Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Sebastian Nielsen via mailop]

This mailing list does it, and I thinks it works well.But if you want the pure 
solution, you could go the rfc822 route, where you take a mail (where the 
adress forw...@example.org expands to tar...@gmail.com) like:From: 
sender@gmail.comTo: forward@example.orgSubject: HeyContent-Type: 
text/plainHeyand encapsulate it on a new rfc822 container, so it looks like 
this:From: forward@example.orgTo: target@gmail.comSubject: Fwd: 
HeyContent-Type: message/rfc822From: sender@gmail.comTo: 
forward@example.orgSubject: HeyContent-Type: text/plainHeyThis shouldn't break 
anything since the original verbatim is kept, while DMARC authentication is 
performed on the outer container.
 Originalmeddelande Från: John Levine via mailop 
 Datum: 2023-03-23  02:38  (GMT+01:00) Till: 
mailop@mailop.org Kopia: sebast...@sebbe.eu Ämne: Re: [mailop] Hotmail will 
start rejecting messages that fail DMARC It appears that Sebastian Nielsen via 
mailop  said:>-=-=-=-=-=->-=-=-=-=-=->I think forwarders 
and mailing lists should start rewriting From: instead to a adress for which 
they are authorative,Oh, please, not the blame the victim argument again.See 
archives of this list for many discussions about why that workaround makes 
mailing lists work much, much 
worse.R's,JOhn___mailop mailing 
listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[John Levine via mailop]

It appears that Sebastian Nielsen via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>I think forwarders and mailing lists should start rewriting From: instead to a 
>adress for which they are authorative,

Oh, please, not the blame the victim argument again.

See archives of this list for many discussions about why that workaround makes 
mailing lists work much, much worse.

R's,
JOhn
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Contact for Prodigy (ATT)

[Lili Crowley via mailop]

Please contact me off list.

Thanks!

On Wed, Mar 22, 2023 at 9:04 PM Mark Dale via mailop 
wrote:

>
> Hi,
>
> If there's anyone here from Prodigy could they let me know. We're seeing
> mail to "@sbcglobal.net" being blocked this week.
>
> Thanks,
> Mark
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!Op6eflyXZCqGR5I!CwtMKF6u6vlAfrMiqx7ZjSow-gLwdMcKuYlnOwt9XYnniUnnB2CO3cjiHQ_XaZyvEtYNoLdtkGuvaD3bQaQ$
>
-- 

*Lili Crowley*

she/her

Postmaster



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Contact for Prodigy (ATT)

[Mark Dale via mailop]

Hi,

If there's anyone here from Prodigy could they let me know. We're seeing mail to 
"@sbcglobal.net" being blocked this week.

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[Bill Cole via mailop]

On 2023-03-22 at 15:44:10 UTC-0400 (Thu, 23 Mar 2023 03:44:10 +0800)
fh--- via mailop 
is rumored to have said:


May I know why you block PW TLD entirety?
Not all of them are spams IMO.


100% of the messages arriving at the mail systems I manage claiming to 
be from a *.pw domain were spam, prior to my outright banning them. In 
the years since, I've never had any indication that any of the messages 
rejected as a result have not also been spam.


It may be worth noting that pw has a particularly notable position, as 
it was one of the earliest demonstrators of how a registry can sabotage 
a TLD. They decided to market their "Pro Web" domains by making them 
free and returnable for a while when first introduced. This was jumped 
on by a few spamming operations who basically drenched the TLD in a vat 
of reputational sewage that will likely NEVER wash off, all in about a 
week almost exactly 10 years ago. Even worse, the event apparently gave 
other TLD hucksters the idea of launching in the same way, dooming a 
handful of other gTLDs (and pimped-out ccTLDs like pw) to a lifetime of 
crap deliverability.


If I ever have reason to believe that any user of any system I handle 
will ever receive a wanted message from a *@*.pw address (or any address 
in any of the other TLDs with similar blocks,) I will exempt the domain 
in question. It has happened for some .online domains and more domains 
in2 TLDs that I no longer block. Not for pw.





On 2023-03-22 23:53, John Levine via mailop wrote:

It appears that fh--- via mailop  said:

On 2023-03-22 12:19, Scott Undercofler wrote:

Like .tk and .ml that are free?



He means the .pw TLD he was using.


Oh, no wonder.  I block it too.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Michael Peddemors via mailop]

Or just turn off remote email forwarding..

On 2023-03-22 14:52, Sebastian Nielsen via mailop wrote:
I think forwarders and mailing lists should start rewriting From: 
instead to a adress for which they are authorative, or encapsulate the 
list message in a new rfc822 container, where the inner container is the 
email unmodified, and the outer container is From: replaced with the 
list or forwarding adress, To: replaced with forwarding final 
destination, and Subject: replaced with "Fwd: [Original subject]".



That should make it DMARC safe, even with strict alignment enabled.

 Originalmeddelande 
Från: John Levine via mailop 
Datum: 2023-03-22 20:28 (GMT+01:00)
Till: mailop@mailop.org
Kopia: jdellap...@microsoft.com
Ämne: Re: [mailop] Hotmail will start rejecting messages that fail DMARC

It appears that Jeff Dellapina via mailop  said:
 >-=-=-=-=-=-
 >-=-=-=-=-=-
 >
 >Hey Mailop,
 >
 >Microsoft is proud to announce our Consumer email service 
(Outlook/Hotmail/MSN/Live) will now honor the DMARC record of  "p=reject" by
 >rejecting the message if the domain fails DMARC. Previously, messages 
that failed DMARC were sent to the junk folder (Quarantine). Over the

 >next 30 days these DMARC-failing messages will be rejected.

Any chance you'll be using ARC headers to mitigate the damage to mailing 
lists and other forwarders?


R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Sebastian Nielsen via mailop]

I think forwarders and mailing lists should start rewriting From: instead to a 
adress for which they are authorative, or encapsulate the list message in a new 
rfc822 container, where the inner container is the email unmodified, and the 
outer container is From: replaced with the list or forwarding adress, To: 
replaced with forwarding final destination, and Subject: replaced with "Fwd: 
[Original subject]".That should make it DMARC safe, even with strict alignment 
enabled.
 Originalmeddelande Från: John Levine via mailop 
 Datum: 2023-03-22  20:28  (GMT+01:00) Till: 
mailop@mailop.org Kopia: jdellap...@microsoft.com Ämne: Re: [mailop] Hotmail 
will start rejecting messages that fail DMARC It appears that Jeff Dellapina 
via mailop  said:>-=-=-=-=-=->-=-=-=-=-=->>Hey 
Mailop,>>Microsoft is proud to announce our Consumer email service 
(Outlook/Hotmail/MSN/Live) will now honor the DMARC record of  "p=reject" 
by>rejecting the message if the domain fails DMARC. Previously, messages that 
failed DMARC were sent to the junk folder (Quarantine). Over the>next 30 days 
these DMARC-failing messages will be rejected.Any chance you'll be using ARC 
headers to mitigate the damage to mailing lists and other 
forwarders?R's,John___mailop 
mailing listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[Michael Orlitzky via mailop]

On 2023-03-22 20:12:31, Slavko via mailop wrote:
> 
> But seriously, what is difference between .com and .pw (or any
> other domain name) other than that .com is here +- from start
> of DNS?

When dot-pw went public, it was heavily abused by spammers:

https://www.domainregistration.com.au/news/2013/1305-pw-domain-spam.php

It may be time to forgive them, but you'll still have to convince
people that the signal to noise ratio makes it worth their time. For
example, in the decade since we blocked it, I'm aware of exactly one
false positive... and that was from someone who worked at the
registrar.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[William Kern via mailop]

On 3/21/23 6:16 PM, fh--- via mailop wrote:

Hello

Does sender domain itself have influence on delivery reputation? is 
new domain worse than old one? and xyz/info/pub/... domains worse than 
.com one?




Regarding TLDs.

Many orgs (including this one)

Use a tool such as

https://www.spamhaus.org/statistics/tlds/

and add Spam Penalty points for those TLDs as appropriate

Thus the email is not rejected for the worst offenders but is almost 
guaranteed to be put in quarantine or otherwise marked as potential spam


At present your TLD .pw scores pretty low

.pw = 1.4% bad (score 0.09) which is on par with .com

So you would not be affected here.

Sincerely,

William Kern

PixelGate Networks.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Alex Burch via mailop]

Jeff, great news. Could you tell us what the bounce code/message will be?
Would be good to be on the lookout for it.
Thanks,
Alex


--

Alexander Burch
ActiveCampaign / Senior Deliverability Engineer
abu...@activecampaign.com
1 North Dearborn St Suite 500, Chicago IL, 60602








On Wed, Mar 22, 2023 at 12:56 PM Udeme Ukutt via mailop 
wrote:

> Great! Thanks for sharing, Jeff.
>
> -Udeme
>
> On Wed, Mar 22, 2023 at 10:32 AM Jeff Dellapina via mailop <
> mailop@mailop.org> wrote:
>
>> Hey Mailop,
>>
>>
>>
>> Microsoft is proud to announce our Consumer email service
>> (Outlook/Hotmail/MSN/Live) *will now honor the DMARC record of
>>  “p=reject” by rejecting the message if the domain fails DMARC*.
>> Previously, messages that failed DMARC were sent to the junk folder
>> (Quarantine). Over the next 30 days these DMARC-failing messages will be
>> rejected.
>>
>>
>>
>> If you see any problems with our Consumer platform, please create a
>> support ticket here  https://olcsupport.office.com/
>> 
>>
>>
>>
>>
>> Thanks,
>>
>>  Jeff Dellapina
>>
>>
>>
>>
>>
>> Thanks,
>>
>>  Jeff Dellapina
>>
>>
>>
>> Sr. Email Delivery Manager
>>
>> SAGE  Team
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
>> 
>>
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!M__FdOv_TW83aAt3K3lBRnI8br9LLNlSNgk2-I_rrYnXW6vfe1nxC28swBUaGBV0M0ILZsAAjADY9y-1e6g$
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[Frost The Fox via mailop]

I'm not saying they're required to accept everyone's mail. And I hold
nothing against anyone trying to protect themselves or their users from
spammers. But if they have decided not to accept my TLD, it would be nice
to know that instead of running around wondering what list my domain found
itself on. Whether that is via the reject message, or replying to an email
to the relevant contact points.

Of course, as a mail admin, and with this being my personal domain, I know
what to do when I get a bounce like this, and I have alternatives
available. But someone who buys a cheap domain and mail hosting for a small
business or something like that and gets the bounce message will have no
idea what to do about it.

In any case, someone very kindly contacted me off list about my situation.
I was just sharing the example of a known TLD block I experienced and what
it can be like from the blocked side.

On Wed, Mar 22, 2023 at 3:01 PM John Levine  wrote:

> It appears that Frost The Fox via mailop  said:
> >-=-=-=-=-=-
> >-=-=-=-=-=-
> >
> >Which I can understand, I obviously might not like it as a legitimate user
> >of the TLD, but sometimes a measure like that could be the most effective
> >mitigation (especially for smaller scale ops). What I did have a problem
> >with was both the fact that the message was generic ("sender rejected"),
> >which isn't very helpful if I wasn't a mail admin, and that no one seemed
> >willing to talk to me about it (emails to contact addresses were not
> >allowed from my domain either, and emailing from other addresses went
> >unanswered).
>
> I would definitely ask them to refund the money you paid them to accept
> your mail.
>
> Oh, wait.
>
> If you want people to accept your mail, it is a good idea not to look
> like a spammer. It is hard for me to imagine why anyone would want to
> use a .PW domain for mail other, perhaps, than the handful of people
> who live there.
>
> R's,
> John
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[Slavko via mailop]

Dňa 22. marca 2023 19:01:45 UTC používateľ John Levine via mailop 
 napísal:

>If you want people to accept your mail, it is a good idea not to look
>like a spammer. It is hard for me to imagine why anyone would want to
>use a .PW domain for mail other, perhaps, than the handful of people
>who live there.

For me it is hard to imagine why anyone would want to use .com
domain for mail other, perhaps, than the handful of people who
live there.

Oh, wait, nobody live in COM...

But seriously, what is difference between .com and .pw (or any
other domain name) other than that .com is here +- from start
of DNS?

IIRC .com is top abused TLD as reported by Spamhaus' bothet
report, the .pw is even not in top 20, thus why people do block
.pw but not .com? No, the spam/nospam ratio (often used as
argument) is IMO not real reason, it is just because nobody is
enough brave to block old .com, but many are heroes to block
not as common/new domains.

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Udeme Ukutt via mailop]

Great! Thanks for sharing, Jeff.

-Udeme

On Wed, Mar 22, 2023 at 10:32 AM Jeff Dellapina via mailop <
mailop@mailop.org> wrote:

> Hey Mailop,
>
>
>
> Microsoft is proud to announce our Consumer email service
> (Outlook/Hotmail/MSN/Live) *will now honor the DMARC record of
>  “p=reject” by rejecting the message if the domain fails DMARC*.
> Previously, messages that failed DMARC were sent to the junk folder
> (Quarantine). Over the next 30 days these DMARC-failing messages will be
> rejected.
>
>
>
> If you see any problems with our Consumer platform, please create a
> support ticket here  https://olcsupport.office.com/
>
>
>
> Thanks,
>
>  Jeff Dellapina
>
>
>
>
>
> Thanks,
>
>  Jeff Dellapina
>
>
>
> Sr. Email Delivery Manager
>
> SAGE  Team
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[fh--- via mailop]

May I know why you block PW TLD entirety?
Not all of them are spams IMO.


On 2023-03-22 23:53, John Levine via mailop wrote:

It appears that fh--- via mailop  said:

On 2023-03-22 12:19, Scott Undercofler wrote:

Like .tk and .ml that are free?



He means the .pw TLD he was using.


Oh, no wonder.  I block it too.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[John Levine via mailop]

It appears that Jeff Dellapina via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Hey Mailop,
>
>Microsoft is proud to announce our Consumer email service 
>(Outlook/Hotmail/MSN/Live) will now honor the DMARC record of  "p=reject" by
>rejecting the message if the domain fails DMARC. Previously, messages that 
>failed DMARC were sent to the junk folder (Quarantine). Over the
>next 30 days these DMARC-failing messages will be rejected.

Any chance you'll be using ARC headers to mitigate the damage to mailing lists 
and other forwarders?

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[John Levine via mailop]

It appears that Frost The Fox via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Which I can understand, I obviously might not like it as a legitimate user
>of the TLD, but sometimes a measure like that could be the most effective
>mitigation (especially for smaller scale ops). What I did have a problem
>with was both the fact that the message was generic ("sender rejected"),
>which isn't very helpful if I wasn't a mail admin, and that no one seemed
>willing to talk to me about it (emails to contact addresses were not
>allowed from my domain either, and emailing from other addresses went
>unanswered).

I would definitely ask them to refund the money you paid them to accept your 
mail.

Oh, wait.

If you want people to accept your mail, it is a good idea not to look
like a spammer. It is hard for me to imagine why anyone would want to
use a .PW domain for mail other, perhaps, than the handful of people
who live there.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Jay Hennigan via mailop]

On 3/22/23 01:35, Hans-Martin Mosner via mailop wrote:

I tried to report a phishing spam to Sendgrid, and look what I got:

- The following addresses had permanent fatal errors -

 (reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

- Transcript of session follows -
... while talking to aspmx.l.google.com.:


With the amount of spam coming from Sendgrid, do you think they even 
look at the ones that get through?


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Alex Liu via mailop]

Good to know!

On Wed, Mar 22, 2023 at 11:53 AM Al Iverson via mailop 
wrote:

> This is great to hear. Thanks very much for sharing!
>
> Cheers,
> Al Iverson
>
> On Wed, Mar 22, 2023 at 9:31 AM Jeff Dellapina via mailop <
> mailop@mailop.org> wrote:
>
>> Hey Mailop,
>>
>>
>>
>> Microsoft is proud to announce our Consumer email service
>> (Outlook/Hotmail/MSN/Live) *will now honor the DMARC record of
>>  “p=reject” by rejecting the message if the domain fails DMARC*.
>> Previously, messages that failed DMARC were sent to the junk folder
>> (Quarantine). Over the next 30 days these DMARC-failing messages will be
>> rejected.
>>
>>
>>
>> If you see any problems with our Consumer platform, please create a
>> support ticket here  https://olcsupport.office.com/
>>
>>
>>
>> Thanks,
>>
>>  Jeff Dellapina
>>
>>
>>
>>
>>
>> Thanks,
>>
>>  Jeff Dellapina
>>
>>
>>
>> Sr. Email Delivery Manager
>>
>> SAGE  Team
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
>>
>
>
> --
>
> Al Iverson / Deliverability blogging at www.spamresource.com
> Subscribe to the weekly newsletter at wombatmail.com/sr.cgi
> DNS Tools at xnnd.com / (312) 725-0130 / Chicago (Central Time)
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
Regards,
*Enze "**Alex" **Liu*
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu
University of California, San Diego
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

[Al Iverson via mailop]

This is great to hear. Thanks very much for sharing!

Cheers,
Al Iverson

On Wed, Mar 22, 2023 at 9:31 AM Jeff Dellapina via mailop 
wrote:

> Hey Mailop,
>
>
>
> Microsoft is proud to announce our Consumer email service
> (Outlook/Hotmail/MSN/Live) *will now honor the DMARC record of
>  “p=reject” by rejecting the message if the domain fails DMARC*.
> Previously, messages that failed DMARC were sent to the junk folder
> (Quarantine). Over the next 30 days these DMARC-failing messages will be
> rejected.
>
>
>
> If you see any problems with our Consumer platform, please create a
> support ticket here  https://olcsupport.office.com/
>
>
>
> Thanks,
>
>  Jeff Dellapina
>
>
>
>
>
> Thanks,
>
>  Jeff Dellapina
>
>
>
> Sr. Email Delivery Manager
>
> SAGE  Team
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 

Al Iverson / Deliverability blogging at www.spamresource.com
Subscribe to the weekly newsletter at wombatmail.com/sr.cgi
DNS Tools at xnnd.com / (312) 725-0130 / Chicago (Central Time)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[Frost The Fox via mailop]

Which I can understand, I obviously might not like it as a legitimate user
of the TLD, but sometimes a measure like that could be the most effective
mitigation (especially for smaller scale ops). What I did have a problem
with was both the fact that the message was generic ("sender rejected"),
which isn't very helpful if I wasn't a mail admin, and that no one seemed
willing to talk to me about it (emails to contact addresses were not
allowed from my domain either, and emailing from other addresses went
unanswered).

It's not a huge issue as I just use one of my other addresses to forward
things to my family member (and we're trying to move him away from that
address anyway), but the fact that as a customer, I can't even forward
emails to myself, is kinda frustrating.

On Wed, Mar 22, 2023 at 11:58 AM John Levine via mailop 
wrote:

> It appears that fh--- via mailop  said:
> >On 2023-03-22 12:19, Scott Undercofler wrote:
> >> Like .tk and .ml that are free?
> >>
> >
> >He means the .pw TLD he was using.
>
> Oh, no wonder.  I block it too.
>
> R's,
> John
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[Benny Pedersen via mailop]

John Levine via mailop skrev den 2023-03-22 16:53:


He means the .pw TLD he was using.


Oh, no wonder.  I block it too.


so you have none ham mail now from pw tld ? :)

with is funny so you can still say pw is spam only !
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] sender domain reputation

[John Levine via mailop]

It appears that fh--- via mailop  said:
>On 2023-03-22 12:19, Scott Undercofler wrote:
>> Like .tk and .ml that are free?
>> 
>
>He means the .pw TLD he was using.

Oh, no wonder.  I block it too.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Mickey Chandler via mailop]

Eh.

Sendgrid isn't a mailbox provider. Holding them to that standard of things
isn't the right way of looking at it.

For an Email Service Provider (like Sendgrid), the headers likely do have
the information to find the outgoing job where the actual messages were
built and there will be sufficient information there about the bodies (even
if it's without the precise personalization that the recipient saw) that an
abuse desk can take action if the content is important to the case.

When I was last running an ESP abuse desk, there were a very few customers
who were running things all over an API and I couldn't see the message
bodies, but I was looking for the bodies to see if there was additional
evidence (like "I found your contact information on LinkedIn") and was able
to move forward with my cases anyway.

I have grave concerns about running an ESP abuse desk on Google, but that's
from data access standpoint (i.e.: Google requires

that
they be able to monitor abuse@ for domains it's hosting in Workspaces, but
has no reasonable right to data access regarding complaints regarding
messages not sent through their infrastructure).

On Wed, Mar 22, 2023 at 5:29 AM Jaroslaw Rafa via mailop 
wrote:

> Dnia 22.03.2023 o godz. 10:01:53 Sebastian Nielsen via mailop pisze:
> > A good idea when you get this type of response, just include the full
> > headersand not the actual body of message.A competent abuse department
> > should be able to fish out a verbatim copy of the message being reported
> > in their logging systems using the headers alone.
>
> I would not trust any email provider who is able to do this - because this
> means that they are either: a) logging and storing all your emails (if they
> are able to do this even if the message is not stored in sender's mailbox);
> or b) snooping through users' mailboxes (if they are able to do this only
> if
> the message is stored in sender's mailbox, by pulling it out from there).
> --
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Sebastian Nielsen via mailop]

Thats why the systems should be able to fish out based on for example 
Message-ID, and for additional security, AES-256 encrypt the message with the 
SHA256 hash of the message ID.Of course only abuse department should have 
access to these tools.Thus you dont need to rummage through people's inboxes or 
retain cleartext copies of other peoples messages, just copy+paste message ID 
into some retrieve system and its all set.The message ID could be viewed as an 
"password" saying you are authorized to view the message.This can additionally 
be used for per-item access key in the inbox.
 Originalmeddelande Från: Jaroslaw Rafa via mailop 
 Datum: 2023-03-22  11:29  (GMT+01:00) Till: 
mailop@mailop.org Ämne: Re: [mailop] Sendgrid abuse forwarding to Google - not 
one of your brightest ideas Dnia 22.03.2023 o godz. 10:01:53 Sebastian Nielsen 
via mailop pisze:> A good idea when you get this type of response, just include 
the full> headersand not the actual body of message.A competent abuse 
department> should be able to fish out a verbatim copy of the message being 
reported> in their logging systems using the headers alone.I would not trust 
any email provider who is able to do this - because thismeans that they are 
either: a) logging and storing all your emails (if theyare able to do this even 
if the message is not stored in sender's mailbox);or b) snooping through users' 
mailboxes (if they are able to do this only ifthe message is stored in sender's 
mailbox, by pulling it out from there).-- Regards,   Jaroslaw Rafa   
r...@rafa.eu.org--"In a million years, when kids go to school, they're gonna 
know: once therewas a Hushpuppy, and she lived with her daddy in the 
Bathtub."___mailop mailing 
listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Marcel Becker via mailop]

On Wed, Mar 22, 2023 at 1:46 AM Hans-Martin Mosner via mailop <
mailop@mailop.org> wrote:

> Forwarding your abuse mail to a google mailbox isn't really a good idea...
>
Most likely not a forward. Most likely the mailbox is actually hosted
there. They also have proofpoint in front. Wrong configuration is more like
it.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Bill Cole via mailop]

On 2023-03-22 at 05:01:53 UTC-0400 (Wed, 22 Mar 2023 10:01:53 +0100)
Sebastian Nielsen via mailop 
is rumored to have said:

A good idea when you get this type of response, just include the full 
headersand not the actual body of message.A competent abuse department 
should be able to fish out a verbatim copy of the message being 
reported in their logging systems using the headers alone.


Not so much.

Retaining messages that have been disposed of from a SMTP standpoint is 
full of legal risks. Merely passing through a MTA does not normally 
result in a retained copy.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Hotmail will start rejecting messages that fail DMARC

[Jeff Dellapina via mailop]

Hey Mailop,

Microsoft is proud to announce our Consumer email service 
(Outlook/Hotmail/MSN/Live) will now honor the DMARC record of  "p=reject" by 
rejecting the message if the domain fails DMARC. Previously, messages that 
failed DMARC were sent to the junk folder (Quarantine). Over the next 30 days 
these DMARC-failing messages will be rejected.

If you see any problems with our Consumer platform, please create a support 
ticket here  https://olcsupport.office.com/

Thanks,
 Jeff Dellapina


Thanks,
 Jeff Dellapina

Sr. Email Delivery Manager
SAGE  Team
[X]

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Michael Rathbun via mailop]

On Wed, 22 Mar 2023 10:01:53 +0100, Sebastian Nielsen via mailop
 wrote:

>A good idea when you get this type of response, just include the full 
>headersand not the actual body of message.A competent abuse department should 
>be able to fish out a verbatim copy of the message being reported in their 
>logging systems using the headers alone.

I only report to Sendgrid when one of their customers hits a "sudden death"
spamtrap, and then I simply send the log from the transaction.  I get a ticket
response, and later a survey request for my experiences, which I ignore.  I
also see zero repeat performances by that particular customer.

mdr
-- 
We must not confuse statistical probability with some transcendental
and utterly compelling force. 
  -- Unspiek, Baron Bodissey (Life, Volume II)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Rackspace - Please Contact Yahoo

[Lili Crowley via mailop]

Rackpace people -

Please contact me off list.

Thanks!


*Lili Crowley*

she/her

Postmaster



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Jaroslaw Rafa via mailop]

Dnia 22.03.2023 o godz. 10:01:53 Sebastian Nielsen via mailop pisze:
> A good idea when you get this type of response, just include the full
> headersand not the actual body of message.A competent abuse department
> should be able to fish out a verbatim copy of the message being reported
> in their logging systems using the headers alone.

I would not trust any email provider who is able to do this - because this
means that they are either: a) logging and storing all your emails (if they
are able to do this even if the message is not stored in sender's mailbox);
or b) snooping through users' mailboxes (if they are able to do this only if
the message is stored in sender's mailbox, by pulling it out from there).
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Sebastian Nielsen via mailop]

A good idea when you get this type of response, just include the full 
headersand not the actual body of message.A competent abuse department should 
be able to fish out a verbatim copy of the message being reported in their 
logging systems using the headers alone.
 Originalmeddelande Från: Hans-Martin Mosner via mailop 
 Datum: 2023-03-22  09:47  (GMT+01:00) Till: mailop 
 Ämne: [mailop] Sendgrid abuse forwarding to Google - not 
one of your brightest ideas 
I tried to report a phishing spam to Sendgrid, and look what I
  got:
   - The following addresses had permanent fatal errors -

(reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

   - Transcript of session follows -
... while talking to aspmx.l.google.com.:
>>> DATA
<<< 552-5.7.0 This message was blocked because its content presents a potential
<<< 552-5.7.0 security issue. Please visit
<<< 552-5.7.0  https://support.google.com/mail/?p=BlockedMessage to review our
<<< 552 5.7.0 message content and attachment content guidelines. 
t7-20020a02540700b0038a27d5a3b9si13875032jaa.5 - gsmtp
554 5.0.0 Service unavailable

Well doh, abuse reports tend to include the messages being
  reported, and those messages tend to contain bad content.
  Forwarding your abuse mail to a google mailbox isn't really a good
  idea...
Cheers,
  Hans-Martin


  

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Sendgrid abuse forwarding to Google - not one of your brightest ideas

[Hans-Martin Mosner via mailop]

I tried to report a phishing spam to Sendgrid, and look what I got:

   - The following addresses had permanent fatal errors -

(reason: 552-5.7.0 This message was blocked because its content presents a 
potential)

   - Transcript of session follows -
... while talking to aspmx.l.google.com.:

DATA

<<< 552-5.7.0 This message was blocked because its content presents a potential
<<< 552-5.7.0 security issue. Please visit
<<< 552-5.7.0https://support.google.com/mail/?p=BlockedMessage  to review our
<<< 552 5.7.0 message content and attachment content guidelines. 
t7-20020a02540700b0038a27d5a3b9si13875032jaa.5 - gsmtp
554 5.0.0 Service unavailable

Well doh, abuse reports tend to include the messages being reported, and those messages tend to contain bad content. 
Forwarding your abuse mail to a google mailbox isn't really a good idea...


Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop