> n3MM3JYt8yimMmYMcoLNslCKBRVI
> =qfGU
> -END PGP SIGNATURE-
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop