Re: [mailop] The oligopoly has won.

[Luke via mailop]

You are missing something..and that's okay. Someday it will hit home.

For now, let's just keep pushing for just the right laws. There are
definitely no trade offs to consider. People are the problem. Government is
the answer.

On Tue, Sep 13, 2022, 8:07 PM Ángel via mailop  wrote:

> On 2022-09-13 at 11:48 -0700, Luke wrote:
> > There's some serious irony throughout this thread. Out of one side of
> > our mouths we despise "oligopolies" and service providers who get too
> > big to block or, conversely, too big to care about their own spam
> > footprint. And out of the other side of our mouths we are begging for
> > security and privacy regulations that essentially make it impossible
> > for anyone other than a massive oligopoly to thrive. The cost of
> > adhering to the latest regulation-of-the-day is prohibitive to the
> > small operator's (sender or receiver) success. This is, of course, by
> > design. But it's really interesting to observe how confusing the
> > debate is when both sides lack anything resembling first principles.
> > Everything we do prevents the marketplace of ideas from actually
> > functioning and finding a solution. Then we feign outrage and harm
> > and confusion about why we don't have a viable solution to these
> > relatively innocuous problems. We have a large group of well-intended
> > people who think they are spending 100% of their focus-time solving
> > this problem. When, in fact, we have a large group of people spending
> > half their time fixing the problem and half their time
> > unintentionally (and unknowingly) making it worse.
> >
> > Luke
>
> Excuse my ignorance Luke, but what is it that makes so prohibitive? I
> am not aware of complex security and privacy regulations. In fact most
> of them should be common sense. Of course, you would still need a
> lawyer to ensure all checkboxes are ticked, but I don't think there are
> things complex to implement, really.
> Am I missing something?
>
> Kind regards
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Ángel via mailop]

On 2022-09-13 at 11:48 -0700, Luke wrote:
> There's some serious irony throughout this thread. Out of one side of
> our mouths we despise "oligopolies" and service providers who get too
> big to block or, conversely, too big to care about their own spam
> footprint. And out of the other side of our mouths we are begging for
> security and privacy regulations that essentially make it impossible
> for anyone other than a massive oligopoly to thrive. The cost of
> adhering to the latest regulation-of-the-day is prohibitive to the
> small operator's (sender or receiver) success. This is, of course, by
> design. But it's really interesting to observe how confusing the
> debate is when both sides lack anything resembling first principles.
> Everything we do prevents the marketplace of ideas from actually
> functioning and finding a solution. Then we feign outrage and harm
> and confusion about why we don't have a viable solution to these
> relatively innocuous problems. We have a large group of well-intended 
> people who think they are spending 100% of their focus-time solving
> this problem. When, in fact, we have a large group of people spending
> half their time fixing the problem and half their time
> unintentionally (and unknowingly) making it worse.
> 
> Luke

Excuse my ignorance Luke, but what is it that makes so prohibitive? I
am not aware of complex security and privacy regulations. In fact most
of them should be common sense. Of course, you would still need a
lawyer to ensure all checkboxes are ticked, but I don't think there are
things complex to implement, really.
Am I missing something?

Kind regards

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jarland Donnell via mailop]

The difference in philosophy on this topic is actually one of the more 
interesting discussions I've seen in a while. I'll throw my hat in the 
ring and see if it shakes loose any additional valuable opinions.


I can't block Gmail IPs, at all. It's on average 48% of who my clients 
communicate with. While they may be sympathetic to the fact that an IP 
of theirs sent spam, they will not hold anyone accountable for their 
missed email but me. So it comes down to this philosophical question:


If a tree falls in the woods and no one is there to hear it, does it 
make a sound? Similarly, if I block a Gmail IP for sending spam and I 
have no customers because they all left when I blocked Gmail IPs, am I 
holding anyone accountable or am I merely choosing not to feed my kids 
out of principle and then wondering why no one cares about my protest?


I actually do lose customers now because I block SendGrid IPs when they 
are identified as having sent spam to a customer (and only then). Many 
of my customers would rather their neighbors receive an endless barrage 
spam than hold one company accountable for trying to save money by using 
SendGrid shared IPs. But I take this stand, and I lose those customers, 
because it's a fight I decided to be statistically worth picking. Gmail 
is one fight I can't afford to pick though (assuming I would, and I'm 
not even really saying that I want to).


Do any of you feel as though you could hold Gmail accountable for 
anything and actually be heard at the same time? Because if you get 
fired as admin, or your users leave you, what good is theoretically 
holding them accountable? Genuine question, not meant to be 
confrontational.


On 2022-09-14 00:24, Jay Hennigan via mailop wrote:

On 9/13/22 16:13, John Levine via mailop wrote:


Um, why is it Google's fault that some random blacklist erroneously
listed some of their IPs?

As someone else said, it only makes sense to block IPs if you believe
they will never, ever send mail your users want.


That's not how blocklists work. They lists IPs that are sources of 
spam.


Mailservers get compromised. Client accounts get phished or hijacked
by spammers and used for a spam run. Spammers sign up with freemail
providers and send spam.

Blocklists absolutely should list these as spam sources, because they
are in fact spam sources. And when the spam problem is fixed, they
should delist them.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Philip Paeps via mailop]

On 2022-09-13 22:55:52 (+0800), Alan Hodgson via mailop wrote:

On Tue, 2022-09-13 at 09:30 +0100, Laura Atkins via mailop wrote:
That’s not what I’m seeing at all. What I’m seeing is 
complaints

that it’s difficult to host your own email without any real
commitment of resources (whether those resources be time or money).
A lot of the complaints I’m seeing are from folks who don’t want 
to

really pay for hosting at a reputable provider that takes action
against abuse. 


Who is this VPS provider that acts immediately on abuse and therefore
is never bulk-blocked at the majors? Is there one? More than one?
Define "really pay".


At least in my experience, Mythic Beasts fits this description.  I'm 
sure there are others.  But I agree that they are few and far between.


Philip

--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] what do we block, was The oligopoly has won.

[John Levine via mailop]

It appears that Jay Hennigan via mailop  said:
>On 9/13/22 16:13, John Levine via mailop wrote:
>
>> Um, why is it Google's fault that some random blacklist erroneously
>> listed some of their IPs?
>> 
>> As someone else said, it only makes sense to block IPs if you believe
>> they will never, ever send mail your users want.
>
>That's not how blocklists work. They lists IPs that are sources of spam.

Um, I am pretty sure that it is not 1995 any more.  

There are zillions of blocklists, most run pretty badly. The ones that
people really use, like the Spamhaus ones, are run very conservatively
and only list IPs you can block with a very low chance of losing mail
your users want.

By now it should be evident that blocking spam sources one mail system
at a time is not going to affect anyone's behavior.  Spammers complain
when Spamhaus lists them, but that's because half the world uses them,
and that in turn is because you can use the XBL and not lose mail you
want.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Philip Paeps via mailop]

On 2022-09-14 04:38:45 (+0800), Slavko via mailop wrote:
Dňa 13. septembra 2022 20:18:00 UTC používateľ Chris Adams via 
mailop  napísal:

Self-hosted email is hard (or really, impossible) for a high enough
percentage of the Internet population that it is effectively 100%.  
My
father has been using computers since well before I was born, is 
still
working on rockets today, but I have to explain email technicalities 
to

him sometimes, things that we just take for granted.


"Self hosting any network service is hard (or really, impossible) for 
high

enough percentage of the Internet population" not because it is hard,
but simple because it requires more knowledge than click on random
link or fill facebook's login form (which are nowadays often 
considered

as Internet expert skills)...


For the overwhelming majority of the global internet population, 
"internet == web", and is operated by a handful of multinational 
advertising conglomerates.  Except to a vanishingly small group of 
specialised individuals, the internet exists in a web browser.


Email is where you get your bills and receipts.

You don't have to like this reality (I certainly don't) but you can't 
ignore it.


Philip

--
Philip Paeps
Senior Reality Engineer
Alternative Enterprises
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jay Hennigan via mailop]

On 9/13/22 16:13, John Levine via mailop wrote:


Um, why is it Google's fault that some random blacklist erroneously
listed some of their IPs?

As someone else said, it only makes sense to block IPs if you believe
they will never, ever send mail your users want.


That's not how blocklists work. They lists IPs that are sources of spam.

Mailservers get compromised. Client accounts get phished or hijacked by 
spammers and used for a spam run. Spammers sign up with freemail 
providers and send spam.


Blocklists absolutely should list these as spam sources, because they 
are in fact spam sources. And when the spam problem is fixed, they 
should delist them.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[John Levine via mailop]

It appears that Eduardo Diaz Comellas via mailop  said:
>After investigation, several IPs used by gmail to send the email were 
>blacklisted. I had a tough time explaining to the customer that it was 
>gmail's fault to still use this IPs to send their email. ...

Um, why is it Google's fault that some random blacklist erroneously
listed some of their IPs?

As someone else said, it only makes sense to block IPs if you believe
they will never, ever send mail your users want.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jarland Donnell via mailop]

I maintain one clear benchmark for outbound, which actually breaks out 
into 3 things:


The clear and consistent ability to email AT, Verizon, and Microsoft. 
Including all sub-brands of each.


If you can keep those 3 things alive, you're in the clear. I can't 
imagine being able to successfully email those 3 while failing to reach 
anyone else (anyone that isn't just blocking an excess of email from 
anywhere).


On the inbound, I always say "Anyone can run an inbound server." Because 
while there are things that should be done to make that better, you 
honestly cover a lot of those when making sure that email forwarders or 
compromised accounts don't break outbound to one of those 3 above, so it 
circles back around.


But the number of things the average person has to do to maintain 
delivery to those 3 companies and their sub-brands, well that can be 
fairly extensive.


On 2022-09-13 16:56, Grant Taylor via mailop wrote:

On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote:

Right, that's why I have said repeatedly that it is not super easy.
It's not hard to do, it's just not super easy.


I agree that it's not easy by any stretch of the imagination.

I dare say that it's more on the hard end than I'd like to admit.

Try writing down all the things that you've done and would need to
re-do if you were to build a mail server anew to comply with the same
standards that you're complying with now.

I suspect that you might be mildly surprised in hindsight of all the
things that you have done.  It would probably take 15 minutes or more
to mention what needs to be done with at most one sentence description
per thing so that someone not skilled in the art might have an inkling
of an understanding.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jim Popovitch via mailop]

On Tue, 2022-09-13 at 15:56 -0600, Grant Taylor via mailop wrote:
> On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote:
> > Right, that's why I have said repeatedly that it is not super easy.
> > It's not hard to do, it's just not super easy.
> 
> I agree that it's not easy by any stretch of the imagination.
> 
> I dare say that it's more on the hard end than I'd like to admit.
> 
> Try writing down all the things that you've done and would need to re-do 
> if you were to build a mail server anew to comply with the same 
> standards that you're complying with now.
> 
> I suspect that you might be mildly surprised in hindsight of all the 
> things that you have done.  It would probably take 15 minutes or more to 
> mention what needs to be done with at most one sentence description per 
> thing so that someone not skilled in the art might have an inkling of an 
> understanding.
> 

My list would be:

Reputable hosting company, or BYOIP
Reputable domain and TLD.
FCrDNS
SPF
DKIM > 1024b and rotated regularly.
DMARC as either reject or quarantine.
Making sure your system doesn't backscatter.
Sign up at dnswl.org

I've done those things at least every other year with various domains
(both testing and in-use) and never had trouble sending.  Yes, there
have (and will always be) the big mailbox providers who see a new
IP/domain and stuff it in bulk/spam folder, but after the receiver
clicks "this is not spam" most of the time there are no future problems.
And, if there ever was, the folks here on mailop are overwhelmingly glad
to help.  There's no secret sauce to deliverability, it's just common
sense stuff.  It's not easy, but it's not hard.


-Jim P.








___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Grant Taylor via mailop]

On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote:

Right, that's why I have said repeatedly that it is not super easy.
It's not hard to do, it's just not super easy.


I agree that it's not easy by any stretch of the imagination.

I dare say that it's more on the hard end than I'd like to admit.

Try writing down all the things that you've done and would need to re-do 
if you were to build a mail server anew to comply with the same 
standards that you're complying with now.


I suspect that you might be mildly surprised in hindsight of all the 
things that you have done.  It would probably take 15 minutes or more to 
mention what needs to be done with at most one sentence description per 
thing so that someone not skilled in the art might have an inkling of an 
understanding.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jim Popovitch via mailop]

On Tue, 2022-09-13 at 15:18 -0500, Chris Adams via mailop wrote:
> Once upon a time, Jim Popovitch  said:
> > I agree. Self hosted email is not hard, and it's just not super easy. :)
> > 
> > The much harder aspect of email is getting your peers, family, and
> > friends to adopt encryption.
> 
> Self-hosted email is hard (or really, impossible) for a high enough
> percentage of the Internet population that it is effectively 100%.  My
> father has been using computers since well before I was born, is still
> working on rockets today, but I have to explain email technicalities to
> him sometimes, things that we just take for granted.
> 
> It's similar in a way to how blogs were popular before a succession of
> social media megacorps took over; the average techy could pop up
> something on their ISP-provided web space back in the day, but the
> average individual online now could not possibly do that.  Even dealing
> with a hosted WordPress or the like is beyond most.  And even the
> density of capabale people is way to low to support friends-and-family.

Right, that's why I have said repeatedly that it is not super easy. 
It's not hard to do, it's just not super easy.

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[John Devine via mailop]

Its tricky I agree, but not impossible, I started back in the late1990’s I 
think, and have had 3 mail servers running in that time, so around 20 years 
now, it started as a hobby for friends, then just slowly expanded into friends 
business’s and then there was no stopping it, now due to the volume of mail on 
my servers, I have no choice but to continue it LoL. Why I hear you ask, well 
it would be up to me to handle all of the transferring to the big places you 
talk of, and I really don't have the time or inclination to do that, so I 
continue.

I try to keep up with everything which I think I do, spam received is always 
the biggest problem for me, its' a fine balance for what I want to receive, and 
what my ‘clients’ don't want me to lose…….

I have never made any money from what I do, like I say, it started as an 
interesting hobby……….

But I like not being part of the big corporations, and so do my ‘clients’ 

I seem to have coped so far, at times I have thought of packing it all in, but 
something always stopes me from hitting the kill switch……..

John Devine

> On 13 Sep 2022, at 21:18, Chris Adams via mailop  wrote:
> 
> Once upon a time, Jim Popovitch  said:
>> I agree. Self hosted email is not hard, and it's just not super easy. :)
>> 
>> The much harder aspect of email is getting your peers, family, and
>> friends to adopt encryption.
> 
> Self-hosted email is hard (or really, impossible) for a high enough
> percentage of the Internet population that it is effectively 100%.  My
> father has been using computers since well before I was born, is still
> working on rockets today, but I have to explain email technicalities to
> him sometimes, things that we just take for granted.
> 
> It's similar in a way to how blogs were popular before a succession of
> social media megacorps took over; the average techy could pop up
> something on their ISP-provided web space back in the day, but the
> average individual online now could not possibly do that.  Even dealing
> with a hosted WordPress or the like is beyond most.  And even the
> density of capabale people is way to low to support friends-and-family.
> 
> -- 
> Chris Adams 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop






signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Slavko via mailop]

Dňa 13. septembra 2022 20:18:00 UTC používateľ Chris Adams via mailop 
 napísal:

>Self-hosted email is hard (or really, impossible) for a high enough
>percentage of the Internet population that it is effectively 100%.  My
>father has been using computers since well before I was born, is still
>working on rockets today, but I have to explain email technicalities to
>him sometimes, things that we just take for granted.

"Self hosting any network service is hard (or really, impossible) for high
enough percentage of the Internet population" not because it is hard,
but simple because it requires more knowledge than click on random
link or fill facebook's login form (which are nowadays often considered
as Internet expert skills)...

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Chris Adams via mailop]

Once upon a time, Jim Popovitch  said:
> I agree. Self hosted email is not hard, and it's just not super easy. :)
> 
> The much harder aspect of email is getting your peers, family, and
> friends to adopt encryption.

Self-hosted email is hard (or really, impossible) for a high enough
percentage of the Internet population that it is effectively 100%.  My
father has been using computers since well before I was born, is still
working on rockets today, but I have to explain email technicalities to
him sometimes, things that we just take for granted.

It's similar in a way to how blogs were popular before a succession of
social media megacorps took over; the average techy could pop up
something on their ISP-provided web space back in the day, but the
average individual online now could not possibly do that.  Even dealing
with a hosted WordPress or the like is beyond most.  And even the
density of capabale people is way to low to support friends-and-family.

-- 
Chris Adams 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jay Hennigan via mailop]

On 9/12/22 23:34, Hans-Martin Mosner via mailop wrote:

That's an example why you should only blacklist a "grey" source if you 
have very good reasons to do so.


  * Either you don't reasonably expect legit mail from there, in which
case your blocking would only affect spam, which is ok.
  * Or you want to "teach" the senders to leave the spam-supporting
provider. To my knowledge, this rarely works, if ever. You will be
seen as the bad guy, and even if the sender decides to change
service providers they won't be happy with you causing them
significant costs and trouble.


Thus encouraging the "Too big to block" mentality. Outbound spam 
mitigation is a cost center. If the big providers have no incentive to 
filter outbound spam, they won't.


Even though I'm squarely with the people who think Google does too 
little against outgoing spam, a blacklist provider who lists their 
outgoing IPs should be avoided.


If an IP is a significant source of spam, it deserves to be blacklisted. 
End of story. An RBL operator giving known spammers a pass due to their 
size isn't being honest or transparent, and this behavior serves to 
drive people to the oligopoly.

--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Luke via mailop]

There's some serious irony throughout this thread. Out of one side of our
mouths we despise "oligopolies" and service providers who get too big to
block or, conversely, too big to care about their own spam footprint. And
out of the other side of our mouths we are begging for security and privacy
regulations that essentially make it impossible for anyone *other than* a
massive oligopoly to thrive. The cost of adhering to the latest
regulation-of-the-day is prohibitive to the small operator's (sender or
receiver) success. This is, of course, by design. But it's really
interesting to observe how confusing the debate is when both sides lack
anything resembling first principles. Everything we do prevents the
marketplace of ideas from actually functioning and finding a solution. Then
we feign outrage and harm and confusion about why we don't have a viable
solution to these relatively innocuous problems. We have a large group of
well-intended people who think they are spending 100% of their focus-time
solving this problem. When, in fact, we have a large group of people
spending half their time fixing the problem and half their time
unintentionally (and unknowingly) making it worse.

Luke

On Tue, Sep 13, 2022 at 9:14 AM Anne Mitchell via mailop 
wrote:

> Hey Al!
>
> >  it's been great to add more granular filtering directly and watch mail
> bounce.
>
> We run our own server and I do this too...it's pretty gratifying, almost
> zen... but what I really wanted to say was:
>
> > and it dawns on me that I'm already running all the pieces of a mailbox
> provider, so I ought to just pull the trigger and make my own full one.
>
> If you are talking about as a business, *please* let us know if/when you
> pull that trigger because we'd love to refer people to you, it would be
> awesome to have a mailbox provider to whom we can refer with complete
> trust.  Our sender certification customers often ask us from where they
> can/should be sending out their transactional email - so many of them are
> using $BIGMAILBOXPROVIDER because they don't know any other way.
>
> Anne
>
> ---
> We provide the Good Senders email sender reputation certification list to
> inbox providers
> around the world. Learn more at gettotheinbox.com
>
> Anne P. Mitchell,  Esq.
> CEO Get to the Inbox by SuretyMail
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing
> law)
> Author: The Email Deliverability Handbook
> Board of Directors, Denver Internet Exchange
> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
> Prof. Emeritus, Lincoln Law School
> Chair Emeritus, Asilomar Microcomputer Workshop
> Counsel Emeritus, eMail Abuse Prevention System (MAPS)
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Anne Mitchell via mailop]

Hey Al!

>  it's been great to add more granular filtering directly and watch mail 
> bounce.

We run our own server and I do this too...it's pretty gratifying, almost zen... 
but what I really wanted to say was:

> and it dawns on me that I'm already running all the pieces of a mailbox 
> provider, so I ought to just pull the trigger and make my own full one. 

If you are talking about as a business, *please* let us know if/when you pull 
that trigger because we'd love to refer people to you, it would be awesome to 
have a mailbox provider to whom we can refer with complete trust.  Our sender 
certification customers often ask us from where they can/should be sending out 
their transactional email - so many of them are using $BIGMAILBOXPROVIDER 
because they don't know any other way.

Anne

---
We provide the Good Senders email sender reputation certification list to inbox 
providers
around the world. Learn more at gettotheinbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Andrew C Aitchison via mailop]

On Mon, 12 Sep 2022, Brandon Long via mailop wrote:


On Mon, Sep 12, 2022 at 3:11 PM Jay Hennigan via mailop 
wrote:



Why has Google recently made so painfully difficult for the rest of the
Internet to make them aware of Gmail-originated spam?


Why do you think this is recent?  AFAIK Google has never used abuse@
or postmaster@ addresses for useful spam reporting.  Certainly the
majority of reports there have never been particularly useful.

Spam reports are only as useful as the reporter, and the reporting
is generally very suspect.  The signal in the noise for those
addresses is small.

I mean, some of these are easy to ignore, but do you have hundreds
of users who go through every message in their spam label and
forward them to every possible abuse@ address for domains in the
message, and add the fbi and other three letter agencies as well?
Repeat, this is for messages we already marked as spam.

Now, maybe if more effort had been put into parsing that signal,
there would be more signal to be had... but we already have to fight
over abusive signups and attempted manipulation of web/imap/api spam
reporting,

A web form has the benefits of inheriting the usual spectrum of
abuse signals that web logged in users generate, and requiring
customers to provide the information that's actually needed.

If one were to use ARF reports, one might start by validating that
the reported message was actually sent by gmail, say by dkim
verifying it... which runs afoul of the attempts by places like
spamcop to prevent list washing by eliminating PII from reported
messages.  Barring that, you'd need to keep an internal datastore
for all sent messages... which of course, is done by default (user's
mailboxes), but those can be deleted.


Is there an email header, along the lines of List-Unsubscribe:,
which directs mail clients how to report a message as spam ?  The
"Spam-Report-URL" header could include a token which confirms that a
message was sent from Gmail and identifies which one.
I don't know the spamcop issue you mention so cannot say whether dkim
on this token would confirm that the message sent and the message
received are the same, but I don't see what would be gained by
attaching the token to a new message - using the URL directly would be
a more efficient way of triggering the denial of service attack *on the
original message*.

--
Andrew C. Aitchison  Kendal, UK
   and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Alan Hodgson via mailop]

On Tue, 2022-09-13 at 09:30 +0100, Laura Atkins via mailop wrote:
> 
> 
> 
> That’s not what I’m seeing at all. What I’m seeing is complaints
> that it’s difficult to host your own email without any real
> commitment of resources (whether those resources be time or money).
> A lot of the complaints I’m seeing are from folks who don’t want to
> really pay for hosting at a reputable provider that takes action
> against abuse. 

Who is this VPS provider that acts immediately on abuse and therefore
is never bulk-blocked at the majors? Is there one? More than one?
Define "really pay".

I do know what I'm doing, but I find I have to smarthost my mail out
through a relay to get it reliably delivered.

The subset of VPS providers that do IPV6, reverse DNS, are reliably
up, and allow any Linux variant are small enough as it is.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jaroslaw Rafa via mailop]

Dnia 12.09.2022 o godz. 21:07:12 Grant Taylor via mailop pisze:
> On 9/12/22 8:15 PM, Dave Crocker via mailop wrote:
> > I believe 'impossible' is not the prevailing sentiment.
> > 
> > I believe the prevailing sentiment is that it is a challenging task,
> > requiring significant expertise.
> 
> The prevailing sentiment that I see represented is that it's difficult
> enough to host your own email as to be tantamount to impossible for an
> individual / small company to be able to do so themselves.

From my perspective, the only problem I encounter is deliverability to
Gmail, it constantly puts my messages to the spam folder (what's
interesting, messages sent from the same server, only with a different
sender domain, are delivered without any problems).

I don't experience any deliverability issues with any other recipients.

So I would be far away from saying "impossible".
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Bill Cole via mailop]

On 2022-09-13 at 02:23:43 UTC-0400 (Tue, 13 Sep 2022 01:23:43 -0500)
Michael Rathbun via mailop 
is rumored to have said:


On Mon, 12 Sep 2022 19:15:46 -0700, Dave Crocker via mailop
 wrote:


-

On 9/12/2022 7:01 PM, Al Iverson via mailop wrote:

Because I disagree with the whole premise
that self hosting mail is impossible today

[snip]

I believe the prevailing sentiment is that it is a challenging task,
requiring significant expertise.


I was going to write something countering this sentiment, until it 
dawned on
me that there is only one person I know within 200 miles of me that I 
could
ask to facilitate my wife's email access after I'm no longer vertical, 
and am

not maintaining the email server.


Broadening that out, it is arguable that the sort of bespoke crafted 
email service that many of us here provide for friends and family and in 
some casses professionally is impossible to reproduce at scale because 
the properly skilled headcount can't exist. There will never be the 
millions of trained and experienced admins that would be needed.


If we will never get the oligopoly to staff an Al Iverson or Michael 
Rathbun for every 2k or 5k or even 50k mailboxes we need to think 
differently about what is expected of them.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Odd DNS-cache avoidance queries (Spam Assassin / Unbound / AWS)

[Stuart Henderson via mailop]

On 2022/09/13 09:20, Cyril - ImprovMX via mailop wrote:
> Nice! Good catch about the dns-0x20 implementation! I must have copy/pasted 
> some properties
> without looking much into it.

That is unlikely to be causing an actual problem here though.

> > 2. The other issue is even weirder. SA is trying to validate the 
> domains by
> > trimming the left part up to the gTLDs :
> >
> >
> >     - some.domain.com._custom_id.df.uribl.com
> >     - domain.com._custom_id.df.uribl.com
> >     - com._custom_id.df.uribl.com <-- wtf?
> >
> > Somehow, something is trying to check up to the top TLD, where it's
> > useless. Again, I can't understand why SA would do that.
> 
> This is probably unbound doing what it does, recursive resolving (from
> TLD all the way down).
> 
> Is there a way to avoid unbound to fetch the root tld ? (just "com") ?

That's qname-minimisation, which these days is enabled by default in
at least unbound and BIND.

It improves privacy by avoiding sending the full query name to parent
DNS servers.

In your example, without qname-minimisation you'll occasionally see
queries including "_custom_id" sent to one of the .com nameservers i.e.
*.gtld-servers.net. With qname-minimisation those queries which include
"_custom_id" will only get sent to uribl.com's nameservers.

See more in https://www.isc.org/blogs/qname-minimization-and-privacy/,
RFC 7816, and others.

One would have thought that operators of a DNS-based service would
have known about these already though...

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Laura Atkins via mailop]

> On 13 Sep 2022, at 00:54, Brandon Long via mailop  wrote:
> 
> On Mon, Sep 12, 2022 at 4:16 PM Paul Kincaid-Smith  > wrote:
> 
> We have a reasonably large sample of messages sent from Gmail, Yahoo and 
> Outlook and can assess how much was "spam foldered" by each of those 
> services. We are in the same ballpark as John Levine, who estimated that 
> "about 30% of the mail I get from Gmail is spam."
> 
> EmailGrades collects metrics about senders and receivers, primarily to 
> measure inbox placement and recipient engagement for commercial ESPs vs a 
> cohort of their peers, but we also have insights regarding messages sent by 
> mailbox providers like Gmail, Yahoo and Outlook. For the month of August 
> 2022, millions of messages received from Gmail, Yahoo and Outlook's email 
> infrastructure by hundreds of thousands of panel mailboxes reveals the 
> following spam foldering rates:
> 
>   Received at Gmail | Received at Yahoo | Received at Outlook
> Sent from Gmail   16% 38% 49%
> Sent from Outlook 47% 78% 47%
> Sent from Yahoo5%  3%  9%
> 
> The way to read this table is, "Of the messages received by our Yahoo panel 
> mailboxes, 38% of those sent by Gmail were routed to Yahoo's spam folder" and 
> "Of the messages received by our Outlook panel mailboxes, 9% of those sent by 
> Yahoo were routed to Outlook's junk mail folder" and "Of the messages 
> received by our Gmail panel mailboxes, 47% of those sent by Outlook were 
> routed to Gmail's spam folder."
> 
> Does this indicate actual spam or just marked spam by the mailbox provider?  
> Does this indicate authenticated by 
> the sender provider, or less?  This gets even more complicated when you talk 
> dkim replay.  

There was an interesting BoF discussion about this in London recently. I can 
share more details in a less public channel if you’re interested in discussing 
it. 

The upshot is that there is a LOT of B2B spam coming out of Gmail, Google Apps 
and O365. In fact the shared numbers track pretty closely with what was 
reported during the session. 

There’s an entire ecosystem of software, consultants and tools to help 
companies use Google to spam. There’s even advice on how to avoid google’s 
automated filters that stop a single user from sending more than 500 (or 1000 
depending) emails per day. 

> Anyways, this also may indicate something else we know, which is that 
> spammers know that spamming another
> gmail account is a great way for us to find them, so they tend to use Gmail 
> to spam non-Gmail.

Google is great at blocking mail coming into their systems. They’re very much 
less good at blocking mail going out of their systems. 

> These numbers are also worse than when I worked on Gmail years ago, but it's 
> always possible things
> got worse.

As a recipient, Google is one of the primary sources of spam that makes it to 
my inbox.  These percentages are higher than I’ve seen others report, but are 
in the same ballpark. 

> All other things being equal, Outlook filters messages from Gmail most 
> aggressively. Yahoo filters messages from Outlook most aggressively. Outlook 
> filters messages from Yahoo most aggressively. 
> 
> Outlook's spam percentages are higher than Gmail's but that may be because 
> Outlook chooses to block less outbound mail and instead flags questionable 
> outbound messages, sending them via a pool of IPs that ought to receive 
> additional filtering scrutiny.
> 
> I expect any reputation based anti-spam system should be able to tell whether 
> an MSP does this.  Google definitely had separate sending pools for various 
> things in the past, and does expect that receivers would eventually learn and 
>  apply differential filtering based on that.  No idea what the current system 
> does.

The current system is pretty broken, but the bulk of the abuse is to business 
addresses and is designed to look like relatively normal B2B mail. The fact 
that the addresses are purchased or scraped is the big sign that the mail is 
spam.  OTOH, I’m hearing a lot of complaining from the B2B spammers that the 
effectiveness of this mail is going way down. I don’t think this is really a 
filter issue - a lot of business filters let this mail through and let the 
company decide if they want to block the sender. I think the volume has gotten 
so high that recipients are Just Done with this baloney.

laura

— 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Laura Atkins via mailop]

> On 13 Sep 2022, at 04:07, Grant Taylor via mailop  wrote:
> 
> On 9/12/22 8:15 PM, Dave Crocker via mailop wrote:
>> I believe 'impossible' is not the prevailing sentiment.
>> I believe the prevailing sentiment is that it is a challenging task, 
>> requiring significant expertise.
> 
> The prevailing sentiment that I see represented is that it's difficult enough 
> to host your own email as to be tantamount to impossible for an individual / 
> small company to be able to do so themselves.

That’s not what I’m seeing at all. What I’m seeing is complaints that it’s 
difficult to host your own email without any real commitment of resources 
(whether those resources be time or money). A lot of the complaints I’m seeing 
are from folks who don’t want to really pay for hosting at a reputable provider 
that takes action against abuse. 

I know I’ve told this story before. Back in 2014 we needed to move our 
mailserver around onto a different IP SWIPed to us from HE. That did cause some 
delivery issues briefly, so we switched IPs back. By 2018, when we were 
shutting down the HE cabinet in preparation for our move out of CA, we moved to 
a VPS. We had zero problems with delivery at that time. Every once in a while a 
mail will end up in a spam folder but we don’t have problems with blocking at 
all. In fact, most of the time mail ends up in spam I’m replying to an inquiry 
from a potential client and it’s *their* domain rep that is the problem. 

> The frequency at which I see such comments is growing and the comments seem 
> to be more dire as time goes on.

Don’t believe everything you read on the internet. 

laura

-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Carsten Schiefner via mailop]

On 13.09.2022 07:57, Eduardo Diaz Comellas via mailop wrote:

[...]

After investigation, several IPs used by gmail to send the email were 
blacklisted. I had a tough time explaining to the customer that it was 
gmail's fault to still use this IPs to send their email. Gmail never 
acknowledged the problem and didn't change the outgoing IP addresses. 
The problem was only "solved" when the blacklisting expired. And this 
was to a paying customer with 200 Gsuite accounts...


But isn't that just perfectly serving on the main point of this entire 
thread?


"Hey, we're Gmail - you better do not put any of our IP addresses on a 
blacklist!"


Best,

-C.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Odd DNS-cache avoidance queries (Spam Assassin / Unbound / AWS)

[Cyril - ImprovMX via mailop]

Nice! Good catch about the dns-0x20 implementation! I must have copy/pasted
some properties without looking much into it.

Is there a way to avoid unbound to fetch the root tld ? (just "com") ?

Thank you very much for your help!

Le mar. 13 sept. 2022 à 08:36, Bernardo Reino via mailop 
a écrit :

> On 13/09/2022 07:55, Cyril - ImprovMX via mailop wrote:
> > Hi everyone!
> >
>  > [...]
>  >
> > Here's the Unbound configuration: https://pastebin.com/Bn7B3uCv
> (expires in
> > a month).
> >
>  > [...]
>  >
> > 1. The first issue is that it seems that we are querying URIBL using
> random
> > lower/upper case domains. We had queries such as:
> >
> > - SoMeDoMaIn.cOM._custom_id.dF.URIbl.cOM
> > - AnOtHeRDoM.ApP._custom_id.dF.UrIbL.COM
> > - etc
>
> You have set the use-caps-for-id option in unbound:
> "Use 0x20-encoded random bits in the  query  to  foil  spoof  attempts.
> This  perturbs  the  lowercase  and uppercase of query names sent to
> authority servers and checks if  the  reply  still has  the  correct
> casing.  Disabled by default.  This feature is an experimental
> implementation of draft dns-0x20."
>
> > 2. The other issue is even weirder. SA is trying to validate the domains
> by
> > trimming the left part up to the gTLDs :
> >
> >
> > - some.domain.com._custom_id.df.uribl.com
> > - domain.com._custom_id.df.uribl.com
> > - com._custom_id.df.uribl.com <-- wtf?
> >
> > Somehow, something is trying to check up to the top TLD, where it's
> > useless. Again, I can't understand why SA would do that.
>
> This is probably unbound doing what it does, recursive resolving (from
> TLD all the way down).
>
> Hope that helps,
>
> --
> Bernardo Reino
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Dominique Rousseau via mailop]

Le Mon, Sep 12, 2022 at 08:57:26AM -0400, Jim Popovitch via mailop 
[mailop@mailop.org] a écrit:
> On Mon, 2022-09-12 at 19:02 +0800, Henrik Pang via mailop wrote:
> > why bother to self host an email? using gmail/gsuite save a lot of
> > time.
>
> Why make a home cooked meal when you can buy the same processed meal
> that everyone else buys?   Why make your kids custom toys, just buy them
> the same toys all their friends have.   Life should be about variety,
> not alignment.
> 
> Self hosted email is not hard, it's just not super easy.

Self hosted email is not that hard.

What's not easy is sending emails, that don't trigger their blackbox
antispam tools, to users of the big players that are Gmail, Outlook.com
and such.


-- 
Dominique Rousseau 
Neuronnexion, Prestataire Internet & Intranet
6 rue des Hautes cornes - 8 Amiens
tel: 03 22 71 61 90 - fax: 03 22 71 61 99 - http://www.neuronnexion.coop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Hans-Martin Mosner via mailop]

Am 13.09.22 um 07:57 schrieb Eduardo Diaz Comellas via mailop:


I agree with the general sense that GMail is misbehaving at spam management, both incoming and outgoing processing is 
flawed (in my opinion).


I will just talk from the gmail's customer side: a customer of mine moved to gmail. They still have secondary domains 
hosted with us. A couple of weeks ago they started to miss email sent from the gmail'ed domain to their secondary 
domains.


After investigation, several IPs used by gmail to send the email were blacklisted. I had a tough time explaining to 
the customer that it was gmail's fault to still use this IPs to send their email. Gmail never acknowledged the problem 
and didn't change the outgoing IP addresses. The problem was only "solved" when the blacklisting expired. And this was 
to a paying customer with 200 Gsuite accounts...


Best regards



That's an example why you should only blacklist a "grey" source if you have 
very good reasons to do so.

 * Either you don't reasonably expect legit mail from there, in which case your 
blocking would only affect spam, which
   is ok.
 * Or you want to "teach" the senders to leave the spam-supporting provider. To 
my knowledge, this rarely works, if
   ever. You will be seen as the bad guy, and even if the sender decides to 
change service providers they won't be
   happy with you causing them significant costs and trouble.

Even though I'm squarely with the people who think Google does too little against outgoing spam, a blacklist provider 
who lists their outgoing IPs should be avoided.


Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Odd DNS-cache avoidance queries (Spam Assassin / Unbound / AWS)

[Bernardo Reino via mailop]

On 13/09/2022 07:55, Cyril - ImprovMX via mailop wrote:

Hi everyone!


> [...]
>

Here's the Unbound configuration: https://pastebin.com/Bn7B3uCv (expires in
a month).


> [...]
>

1. The first issue is that it seems that we are querying URIBL using random
lower/upper case domains. We had queries such as:

- SoMeDoMaIn.cOM._custom_id.dF.URIbl.cOM
- AnOtHeRDoM.ApP._custom_id.dF.UrIbL.COM
- etc


You have set the use-caps-for-id option in unbound:
"Use 0x20-encoded random bits in the  query  to  foil  spoof  attempts. 
This  perturbs  the  lowercase  and uppercase of query names sent to 
authority servers and checks if  the  reply  still has  the  correct 
casing.  Disabled by default.  This feature is an experimental 
implementation of draft dns-0x20."



2. The other issue is even weirder. SA is trying to validate the domains by
trimming the left part up to the gTLDs :


- some.domain.com._custom_id.df.uribl.com
- domain.com._custom_id.df.uribl.com
- com._custom_id.df.uribl.com <-- wtf?

Somehow, something is trying to check up to the top TLD, where it's
useless. Again, I can't understand why SA would do that.


This is probably unbound doing what it does, recursive resolving (from 
TLD all the way down).


Hope that helps,

--
Bernardo Reino

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Michael Rathbun via mailop]

On Mon, 12 Sep 2022 19:15:46 -0700, Dave Crocker via mailop
 wrote:

>-
>
>On 9/12/2022 7:01 PM, Al Iverson via mailop wrote:
>> Because I disagree with the whole premise
>> that self hosting mail is impossible today
[snip]
>I believe the prevailing sentiment is that it is a challenging task, 
>requiring significant expertise.

I was going to write something countering this sentiment, until it dawned on
me that there is only one person I know within 200 miles of me that I could
ask to facilitate my wife's email access after I'm no longer vertical, and am
not maintaining the email server.

Hmm.

mdr
-- 
  The world was almost won by such an ape!
The nations put him where his kind belong.
  But do not rejoice too soon at your escape.
The womb he crawled from is still going strong.
-- Bertold Brecht,"The Resistible Rise of Arturo UI"

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Eduardo Diaz Comellas via mailop]

I agree with the general sense that GMail is misbehaving at spam 
management, both incoming and outgoing processing is flawed (in my opinion).


I will just talk from the gmail's customer side: a customer of mine 
moved to gmail. They still have secondary domains hosted with us. A 
couple of weeks ago they started to miss email sent from the gmail'ed 
domain to their secondary domains.


After investigation, several IPs used by gmail to send the email were 
blacklisted. I had a tough time explaining to the customer that it was 
gmail's fault to still use this IPs to send their email. Gmail never 
acknowledged the problem and didn't change the outgoing IP addresses. 
The problem was only "solved" when the blacklisting expired. And this 
was to a paying customer with 200 Gsuite accounts...


Best regards


El 13/9/22 a las 1:54, Brandon Long via mailop escribió:
On Mon, Sep 12, 2022 at 4:16 PM Paul Kincaid-Smith 
 wrote:



We have a reasonably large sample of messages sent from Gmail,
Yahoo and Outlook and can assess how much was "spam foldered" by
each of those services. We are in the same ballpark as John
Levine, who estimated that "about 30% of the mail I get from Gmail
is spam."

EmailGrades collects metrics about senders and receivers,
primarily to measure inbox placement and recipient engagement for
commercial ESPs vs a cohort of their peers, but we also have
insights regarding messages sent by mailbox providers like Gmail,
Yahoo and Outlook. For the month of August 2022, millions of
messages received from Gmail, Yahoo and Outlook's
email infrastructure by hundreds of thousands of panel mailboxes
reveals the following spam foldering rates:

                  Received at Gmail | Received at Yahoo | Received
at Outlook
Sent from Gmail   16%                 38%    49%
Sent from Outlook 47%                 78%    47%
Sent from Yahoo    5%                  3%     9%

The way to read this table is, "Of the messages received by our
Yahoo panel mailboxes, 38% of those sent by Gmail were routed to
Yahoo's spam folder" and "Of the messages received by our Outlook
panel mailboxes, 9% of those sent by Yahoo were routed to
Outlook's junk mail folder" and "Of the messages received by our
Gmail panel mailboxes, 47% of those sent by Outlook were routed to
Gmail's spam folder."


Does this indicate actual spam or just marked spam by the mailbox 
provider?  Does this indicate authenticated by
the sender provider, or less?  This gets even more complicated when 
you talk dkim replay.


Anyways, this also may indicate something else we know, which is that 
spammers know that spamming another
gmail account is a great way for us to find them, so they tend to use 
Gmail to spam non-Gmail.


These numbers are also worse than when I worked on Gmail years ago, 
but it's always possible things

got worse.

All other things being equal, Outlook filters messages from Gmail
most aggressively. Yahoo filters messages from Outlook most
aggressively. Outlook filters messages from Yahoo most aggressively.

Outlook's spam percentages are higher than Gmail's but that may be
because Outlook chooses to block less outbound mail and instead
flags questionable outbound messages, sending them via a pool of
IPs that ought to receive additional filtering scrutiny.


I expect any reputation based anti-spam system should be able to tell 
whether an MSP does this.  Google definitely had separate sending 
pools for various things in the past, and does expect that receivers 
would eventually learn and
apply differential filtering based on that.  No idea what the current 
system does.


Brandon

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
Eduardo Díaz Comellas
Ultreia Comunicaciones, S.L.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Odd DNS-cache avoidance queries (Spam Assassin / Unbound / AWS)

[Cyril - ImprovMX via mailop]

Hi everyone!

We are running a mail forwarding service (https://improvmx.com) and I've
recently partnered with URIBL in order to improve our quality of spam
detection. After a few weeks of trial to estimate our usage, the team at
URIBL came back to us with some odd behavior sent from our servers.

We implemented URIBL only on our SpamAssassin servers. These are EC2
instances that solely use SpamAssassin and are auto-scaling to meet the
demand.
In order to improve the DNS queries done, we install SA and Unbound and
update the resolv.conf file to point to localhost.

We almost don't modify SA. Here are the only changes we do:

time_limit 25
bayes_auto_learn 0

ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
shortcircuit BAYES_99 spam
shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit

bayes_token_ttl 21d
bayes_seen_ttl 8d
bayes_auto_expire 1

dns_server 127.0.0.1

score FREEMAIL_FORGED_REPLYTO 1.5

That and the customized URIBL configuration for SA.

Here's the Unbound configuration: https://pastebin.com/Bn7B3uCv (expires in
a month).

The team at Uribl identified two issues that are really odd and shouldn't
happen from SA/Unbound, and I'm hoping someone on this list might know
something about it and help us figure out what is happening.


1. The first issue is that it seems that we are querying URIBL using random
lower/upper case domains. We had queries such as:

   - SoMeDoMaIn.cOM._custom_id.dF.URIbl.cOM
   - AnOtHeRDoM.ApP._custom_id.dF.UrIbL.COM
   - etc

I'd want to believe that SA would lowercase all the DNS requests before
sending them, but it doesn't seem to be the case.
What's odd is that the uribl.com part isn't from incoming emails, so it's
not something a spammer would send. It is definitely added somewhere
between SA and Unbound. But why?! It doesn't make any sense


2. The other issue is even weirder. SA is trying to validate the domains by
trimming the left part up to the gTLDs :


   - some.domain.com._custom_id.df.uribl.com
   - domain.com._custom_id.df.uribl.com
   - com._custom_id.df.uribl.com <-- wtf?


Somehow, something is trying to check up to the top TLD, where it's
useless. Again, I can't understand why SA would do that.

---

Does anyone have experienced that already? Would it be some specific
behavior from SA or Unbound when checking the DNS entries? Or maybe it is
related to AWS that does some specific modification that I'm not aware of?

I'm hoping someone will have an answer to this.

Thank you for your help, sorry for the long post.

Best,
Cyril
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop