Re: [mailop] Yahoo no longer accepting email forwards?

2024-05-21 Thread Faisal Misle via mailop 
Have you tried reaching out to them directly to get more details? I know 
they also lurk here, but pretty sure they prefer you contact their team 
first and then escalate if necessary.


https://senders.yahooinc.com/contact/

On 5/21/24 8:01 PM, Mark E. Jeftovic via mailop wrote:


Following on my email yesterday and after running a few more tests.

The error message from Yahoo is simply

Remote-MTA: dns; mta6.am0.yahoodns.net
Diagnostic-Code: smtp; 554 Message not allowed
[PH01] Email not accepted for policy reasons

which links back to

https://senders.yahooinc.com/smtp-error-codes/

The PH series errors says simply "Content Based Blocks"

  * These error messages indicates that your email wasn't accepted
because there is something in the content that Yahoo won't accept
for policy reasons.
  * Objectionable content that Yahoo deems unacceptable includes:
  o Viruses
  o Phishing attempts
  o Ransomware
  o Other malicious software
  o Links or URLs to any of the above

Which is not the case - especially in our tests where we're simply 
sending text only messages with no links.


The only difference between messages that get through vs ones that are 
rejected (same message) is whether we send to the Yahoo email box 
directly, or else via an email forward (which has SRS enabled, and 
optionally SPF and even minimal DMARC)


So it is looking like Yahoo is not accepting email forwards (at least 
from us) since Friday, May 17th.


- mark

--
Mark E. Jeftovic 
Co-founder & CEO easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225

/"Never expect a thing you do not want,
and never desire a thing you do not expect."
-- Bob Proctor /

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Phishing hosted by Cloudflare-ipfs.com / Abuse Handled by Sparkpostmail.com?

2024-05-13 Thread Faisal Misle via mailop 
I know Cloudflare uses Sparkpost's infra to send replies from their 
abuse desk system, which is likely what you're seeing.


Received: from mta-87-157.sparkpostmail.com ([192.174.87.157])
by safari.mxrouting.net with esmtps  (TLS1.2) tls 
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
(Exim 4.96-58-g4e9ed49f8)

(envelope-from)
id 1roj7P-0002sE-3D
Subject: [a765c4b07061f747] Cloudflare: Abuse report confirmation

On 5/13/24 5:04 PM, Benoit Panizzon via mailop wrote:

Hi all

Our customers increasingly get phishing emails targeting our email
platform accessible under the domain: Cloudflare-ipfs.com
(interplanetary file system, I guess that is their name for CNS).

I reported some of those to the cloudflare abuse desk.

To my surprise, after usually 1 or two days I get a replies From:
"Cloudflare"  about them blocking some of the
single URL we report.

So is sparkpostmail.com linked to cloudflare?

Unfortunately the basic issue is not being addressed. The phishers
seem to be able to generate new URI under cloudflare-ipfs.com much
faster thanab...@spakpostmail.com  is able to block them.

Even SpamAssassin now has a rule matching those:

URI_CLOUDFLAREIPFS References Interplanetary File System PtP
 content via CloudFlare, likely phishing

Mit freundlichen Grüssen

-Benoît Panizzon-___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sudden TSS04's From Yahoo/AOL Early This Morning

2024-05-13 Thread Faisal Misle via mailop 
I am of the opinion you should still submit a ticket - their team will 
have more information as to why it was flagged and if it was a false 
positive.


On 5/13/24 1:46 PM, Michael E. Weisel via mailop wrote:


Good morning Mailop friends.  One of our clients suddenly started 
seeing TSS04’s early this morning.  I haven’t opened a ticket yet in 
case this was an issue at Yahoo like happened a few months back.  
Anyone else seeing similar issues this morning?   Nothing changed with 
their sending so not sure what may have triggered this.  If possible 
could someone reach out to me off list?


Thanks,

Michael

Michael E. Weisel

CTO / Deliverability Lead

Gold Lasso

(301) 990-9857 Corporate

(240) 813-0174 Direct Dial


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Someone at Google (GSuite) with a clue?

2024-05-13 Thread Faisal Misle via mailop 
Also worth noting that it was not rejected at the SMTP stage because the 
email address was valid. Google does not check for permissions to post 
to the Group until after it has accepted and processed the message, 
hence the delayed NDR. The Google rep also may not have had access to 
group details to check for permissions.


Can't speak about the logs, it's been a while since I managed a Google 
Workspace deployment, but I would've guessed the logs would've shown the 
permission issue & bounce?


On 5/11/24 2:56 AM, Aaron C. de Bruyn via mailop wrote:

The sending email is a no-reply.
Google accepts the message with at 2xx and then logs a bounce in 
gsuite with no info.


Someone at Google replied off -list. Apparently it was a group 
permission issue, but the GSuite logs don't give a reason, just that 
it bounced.


And their chat support couldn't figure it out in 3 hours of chatting.

-A

-A

-A

On Fri, May 10, 2024, 16:17 Graeme Fowler via mailop 
 wrote:


You said:
> then there's a bounce

and then:

 GMail is accepting our messages, then silently junking them.


So... Which of these is correct? They can't both be.

Graeme
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] "The email didn't arrive" to Office 365

2024-05-09 Thread Faisal Misle via mailop 
Yes, Microsoft 365 has hosted quarantines. There are two types: user facing 
where the user gets a digest every day and they can release messages from it 
and an admin quarantine, where only the tenant admins have access to (usually 
reserved for malware or other high-risk messages land).


> On May 9, 2024, at 8:09 PM, Jarland Donnell via mailop  
> wrote:
> 
> Hey friends,
> 
> Quick question for you experts. What do you find to be the most common root 
> cause for reports of emails not being received by Office 365 domains, when 
> you can confirm conclusively that Microsoft accepted the email? Obviously 
> spam folder delivery should rank high, but what else? Are there admin 
> settings for Office 365 organizations that result in emails being accepted by 
> their servers but not delivered to the recipients? Maybe quarantined 
> somewhere?
> 
> We hear it often but we've never had a failed test to Outlook/Hotmail/O365, 
> and yet still people open support tickets making claims that we failed to 
> deliver the emails. We rarely hear back from them after asking them to tell 
> their recipient to contact their IT department about it. So I feel a bit in 
> the dark as to what other things to suggest beyond:
> 
> 1. Check spam folder
> 2. Contact IT dept
> 
> I sure would like to have more clear and direct suggestions in my arsenal.
> 
> Jarland
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

2024-04-30 Thread Faisal Misle via mailop 

> configure DMARC for syniumsoftware.com to accept subdomain signatures.

Uh... that's not configured in the DMARC policy. The sp= directive 
states what action to take from subdomains of a domain when a message 
fails DMARC. See 
https://datatracker.ietf.org/doc/html/rfc7489#section-6.3 and 
https://datatracker.ietf.org/doc/html/rfc6376#section-3.10



On 4/30/24 12:37 PM, Matus UHLAR - fantomas via mailop wrote:
But this may be related to the drop in reputation of Amazon SES IP 
Space.  Do they offer a dedicated outgoing IP Address that you can 
try?  It also helps reduce any chance of forgeries..  Eg, smaller 
SPF footprint, that could have poisoned your reputation.


Am 30.04.2024 um 12:06 schrieb Matus UHLAR - fantomas via mailop 
:

DKIM should help as well or even better.
_domainkey.newsletter.syniumsoftware.com produces NXDOMAIN which 
means domain keys don't exist.


On 30.04.24 12:22, Mendel Kucharzeck via mailop wrote:
Thanks for your response.  DKIM is set up according to the AWS SES 
documentation.  There are three DKIM records for AWS SES present in 
the DNS record of syniumsoftware.com :


5tciaamivsdm3um6jda5iawx6dkzl4vv._domainkey.syniumsoftware.com = 
5tciaamivsdm3um6jda5iawx6dkzl4vv.dkim.amazonses.com
owv4bewgknpmf434mvkczc5hlg3yrflg._domainkey.syniumsoftware.com = 
owv4bewgknpmf434mvkczc5hlg3yrflg.dkim.amazonses.com
ypcsbtqri7hjsoyf55sdheq4elds3ojh._domainkey.syniumsoftware.com = 
ypcsbtqri7hjsoyf55sdheq4elds3ojh.dkim.amazonses.com


These SEEM to pass validation according to the DMARC reports we’ve 
received.


Now my question: We’re sending using the Email address 
newslet...@syniumsoftware.com .  The return-path/MAIL-FROM domain is 
newsletter.syniumsoftware.com .  I assumed that mail servers will 
look for the DKIM records at syniumsoftware.com and NOT 
newsletter.syniumsoftware.com

.  Am I wrong?

Thanks in advance for any guidance you can provide. Highly appreciate 
your help.


Well, you are right and I forgot about this, servers may check 
whichever keys you provide and you can configure DMARC for 
syniumsoftware.com to accept subdomain signatures.


However it seems you did the opposite:

_dmarc.syniumsoftware.com. 600  IN  TXT "v=DMARC1; p=reject; 
sp=reject; pct=100; rua=mailto:dm...@syniumsoftware.com;



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

2024-04-30 Thread Faisal Misle via mailop 
DKIM is fine at the organizational domain. I do think it's related to 
the introduction of new identities, and with time the filters will learn 
the reputation of the new identities.


On 4/30/24 12:22 PM, Mendel Kucharzeck via mailop wrote:

Am 30.04.2024 um 12:06 schrieb Matus UHLAR - fantomas via mailop 
:


But this may be related to the drop in reputation of Amazon SES IP Space.  Do 
they offer a dedicated outgoing IP Address that you can try? It also helps 
reduce any chance of forgeries.. Eg, smaller SPF footprint, that could have 
poisoned your reputation.

DKIM should help as well or even better.
_domainkey.newsletter.syniumsoftware.com produces NXDOMAIN which means domain 
keys don't exist.


Hi,

Thanks for your response. DKIM is set up according to the AWS SES documentation. 
There are three DKIM records for AWS SES present in the DNS record of 
syniumsoftware.com :

5tciaamivsdm3um6jda5iawx6dkzl4vv._domainkey.syniumsoftware.com 
 = 
5tciaamivsdm3um6jda5iawx6dkzl4vv.dkim.amazonses.com 

owv4bewgknpmf434mvkczc5hlg3yrflg._domainkey.syniumsoftware.com 
 = 
owv4bewgknpmf434mvkczc5hlg3yrflg.dkim.amazonses.com 

ypcsbtqri7hjsoyf55sdheq4elds3ojh._domainkey.syniumsoftware.com 
= 
ypcsbtqri7hjsoyf55sdheq4elds3ojh.dkim.amazonses.com 


These SEEM to pass validation according to the DMARC reports we’ve received.

Now my question: We’re sending using the Email address newslet...@syniumsoftware.com 
. The return-path/MAIL-FROM domain is 
newsletter.syniumsoftware.com . I assumed that mail 
servers will look for the DKIM records at syniumsoftware.com  and NOT 
newsletter.syniumsoftware.com  . Am I wrong?

Thanks in advance for any guidance you can provide. Highly appreciate your help.

Best,
Mendel
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is forwarding to Gmail basically dead?

2024-02-08 Thread Faisal Misle via mailop 
It says it on the new sender guidelines, under "Requirements for all senders"

"If you regularly forward email, including using mailing lists or inbound 
gateways, add ARC headers to outgoing email. ARC headers indicate the message 
was forwarded and identify you as the forwarder. Mailing list senders should 
also add a List-id: header, which specifies the mailing list, to outgoing 
messages."

https://support.google.com/a/answer/81126

Best,
Faisal

On Thu, Feb 8, 2024, at 1:03 PM, Jaroslaw Rafa via mailop wrote:
> Dnia  8.02.2024 o godz. 11:49:39 Kai Bojens via mailop pisze:
>> 
>> Google wants you to use ARC for forwarded mails:
>> 
>> https://support.google.com/a/answer/13198639?sjid=7229117128739116669-EU
>
> I don't see anywhere on this page a statement that you must (or even should)
> use ARC. It only describes what ARC is and how it can be used.
> -- 
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Admin contact for Protonmail

2024-02-01 Thread Faisal Misle via mailop 
Postmaster is extremely responsive, and if for some reason they don't reply - I 
know the team personally if you need a hand. 

Best,
Faisal

On Wed, Jan 31, 2024, at 3:32 PM, Atro Tossavainen via mailop wrote:
> On Wed, Jan 31, 2024 at 02:03:33PM +, Tarun Singh via mailop wrote:
>> Hello Folks, 
>> 
>> Is there anyone from Protonmail on this distro? Can you please reach out to 
>> me offline?
>
> Abuse and postmaster appear to work.
>
> -- 
> Atro Tossavainen, Founder, Partner
> Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
> Tallinn, Estonia
> tel. +372-5883-4269, https://www.koliloks.eu/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Comcast issues?

2023-11-27 Thread Faisal Misle via mailop 
Yes, there's been a few reports elsewhere. As Laura commented somewhere:

"Given the amount of mail I'm getting today I suspect it's just "All lines are 
busy. Please try again.""

On Mon, Nov 27, 2023, at 8:01 PM, Jarland Donnell via mailop wrote:
> Anyone else seeing issues connecting to comcast.net MX servers today? 
> We've got emails piling up in queue and connection failures all over.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google not sending DMARC reports since 9/25

2023-10-03 Thread Faisal Misle via mailop 
They started sending 10/2 reports just now. They may start trickling in again 
for other days soon.

Best,
Faisal

On Tue, Oct 3, 2023, at 3:38 PM, Jörg Backschues via mailop wrote:
> Am 03.10.2023 um 11:59 schrieb Faisal Misle via mailop:
>
>> We noticed (and looks like so did our counterparts at Dmarcian) that
>> Google has not been sending DMARC reports since last week.
>> 
>> I'm going to assume Google is already aware of it and is working to
>> resume sending and we should treat it like a Postmaster Tools or SNDS
>> blip and just go with the flow.
>> 
>> If anyone else has any other insight or details, I'd love to hear it
>
> Google's DMARC reports come in here regularly:
>
> Received: from mail-ot1-x34a.google.com (mail-ot1-x34a.google.com 
> [IPv6:2607:f8b0:4864:20::34a])
>   (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
>key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) 
> server-digest SHA256)
>   (No client certificate requested)
>   by mx0.backschues.net with ESMTPS id 4S0D682xGNz9rxf
>   for ; Tue,  3 Oct 2023 12:08:00 +0200 (CEST)
>
> -- 
> kind Regards
> Jörg
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Google not sending DMARC reports since 9/25

2023-10-03 Thread Faisal Misle via mailop 
Hi all,

We noticed (and looks like so did our counterparts at Dmarcian) that
Google has not been sending DMARC reports since last week.

I'm going to assume Google is already aware of it and is working to
resume sending and we should treat it like a Postmaster Tools or SNDS
blip and just go with the flow.

If anyone else has any other insight or details, I'd love to hear it!

Faisal Misle
Technical Lead, Customer Success & Strategic Projects | Red Sift

-- 
Red Sift's Digital Resilience Platform solves for the greatest 
vulnerabilities across the complete attack surface. Products on the 
platform include OnDMARC, OnDOMAIN and Hardenize, providing comprehensive 
coverage of an organization’s digital footprint through best-in-class 
discovery and monitoring and enabling users to proactively uncover threats 
within email, domains, brand, and the network perimeter.




Red Sift is a 
limited company registered in England and Wales. Registered number: 
09240956. Registered office: 3rd Floor, 1 Ashley Road, Altrincham, 
Cheshire, WA14 2DT.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Hosteurope contact?

2023-05-05 Thread Faisal Misle via mailop 
They're owned by GoDaddy - so maybe someone from GD can help make a connection?

On Fri, May 5, 2023, at 8:45 AM, Thomas Walter via mailop wrote:
> Hello,
>
> On 04.05.23 10:43, Ken Peng via mailop wrote:
>> May 4, 2023 at 4:09 PM, "Thomas Walter via mailop"  wrote:
>>>
>>> I am trying to get in contact with someone at Hosteurope to resolve
>>> delivery issues. I tried contacting their postmaster about a week ago,
>>> but did not receive a reply.
>> 
>> It seems they have enough info (either tel or email) to be contacted:
>> https://www.hosteurope.de/en/Host-Europe/Contact/
>
> I've tried that and got the following reply:
>
> -
> Unfortunately, we cannot assign a customer number to your request. 
> Please provide us with it so that we can process your request as quickly 
> as possible.
> -
>
> Since we are not their customer, we don't have a customer number, so 
> they can't process our request.
>
> I've explained that, but did not received a reply yet.
>
> That's why I hoped their postmasters are around on this list.
>
> Regards,
> Thomas Walter
>
> -- 
> Thomas Walter
> Datenverarbeitungszentrale
>
> FH Münster
> - University of Applied Sciences -
> Corrensstr. 25, Raum B 112
> 48149 Münster
>
> Tel: +49 251 83 64 908
> Fax: +49 251 83 64 910
> www.fh-muenster.de/dvz/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
> Attachments:
> * OpenPGP_0x27A04D4FB37FD4F6.asc
> * OpenPGP_signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] URIBL/SpamRL contacts?

2023-03-17 Thread Faisal Misle via mailop 
Hi all,

One of our domains, sift [.] red, which we use for our link rewriting
was flagged by those two vendors and it's causing issues for some
customers.

We've requested delistings through their portal, but it's the second
time this year and we'd like a contact to discuss it, as we're in the
email protection space, we're on their side!

Any leads or outreach is appreciated (you can email me off-list).

Thanks,

Faisal Misle
Technical Lead | Red Sift

-- 
Red Sift's Digital Resilience Platform solves for the greatest 
vulnerabilities across the complete attack surface. Products on the 
platform include OnDMARC, OnINBOX, OnDOMAIN and Hardenize, providing 
comprehensive coverage of an organization’s digital footprint through 
best-in-class discovery and monitoring and enabling users to proactively 
uncover threats within email, domains, brand, and the network perimeter.




Red Sift is a limited company registered in England and Wales. Registered 
number: 09240956. Registered office: 3rd Floor, 1 Ashley Road, Altrincham, 
Cheshire, WA14 2DT.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM record IONOS

2023-02-13 Thread Faisal Misle via mailop 
Correct, DMARC at none will only send XML reports that tell you if a message 
had an aligned SPF/DKIM and if it authenticated properly. It will also show you 
if anyone else is sending as your domain that you weren't aware of.

I highly recommend using a tool like Postmark's free DMARC reporting (or 
something like what my employer, Red Sift offers, if you need more visibility).

Best,
Faisal

On Sun, Feb 12, 2023, at 1:42 AM, H via mailop wrote:
> On 02/11/2023 01:55 AM, Gellner, Oliver via mailop wrote:
>> 
>>> On 2023-02-11 02:51 H via mailop wrote:
>>> 
>>> On 02/10/2023 10:13 AM, Gellner, Oliver via mailop wrote:
 On 2023-02-10 04:08, H via mailop wrote:
 
> I now did find that resource but it is written as general information and 
> does not really tell how to get it going with IONOS if they run the email 
> server...
> 
 As far as I understood you not only use Ionos as your registrar, but also 
 use their email server to send your email through. Ionos does not DKIM 
 sign emails on behalf of its customers, at least they didn't do so in the 
 past. So the answer is simple: You do not set up DKIM or DMARC at all, 
 because you can't.
 The instructions given by Ionos are only valid if your email is sent and 
 signed by some other server and you want to add the DKIM public key to 
 your domain hosted at Ionos.
 
 --
 BR Oliver
 
>>> Thank you, you are starting with the first issue, ie whether I can even 
>>> have a DKIM record given that the domain is hosted by Ionos as is the mail 
>>> server. Upon my additional research I have come to the same conclusion as 
>>> you, ie not possible.
>>> 
>>> By the way, I stumbled across this posting on the net - 
>>> https://serverfault.com/questions/1030262/record-dkim-on-ionos-makes-sense 
>>> - that as far as I can tell is still true.
>>> 
>>> So, I will now look at creating a DMARC record given that I have previously 
>>> created a SPF record and will not be able to have a DKIM record.
>>> 
>> I recommend against setting up a DMARC record with a policy of quarantine or 
>> reject as long as DKIM signing isn‘t in place. The SPF authentication will 
>> break for all forwarded messages as well as for all automatic replies or 
>> non-delivery reports. It will do mire harm than good.
>> Of course if you‘re interested in the reporting you can create a DNARC 
>> record with a none policy and only change that after you have moved to a 
>> different email provider who supports DKIM.
>> 
>> — 
>> BR Oliver
>> 
>> 
>> *dmTECH GmbH*
>> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
>> *Telefon *0721 5592-2500 * Telefax *0721 5592-2777
>> *_dmt...@dm.de _* ** **_www.dmTECH.de 
>> _*
>> *GmbH: *Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
>> *Geschäftsführer: *Christoph Werner, Martin Dallmeier, Roman Melcher
>> 
>> *Datenschutzrechtliche Informationen*
>> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
>> ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
>> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder 
>> sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen 
>> unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren 
>> Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
>> hier 
>> .
>> 
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
>> 
> I see. As I am sure everyone has noticed, I am a complete newbie to 
> SPF/DKIM/DMARC (and a lot of other things.)
> 
> Understanding your message, creating a DMARC with "none" policy would not 
> have any downside? When you say "reporting", what type of reporting would 
> that be and how could I benefit from such reporting?
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact at mxrouting.net / mxroute.com /porkbun.com ?

2023-01-03 Thread Faisal Misle via mailop 
I see Jarland replied, but the first two are together and run by him. 

Porkbun is not related to MXroute - it's a domain registrar/email host combo 
based in Portland, OR. 


On Tue, Jan 3, 2023, at 9:07 PM, Peter N. M. Hansteen via mailop wrote:
> Does anyone have useful contact info for one or more of those (which I 
> am beginning to believe is in fact the same outfit)?
>
> Some odd delivery problems with messages that are some of the least 
> useful I have seen.
>
> So bad, in fact, that I have already threatened to blog about them.
>
> Contact off-list is fine.
>
> All the best,
> Peter
>
> -- 
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Looks like I am getting blocked by msn.com only.

2022-11-18 Thread Faisal Misle via mailop 
Just to be sure because I didn't see you mention it, make sure you've contacted 
them via the form I often see linked so many different ways: 
https://sender.office.com

On Thu, Nov 17, 2022, at 10:26 PM, Ryan Prihoda via mailop wrote:
> `Hey all,`
> ``
> `I received this rejection going to an msn account is there any way to 
> resolve this?`
> ``
> `host msn-com.olc.protection.outlook.com [104.47.18.97] `` SMTP error from 
> remote mail server after pipelined sending data block: `` 550 5.7.1 
> Unfortunately, messages from [xxx.xxx.xxx.xxx] weren't sent. Please contact 
> your Internet service provider since part of their network is on our block 
> list (S3140). You can also refer your provider to 
> http://mail.live.com/mail/troubleshooting.aspx#errors. 
> [AM6EUR05FT038.eop-eur05.prod.protection.outlook.com] `
> ``
> `Thanks in advance,`
> ``
>  * `R. Prihoda`
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] TLS-RPT reporting software

2022-11-18 Thread Faisal Misle via mailop 
I only know of four providers that send reports (If anyone knows of any others 
- I'm all ears!)
 * Google
 * Microsoft
 * Comcast
 * SocketLabs
They likely have their own in-house systems, as they have the resources to do 
so.

Best,
Faisal

On Thu, Nov 17, 2022, at 11:22 PM, Muyeed Ali via mailop wrote:
> Thanks for the information. I had a broken TLS configuration on my SMTP 
> server and got a few TLS-RPT reports due to that from popular providers. The 
> question is who (which software/MTA/plugin) sends these reports then?
> 
> Thanks. 
> 
> On Thu, Nov 17, 2022 at 5:07 PM Patrick Ben Koetter via mailop 
>  wrote:
>> Ali,
>> 
>> * Muyeed Ali :
>> > Is there any other MTA that supports the TLS-RPT report plugin? Please let
>> > me know if any of you are aware of it. Thanks.
>> 
>> I'm not aware of any open source TLS-RPT reporting solution for any of the
>> open source MTAs at the moment.
>> 
>> Of course, if you know how to extract data from what Postfix logs you can
>> create reports to fill in the General, Failure and DANE sections. And then
>> submit it via SMTP in a DKIM signed message.
>> 
>> p@rick
>> 
>> 
>> 
>> > 
>> > On Thu, Nov 17, 2022 at 4:42 PM Patrick Ben Koetter via mailop <
>> > mailop@mailop.org> wrote:
>> > 
>> > > * Brotman, Alex via mailop :
>> > > > I’m not aware of one, though you may want to ask Viktor
>> > >
>> > > As of today the Postfix smtp client does not log everything it could to
>> > > provide data for a TLS-RPT report. It also lacks additional functionality
>> > > to
>> > > log even more data for TLS-RPT. In other words: Postfix is not aware of
>> > > everything it could be aware of to create TLS-RPT reports.
>> > >
>> > > Besides that the amount of data that could emerge when you start to log
>> > > TLS-RPT relevant information very likely will make it necessary to 
>> > > create a
>> > > new Postfix service, which sole purpose would be to receive and process 
>> > > log
>> > > messages.
>> > >
>> > > Viktor and I spoke about this about a year ago and he said he would not
>> > > have
>> > > sufficient cycles to work on all this in the next two years. Unless 
>> > > someone
>> > > steps forward and contributes documentation and code the Postfix 
>> > > community
>> > > will have to wait.
>> > >
>> > > p@rick
>> > >
>> > > > From: mailop  On Behalf Of Muyeed Ali via
>> > > mailop
>> > > > Sent: Monday, November 14, 2022 10:43 AM
>> > > > To: mailop@mailop.org
>> > > > Subject: [EXTERNAL] [mailop] TLS-RPT reporting software
>> > > >
>> > > > Hello,
>> > > > Does anybody know any mail filter or plugin to Postfix MTA that sends
>> > > TLS-RPT reports to mailto or https RUA tags? For the DMARC report, there
>> > > are a couple of milters in Rspamd and opendmarc but I could not find any
>> > > such option for the TLS-RPT one.
>> > > >
>> > > > Thanks.
>> > > >
>> > > > Regards,
>> > > > Muyeed
>> > >
>> > > > ___
>> > > > mailop mailing list
>> > > > mailop@mailop.org
>> > > > https://list.mailop.org/listinfo/mailop
>> > >
>> > >
>> > > --
>> > > [*] sys4 AG
>> > >
>> > > https://sys4.de, +49 (89) 30 90 46 64
>> > > Schleißheimer Straße 26/MG,80333 München
>> > >
>> > > Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> > > Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
>> > > Aufsichtsratsvorsitzender: Florian Kirstein
>> > >
>> > > ___
>> > > mailop mailing list
>> > > mailop@mailop.org
>> > > https://list.mailop.org/listinfo/mailop
>> > >
>> 
>> -- 
>> [*] sys4 AG
>> 
>> https://sys4.de, +49 (89) 30 90 46 64
>> Schleißheimer Straße 26/MG,80333 München
>> 
>> Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
>> Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
>> Aufsichtsratsvorsitzender: Florian Kirstein
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] How do I break Gmail forwarding?

2022-10-24 Thread Faisal Misle via mailop 
If you can still find the original authorization email (yes, I know - probably 
unlikely depending on age of setup), there's a link to break it. 

Best,
Faisal

On Mon, Oct 24, 2022, at 3:09 PM, Tara Natanson via mailop wrote:
> 
> At some point someone set up a gmail address which forwards automatically to 
> our postmaster address.  Yes I realize someone had to have clicked something 
> to allow this to happen (multiple people monitor the box).  But I cannot undo 
> it.  I do not control the original mailbox the mail is being forwarded FROM. 
> 
> Anyone have any tricks I'm missing?  
> 
> Tara Natanson 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Who is Mine/SayMine.com?

2022-08-02 Thread Faisal Misle via mailop 
They seem to be scanning the inbox for all emails from companies, wether you 
have an account or not and then sending a removal request. Most companies will 
comply as they're afraid of GDPR, but sometimes you may not even have the 
customer in your database. 

Automated is not the way, and they're definitely a pain. 

Best,
Faisal

On Tue, Aug 2, 2022, at 4:00 AM, Philip Paeps via mailop wrote:
> On 2022-08-01 23:43:57 (+0800), Jenny Nespola via mailop wrote:
>> Is mine/saymine.com a legitimate company? We're getting a number of
>> requests daily, all following the same template swapping out the email 
>> and
>> name of the recipient.
>
> If they're a legitimate company, they are certainly part of the problem 
> they claim to solve...
>
> It sounds like they're primarily in the business of building a database 
> of verified email credentials.
>
> Philip
>
> -- 
> Philip Paeps
> Senior Reality Engineer
> Alternative Enterprises
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] FYI - Google/Gmail hard enforcing SPF presence

2022-04-22 Thread Faisal Misle via mailop 

Does anyone have the bounce message they're sending back handy?

On 4/19/22 6:36 PM, Jarland Donnell via mailop wrote:
To add +1 experience to this, I've been seeing it intermittently. Some 
of my customers who lack SPF absolutely cannot deliver mail to Gmail, 
100% rejection due to lack of authentication. Others, not so much. I 
can't pretend to know what the criteria is for falling into the former, 
but it hasn't been a large number of domains we've noticed it on.


On 2022-04-19 02:20, Andre van Eyssen via mailop wrote:

Hi all,

A week or so ago I was dealing with some domains that were nearly 100%
bouncing on delivery to gmail. It turns out that the domain owners had
made registrar/DNS hosting changes and while they managed to create
the MX records correctly, they left out the SPF.

A little testing shows that gmail appears to be rejecting all mail
from domains with no SPF record. Having them create the SPF record
returned their domains to deliverability in about an hour.

Just a heads-up!

Andre.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] MTA-STS Policy File Syntax Question

2022-04-22 Thread Faisal Misle via mailop 

Hello all,

Got a quick question regarding the syntax of an MTA-STS policy file.

Example:

version: STSv1
mode: testing
mx: mx.example.com
max_age: 86400

vs.

version: STSv1
mode: testing
mx: mx.example.com.
max_age: 86400

Note the trailing dot on the second policy. Is that a valid MX for the 
policies of the file? I could not find anything about it on RFC 8461 and 
most validators were flagging it as an invalid MX.


Looking forward to hearing your thoughts!

-Faisal
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] After years of accepting messages, yahoo suddenly stops

2022-03-27 Thread Faisal Misle via mailop 
I'm going to bet it was a DNS resolution issue, both mgm51.com and 
mgm51.net were not resolving at all around the time he sent that message.


On 3/27/22 10:19 AM, Gary Gapinski via mailop wrote:


Your message to the list has the header

Received: from oneyou.mgm51.net (*unknown*  [174.136.99.202])
  (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
  (No client certificate requested)
  by mx.mailop.org (Postfix) with ESMTPS id 4KR1t64s9yz8sqQ
  for; Sun, 27 Mar 2022 05:44:46 +0200 (CEST)

which implies a DNS resolution failure for 174.136.99.202 which could 
have caused the reject by an MTA that requires a correspondent MTA to 
have good DNS.


As of this writing, but perhaps not earlier, 174.136.99.202 has 
correct FCrDNS.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] After years of accepting messages, yahoo suddenly stops

2022-03-26 Thread Faisal Misle via mailop 
Well for starters, I can't resolve mgm51.com's DNS records, which could 
very well be a factor - unless you're not using that domain to send to him.


Second, have you tried opening a ticket with their postmaster team at 
https://senders.yahooinc.com/contact ?


On 3/26/22 9:55 PM, Mike via mailop wrote:

I've been sending message to my brother for years.

Yet suddenly Yahoo decides that a message to my brother is not worthy of
being delivered ...

: host mta7.am0.yahoodns.net[67.195.228.106] said: 554
5.7.9
 Message not accepted for policy reasons. See
 https://postmaster.yahooinc.com/error-codes (in reply to end of DATA
 command)


And refers me to a useless web page that has little to do with the
problem I face?

Do I need to tell my brother to find a better email provider?




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from United Airlines ?

2022-01-20 Thread Faisal Misle via mailop 

That looks like Sendgrid, so they may be able to ping United.

I have the contact of their CTO, but you may get quicker help from 
SendGrid.


On 1/20/22 2:04 PM, Glowfish Domainadministrator via mailop wrote:


Hi,

Emails from united are getting rejected by our postfix mailserver. The 
mails seem to be from United Airlines (Mileage Plus).


Jan 20 19:16:45 mta01 postfix/postscreen[126746]: CONNECT from 
[50.31.61.242]:47664 to [xxx.xxx.xxx.xxx]:25


Jan 20 19:16:45 mta01 postfix/postscreen[126746]: WHITELISTED 
[50.31.61.242]:47664


Jan 20 19:16:45 mta01 postfix/smtpd[126747]: warning: hostname 
o1.email.smallbusiness.mileageplus.com does not resolve to address 
50.31.61.242: Name or service not known


Jan 20 19:16:45 mta01 postfix/smtpd[126747]: connect from 
unknown[50.31.61.242]


Jan 20 19:16:46 mta01 postfix/smtpd[126747]: Anonymous TLS connection 
established from unknown[50.31.61.242]: TLSv1.2 with cipher 
ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


Jan 20 19:16:47 mta01 policyd-spf[126752]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=50.31.61.242; 
helo=o1.email.smallbusiness.mileageplus.com; 
envelope-from=bounces+6242581-cfae-recei...@domain.tld@em7341.united.com; 
receiver=


Jan 20 19:16:47 mta01 postfix/smtpd[126747]: NOQUEUE: reject: RCPT 
from unknown[50.31.61.242]: 450 4.7.1 
: Helo command rejected: Host 
not found; 
from= 
to= proto=ESMTP 
helo=


Jan 20 19:16:47 mta01 postfix/smtpd[126747]: disconnect from 
unknown[50.31.61.242] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1 
commands=5/6


Anyone here from united ? Or anyone has an idea what I can do to make 
them pass without opening my mailserver to all other wrongly 
configured domains ?


KR

Daniel


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] And just after I spoke up for Linode being not bad ;)

2022-01-18 Thread Faisal Misle via mailop 
They do. Those servers then forward to Google Workspace, likely a spam 
filter or similar.


On 1/18/22 9:06 PM, John Levine via mailop wrote:

It appears that Michael Peddemors via mailop  said:

Serious?

: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] said:
Why do they have their abuse email address at gmail..

They don't:

$ host -t mx linode.com
linode.com mail is handled by 2 inbound-mail1.linode.com.
linode.com mail is handled by 2 inbound-mail3.linode.com.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] GoDaddy O365 spam?

2021-12-20 Thread Faisal Misle via mailop 
Hello all,

We've been noticing a trend where 'data brokers' with fake
americanized names in India buy domains and bundle sign up for Office
365 tenants through GoDaddy and start sending spam.

What is the best way to report those? I've reported the tenant to
Microsoft and the domain to GoDaddy, but they don't seem to be taking
any action as the same domain/tenant emails me a week, and two later.
The domains are usually fresh, registered within the past 1-6 months.

Any contacts at either companies that can take a look? I can provide a
few examples.

Thank you!
Faisal

-- 


Red Sift is the power behind OnDMARC and OnINBOX.

You can find us at 21A 
Noel Street, 4th Floor, London, W1F 8GR.




Red Sift is a limited company 
registered in England and Wales. Registered number: 09240956. Registered 
office: Kemp House, 152 City Road, London, EC1V 2NX.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google should be burnt or blown up (was: Gmail putting messages to spam)

2021-10-04 Thread Faisal Misle via mailop 
I agree with Brielle. Couldn't have said it better myself. It is getting tiring.

On Mon, Oct 4, 2021 at 4:18 PM, Brielle via mailop  wrote:

> On 10/4/21 2:46 PM, Jaroslaw Rafa via mailop wrote:
>> It's YOU, GOOGLE, who made me that "low reputation" by consistently putting
>> my messages to spam. Now you are blocking me because of "low reputation"
>> that you made yourself.
>
> Get a proper domain name perhaps?
>
> Just throwing that out there.
>
>>
>> I am absolutely mad at this. Google should be burnt or blown up. They are
>> doing harm to the Internet more than spammers are.
>
> *gets out a bag of popcorn*
>
> You know, you said it well in the first bit of your message,
>
> "Well, this is getting more and more ridiculous and annoying at the same
> time."
>
> Just, in reality, your rambling on and on about this is getting
> ridiculous and annoying.
>
> Here, you sound hangry, have a snickers.
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org / http://www.ahbl.org
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] rua report rejected by microsoft

2021-09-28 Thread Faisal Misle via mailop 
That usually means the address does not exist in Office 365.

On Tue, Sep 28, 2021 at 11:37 AM, Slavko via mailop  wrote:

> Hi,
>
> my rua report was rejected at RCPT stage with:
>
> SMTP error from remote mail server after RCPT 
> TO::
> 550 5.4.1 Recipient address rejected: Access denied. AS(201806281)
> [DB5EUR01FT030.eop-EUR01.prod.protection.outlook.com]
>
> I search the Internet, but i found multiple similar posts, but no clean
> description what is cause, as most of them talk about something in
> exchange, which i am not familiar with.
>
> Please, can someone explain me, what this rejection means? What is (can
> be) real reason?
>
> thanks
>
> --
> Slavko
> http://slavino.sk
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Recommendation for inbox provider?

2021-09-07 Thread Faisal Misle via mailop 
+1 for FastMail, can't believe I forgot about them! They're awesome.

‐‐‐ Original Message ‐‐‐
On Monday, September 6th, 2021 at 6:40 PM, Byron Lunz via mailop 
 wrote:

> What about fastmail.com ?
>
> On Mon, Sep 6, 2021 at 3:59 PM Anne P. Mitchell, Esq. via mailop 
>  wrote:
>
>> All,
>>
>> I know someone who is setting up a business domain, and needs an inbox host. 
>> Her registrar/webhost is GoDaddy and they are discontinuing their free 
>> hosted email, and referring people to paid Office365. It seems that all of 
>> the general info out there points to either 365 or Gmail. Surely there must 
>> be others out there? Anybody have one they recommend? Bonus if they help 
>> with authentication setup because she is ..um...tech challenged.
>>
>> Thanks!
>>
>> Anne
>>
>> --
>> Anne P. Mitchell, Esq.
>> Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
>> Board of Directors, Denver Internet Exchange
>> Chair Emeritus, Asilomar Microcomputer Workshop
>> Former Counsel: MAPS Anti-Spam Blacklist
>> Location: Boulder, Colorado
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Recommendation for inbox provider?

2021-09-06 Thread Faisal Misle via mailop 
Apart from the buck a month web hosts, the only one that comes to mind is 
MXRoute (their main guy is often on this list)

I used to recommend Rackspace, but not too sure about the long term future of 
their email hosting division. (Disclaimer: I worked there for three years)

On Mon, Sep 6, 2021 at 5:47 PM, Anne P. Mitchell, Esq. via mailop 
 wrote:

> All,
>
> I know someone who is setting up a business domain, and needs an inbox host. 
> Her registrar/webhost is GoDaddy and they are discontinuing their free hosted 
> email, and referring people to paid Office365. It seems that all of the 
> general info out there points to either 365 or Gmail. Surely there must be 
> others out there? Anybody have one they recommend? Bonus if they help with 
> authentication setup because she is ..um...tech challenged.
>
> Thanks!
>
> Anne
>
> --
> Anne P. Mitchell, Esq.
> Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: MAPS Anti-Spam Blacklist
> Location: Boulder, Colorado
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC: Anyone using pct=n with n !=0 and n !=100?

2021-08-19 Thread Faisal Misle via mailop 
All of my customers do. We have them ramp up in their policy slowly over 4ish 
weeks to see if any missed sources get quarantined.

On Thu, Aug 19, 2021 at 9:48 PM, John Levine via mailop  
wrote:

> It appears that Zack Aab via mailop  said:
>>
>>It's mostly to assuage the fears of large senders that all their mail will
>>be trashed if they've set up something wrong, ime. They can set it to 20%
>>and observe the consequences "just to be sure" before going to 100%.
>
> That was the plan. Do you know anyone who actually does that?
>
> R's,
> John
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] emailsrvr.com/racksspace running old PBL copy

2021-05-14 Thread Faisal Misle via mailop 
Hi Liam,

I'll send you a contact off-list.

*Faisal Misle*
Customer Success Engineer | Red Sift

On Thu, May 13, 2021 at 4:53 PM, Liam Fisher < mailop@mailop.org > wrote:

> 
> I had my IP range delisted from the Spamhaus PBL a few weeks ago. 
> Rackspace/emailsrvr.com
> ( http://rackspace/emailsrvr.com ) is still running an old copy and
> blocking. Anyone know a contact?
> 
> 
> 
> 
> A
> 
> 
> 
> 
> C
> 
> 
> 
> 
> T
> 
> 
> 
> 
> Learn more ( https://uk.sift.red/XZiFbYOv/kMfgTrKc6 ) | Report (
> https://uk.sift.red/1OK5s1fE/YV8onNHyV )
> 
> 
> 
> 
> Message scanned by OnINBOX from Red Sift
> 
> 
> I had my IP range delisted from the Spamhaus PBL a few weeks ago.
> 
> 
> 
> 
> Rackspace/emailsrvr.com ( http://rackspace/emailsrvr.com ) is still running
> an old copy and blocking.
> 
> 
> 
> 
> 
> 
> 
> Anyone know a contact?
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ---
> Authentication: Pass (Green) | Contents: Pass (Green) | Trust: Pass
> (Green) Learn more: https://uk.sift.red/XZiFbYOv/kMfgTrKc6 | Report: 
> https://uk.sift.red/1OK5s1fE/YV8onNHyV
> 
> ---
> * This message was sent as plain text * Message scanned by OnINBOX from
> Red Sift *
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> 
> 
>
-- 


Red Sift is the power behind OnDMARC and OnINBOX.

You can find us at 21A 
Noel Street, 4th Floor, London, W1F 8GR.




Red Sift is a limited company 
registered in England and Wales. Registered number: 09240956. Registered 
office: Kemp House, 152 City Road, London, EC1V 2NX.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone contact to ESP: MailWizz / pkmedia.us?

2021-04-04 Thread Faisal Misle via mailop 
.us domains are required to have an open WHOIS this is what I found -
looks like a typical indian spam operation:

Registrant Name: Anand Mathur
Registrant Organization: AMP
Registrant Street: Rohini Complex,Shakarpur Khas,New Delhi.
Registrant Street:
Registrant Street:
Registrant City: New Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110092
Registrant Country: IN
Registrant Phone: +91.8109712781
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: anandmathur1...@gmail.com


*Faisal Misle*
Customer Success Engineer | Red Sift


On Sat, Apr 3, 2021 at 4:27 AM Benoît Panizzon via mailop 
wrote:

> ---
>   Authentication: Pass (Green) | Contents: Pass (Green) | Trust: Pass
> (Green)
>   Learn more: https://uk.sift.red/HD4jX2kR/UXNGNoObC | Report:
> https://uk.sift.red/BFoxTnSl/z82NyqZ5w
> ---
> * This message was sent as plain text * Message scanned by OnINBOX from
> Red Sift *
>
>
> Hi List
>
> Constant spam observed since about February. Their website does not
> provide any contact or privacy information (stating: coming soon).
>
> Hosted @ OVH Germany.
>
> http://multirbl.valli.org/lookup/54.38.218.61.html hints to that
> problem.
>
> Does anyone perhaps has a contact to them to make them aware of the
> issue?
>
> --
> Mit freundlichen Grüssen
>
> -Benoît Panizzon- @ HomeOffice und normal erreichbar
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>

-- 


Red Sift is the power behind OnDMARC and OnINBOX.

You can find us at 21A 
Noel Street, 4th Floor, London, W1F 8GR.




Red Sift is a limited company 
registered in England and Wales. Registered number: 09240956. Registered 
office: Kemp House, 152 City Road, London, EC1V 2NX.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] usa.net / mbox.net = BAE Systems?

2020-09-30 Thread Faisal Misle via mailop 
Hello all,

Are the usa.net / mbox.net domains part of BAE's Email Security system?

My sleuthing also directed me to a company called SilverSky. Did BAE sell
the division to them, or are they just a reseller?

Thanks!

*Faisal Misle*
Customer Success Engineer | Red Sift

-- 


Red Sift is the power behind OnDMARC and OnINBOX.

You can find us at 21A 
Noel Street, 4th Floor, London, W1F 8GR.




Red Sift is a limited company 
registered in England and Wales. Registered number: 09240956. Registered 
office: Kemp House, 152 City Road, London, EC1V 2NX.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] office.com outbound: abuse or chase harder?

2020-09-14 Thread Faisal Misle via mailop 
Microsoft does do domain verification on Office 365, usually via TXT
(MS=9)

It's also possible it can be due to a forwarder on one of the recipient's
mailboxes.


*Faisal Misle*
Customer Success Engineer | Red Sift


On Mon, Sep 14, 2020 at 12:49 PM Phil Pennock via mailop 
wrote:

> Folks,
>
> One of the sources of mail for a domain I need to care about (nats.io)
> per DMARC reports is office.com; eg:
>
>   cwlgbr01ft010.eop-gbr01.prod.protection.office.com.
>
>   5.188.213.206   5.188.213.198
>
> Do Microsoft do domain verification before allowing a sender domain to
> be used?
>
> I'm trying to figure out if this is:
>
> 1. Crud being correctly filtered out?
> 2. Someone internally using
>a) an MS Office cloud product which is sending notifications/invites,
>b) or hosted email using SMTP/POP3 to the regular mail service
>and that person doesn't realize that my requests for "hey y'all, is
>this you" really does mean them and they need to speak up?
> 3. Something else?
>
> I'm probably going to up the DMARC p= level to quarantine and would like
> to not inconvenience (more than absolutely necessary) legitimate users.
> This domain is seeing enough spoofing to have caused deliverability
> issues in the past.
>
> Thanks,
> -Phil
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>

-- 


Red Sift is the power behind OnDMARC and OnINBOX.

You can find us at 21A 
Noel Street, 4th Floor, London, W1F 8GR.




Red Sift is a limited company 
registered in England and Wales. Registered number: 09240956. Registered 
office: Kemp House, 152 City Road, London, EC1V 2NX.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] no, target.com contact ?

2020-09-04 Thread Faisal Misle via mailop 
They seem to be a Cisco shop, so it’s likely the Cisco Appliance is sending 
them it as it considers the RUA address another user

On Fri, Sep 4, 2020 at 12:09 PM, vom513 via mailop  wrote:

>> On Sep 4, 2020, at 12:30 PM, John Levine via mailop  
>> wrote:
>>
>> In article ,
>> vom513 via mailop  wrote:
>>> PS: I’m just trying to persuade them to not send out DMARC agg reports for 
>>> mail sent to their rua address in the
>>> first place (loop). Not the biggest deal in the world but annoying.
>>
>> Please don't.
>>
>> DMARC reports are designed to be sent and consumed automatically. I
>> have no idea what reports people are sending me day to day, since
>> they're parsed and put into the database without my even seeing them.
>> I'm sure this is quite typical.
>>
>> If for some reason you have trouble dealing with tiny reports, it's
>> not hard to figure out how to throw them away automatically.
>>
>> R's,
>> John
>>
>
> Yep, I’m already using parsedmarc/elasticsearck/kibana. So as I said it’s not 
> a huge deal - but I would have thought that it was best practice to NOT send 
> an agg report for emails sent TO your own RUA. This can be one end of a 
> potential infinite loop yes ?
>
> target.com is the only org I get these from based on the agg’s I send them. I 
> send plenty of agg reports to other orgs and they are quietly 
> consumed/dropped/bounced etc.
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just how does SendGrid fail this badly?

2020-08-18 Thread Faisal Misle via mailop 
Checking my Proofpoint PPS cluster, a bunch of Sendgrid phishing emails are 
being rejected by PDR, meaning they're already blocked at the IP level.

mxa-0058bc01.gslb.pphosted.com:[205.220.165.245] : 554  Blocked - see 
https://ipcheck.proofpoint.com/?ip=192.254.123.97


Best,
Faisal

PGP Key: C8FD029B

‐‐‐ Original Message ‐‐‐
On Tuesday, August 18, 2020 7:03 AM, Andy Smith via mailop  
wrote:

>
>
> Received: fromwrqvhkqq.outbound-mail.sendgrid.net ([149.72.1.68])
> by chiark.greenend.org.uk (SAUCE v0.9.0)
> with esmtp id sauce-2544-1597663-1; 17 Aug 2020 11:32:54 + (GMT)
> Message-ID: 20200817203728.96117de88be30...@chilitato.com
> From: "chiark.greenend.org.uk" i...@chilitato.com
> Subject: chiark.greenend.org.uk quota full: (98% full)
>
> Cheers,
> Andy
>
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft giving Server Busy errors for M365

2020-07-24 Thread Faisal Misle via mailop 
We usually route them through our TAM and our Premier team when I worked at 
Rackspace.

Don’t think there’s a place for ISPs

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Fri, Jul 24, 2020 at 3:37 PM, Kevin A. McGrail via mailop 
 wrote:

> Microsoft's anti-spam seems to be misfiring again but for once it is on
> the m365 paid customer. Seeing deferred messages like dsn=4.0.0,
> stat=Deferred: 451 4.7.500 Server busy. Please try again later from
> [38.124.232.13]. (S77714)
> [CO1NAM04FT003.eop-NAM04.prod.protection.outlook.com]
>
> Anyone know how to open a ticket about this? Working for m365
> customer(s) to open support tickets but is there a place for ISPs to let
> Microsoft know they have an issue?
>
> Regards,
>
> KAM
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

2020-07-24 Thread Faisal Misle via mailop 
I also strongly recommend you start signing with DKIM. You may not have had a 
use for it, but now you do.

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Fri, Jul 24, 2020 at 4:45 AM, Andrew C Aitchison via mailop 
 wrote:

> On Fri, 24 Jul 2020, Klaus Ethgen via mailop wrote:
>
>> Hi folks,
>>
>> Recently, I heard often that my mails to friends on gmail ended up in
>> spam.
>>
>> As my mails are always plain text, signed by PGP and coming from a mail
>> server that I can assure is never sending spam or even high amount of
>> mails, that is not in any blacklist, I wonder, what makes it google to
>> believe that my mails should be in spam? (On the other side, the left
>> clear spams sent by amavis, mailchimp or others in the inbox.)
>
> Plain text and low volumes of mail may count *against* you.
>
>> Is there any I can do to prevent google to hide the mails from my
>> friends?
>>
>> Ah yes, before you ask, I hav a strong SPF record, my mailserver forces
>> encryption (with a cacert certificate) but I didn't implement DKIM as I
>> see no use for it.
>
> I suggest you add an appropriate DMARC record(s) to declare your
> SPF and DKIM policies.
>
>> I do mails for long time now but it is a mystery for me what google is
>> doing wrong here. As a private person with low traffic mail server I
>> also have not the power to negotiate this with google.
>>
>> Regards
>> Klaus
>> --
>> Klaus Ethgen http://www.ethgen.ch/
>> pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen 
>> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
>>
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Post-processing Journal-Mails coming from O365, forwardedMail

2020-07-07 Thread Faisal Misle via mailop 
Have you tried journal rules?

https://docs.microsoft.com/en-us/exchange/security-and-compliance/journaling/configure-journaling

Best,
Faisal Misle
MCSA: Office 365

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Tue, Jul 7, 2020 at 6:20 AM, Stefan Bauer via mailop  
wrote:

> Hi,
>
> there is a feature in O365 that forwards mails (in/out/both..) to an 
> archive-mailbox for long-term archiving.
>
> We grab this mails via pop. However our available mail-readers (Thunderbird, 
> Kopano) show the original mail as attachment.
>
> This makes it very hard for handling/searching/reading of these mails.
>
> Are there any tools available to just have the attachment that is the real 
> and original mail?
>
> example-mail can be found here:
>
> https://nopaste.linux-dev.org/?1321451
>
> I tried ripmime, but that removes relevant header-parts.
>
> Thank you.
>
> Stefan___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Proofpoint

2020-06-24 Thread Faisal Misle via mailop 
Have you tried ipcheck.proofpoint.com?

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Wed, Jun 24, 2020 at 9:36 AM, Kris von Mach via mailop  
wrote:

> Hi,
>
> Could someone please contact me from Proofpoint off-list.
>
> It's about a block on one of our IPs.
>
> I've tried postmaster@ but had no responses.
>
> --
> Kris von Mach
> Swishmail
> m...@swishmail.com
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid and Phishing

2020-06-17 Thread Faisal Misle via mailop 
I’ve had mixed luck... sometimes it auto replies, sometimes it doesn’t.

I sometimes wonder if their Proofpoint gateway is quarantining them - or if 
they added a bypass rule for their abuse mailbox (as it should be)

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Wed, Jun 17, 2020 at 4:17 PM, Tim Bray via mailop  wrote:

> On 17/06/2020 16:01, Len Shneyder via mailop wrote:
>
>> Hi All,
>>
>> Appreciate the discussion. As was mentioned in another forum we are aware of 
>> the problem—the entire time is engaged in deploying a comprehensive fix that 
>> will prevent a wave like this in the future. Just to be perfectly clear, 
>> there is no leak of credentials as one post suggests. In the mean time if 
>> you want to send example/headers to ab...@sendgrid.com they are being 
>> reviewed, you can CC me too. We will play some whackamole as we look to 
>> implement a more thorough solution. Again, thank you all for your vigilance 
>> and feel free to ping me.
>
> Thanks for confirming the correct abuse address. It doesn't auto reply or 
> anything so was a bit worried I'm sending stuff and nobody checking.
>
> Fortunately some of the links are blocked by google safe browsing, which I 
> guess limits the damage.
>
> --
> Tim Bray
> Huddersfield, GB
> t...@kooky.org___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid and phishing

2020-06-17 Thread Faisal Misle via mailop 
I’ve been seeing it too... Mailgun, PayPal, etc

A SG rep replied to a SDLU thread yesterday about the same issue

“We are working to get a handle on this on a few fronts. These senders in
this thread have been banned. I don't have insight into the compliance
side, but it is being worked on."

Best,
Faisal

PGP Key: [C8FD029B](https://pgp.faisal.ec/)

On Wed, Jun 17, 2020 at 8:00 AM, Tim Bray via mailop  wrote:

> Hi,
>
> Anybody else seeing increase phishing through sendgrid? They look
> fairly convincing.
>
> A few paypals, and a few amazons.
>
> I thought sendgrid were ok? Has somebody leaked a big pile of
> sendgrid usernames and passwords or something?
>
> --
> Tim Bray
> Huddersfield, GB
> t...@kooky.org
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop