Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

2022-11-18 Thread Jarland Donnell via mailop 

Basically, you go here:
https://www.paypal.com/invoice/s/manage

Click the gear symbol, Business Information, fill out what you want and 
add a logo. Then click Save, create an invoice for someone, and PayPal 
will send it to them. There's not much of anything that any of us can do 
to filter it without risking false positives, because we'll never have 
any consistent idea of what's real and fake when it all comes from such 
a high reputation sender using a feature that we don't necessarily want 
to block recipients from being able to use.


On 2022-11-18 15:30, Michael Wise via mailop wrote:

This .. is what I wanted to see.

Did it really go to you, or did it stop off somewhere else first?

  To: zachery Rose 

It does appear that it went direct, so my initial theory is off I
guess.

Aloha,

Michael.

--

Michael J Wise
Microsoft Corporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Open a ticket for Hotmail [3] ?

From: mailop  On Behalf Of Zach Rose via
mailop
Sent: Friday, November 18, 2022 11:38 AM
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Really good paypal phishing email
this morning

Yeah, that's my theory at the moment, very likely that the call is
coming from inside the house, but they didn't find the person who made
the call before it was made.

Delivered-To: REDACTED
Received: by 2002:a05:640c:1b81:b0:190:7afb:ee7a with SMTP id
r1csp516216eiw;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6dcoQaNhG4JYaaq7jvwEAJxfF8XCQ2Zy1qPt4mGssaSyPzrvU0HsohJxkBvLOIjhuKLb6N
X-Received: by 2002:a65:67d1:0:b0:476:87ad:9d78 with SMTP id
b17-20020a6567d100b0047687ad9d78mr6785903pgs.169.1668781412334;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668781412; cv=none;
d=google.com [4]; s=arc-20160816;

b=U4pbrfCYSxjulk8kCNLer1j7TfaCaowzf2yDYMqeQMVmG4g/JvAXzf0m4serzWoqTi

OBEY9TrwfM2j3yQssfS8OMOnWmBP+pO7KYBmg67sBb57BdZlx/+txIylik9rNKuyXsEh

O5+LN63Y1RqiSPLK44tgV3uHSeYS5n+qE0gJHgS1lojzvH/tEkxESiQHix+K7sWYnBUt

EXjoD4UKa4x1WGOsOPsb64AYM/AMs2TImhoZCqg+tT2Otsn1/Hz34iMozy9tR0yBB15q

+Eq4bNx9gjV8EpetyAjAQF7XHwWknzhig/MtiVy76GwNuCpUxd8yW+Bw3/fwTtBL6zl6
 QFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com [4]; s=arc-20160816;
h=amq-delivery-message-id:mime-version:from:to:subject
 :pp-correlation-id:message-id:date:content-transfer-encoding
 :dkim-signature;
bh=+ooJ/KHJ7NcHSktaVA2Efxv2wUuyyzgRC9OcH8lTKPI=;

b=PbkHny3v4CR7wqQUcdh8f9PRFBMO+7dUlCVLzG9d8uDG0Uc+4jNqlkRB5chwPq1AUw

QG3rN1n+lpU1t/MEz0fnZ2k1Rwzrr0j/2L0fHhhX0eJ8UheOHbcVNDSF1hjDfwPayN43

ggWon6WA5mEYJ6jTPt5ODvSC0shj5SrQBq2C57tCG4WOjWGK63UhilfiZS/GgpoyzgvG

UItaCRQKijOkG9k8bNub0rZ77LEdRoCK6RaEe6mhKmTv0doesmgdyhlb8+1e8V8Uvy7T

tqhqfvqUyzVOgL5HmUZIjNl/XkNXA966EGTLfDqf1DWDsf0LRjpZpJiJViixPJ63UMKA
 /azQ==
ARC-Authentication-Results: i=1; mx.google.com [5];
   dkim=pass header.i=@paypal.com [6] header.s=pp-dkim1
header.b=i5V5Jd8P;
   spf=pass (google.com [4]: domain of serv...@paypal.com
designates 66.211.170.89 as permitted sender)
smtp.mailfrom=serv...@paypal.com;
   dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com
[6]
Return-Path: 
Received: from mx1.phx.paypal.com [7] (mx3.phx.paypal.com [8].
[66.211.170.89])
by mx.google.com [5] with ESMTPS id
c5-20020a655a8500b0044fb332e9c2si4180181pgt.560.2022.11.18.06.23.32
for 
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256
bits=128/128);
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
Received-SPF: pass (google.com [4]: domain of serv...@paypal.com
designates 66.211.170.89 as permitted sender) client-ip=66.211.170.89;
Authentication-Results: mx.google.com [9];
   dkim=pass header.i=@paypal.com [10] header.s=pp-dkim1
header.b=i5V5Jd8P;
   spf=pass (google.com [11]: domain of serv...@paypal.com
designates 66.211.170.89 as permitted sender)
smtp.mailfrom=serv...@paypal.com;
   dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com
[10]
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com [10]; s=pp-dkim1;
c=relaxed/relaxed;
q=dns/txt; i=@paypal.com [10]; t=1668781410;
h=From:From:Subject:Date:To:MIME-Version:Content-Type;
bh=+ooJ/KHJ7NcHSktaVA2Efxv2wUuyyzgRC9OcH8lTKPI=;
b=i5V5Jd8PU85hThj/qbYYNVtrAe9utMx13ls4RqO/wxfIUwhUDUQ0jzygOkTfY88K
BE74YiE8NsQGHdn4tMuGpInCw+7bnGFPBmOrlk22QztSUjqPH80z6lDtI7NrPpF6
RYaiNevk4cJU4eEXXyr6fIT1fdcDwFdL4WErZ0w0KLpgYwd7dnwgqDrgvDWNJQWd
wzgmA+qZ+9UUrDCsv/h3JCmWBoJaFs3Eaph019ifvg2hLCvZ6Zo3iEqE8aLFQx3b
PDgFKnpTxxI+E1HaIpZJGQwpSI2q7TYrSKvwEBwko9OFXkWe9zlngcE/Km17TlpB
0ujZJGDU7e4EtiOBfTM96g==;
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="UTF-8"
Date: Fri, 18 Nov 2022 06:23:30 -0800
Message-ID: <65.AC.09725.26597736@ccg01mail05>
X-PP-REQUESTED-TIME: 1668781403501
X-PP-Email-transmission-Id: 917850f8-674c-11ed-96b4-3cecef6afc2b
PP-Correlation-Id: f349957836b68
Subject: Invoice from Walmart (0067)
X-MaxCode-Template:

Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

2022-11-18 Thread Michael Wise via mailop 

This .. is what I wanted to see.
Did it really go to you, or did it stop off somewhere else first?

  To: zachery Rose 

It does appear that it went direct, so my initial theory is off I guess.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Zach Rose via mailop
Sent: Friday, November 18, 2022 11:38 AM
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

Yeah, that's my theory at the moment, very likely that the call is coming from 
inside the house, but they didn't find the person who made the call before it 
was made.


Delivered-To: REDACTED
Received: by 2002:a05:640c:1b81:b0:190:7afb:ee7a with SMTP id r1csp516216eiw;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
X-Google-Smtp-Source: 
AA0mqf6dcoQaNhG4JYaaq7jvwEAJxfF8XCQ2Zy1qPt4mGssaSyPzrvU0HsohJxkBvLOIjhuKLb6N
X-Received: by 2002:a65:67d1:0:b0:476:87ad:9d78 with SMTP id 
b17-20020a6567d100b0047687ad9d78mr6785903pgs.169.1668781412334;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668781412; cv=none;

d=google.com;
 s=arc-20160816;
b=U4pbrfCYSxjulk8kCNLer1j7TfaCaowzf2yDYMqeQMVmG4g/JvAXzf0m4serzWoqTi
 OBEY9TrwfM2j3yQssfS8OMOnWmBP+pO7KYBmg67sBb57BdZlx/+txIylik9rNKuyXsEh
 O5+LN63Y1RqiSPLK44tgV3uHSeYS5n+qE0gJHgS1lojzvH/tEkxESiQHix+K7sWYnBUt
 EXjoD4UKa4x1WGOsOPsb64AYM/AMs2TImhoZCqg+tT2Otsn1/Hz34iMozy9tR0yBB15q
 +Eq4bNx9gjV8EpetyAjAQF7XHwWknzhig/MtiVy76GwNuCpUxd8yW+Bw3/fwTtBL6zl6
 QFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; 
d=google.com;
 s=arc-20160816;
h=amq-delivery-message-id:mime-version:from:to:subject
 :pp-correlation-id:message-id:date:content-transfer-encoding
 :dkim-signature;
bh=+ooJ/KHJ7NcHSktaVA2Efxv2wUuyyzgRC9OcH8lTKPI=;
b=PbkHny3v4CR7wqQUcdh8f9PRFBMO+7dUlCVLzG9d8uDG0Uc+4jNqlkRB5chwPq1AUw
 QG3rN1n+lpU1t/MEz0fnZ2k1Rwzrr0j/2L0fHhhX0eJ8UheOHbcVNDSF1hjDfwPayN43
 ggWon6WA5mEYJ6jTPt5ODvSC0shj5SrQBq2C57tCG4WOjWGK63UhilfiZS/GgpoyzgvG
 UItaCRQKijOkG9k8bNub0rZ77LEdRoCK6RaEe6mhKmTv0doesmgdyhlb8+1e8V8Uvy7T
 tqhqfvqUyzVOgL5HmUZIjNl/XkNXA966EGTLfDqf1DWDsf0LRjpZpJiJViixPJ63UMKA
 /azQ==
ARC-Authentication-Results: i=1; 
mx.google.com;
   dkim=pass 
header.i=@paypal.com
 header.s=pp-dkim1 header.b=i5V5Jd8P;
   spf=pass 
(google.com:
 domain of serv...@paypal.com designates 
66.211.170.89 as permitted sender) 
smtp.mailfrom=serv...@paypal.com;
   dmarc=pass (p=REJECT sp=REJECT dis=NONE)

Re: [mailop] Google Gives Gmail Mass Email Services the Boot

2022-11-18 Thread Atro Tossavainen via mailop 
On Fri, Nov 18, 2022 at 10:56:26AM -0700, Anne Mitchell via mailop wrote:
> It's about time, and to the extent that you were involved (if at all), 
> Brandon, *thank you*!
> 
> "Users of mass email services such as Gmass, Woodpecker, Lemlist and others 
> that have been using Gmail’s API to send bulk email that tricked recipients 
> into thinking that they were receiving personal one-to-one emails have been 
> put on notice today by Google: “Applications that use multiple accounts to 
> abuse Google policies, bypass Gmail account limitation, circumvent filters 
> and spam, or otherwise subvert restrictions are prohibited from accessing 
> Gmail API scopes.”"
> 
> https://www.isipp.com/blog/google-gives-gmail-mass-email-services-the-boot/

Much appreciated. Thanks to all who contributed to make this happen.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

2022-11-18 Thread Ken Simpson via mailop 
Hi Michael,

I've seen the raw email; it did come from PayPal. PayPal needs to get
better at recognizing brand images so that this kind of impersonation is
more difficult on their platform. No doubt they are already working on that.

Ken

On Fri, Nov 18, 2022 at 11:32 AM Michael Wise via mailop 
wrote:

>
>
> Please share the headers; pictures are not forensic evidence.
>
> We’ve seen similar things, want to see if it’s the same issue.
>
>
>
> Hint: it may have really come from PayPal.
>
>
>
> Aloha,
>
> Michael.
>
> --
>
> *Michael J Wise*
> Microsoft Corporation| Spam Analysis
>
> "Your Spam Specimen Has Been Processed."
>
> Open a ticket for Hotmail 
> ?
>
>
>
> *From:* mailop  *On Behalf Of *Zach Rose via
> mailop
> *Sent:* Friday, November 18, 2022 7:10 AM
> *To:* mailop@mailop.org
> *Subject:* [EXTERNAL] [mailop] Really good paypal phishing email this
> morning
>
>
>
> https://www.screencast.com/t/dNPpByTSjrq
> 
>
>
>
> I rarely use paypal, if ever, and haven't shopped with Walmart in over a
> decade, but I can see how this would fool a lot of people. Passed
> DKIM/SPF/DMARC, and the code of the email itself referenced their own
> static file CDN, so this feels like a scam account internally rather than a
> spoofed email.
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 

Ken Simpson

CEO, MailChannels



Facebook   |  Twitter   |
LinkedIn  |  Help Center


Our latest case study video: watch here!

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

2022-11-18 Thread Zach Rose via mailop 
Yeah, that's my theory at the moment, very likely that the call is coming
from inside the house, but they didn't find the person who made the call
before it was made.


Delivered-To: REDACTED
Received: by 2002:a05:640c:1b81:b0:190:7afb:ee7a with SMTP id
r1csp516216eiw;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6dcoQaNhG4JYaaq7jvwEAJxfF8XCQ2Zy1qPt4mGssaSyPzrvU0HsohJxkBvLOIjhuKLb6N
X-Received: by 2002:a65:67d1:0:b0:476:87ad:9d78 with SMTP id
b17-20020a6567d100b0047687ad9d78mr6785903pgs.169.1668781412334;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668781412; cv=none;
d=google.com; s=arc-20160816;
b=U4pbrfCYSxjulk8kCNLer1j7TfaCaowzf2yDYMqeQMVmG4g/JvAXzf0m4serzWoqTi

 OBEY9TrwfM2j3yQssfS8OMOnWmBP+pO7KYBmg67sBb57BdZlx/+txIylik9rNKuyXsEh

 O5+LN63Y1RqiSPLK44tgV3uHSeYS5n+qE0gJHgS1lojzvH/tEkxESiQHix+K7sWYnBUt

 EXjoD4UKa4x1WGOsOPsb64AYM/AMs2TImhoZCqg+tT2Otsn1/Hz34iMozy9tR0yBB15q

 +Eq4bNx9gjV8EpetyAjAQF7XHwWknzhig/MtiVy76GwNuCpUxd8yW+Bw3/fwTtBL6zl6
 QFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=amq-delivery-message-id:mime-version:from:to:subject
 :pp-correlation-id:message-id:date:content-transfer-encoding
 :dkim-signature;
bh=+ooJ/KHJ7NcHSktaVA2Efxv2wUuyyzgRC9OcH8lTKPI=;
b=PbkHny3v4CR7wqQUcdh8f9PRFBMO+7dUlCVLzG9d8uDG0Uc+4jNqlkRB5chwPq1AUw

 QG3rN1n+lpU1t/MEz0fnZ2k1Rwzrr0j/2L0fHhhX0eJ8UheOHbcVNDSF1hjDfwPayN43

 ggWon6WA5mEYJ6jTPt5ODvSC0shj5SrQBq2C57tCG4WOjWGK63UhilfiZS/GgpoyzgvG

 UItaCRQKijOkG9k8bNub0rZ77LEdRoCK6RaEe6mhKmTv0doesmgdyhlb8+1e8V8Uvy7T

 tqhqfvqUyzVOgL5HmUZIjNl/XkNXA966EGTLfDqf1DWDsf0LRjpZpJiJViixPJ63UMKA
 /azQ==
ARC-Authentication-Results: i=1; mx.google.com;
   dkim=pass header.i=@paypal.com header.s=pp-dkim1 header.b=i5V5Jd8P;
   spf=pass (google.com: domain of serv...@paypal.com designates
66.211.170.89 as permitted sender) smtp.mailfrom=serv...@paypal.com;
   dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com
Return-Path: 
Received: from mx1.phx.paypal.com (mx3.phx.paypal.com. [66.211.170.89])
by mx.google.com with ESMTPS id
c5-20020a655a8500b0044fb332e9c2si4180181pgt.560.2022.11.18.06.23.32
for 
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
Received-SPF: pass (google.com: domain of serv...@paypal.com designates
66.211.170.89 as permitted sender) client-ip=66.211.170.89;
Authentication-Results: mx.google.com;
   dkim=pass header.i=@paypal.com header.s=pp-dkim1 header.b=i5V5Jd8P;
   spf=pass (google.com: domain of serv...@paypal.com designates
66.211.170.89 as permitted sender) smtp.mailfrom=serv...@paypal.com;
   dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=paypal.com
DKIM-Signature: v=1; a=rsa-sha256; d=paypal.com; s=pp-dkim1;
c=relaxed/relaxed;
q=dns/txt; i=@paypal.com; t=1668781410;
h=From:From:Subject:Date:To:MIME-Version:Content-Type;
bh=+ooJ/KHJ7NcHSktaVA2Efxv2wUuyyzgRC9OcH8lTKPI=;
b=i5V5Jd8PU85hThj/qbYYNVtrAe9utMx13ls4RqO/wxfIUwhUDUQ0jzygOkTfY88K
BE74YiE8NsQGHdn4tMuGpInCw+7bnGFPBmOrlk22QztSUjqPH80z6lDtI7NrPpF6
RYaiNevk4cJU4eEXXyr6fIT1fdcDwFdL4WErZ0w0KLpgYwd7dnwgqDrgvDWNJQWd
wzgmA+qZ+9UUrDCsv/h3JCmWBoJaFs3Eaph019ifvg2hLCvZ6Zo3iEqE8aLFQx3b
PDgFKnpTxxI+E1HaIpZJGQwpSI2q7TYrSKvwEBwko9OFXkWe9zlngcE/Km17TlpB
0ujZJGDU7e4EtiOBfTM96g==;
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="UTF-8"
Date: Fri, 18 Nov 2022 06:23:30 -0800
Message-ID: <65.AC.09725.26597736@ccg01mail05>
X-PP-REQUESTED-TIME: 1668781403501
X-PP-Email-transmission-Id: 917850f8-674c-11ed-96b4-3cecef6afc2b
PP-Correlation-Id: f349957836b68
Subject: Invoice from Walmart (0067)
X-MaxCode-Template: RT000238
To: zachery Rose 
From: "serv...@paypal.com" 
X-Email-Type-Id: RT000238
MIME-Version: 1.0
X-PP-Priority: 0-none-true
AMQ-Delivery-Message-Id: nullval
X-XPT-XSL-Name: nullval

On Fri, Nov 18, 2022 at 1:44 PM Michael Wise 
wrote:

>
>
> Please share the headers; pictures are not forensic evidence.
>
> We’ve seen similar things, want to see if it’s the same issue.
>
>
>
> Hint: it may have really come from PayPal.
>
>
>
> Aloha,
>
> Michael.
>
> --
>
> *Michael J Wise*
> Microsoft Corporation| Spam Analysis
>
> "Your Spam Specimen Has Been Processed."
>
> Open a ticket for Hotmail 
> ?
>
>
>
> *From:* mailop  *On Behalf Of *Zach Rose via
> mailop
> *Sent:* Friday, November 18, 2022 7:10 AM
> *To:* mailop@mailop.org
> *Subject:* [EXTERNAL] [mailop] Really good paypal phishing email this
> morning
>
>
>
> https://www.screencast.com/t/dNPpByTSjrq
>

Re: [mailop] Looks like I am getting blocked by msn.com only.

2022-11-18 Thread Michael Wise via mailop 

You need to fill out the form in my .sig file.
This is a Consumer issue, not an Office365 issue.

Why folks redact the IP addresses for such issues in this forum I don't 
understand.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Ryan Prihoda via mailop
Sent: Thursday, November 17, 2022 1:26 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Looks like I am getting blocked by msn.com only.

Hey all,


I received this rejection going to an msn account is there any way to resolve 
this?



host msn-com.olc.protection.outlook.com [104.47.18.97]  SMTP error from remote 
mail server after pipelined sending data block:  550 5.7.1 Unfortunately, 
messages from [xxx.xxx.xxx.xxx] weren't sent. Please contact your Internet 
service provider since part of their network is on our block list (S3140). You 
can also refer your provider to 
http://mail.live.com/mail/troubleshooting.aspx#errors. 
[AM6EUR05FT038.eop-eur05.prod.protection.outlook.com]



Thanks in advance,



  *   R. Prihoda


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

2022-11-18 Thread Michael Wise via mailop 

Please share the headers; pictures are not forensic evidence.
We've seen similar things, want to see if it's the same issue.

Hint: it may have really come from PayPal.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Zach Rose via mailop
Sent: Friday, November 18, 2022 7:10 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Really good paypal phishing email this morning

https://www.screencast.com/t/dNPpByTSjrq

I rarely use paypal, if ever, and haven't shopped with Walmart in over a 
decade, but I can see how this would fool a lot of people. Passed 
DKIM/SPF/DMARC, and the code of the email itself referenced their own static 
file CDN, so this feels like a scam account internally rather than a spoofed 
email.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google Gives Gmail Mass Email Services the Boot

2022-11-18 Thread Jarland Donnell via mailop 
This is excellent news. I'm quite ready for some of these services to 
move my way and try to pull off similar activities. I'd love to ruin 
their day just a bit more.


On 2022-11-18 11:56, Anne Mitchell via mailop wrote:
It's about time, and to the extent that you were involved (if at all), 
Brandon, *thank you*!


"Users of mass email services such as Gmass, Woodpecker, Lemlist and 
others that have been using Gmail’s API to send bulk email that tricked 
recipients into thinking that they were receiving personal one-to-one 
emails have been put on notice today by Google: “Applications that use 
multiple accounts to abuse Google policies, bypass Gmail account 
limitation, circumvent filters and spam, or otherwise subvert 
restrictions are prohibited from accessing Gmail API scopes.”"


https://www.isipp.com/blog/google-gives-gmail-mass-email-services-the-boot/

Anne

---
We provide the Good Senders email sender reputation certification list 
to inbox providers

around the world. Learn more at gettotheinbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email 
marketing law)

Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Google Gives Gmail Mass Email Services the Boot

2022-11-18 Thread Anne Mitchell via mailop 
It's about time, and to the extent that you were involved (if at all), Brandon, 
*thank you*!

"Users of mass email services such as Gmass, Woodpecker, Lemlist and others 
that have been using Gmail’s API to send bulk email that tricked recipients 
into thinking that they were receiving personal one-to-one emails have been put 
on notice today by Google: “Applications that use multiple accounts to abuse 
Google policies, bypass Gmail account limitation, circumvent filters and spam, 
or otherwise subvert restrictions are prohibited from accessing Gmail API 
scopes.”"

https://www.isipp.com/blog/google-gives-gmail-mass-email-services-the-boot/

Anne

---
We provide the Good Senders email sender reputation certification list to inbox 
providers
around the world. Learn more at gettotheinbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Really good paypal phishing email this morning

2022-11-18 Thread Jarland Donnell via mailop 
Someone probably named themselves "Walmart" on PayPal and issued an 
invoice in their UI for your email, triggering PayPal to send you an 
invoice for it.


On 2022-11-18 09:09, Zach Rose via mailop wrote:

https://www.screencast.com/t/dNPpByTSjrq

I rarely use paypal, if ever, and haven't shopped with Walmart in over
a decade, but I can see how this would fool a lot of people. Passed
DKIM/SPF/DMARC, and the code of the email itself referenced their own
static file CDN, so this feels like a scam account internally rather
than a spoofed email.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Really good paypal phishing email this morning

2022-11-18 Thread Zach Rose via mailop 
https://www.screencast.com/t/dNPpByTSjrq

I rarely use paypal, if ever, and haven't shopped with Walmart in over a
decade, but I can see how this would fool a lot of people. Passed
DKIM/SPF/DMARC, and the code of the email itself referenced their own
static file CDN, so this feels like a scam account internally rather than a
spoofed email.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] TLS-RPT reporting software

2022-11-18 Thread Gellner, Oliver via mailop 
Yes, we receive TLS reports from several small companies and they all seem to 
use MDaemon. It's not open source though and isn't a plugin, but a full-blown 
email filter.

--
BR Oliver

On 2022-11-18 10:05, Johan Lavsund via mailop wrote:
> Hi,
> I use Securitygateway from Mdaemon Technologies and it sends TLS reports.
> Kind Regards
> Johan
>
>
> On 2022-11-18 09:49, Faisal Misle via mailop wrote:
>> I only know of four providers that send reports (If anyone knows of
>> any others - I'm all ears!) • Google • Microsoft • Comcast •
>> SocketLabs They likely have their own in-house systems, as they have
>> the resources to do so.
>>
>> Best,
>> Faisal
>>
>> On Thu, Nov 17, 2022, at 11:22 PM, Muyeed Ali via mailop wrote:
>>> Thanks for the information. I had a broken TLS configuration on my SMTP 
>>> server and got a few TLS-RPT reports due to that from popular providers. 
>>> The question is who (which software/MTA/plugin) sends these reports then?
>>>
>>> Thanks.


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Looks like I am getting blocked by msn.com only.

2022-11-18 Thread Laura Atkins via mailop 
sender.office.com is for issues with O365 accounts only, it’s not for issues 
with the free mailbox domains. 

If you go to the URL in the message there will be additional information about 
how to resolve this. If the blocked IP is the same as the one you’re sending to 
the list, however, you should escalate to support office365 - exactly as the 
instructions tell you to do. If it’s from a different network, you should 
escalate to them. 

laura 



> On 18 Nov 2022, at 08:47, Faisal Misle via mailop  wrote:
> 
> Just to be sure because I didn't see you mention it, make sure you've 
> contacted them via the form I often see linked so many different ways: 
> https://sender.office.com 
> 
> On Thu, Nov 17, 2022, at 10:26 PM, Ryan Prihoda via mailop wrote:
>> Hey all,
>> 
>> I received this rejection going to an msn account is there any way to 
>> resolve this?
>> 
>> host msn-com.olc.protection.outlook.com 
>>  [104.47.18.97]  SMTP error from 
>> remote mail server after pipelined sending data block:  550 5.7.1 
>> Unfortunately, messages from [xxx.xxx.xxx.xxx] weren't sent. Please contact 
>> your Internet service provider since part of their network is on our block 
>> list (S3140). You can also refer your provider to 
>> http://mail.live.com/mail/troubleshooting.aspx#errors 
>> . 
>> [AM6EUR05FT038.eop-eur05.prod.protection.outlook.com 
>> ] 
>> 
>> Thanks in advance,
>> 
>> R. Prihoda
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org 
>> https://list.mailop.org/listinfo/mailop 
>> 
>> 
> 
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop 
> 
-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] TLS-RPT reporting software

2022-11-18 Thread Johan Lavsund via mailop 

Hi,

I use Securitygateway from Mdaemon Technologies and it sends TLS reports.

Kind Regards

Johan

On 2022-11-18 09:49, Faisal Misle via mailop wrote:
I only know of four providers that send reports (If anyone knows of 
any others - I'm all ears!)


  * Google
  * Microsoft
  * Comcast
  * SocketLabs

They likely have their own in-house systems, as they have the 
resources to do so.


Best,
Faisal

On Thu, Nov 17, 2022, at 11:22 PM, Muyeed Ali via mailop wrote:
Thanks for the information. I had a broken TLS configuration on my 
SMTP server and got a few TLS-RPT reports due to that from popular 
providers. The question is who (which software/MTA/plugin) sends 
these reports then?


Thanks.

On Thu, Nov 17, 2022 at 5:07 PM Patrick Ben Koetter via mailop 
 wrote:


Ali,

* Muyeed Ali :
> Is there any other MTA that supports the TLS-RPT report plugin?
Please let
> me know if any of you are aware of it. Thanks.

I'm not aware of any open source TLS-RPT reporting solution for
any of the
open source MTAs at the moment.

Of course, if you know how to extract data from what Postfix logs
you can
create reports to fill in the General, Failure and DANE sections.
And then
submit it via SMTP in a DKIM signed message.

p@rick



>
> On Thu, Nov 17, 2022 at 4:42 PM Patrick Ben Koetter via mailop <
> mailop@mailop.org> wrote:
>
> > * Brotman, Alex via mailop :
> > > I’m not aware of one, though you may want to ask Viktor
> >
> > As of today the Postfix smtp client does not log everything
it could to
> > provide data for a TLS-RPT report. It also lacks additional
functionality
> > to
> > log even more data for TLS-RPT. In other words: Postfix is
not aware of
> > everything it could be aware of to create TLS-RPT reports.
> >
> > Besides that the amount of data that could emerge when you
start to log
> > TLS-RPT relevant information very likely will make it
necessary to create a
> > new Postfix service, which sole purpose would be to receive
and process log
> > messages.
> >
> > Viktor and I spoke about this about a year ago and he said he
would not
> > have
> > sufficient cycles to work on all this in the next two years.
Unless someone
> > steps forward and contributes documentation and code the
Postfix community
> > will have to wait.
> >
> > p@rick
> >
> > > From: mailop  On Behalf Of
Muyeed Ali via
> > mailop
> > > Sent: Monday, November 14, 2022 10:43 AM
> > > To: mailop@mailop.org
> > > Subject: [EXTERNAL] [mailop] TLS-RPT reporting software
> > >
> > > Hello,
> > > Does anybody know any mail filter or plugin to Postfix MTA
that sends
> > TLS-RPT reports to mailto or https RUA tags? For the DMARC
report, there
> > are a couple of milters in Rspamd and opendmarc but I could
not find any
> > such option for the TLS-RPT one.
> > >
> > > Thanks.
> > >
> > > Regards,
> > > Muyeed
> >
> > > ___
> > > mailop mailing list
> > > mailop@mailop.org
> > > https://list.mailop.org/listinfo/mailop
> >
> >
> > --
> > [*] sys4 AG
> >
> > https://sys4.de, +49 (89) 30 90 46 64
> > Schleißheimer Straße 26/MG,80333 München
> >
> > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
> > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
> > Aufsichtsratsvorsitzender: Florian Kirstein
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> >

-- 
[*] sys4 AG


https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Looks like I am getting blocked by msn.com only.

2022-11-18 Thread Faisal Misle via mailop 
Just to be sure because I didn't see you mention it, make sure you've contacted 
them via the form I often see linked so many different ways: 
https://sender.office.com

On Thu, Nov 17, 2022, at 10:26 PM, Ryan Prihoda via mailop wrote:
> `Hey all,`
> ``
> `I received this rejection going to an msn account is there any way to 
> resolve this?`
> ``
> `host msn-com.olc.protection.outlook.com [104.47.18.97] `` SMTP error from 
> remote mail server after pipelined sending data block: `` 550 5.7.1 
> Unfortunately, messages from [xxx.xxx.xxx.xxx] weren't sent. Please contact 
> your Internet service provider since part of their network is on our block 
> list (S3140). You can also refer your provider to 
> http://mail.live.com/mail/troubleshooting.aspx#errors. 
> [AM6EUR05FT038.eop-eur05.prod.protection.outlook.com] `
> ``
> `Thanks in advance,`
> ``
>  * `R. Prihoda`
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] TLS-RPT reporting software

2022-11-18 Thread Faisal Misle via mailop 
I only know of four providers that send reports (If anyone knows of any others 
- I'm all ears!)
 * Google
 * Microsoft
 * Comcast
 * SocketLabs
They likely have their own in-house systems, as they have the resources to do 
so.

Best,
Faisal

On Thu, Nov 17, 2022, at 11:22 PM, Muyeed Ali via mailop wrote:
> Thanks for the information. I had a broken TLS configuration on my SMTP 
> server and got a few TLS-RPT reports due to that from popular providers. The 
> question is who (which software/MTA/plugin) sends these reports then?
> 
> Thanks. 
> 
> On Thu, Nov 17, 2022 at 5:07 PM Patrick Ben Koetter via mailop 
>  wrote:
>> Ali,
>> 
>> * Muyeed Ali :
>> > Is there any other MTA that supports the TLS-RPT report plugin? Please let
>> > me know if any of you are aware of it. Thanks.
>> 
>> I'm not aware of any open source TLS-RPT reporting solution for any of the
>> open source MTAs at the moment.
>> 
>> Of course, if you know how to extract data from what Postfix logs you can
>> create reports to fill in the General, Failure and DANE sections. And then
>> submit it via SMTP in a DKIM signed message.
>> 
>> p@rick
>> 
>> 
>> 
>> > 
>> > On Thu, Nov 17, 2022 at 4:42 PM Patrick Ben Koetter via mailop <
>> > mailop@mailop.org> wrote:
>> > 
>> > > * Brotman, Alex via mailop :
>> > > > I’m not aware of one, though you may want to ask Viktor
>> > >
>> > > As of today the Postfix smtp client does not log everything it could to
>> > > provide data for a TLS-RPT report. It also lacks additional functionality
>> > > to
>> > > log even more data for TLS-RPT. In other words: Postfix is not aware of
>> > > everything it could be aware of to create TLS-RPT reports.
>> > >
>> > > Besides that the amount of data that could emerge when you start to log
>> > > TLS-RPT relevant information very likely will make it necessary to 
>> > > create a
>> > > new Postfix service, which sole purpose would be to receive and process 
>> > > log
>> > > messages.
>> > >
>> > > Viktor and I spoke about this about a year ago and he said he would not
>> > > have
>> > > sufficient cycles to work on all this in the next two years. Unless 
>> > > someone
>> > > steps forward and contributes documentation and code the Postfix 
>> > > community
>> > > will have to wait.
>> > >
>> > > p@rick
>> > >
>> > > > From: mailop  On Behalf Of Muyeed Ali via
>> > > mailop
>> > > > Sent: Monday, November 14, 2022 10:43 AM
>> > > > To: mailop@mailop.org
>> > > > Subject: [EXTERNAL] [mailop] TLS-RPT reporting software
>> > > >
>> > > > Hello,
>> > > > Does anybody know any mail filter or plugin to Postfix MTA that sends
>> > > TLS-RPT reports to mailto or https RUA tags? For the DMARC report, there
>> > > are a couple of milters in Rspamd and opendmarc but I could not find any
>> > > such option for the TLS-RPT one.
>> > > >
>> > > > Thanks.
>> > > >
>> > > > Regards,
>> > > > Muyeed
>> > >
>> > > > ___
>> > > > mailop mailing list
>> > > > mailop@mailop.org
>> > > > https://list.mailop.org/listinfo/mailop
>> > >
>> > >
>> > > --
>> > > [*] sys4 AG
>> > >
>> > > https://sys4.de, +49 (89) 30 90 46 64
>> > > Schleißheimer Straße 26/MG,80333 München
>> > >
>> > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
>> > > Aufsichtsratsvorsitzender: Florian Kirstein
>> > >
>> > > ___
>> > > mailop mailing list
>> > > mailop@mailop.org
>> > > https://list.mailop.org/listinfo/mailop
>> > >
>> 
>> -- 
>> [*] sys4 AG
>> 
>> https://sys4.de, +49 (89) 30 90 46 64
>> Schleißheimer Straße 26/MG,80333 München
>> 
>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
>> Aufsichtsratsvorsitzender: Florian Kirstein
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop