[mailop] spearphishing

2020-08-10 Thread Eric Henson via mailop 
Slightly sanitized headers: https://pastebin.com/w2JJj8TJ

Email pretends to be a Microsoft voicemail, with an attachment that uses 
javascript to open a URLEncoded page.

Image of page for the more cautious: https://imgur.com/WOpva4Q

broken hyperlink for the more adventurous:
ttps://objectstorage.us-sanjose-1.oraclecloud.com/n/axcdfbfimho2/b/bucket-dreamland20200806-0427/o/index.html#u...@example.com

You can edit the email address at the end to be whatever you like.

Microsoft has started putting the emails in the "Junk" folder, but Barracuda 
just lets them right on through. I'm opening a case with Barracuda as to why 
they can't catch this, but I'm open to suggestions on other activities I can do.

I've seen about a dozen of these, targeting 3 finance-related employees. All 
are routed through perfora.net, which apparently has an open relay? Anyone know 
anything about that domain? I'm putting in a rule to block anything that has 
perfora.net in the header.


----

Eric Henson
Windows Server Team Manager
PFSweb, Inc.
m: 972.948.3424
www.pfsweb.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] AOL IMAP down?

2019-05-07 Thread Eric Henson via mailop 
Hi, one of my users has a personal account, and she can't access imap.aol.com 
on port 993 today.



Eric Henson
Windows Server Team Manager
PFSweb, Inc.
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

<>___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sending e-mails to Yahoo! - What other tricks do you use?

2019-01-14 Thread Eric Henson 
He’s simply suggesting that you relay email through another host that has 
enough volume to be whitelisted by Yahoo.



Eric Henson
Windows Server Team Manager
PFSweb, Inc.
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

From: mailop  On Behalf Of Odhiambo Washington
Sent: Monday, January 14, 2019 9:35 AM
To: mailop@mailop org 
Subject: Re: [mailop] Sending e-mails to Yahoo! - What other tricks do you use?


CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you recognize the sender and know the content 
is safe.



On Mon, 14 Jan 2019 at 17:02, Ken O'Driscoll via mailop 
mailto:mailop@mailop.org>> wrote:
On Mon, 2019-01-14 at 16:02 +0300, Odhiambo Washington wrote:
> I have a mailing list that has 1100 members. Out of those, 177 have Yahoo
> addresses.

Assuming you're compliant and doing everything right, that might be your
problem right there.

Unless you have a really really active list, it could be that you simply
send too small a volume of email and/or too infrequently from your server
for Yahoo! to notice you and make exceptions.

True. The ML is not a high volume one. A couple of postings per week,

If that is the case, the solution would be to mix your list traffic with
other legitimate emails, such as through a shared SMTP service offered by
your ISP, through an ESP or Amazon SES etc.

Now you lost me at the " to mix your list traffic with other legitimate emails 
such
 as through a shared SMTP service".
What exactly are you implying?

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamhaus DBL listing

2018-10-11 Thread Eric Henson 
I already tried the DBL form, and was relisted. I think that as long as Google 
has the site listed, they will keep relisting. They don't make it easy to reach 
them (and I understand why, even if it's inconvenient).

I guess I just need to wait for Google to get around to changing their rating.



Eric Henson
Windows Server Team Manager
PFSweb, Inc.
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

From: Michael Wise 
Sent: Wednesday, October 10, 2018 6:47 PM
To: Eric Henson ; Rob McEwen ; 
mailop@mailop.org
Subject: RE: [mailop] Spamhaus DBL listing


If you're running Exchange with OWA on that machine ... then it's an FP, and 
should be reported to the DBL team as such.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Eric Henson
Sent: Wednesday, October 10, 2018 3:30 PM
To: Rob McEwen mailto:r...@invaluement.com>>; 
mailop@mailop.org<mailto:mailop@mailop.org>
Subject: Re: [mailop] Spamhaus DBL listing

The only page listing I can find is the 
https://owa.pfsweb.com/owa/redir.aspx<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fowa.pfsweb.com%2Fowa%2Fredir.aspx=02%7C01%7Cmichael.wise%40microsoft.com%7C83e550ead86245b257b308d62f01325a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636748079639222708=VBY4oGbQVeqsOUDjyHMGygZ9mXIk%2B40WqEZicoeP5kw%3D=0>
 page. Virustotal 
(https://www.virustotal.com/#/url/673860cbe3b89bcb0cf9cdb6df354100046eacc18e207e8cedda274282281d46/detection<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.virustotal.com%2F%23%2Furl%2F673860cbe3b89bcb0cf9cdb6df354100046eacc18e207e8cedda274282281d46%2Fdetection=02%7C01%7Cmichael.wise%40microsoft.com%7C83e550ead86245b257b308d62f01325a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636748079639222708=6aFe84Ww%2FKFtG9blagqrntWE7mZJicN%2FetOoMitM5M0%3D=0>)
 has that specific listed a couple of times, but the code on that page is 
minimal and hasn't changed since the last Exchange update was installed.

If anyone wants to scan that specific page, be my guest.



Eric Henson
Windows Server Team Manager
PFSweb, Inc.
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com<http://www.pfsweb.com>

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Rob McEwen
Sent: Wednesday, October 10, 2018 4:32 PM
To: mailop@mailop.org<mailto:mailop@mailop.org>
Subject: Re: [mailop] Spamhaus DBL listing

Eric,

Based on the information you provided, there is a significant chance that your 
mail server is NOT even sending out any spam, but that your web server has been 
hacked into by a criminal spammer, where pages buried deep on your web server 
are redirecting to egregious spam. (even if those are never seen when browsing 
around your web site). You should definitely double-check that. I guess maybe 
this could also be a false positive? At invaluement, we list MANY such hacked 
domains that are missed by ALL the other URI/domain blacklists - we get 
periodic calls and emails from totally pissed off people asking, "how dare you 
blacklist our domain, we're a legit company and we don't send spam" - and then 
I send them a URL hosted at their domain that redirects to a pornographic 
dating site run by a spammer. But in THIS case, I can't find your domain 
anywhere in our system, fwiw. (but that could be a false negative on our part, 
in this case) But definitely triple-check deep into your web sites for possible 
signs of it being hacked!
--Rob McEwen

On 10/10/2018 5:07 PM, Eric Henson wrote:

https://www.spamhaus.org/dbl/removal/record/pfsweb.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.spamhaus.org%2Fdbl%2Fremoval%2Frecord%2Fpfsweb.com=02%7C01%7Cmichael.wise%40microsoft.com%7C83e550ead86245b257b308d62f01325a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636748079639222708=kT2i%2BkePOsOAQMVNNvWGQraXQgiVooHWkfElpE8Ktlo%3D=0>



Spamhaus claims my Outlook Web Access page is infected, but I've run full AV 
scans and checked the file in question, and everything is fine. This is a 
completely standard Exchange Client Access server (well, set of 4 servers, I 
checked them all), with a completely standard page on it.



I've also noticed that my site is listed on Google Transparency page: 
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fowa.pfsweb.com%2Fowa%2Fredir.aspx=en-US<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftransparencyreport.google.com%2Fsafe-browsing%2Fsearch%3Furl%3Dhttps%3A%252F%252Fowa.pfsweb.com%252Fowa%252Fredir.aspx%26hl%3Den-US=02%7C01%7Cmichael.wise%40microsoft.com%7C83e550ead86245b257b308d62f01325a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636748079639222708=cr4jkL7CQ%2BfZZ1jGAF2bSadvVgQ2

Re: [mailop] Spamhaus DBL listing

2018-10-10 Thread Eric Henson 
The only page listing I can find is the https://owa.pfsweb.com/owa/redir.aspx 
page. Virustotal 
(https://www.virustotal.com/#/url/673860cbe3b89bcb0cf9cdb6df354100046eacc18e207e8cedda274282281d46/detection)
 has that specific listed a couple of times, but the code on that page is 
minimal and hasn't changed since the last Exchange update was installed.

If anyone wants to scan that specific page, be my guest.



Eric Henson
Windows Server Team Manager
PFSweb, Inc.
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

From: mailop  On Behalf Of Rob McEwen
Sent: Wednesday, October 10, 2018 4:32 PM
To: mailop@mailop.org
Subject: Re: [mailop] Spamhaus DBL listing

Eric,

Based on the information you provided, there is a significant chance that your 
mail server is NOT even sending out any spam, but that your web server has been 
hacked into by a criminal spammer, where pages buried deep on your web server 
are redirecting to egregious spam. (even if those are never seen when browsing 
around your web site). You should definitely double-check that. I guess maybe 
this could also be a false positive? At invaluement, we list MANY such hacked 
domains that are missed by ALL the other URI/domain blacklists - we get 
periodic calls and emails from totally pissed off people asking, "how dare you 
blacklist our domain, we're a legit company and we don't send spam" - and then 
I send them a URL hosted at their domain that redirects to a pornographic 
dating site run by a spammer. But in THIS case, I can't find your domain 
anywhere in our system, fwiw. (but that could be a false negative on our part, 
in this case) But definitely triple-check deep into your web sites for possible 
signs of it being hacked!
--Rob McEwen

On 10/10/2018 5:07 PM, Eric Henson wrote:

https://www.spamhaus.org/dbl/removal/record/pfsweb.com



Spamhaus claims my Outlook Web Access page is infected, but I've run full AV 
scans and checked the file in question, and everything is fine. This is a 
completely standard Exchange Client Access server (well, set of 4 servers, I 
checked them all), with a completely standard page on it.



I've also noticed that my site is listed on Google Transparency page: 
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fowa.pfsweb.com%2Fowa%2Fredir.aspx=en-US



Is Spamhaus simply channeling the Google Transparency page?



That redirect page (https://owa.pfsweb.com/owa/redir.aspx)  is getting hit a 
lot because we're migrating to Office365, but it's working as expected-it asks 
for username and password. Things that should normally be asked for by your 
webmail.



----



Eric Henson

Windows Server Team Manager

PFSweb, Inc.

p: 972.881.2900  x 3104

m: 972.948.3424

www.pfsweb.com<http://www.pfsweb.com>






___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



--

Rob McEwen

https://www.invaluement.com

+1 (478) 475-9032




<>___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Spamhaus DBL listing

2018-10-10 Thread Eric Henson 
https://www.spamhaus.org/dbl/removal/record/pfsweb.com

Spamhaus claims my Outlook Web Access page is infected, but I've run full AV 
scans and checked the file in question, and everything is fine. This is a 
completely standard Exchange Client Access server (well, set of 4 servers, I 
checked them all), with a completely standard page on it.

I've also noticed that my site is listed on Google Transparency page: 
https://transparencyreport.google.com/safe-browsing/search?url=https:%2F%2Fowa.pfsweb.com%2Fowa%2Fredir.aspx=en-US

Is Spamhaus simply channeling the Google Transparency page?

That redirect page (https://owa.pfsweb.com/owa/redir.aspx)  is getting hit a 
lot because we're migrating to Office365, but it's working as expected-it asks 
for username and password. Things that should normally be asked for by your 
webmail.



Eric Henson
Windows Server Team Manager
PFSweb, Inc.
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

<>___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL whitelists

2017-08-22 Thread Eric Henson 
I signed up for their FBL and haven’t had a problem since. Their users like to 
use the junk button on transactional emails and replies to their own customer 
service inquiries.



Eric Henson
Server Team Manager
PFS
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com<http://www.pfsweb.com/>

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Alexander Burch
Sent: Monday, August 21, 2017 9:00 AM
To: mailop@mailop.org
Subject: [mailop] AOL whitelists

I wanted to reach out and see what other people have to say about AOL 
whitelisting on this thread.

It seems AOL's approval process/standards for approval are fairly erratic. They 
often decline whitelisting requests for IPs that have really excellent 
reputations. I honestly could not find any reason to be concerned about the 
traffic on the IPs being submitted (moderate sending volume, complaint rates 
less than 0.01%, open rates above 30%, bounce rates safely below 1%).

But then randomly they will approve a request that seems no different from the 
others, and I'm not sure what was different.

I'd love to hear from others on this thread how they handle AOL whitelisting 
from the when you are managing lots of shared IPs. Are there any tricks or 
pointers you have?

Thanks,
Alex

[http://d226aj4ao1t61q.cloudfront.net/bdhmp3e9_email-logo.png]

Alex Burch
ActiveCampaign / Deliverability Lead
(800) 357-0402
abu...@activecampaign.com<mailto:abu...@activecampaign.com>
1 N. Dearborn St., Chicago , Il 60602, United States
[http://d226aj4ao1t61q.cloudfront.net/db8cckwrw_facebook.png]<https://www.facebook.com/activecampaign>
 [http://d226aj4ao1t61q.cloudfront.net/bi4o8ru9u_twitter.png] 
<http://www.twitter.com/activecampaign>  
[http://d226aj4ao1t61q.cloudfront.net/tambvza73_linkedin.png] 
<https://www.linkedin.com/company/activecampaign-inc->


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] antispam service recommendations?

2017-07-18 Thread Eric Henson 
How many mailboxes? If you're small, you can do just fine with a couple of 
Barracuda boxes--we've had ours for a couple of years and the big dogs on the 
list might laugh, they do okay. I'd recommend going up a size or two from what 
you think you need; I've had some CPU issues on mine, firmware helped. They 
have virtual and physical appliances, possibly cloud as well.

RBLs apply before the username/domain information is transmitted; you could 
maybe set up separate mail servers for different domains. RBLs are the cheapest 
(in terms of cpu/bandwidth) form of filtering;. I've done quite a bit of 
testing (mostly before we bought our Barracudas) and all I'm running now is the 
Barracuda RBL and Spamhaus.

Mimecast is one of the more popular providers, you should look at them.


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Mark Jeftovic
Sent: Monday, July 17, 2017 4:13 PM
To: mailop
Subject: [mailop] antispam service recommendations?


Hi, we're looking for recommendations for an antispam service we can layer in 
front of our hosted IMAP offering.


We've tried a few services so far and our testing has found serious 
deficiencies.

Requirements:

* hosted or virtual appliance
* quarantine with management (auto-purge options)
* prefer content based filtering over RBLs, having serious false-positive 
issues with RBLs - bonus for being able to enable/disable individual RBL's by 
domain/user
* tag-only mode
* user defined white-lists
* anti-virus filters
* API
* white-labelling a plus but not a requirement

Any feedback, experiences recommendations would be appreciated.

- mark

--
Mark Jeftovic 
Founder & CEO, easyDNS Technologies Inc.
http://www.easyDNS.com



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] conventional wisdom, was Google rejects a TLS connection

2017-03-17 Thread Eric Henson 
As a PCI compliant company, we have to go to great lengths to secure any system 
that stores, processes, or transacts credit card data. If that included our 
email servers, that would put every single mail server, every single mail 
client, including smart phones, in scope for our PCI audit. That would be a 
complete nightmare. So we have rules to prevent credit card numbers from 
entering our environment.



Eric Henson
Server Team Manager
PFS
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Levine
Sent: Thursday, March 16, 2017 7:38 PM
To: mailop@mailop.org
Cc: da...@hireahit.com
Subject: Re: [mailop] conventional wisdom, was Google rejects a TLS connection

In article <1489684655.3176120.913642288.0d732...@webmail.messagingengine.com> 
you write:
>You can make a rule against sending credit cards by email, but if 
>customer service reps know it works they might still encourage a 
>customer to do it as it's faster and easier than other options (fax,
>mail) and when Something Bad Happens, the customer will rightly blame 
>the company.

So just out of nosiness, when's the last time Something Bad Happened in real 
life due to sending credit card info by e-mail?

This strikes me as cargo cult security advice, like changing your password 
every month.  It might have made sense when people used shell accounts on vaxes 
with globally readable password files attached to thick ethernets that ran 
through unlocked janitors closets in student housing, but it makes little sense 
now.

R's,
John

PS: The actual credit card risks these days are bulk theft from poorly secured 
databases at businesses, and hacked ATMs and point of sale terminals.  See 
Brian Krebs's blog for endless examples.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to tell google, that our IOS Email Profile Geneator is not a phishing site?

2017-03-03 Thread Eric Henson 
https://www.ssllabs.com/ssltest/analyze.html?d=autoconfig.breitband.ch 

Well, your server is vulnerable to Drown and Poodle. Disable SSLv3 support. 
Disable RC4 support. Disable SSLv2 support. Reorder your ciphers by strength. 

Also, I'm not sure why you think this is appropriate for a mail operators list.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit Panizzon
Sent: Friday, March 03, 2017 2:42 AM
To: mailop
Subject: [mailop] How to tell google, that our IOS Email Profile Geneator is 
not a phishing site?

Hello

We are having a strange problem with our online IOS Email Profile generator to 
facilitate the configuration for IOS devices for our customers.

https://autoconfig.breitband.ch/

It is also reachable under http://autoconfig.breitband.ch/ we will fix this. It 
is available under almost all domains we provide emails services for.

Somehow the Google Safe Browsing service thinks this is a phishing site.

I can then mark this site as not a phishing site, but a couple of weeks later, 
google is sending us a 'safe browsing warning' about that phishing site again, 
sometimes the same, sometimes a different domain.

I contacted the google abuse desk about his issue about two weeks ago, but as 
usual, no reaction.

So does anyone know, is this being detected by some weird algorithm? Or does 
google send warnings, because some of our customers might be flagging those 
sites as phishing site?

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

2017-02-09 Thread Eric Henson 
If you do a "reply-all" to Brandon's email, you'll see he works for Google. 

Have you ever had a security issue with a microsoft.com website? Can you 
provide a news article or other source confirming that their servers were 
compromised? I could see there possibly being an issue with the advertising on 
MSN.com, but not on one of their business pages.

Javascript is a very standard internet technology. You could snapshot a virtual 
machine, fill out the form, and then roll back your snapshot. Or do something 
similar with a smartphone. 


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Klaus Ethgen
Sent: Thursday, February 9, 2017 5:11 AM
To: mailop@mailop.org
Subject: Re: [mailop] Mails to microsoft

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Brandon,

First, thanks for your objective mail.

Are you speaking for for Microsoft or for another company? I cannot get that 
from your mail address.

Am Mi den  8. Feb 2017 um 21:48 schrieb Brandon Long via mailop:
> Generally speaking, we've seen issues with Hetzner as well, and their 
> netblock and asn reputations are crap in our systems as well,

I could believe that. Hetzner is a big hoster and it is expectable to have some 
bad nodes in their network.

On the other hand, what I seen from Hetzner until now is that they are on a 
good technical level and very responsible if cou contact them.
However, their answer might not always be what you would like. That has 
positive and negative impacts.

> but we generally have some smarts for allowing for the possibility of 
> good eggs in a bad block.  It's not perfect, especially given what we 
> tend to see, which is compromised boxes that can go from minimal to 
> zero mail to millions in a heartbeat.

As I also manage my mail server(s) very strict and tight, I understand what you 
mean. Although I would never ever block postmaster mails.
(Hmm.. to be true, I do for one reason but I really don't think that one real 
mail admin will use .domain toplevel as HELO. So beat me if you have a legal 
reason for that.)

> Your block seems relatively clean.

Nice to hear. What do you mean by "relatively"?

Do you have an address where I could test it and where you see the logs/outcome?

> I would also point out that it's easier to attract bees with honey 
> than with vinegar.  Casting aspersions and assumptions of bad faith 
> may make you feel better, but are not likely to get you much help.

You are right, sorry.

> The complaints about javascript are also cute.

What is "cute" about caring for security? Javascript is a pestilence in the 
present days web and you open up for all bad you could imagine if you enable it 
feather-headed. And, sorry, but I had enough bad experiences with Microsoft in 
the past to not trust them running code on my system(s).

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C -BEGIN PGP 
SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlicTkYACgkQpnwKsYAZ
9qyQ5wv/R7vrcoyK8uJXTk4bSfMD8wmc5A92KOXyTOsuW8bSZ1ycXvYbEEIqZIHs
YcrwskfNx42c6MglEJOQZnoYNzGAJkHjMwZu29dkzBRhPVfiKujwTAs8S9PSQktG
vL0AvCShJedaq+iX2ZgtmLrVD/Tj5s0+QDhzsFEjDUFKxcMtq+aKCYNkjazo3eMZ
m8CoEksgqffAt3FZ7a61G5dWCiS1g7fPlXqgVOtQVZPNlxcuHciLb7yUbxE9nzsi
hgNfk4SGKWaGY/mpDXY/Zh9NIbbJmzBMfAx4YNxaXouepPNyp3yc1r8hFQGKRK3D
UDWAtDAsmEIPdFnKvKy0DPEno0d5+JjE/Oa165gv8WkMgXqVOUhFV53UZUDnB3LO
4K73IiVjH4PQUVLXiFK8b/dNXDQXCogvkYn751Qio6tFKQ8LBco/TUazjAGEnjWX
Fl9Gm73Hl0cnG5hxjeU1U8WIzo8rsQ1Z+1pcT/7wnyqOlmLZ0B/O59/3NNY5xj+Y
TxrkH3cj
=YHr0
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Multivariate Subject testing influences Gmail's filters?

2016-12-13 Thread Eric Henson 
Google's spam system--as published in their whitepaper some years 
ago--penalizes email when users mark the emails as spam. So if I mark that 
email as spam without reading it, then the next guy to get one like that is 
more likely to have the email end up in the spam bucket.




Eric Henson
Server Team Manager
PFS
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Al Iverson
Sent: Tuesday, December 13, 2016 2:38 PM
To: mailop
Subject: Re: [mailop] Multivariate Subject testing influences Gmail's filters?

I actually have seen lots of clients doing this, and have had nobody that I can 
remember complain of deliverability issues. I think it's fine and dandy to 
theorize, but nobody's shown any sort of specific proof that Gmail actually 
cares about using goofy symbols in subject lines or that they would degrade a 
sender's reputation based solely on the use of those. I would be surprised if 
somebody like Gmail, with tons of engagement and complaint data on hand, would 
do anything with this. The smart position would probably be more like, "let 
them send goofy symbols all day long as long as that's what subscribers want."
Barring any sort of data to the contrary, I'd be more focused on engagement and 
potential list hygiene issues. Something started sliding a few months ago. What 
changed then? New data source?
Reactivation of old data? Mailing frequency increased?

My gut feeling is that the issue is in the subscriber data and not in the 
subject line.

Cheers,
Al

--
Al Iverson
www.aliverson.com
(312)725-0130


On Tue, Dec 13, 2016 at 3:14 PM, John Levine <jo...@taugh.com> wrote:
>
>> WOW  We've chosen [...]
>>❯❯ Oh... Look ❯❯ You've just discovered [...] ✔ We've Picked You For 
>>Extraordinary Deals
>
> You may be familiar with the acronym TWSD, for That's What Spammers Do.
>
> As others have noticed, TWSD.  So don't do that.
>
> R's,
> John
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Multivariate Subject testing influences Gmail's filters?

2016-12-13 Thread Eric Henson 
Those subject lines scream "spam" at me. I'd mark those as spam without even 
opening them.


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Marco 
Franceschetti via mailop
Sent: Tuesday, December 13, 2016 6:27 AM
To: mailop@mailop.org
Subject: [mailop] Multivariate Subject testing influences Gmail's filters?

Hi 

I am writing from ContactLab's Deliverability Team. One of our client has 
introduced multivariate testing on subject lines in the last 3 months. 
Gmail's inbox is since then more and more difficult to reach. 

I am not aware of all the methodological details... 
The multivariate tests are performed only on a variable portion of the list, 
from 10% up to 40% in recent sends, and not on all campaigns. 

Gmail's Postmaster tool shows that Domain and IP Reputation are generally 
decreasing in the last 3 months, after being almost stable for around 1 year. 
Inbox Placement on Mailbox Monitor in Gmail is also getting more and more 
problematic.

The multivariate tested subject lines are supposed to be more intriguing: they 
have introduced capital letters, special characters and symbols. 
Some examples:

 WOW  We've chosen [...]
❯❯ Oh... Look ❯❯ You've just discovered [...] ✔ We've Picked You For 
Extraordinary Deals

Apparently, nothing changed (i.e. unsub or complaint rate...) but:
-  the introduction of multivariate testing and
- the new approach in the subject line's "style" in part the campaigns. 

So, my question is: anyone has noticed if multivariate testing per se can have 
a negative impact on Gmail's filters? 
Or, could the new style approach be to blame? 
Or both?

Regards, Marco

Marco Franceschetti
Head of Deliverability | ContactLab
M. +39 331 1717 978 | T. +39 0228311887
marco.francesche...@contactlab.com

Via Natale Battaglia, 12 | Milano
contactlab.com/it 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Storing 821 envelope recipients in an 822.Header?

2016-12-07 Thread Eric Henson 
Just be aware that using XY will have you labeled as misogynist , XX will have 
you labeled a SJW, and XXX will get you blocked by porn filters. 

:-)




Eric Henson
Server Team Manager
PFS
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Levine
Sent: Wednesday, December 7, 2016 12:55 PM
To: mailop@mailop.org
Cc: jim...@gmail.com
Subject: Re: [mailop] Storing 821 envelope recipients in an 822.Header?

>> Really, if you need to invent a header, just invent one and don't 
>> pretend that anyone told you to use a X- name.
>
>So you can choose any name you want as long as it doesn't start with
>X- ?   :-)I'm going to start naming headers XY- just because it's
>allowed by RFCs.

Hey, this is the Internet.  If you want to do something pointless or silly, not 
only can you do it, but you can live stream it and monetize it.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Barracuda false positive

2016-11-29 Thread Eric Henson 
I'm a barracuda customer, if the two of you will provide me your IP addresses 
and the ticket numbers I'll see what I can do. Feel free to respond offlist.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Ken O'Driscoll
Sent: Tuesday, November 29, 2016 4:22 AM
To: mailop@mailop.org
Subject: Re: [mailop] Barracuda false positive


We have the exact same problem with one of our clients and I was about to come 
here myself as a last resort.

De-list requests get auto-acknowledged but no action taken or feedback 
provided. Support requests inquiring about the de-list requests get auto- 
acknowledged but no response. This has been going on for weeks.

Ken.

--
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400 | w: www.wemonitoremail.com

On Tue, 2016-11-29 at 09:58 +0100, Michael Seevogel wrote:
> Hello List
> 
> we are currently experiencing a false-positive listing of one of our 
> servers at b.barracudacentral.org, but sadly we don't get any response 
> from Barracuda on our delisting requests since days.
[...snip...]

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo blacklist removal

2016-11-16 Thread Eric Henson 
http://www.mxtoolbox.com will check 50+ blacklists.




Eric Henson
Server Team Manager
PFS
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of David Sgro, 
Dataspindle
Sent: Wednesday, November 16, 2016 3:53 PM
To: Vick Khera; mailop@mailop.org
Subject: Re: [mailop] Yahoo blacklist removal

Any good place to find a list of specific ones I should check? No 
deliverability problems elsewhere so far.
Did http://multirbl.valli.org/ and several others and totally clean. I found 
out about Proofpoint when emailing a vender. 

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera
Sent: Wednesday, November 16, 2016 4:37 PM
To: mailop@mailop.org
Subject: Re: [mailop] Yahoo blacklist removal

On Wed, Nov 16, 2016 at 3:53 PM, David Sgro, Dataspindle <d...@dataspindle.com> 
wrote:
> - A company called ProofPoint had my block along with several other 
> neighboring /20's listed due to a SPAM incident that happened in 2013. Spoke 
> to them. Very nice people. They understood and cleared it up right away. 
> Yahoo uses ProofPoint to help determine email reputation.

Proofpoint provides reputation to others too, most notably icloud.com.
You probably want to check *every* known reputation source. I'm sure you're 
listed elsewhere if it was that bad.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Know anyone at Surveymonkey ?

2016-10-14 Thread Eric Henson 
Can you just implement a rule that forwards the survey emails sent to those 
mailing lists, to the ab...@surveymonkey.com address?

I mean, you can't help what addresses are chosen by their users.



-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Levine
Sent: Thursday, October 13, 2016 7:25 PM
To: mailop@mailop.org
Subject: [mailop] Know anyone at Surveymonkey ?

I keep getting surveys sent to addresses of local mailing lists that for 
obvious reasons do not want them and should never get them.

Each time I complain and tell them to send no more mail to that address, they 
send me what looks like a form reply saying that the addresses are chosen by 
their users so they can't (which of course actually means won't) block all mail 
to an address.

While that may meet the legalities of CAN SPAM, it's really stupid.
Anyone have any contacts there?

R's,
John


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] att.net/blocks issues; how to get removed

2016-10-11 Thread Eric Henson 
Sounds like they might be using some sort of Bogon list.

https://en.wikipedia.org/wiki/Bogon_filtering

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of David Hubbard
Sent: Tuesday, October 11, 2016 6:21 PM
To: mailop@mailop.org
Subject: [mailop] att.net/blocks issues; how to get removed

Hi all, we’re an ecommerce host (i.e. web host specific to our own ecommerce 
software), and we been having recurring issues getting some IP addresses for 
customer servers removed from the AT DNSBL list whose SMTP rejection advises 
requesting via att.net/blocks.  I saw some talk of similar issues on this list 
in mid-2015 but couldn’t find more recent mention in the archives.

The specific details are netblocks we’re deploying new servers on, previously 
unused, all seem to be on the block list by default.  Submitting via the link 
sometimes works, but most of the time doesn’t.  For this reason we typically 
try to recycle our previously used space first if there’s been a customer 
cancellation that has freed up an IP, but there aren’t always spare IP’s to 
use.  Trying to figure out if there’s an alternate method to request removal 
from the RBL, or resetting the whole block.

Thanks,

David



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] anyone from Microsoft around ?

2016-09-21 Thread Eric Henson 
http://go.microsoft.com/fwlink/?LinkID=614866 


(Stolen from Michael's signature)

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Gilles Chehade
Sent: Wednesday, September 21, 2016 6:02 AM
To: mailop@mailop.org
Subject: [mailop] anyone from Microsoft around ?

Hi,

I'm lead developer of an opensource MTA called OpenSMTPD.

We run a mailing-list for our project with very low volume, exchanging a few 
thousands messages each month to around 400 people, very few of them being 
hosted at big hosts, all of them having subscribed voluntarily.

In addition to this, we use a few mailboxes at major hosts and send some mails 
every now and then to ensure we didn't break the smtp engine, this usually 
amounts to less than 10 mails / month per big ISP.

All of these mails respect all best-practices that we know of:

- they are sent from long existing domains;
- they are rate-limited despite low volume;
- they are DKIM/DomainKeys signed;
- DNS is properly configured with valid DNS/rDNS for the one IP address;
- IP address is the same as the MX accepting mail for the domain;
- SPF is properly declared, so is DMARC;

I checked senderscore and we actually send so few volume we don't even have a 
reputation visible there.

I've started receiving complaints about users receiving their messages in the 
spambox only at microsoft-hosted domains. No problem for gmail, yahoo, orange 
and others, just microsoft.

I did some testing, and it turns out that even the simplest mails will end up 
spamboxed no matter what machine or domain I use to send. The reason advertised 
in the Microsoft appended domains may vary if I turn off DKim, strip some or 
all Received lines, but basically no matter my configuration, mails will not be 
inboxed.

I'm wondering if there is something wrong in the format of our headers and if 
this could affect users of our software disregarding the kind of mails they 
send with it. I've been tackling this for hours before contacting the mailing 
list.

Any help would be greatly appreciated, I'm running out of ideas :-)


--
Gilles Chehade

https://www.poolp.org  @poolpOrg

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Next step Hotmail escalation?

2016-09-15 Thread Eric Henson 
Rathbun posted ticket# SRX1354825893ID in his original email, so…not directed 
at him, I’m guessing.


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Laura Atkins
Sent: Thursday, September 15, 2016 6:18 PM
To: Michael Wise
Cc: mailop
Subject: Re: [mailop] Next step Hotmail escalation?

Wait. You mean we’re supposed to open a ticket? Not just randomly post vague 
words to a mailing list and expect everything to be fixed.?

Signed,
Disappointed in the Deliverability Fairy


On Sep 15, 2016, at 4:02 PM, Michael Wise via mailop 
> wrote:


The robot can’t see / doesn’t care about the color of the smoke.
Unlike a human.

If there are things misbehaving in the system, as opposed to deliverability 
issues, I’m interested in making sure those come to the attention of the right 
people soonest.

But again, for Deliverability issues as such, step #0 is always … this.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Open a HotMail 
Ticket?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jaren Angerbauer
Sent: Thursday, September 15, 2016 3:40 PM
To: mailop >
Subject: Re: [mailop] Next step Hotmail escalation?

Might also help, if using ceremonial smoke, to make sure and use the four 
representative smoke colors in the Microsoft logo.

--Jaren


On Thu, Sep 15, 2016 at 2:16 PM, Michael Wise via mailop 
> wrote:

:(in

/Hmm...

Replying to Mr. Rathbun offline.

But as an aside, if one does reply to the "Mitigation Decision" emails and one 
doesn't get a response within 24 hours ... one should reply again, because 
that's an indication of the request being out of SLA, and there may be some 
other issues. What those may be, I can't speculate on, but there should be a 
reply. So if there isn't, poke them with a stick again, please.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop 
[mailto:mailop-boun...@mailop.org] On Behalf 
Of Michael Rathbun
Sent: Thursday, September 15, 2016 12:10 PM
To: mailop@mailop.org
Subject: [mailop] Next step Hotmail escalation?

Howdy all (and especially Mr Wise),

I have a client, that rare job opportunity aggregator that delivers what was 
asked for and stops delivering appropriately.  They enjoy excellent reception 
(and open rates at Gmail that vary from 28% to 45%) except at Hotmail, where we 
find in Ticket SRX1354825893ID that their IP is deemed "Not qualified for 
mitigation".

Replying to this notice, requesting escalation (in the body), has resulted in 
complete nonresponse.

Do I need to dance the other direction and blow ceremonial smoke to the four 
compass points in reverse likewise?  Have I not waited long enough (nearly 
three working days)?

EMWTK.

mdr
--
 "There are no laws here, only agreements."
-- Masahiko


___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop=02%7c01%7cmichael.wise%40microsoft.com%7ccb20934557dc43464ea208d3dd9da232%7c72f988bf86f141af91ab2d7cd011db47%7c1%7c0%7c636095641519956532=wKXWKBsL4a%2fkDW3UCfA2uxGLCsu95z6qni9Vlze5Clo%3d
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

--
Having an Email Crisis?  800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: http://wordtothewise.com/blog




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How many more RBL's do we really need?

2016-08-29 Thread Eric Henson 
I’ve done lots of RBL testing, for years, and the only RBLs that I’m using are 
the ones that are effective and don’t have false positives: Barracuda RBL and 
Spamhaus Zen (paid). But I still do my best to keep my mail servers off the 
other lists; usually this just means I stop sending email from one of my 
gateways for a week. I also had to sign up for the AOL junk reporting service 
because their users are too stupid to know the difference between the “delete” 
button and the “report junk” button.


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Suresh 
Ramasubramanian
Sent: Monday, August 29, 2016 8:46 AM
To: Bryan Vest
Cc: mailop@mailop.org
Subject: Re: [mailop] How many more RBL's do we really need?

Most of them have about the same reach as some random guy tweeting just how bad 
a movie sucks.  Nobody other than his girlfriend, and maybe his family dog, are 
likely to read it.

Now if nytimes, Rogerebert.com etc write reviews panning 
it, the movie will flop

So - those are like Spamhaus and two or three other block lists that are widely 
used while the rest are more often than not  some random guy with a bofh 
complex and maybe ten users on one vps.

--srs

On 29-Aug-2016, at 6:15 PM, Bryan Vest 
> wrote:
I have been lurking here for a couple years but have really not had any 
information worth jumping into a conversation. But the question in my subject 
is really burning me up these days.
As far as my last general check there are at least 200 RBL's that could 
potentially be used by any mail admin anywhere in the world. They rarely have 
matching data sets and just becomes a real pain for a 2 person operation 
managing a system with 80k+ email accounts. We have built a very complex 
outbound mail verification system but we cant stop 100% of the spam 100% of the 
time so some does slip out.
I have ran into some RBL's where you ask for removal and they either want 
payment (fairly rare at this point) or do not answer or give a really long 
explanation of why they are right and you are wrong.

This may have been brought up before and if there is already a group please 
point me to it, but we need a study group/governing body/RFC to at least put 
out suggestions on RBL structure. Granted the RBL owners do not have to listen 
to anything that is said but maybe if it gained some traction admin's, at least 
the true admin's that know the internals of their mail system would start to 
listen.
Hard set RBL's with no timeout's should be frowned upon.
RBL's that give you the run around when you ask for a removal should be 
forgotten.
RBL's that have no option for removal should be forgotten.
RBL's that rely on 15 year old data sets should be forgotten. (I have ran into 
a few)
We run our own internal RBL that slurp's IP's from a couple different reputable 
RBL's and through scripting/algorithm's that we have been perfecting for 10 
years no IP stays in our RBL more than 12 hours, some are even less it all 
depends on hits over time. If they start spamming again they are added back to 
the RBL if spamming patterns are detected. We take care of most of this using 
rbldns and triggers from our Logstash system. Our internal RBL rarely contains 
more than 150k entries at one time since it is auto cleaning. It does swap in 
and out thousands of ip's per day but generally averages about 150k.
We can always route around these what I will call at this point bogus RBL's but 
that should not be something we have to do. The RBL owners should properly 
maintain their lists. For instance it was not long ago that I had to jump 
though hoops to get one RBL to reassign a block of our ipaddresses as static in 
their system when we had reassigned them as static 5 years earlier.
These RBL's are not doing anyone any favors, maybe to the admin's that can say 
"YAY we block all spam with this RBL." Acceptable, but how much legitimate mail 
are you blocking?
I know there are some system vendors that have a set of RBL's built into their 
system's but what are the default RBL's, how many admin's would even know how 
to figure out?
--Bryan Vest
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws

2016-06-13 Thread Eric Henson 
So all I need to do to shut down a competitor is sign up for their mailing 
list, then issue a complaint to their ESP?


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Laura Atkins
Sent: Monday, June 13, 2016 12:08 PM
To: mailop
Subject: Re: [mailop] Mailchimp / Mandrill App: European VS US Privacy Laws


> On Jun 13, 2016, at 9:59 AM, Jay Hennigan  wrote:
> 
> On 6/13/16 12:45 AM, Suresh Ramasubramanian wrote:
>> Now you’re arguing legal contracts here - that vendor has a legal contract 
>> with whoever this spammer is.  While they can terminate the account in 
>> question, they certainly can’t expose any customer data to you.
> 
> In the US, they aren't under legal obligation to do so, which seems to vary 
> from some laws elsewhere.
> 
> However, if the ESP is claiming to be white-hat and only send mail where 
> permission exists, one would think that they would share it freely and 
> include a clause in their customer terms and conditions that their customer's 
> identity would be released to a recipient on request.

Scenario 3:

Victim to ESP: I got this spam from your IP and have no idea why. It touts some 
product, but all of the links are tracking bugs that point back to you. Where 
did you get my address and on whose behalf did you send it?

ESP to victim: We believe you and we have disconnected the customer. We’re 
unable to share any other information with you.

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft/Hotmail discards mails

2016-06-09 Thread Eric Henson 
You're giving spammers very valuable information on which of their emails are 
classified as spam and which aren't.


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Renaud Allard via 
mailop
Sent: Thursday, June 9, 2016 4:05 AM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft/Hotmail discards mails



On 06/09/2016 10:25 AM, Paul Smith wrote:
> The problem is there may be a few other users who get false positives 
> in that type of spam quite frequently, and suddenly they are losing 
> messages with no hope of redemption or even knowledge that it's 
> happening.

Actually, what I do is that when a mail goes to the junk folder, the server 
gives a 5XX error message to the sender at the end of DATA phase.
So the sender, if real, knows something happened to his mail and that it might 
not be read.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Got UCE-1 listed yesterday

2016-04-21 Thread Eric Henson 
We do send lots of transactional emails to German customers for our EU clients, 
and UCEProtect is primarily a German blocklist from what I can tell. I can't 
talk to every mail host in Germany.

(client= company we have a contract with, customer=random person who buys 
coffee or other product that we ship on behalf of our clients)


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Thursday, April 21, 2016 12:48 PM
To: mailop@mailop.org
Subject: Re: [mailop] Got UCE-1 listed yesterday


> On Apr 21, 2016, at 6:05 AM, Eric Henson <ehen...@pfsweb.com> wrote:
> 
> 
>  
> Any…suggestions? I’d prefer that my company switch all our clients to Exact 
> Target for these emails, but that’s really not up to me.

Is anyone you care about blocking your mail?

If so, then talk to them directly.

(If not, why do you care?)

Cheers,
  Steve


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Got UCE-1 listed yesterday

2016-04-21 Thread Eric Henson 
Apparently one of my mail sending IPs was blocked for sending emails to a 
spamtrap used by UCE (I won't provide it here).

We emailed a PO on behalf of one of our customers.
Subject: Rechnung zur Bestellung # [redacted] bei [redacted]
Translation: Invoice for Purchase Order # [redacted] at [redacted]

It was a transactional email! I don't know how anyone is supposed to prevent 
something like this from happening. I can't prevent a customer from 
fat-fingering their email address, or from turning their address into a 
spamtrap (I'm not sure if this was a recurring PO for a monthly subscription or 
a
one-time purchase, I'm looking into this still).

I noted that the "from" address for this client was invalid (someone typo'ed 
the domain), and I've passed that along. But that shouldn't matter if it's a 
spam trap, right?

Any...suggestions? I'd prefer that my company switch all our clients to Exact 
Target for these emails, but that's really not up to me.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

2016-04-18 Thread Eric Henson 
It's possible that the issue has been corrected already.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan
Sent: Monday, April 18, 2016 4:44 PM
To: mailop@mailop.org
Subject: Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

On 4/18/16 2:31 PM, Alarig Le Lay wrote:
> On Mon Apr 18 12:53:07 2016, Carl Byington wrote:

>> I agree. But some providers seem to have trouble with the concept of 
>> setting up proper reverse dns for all their outbound servers.
>>
>> Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- 
>> 250-ns1.five- ten-sg.com Hello [65.55.234.213], pleased to meet you
>>
>> Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL 
>> FROM: SIZE=12109 BODY=7BIT
>
> I don’t see what’s wrong with that reverse.

What reverse? I see no reverse here.

$ dig -x 65.55.234.213

;; QUESTION SECTION:
;213.234.55.65.in-addr.arpa.IN  PTR

;; AUTHORITY SECTION:
234.55.65.in-addr.arpa. 2456IN  SOA ns1.msft.net. 
msnhst.microsoft.com. 
2016040802 7200 900 2419200 3600

--
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse 
Internet Service  -  http://www.impulse.net/ Your local telephone and internet 
company - 805 884-6323 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Should I be disappointed with Reflexion?

2016-04-14 Thread Eric Henson 
The bank emails I receive usually include a piece of information they know 
about me (last 4 of account number or similar) to prove it's really from the 
bank.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Thursday, April 14, 2016 12:06 PM
To: Henry Yen
Cc: mailop
Subject: Re: [mailop] Should I be disappointed with Reflexion?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, 2016-04-14 at 12:56 -0400, Henry Yen wrote:
> >   6. If the information is of particularly high value, look at what
> the more competent end of banks and other financial institutions do to 
> add trust

> Both Chase bank (jpmchase) and Barclays bank send me emails with 
> direct links in them, from a bigfootinteractive mailserver. Does that 
> violate these three suggestions?

Yes. I have never seen a bank that did otherwise, so per Steve Atkins I have 
never seen a competent (wrt email) bank. Every bank for which I have email 
samples does the same - they are training their users to be phished. And that 
training seems to be working.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlcPzg4ACgkQL6j7milTFsHfXwCeK8qm4wLZGozACHbmprsPQRii
tN0An0pTt4rhKQD7inm9BBduNTHBjtUI
=0vHM
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How long does an IP address take to "Warm up"?

2016-04-13 Thread Eric Henson 
I think he means Google has a list of domains and they have a score from 0 to 
100 or something like that.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of G. Miliotis
Sent: Wednesday, April 13, 2016 2:45 PM
To: mailop@mailop.org
Subject: Re: [mailop] How long does an IP address take to "Warm up"?

On 13/4/2016 22:28, Brandon Long via mailop wrote:
> if you have sufficient volume and your mail authenticates and you keep 
> the same authentication when switching IPs, then your reputation 
> should transfer.
Does this mean having the same DKIM key or something else?

--GM

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] mxtoolbox alerting

2016-04-01 Thread Eric Henson 
I'm getting a ton of MXtoolbox.com alerts for my domain; DNS servers offline, 
SPF record missing, etc. As far as I can tell, everything is fine.

Does anyone else use mxtoolbox.com who is also getting false alerts today?


Eric Henson
IT Operations Solutions Architect
PFSweb
www.pfsweb.com<http://www.pfsweb.com/>
p: 972.881.2900  x 3104
m: 972.948.3424

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail red open padlock composing message

2016-04-01 Thread Eric Henson 
http://blogs.technet.com/b/exchange/archive/2015/07/27/exchange-tls-amp-ssl-best-practices.aspx

Exchange 2003 is out of support.
Exchange 2007 support ends 4/11/2017.
Exchange 2010 and later best practice is to disable RC4 and SSLv3.

I’d say it may be best to leave RC4 enabled until 4/11/2017, but my PCI 
scanning vendor disagrees.


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Franck Martin via 
mailop
Sent: Friday, April 1, 2016 11:27 AM
To: Kirk MacDonald
Cc: mailop@mailop.org; Tim Bray
Subject: Re: [mailop] Gmail red open padlock composing message

RC4 is a conundrum, it is about the only cypher you can negotiate with old 
MS-Exchange, so if you disable it, then the email will go in clear text. Which 
one is better? Clear text or RC4? Or too bad for old mail servers?

PFS or Elliptic ciphers are asymmetric in implementation, so you need to check 
what's negotiated as a sender and as a receiver.

Finally it seems some systems do not fall back anymore, if you initiate 
STARTTLS and can't negotiate it, then you can't send email in clear text.

And then look at SMTP STS

On Fri, Apr 1, 2016 at 6:00 AM, Kirk MacDonald 
> wrote:
Whoops, I fully intended to audit the available ciphers; clearly I missed doing 
that. Should be OK now.

Tragically, PFS is not (yet) supported on the TLS mechanism I am making use of. 
I hope to be able to change that in the somewhat near future.


-Original Message-
From: Tim Bray [mailto:t...@kooky.org]
Sent: Friday, April 01, 2016 5:58 AM
To: Kirk MacDonald 
>; 
mailop@mailop.org
Subject: Re: [mailop] Gmail red open padlock composing message
On 31/03/16 17:38, Kirk MacDonald wrote:
> With thanks to Google for pushing the cause, I implemented STARTTLS
> functionality on my org’s MX (as well as outbound SMTP with
> opportunistic STARTTLS).


Firstly - well done for doing it.   Everybody should be enabling TLS.

Did you test the install?

You have TLS, but there are some issues with your setup:

https://ssl-tools.net/mailservers/corp.eastlink.ca

So you need to disable the RC4 cipher.  Everybody suggests it is insecure.

Also you don't support the correct ciphers for Perfect Forward Secrecy.


I'm not sure whether this affects whether google shows the padlock or
not.  Best practice is to get it fixed.

I think ssl-tools.net is the best test for TLS 
mailservers.  You can
test your mail sending as well.


For webservers, use https://www.ssllabs.com/ssltest/ to test.  There is
also a tool to help make good configs at
https://mozilla.github.io/server-side-tls/ssl-config-generator/

What I've realised over the last year or so is that SSL/TLS isn't
something you can just fiddle with until it works.  If you want it
secure, across all browsers, it needs some work.

https://www.feistyduck.com/books/bulletproof-ssl-and-tls/  is an
excellent book.


Tim
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

2016-03-30 Thread Eric Henson 
For my org, I have all my filtering on a single server (well, a pair in 
parallel, but you get my meaning). But that's not going to work for Hotmail.

Hotmail undoubtedly has multiple levels of filtering. Each check they do with 
the SMTP connection open increases the connection time and decreases the number 
of connections the server can handle, making more servers a requirement.

1. MX server: accept thousands of connections a minute. They might have time to 
check those connections for RBL, might not. They probably also check for valid 
recipient addresses and recipient limits. Maybe mailbox space. 
2. Antivirus filtering: Emails with HTML and attachments, get sent to the 
antivirus scanners. Plain text emails might bypass this step and go to the next 
step.
3. Text filtering: Text is analyzed for spam words.
4. Image filtering: Emails with inline images, get sent to the inline image 
spam detection servers. Other emails bypass this step.
5. Routing: Emails get routed to mailbox servers.

I'm just guessing at all that, but you'll agree that doing all that with an 
option connection is going to dramatically increase the number of servers 
needed. 

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rich Kulawiec
Sent: Wednesday, March 30, 2016 1:42 PM
To: mailop@mailop.org
Subject: Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

On Wed, Mar 30, 2016 at 05:37:09PM +, Rodgers, Anthony (DTMB) wrote:
> Which is exactly what framed the tenor of my question when I 
> originally asked it. Very Large Providers operate at a scale and under 
> commercial pressures that most of us (including me) cannot even imagine.

Yes, but...

If you can run a mail system *properly* for 50,000 people, then you can run it 
properly for 500 million.  It's not really all that different or difficult.  
The trick is in the word "properly": if you make poor architectural, design, 
implementation, and procedural decisions, then oh my goodness yes, your life is 
going to be very tough indeed.

I don't want to get into the (many) (many!) arguments over those decisions
here, because we've kinda already had them.   I'll just say that I see
(here and elsewhere) mail system operators encountering problems that they 
never needed to have.  They could have rendered them moot at the whiteboard 
stage, but either they didn't know, or it looked like a good idea at the time, 
or management forced it on them, or something else happened, and well...now 
they're stuck.

In some cases, there are interactions between those problems that exacerbate 
things.  Worse, sometimes those interactions cause performance, scalability, or 
predictability problems.  (And anyone who's ever debugged software knows that 
things that stay broken are easier to diagnose and fix than things that are 
only broken some of the time.)

So that's why a lot of my answers to "how do I fix X?" are of the form "Don't 
do X, then you don't have to fix it".  Well, and because over many decades, 
I've had ample opportunity to do X, feel the ensuing pain, and realize that it 
was not a smart move. ;)

---rsk

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop