Re: [mailop] Proofpoint Contact

[Jim Popovitch via mailop]

> In the past, I've found them to be totally unresponsive and gave up on
> them.

That can't be right.  I literally contacted them a few days ago and had
a successful response (unlisting) within minutes during US business
hours.  

Go here, put in your IP address, and they give you an opportunity to
input a text description about the issue.  

https://ipcheck.proofpoint.com/

Note, they may not contact you, they did not contact me, but they did
read what I wrote to them and they removed their listing of my IP
address.


I would add as a further point, it's up to you to make certain that your
IP is clean before you ask them to unblock it.   

Put your IP(s) in https://multirbl.valli.org/ and see what lots of folks
think about it.

-Jim P.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] verifier.port25.com

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Lots of good responses for alternatives to verifier.port25.com, but
do any of them support aliased feedback address whereby you could
send an email to check-auth-lhs=domain@verifier.port25.com and
the response would be returned to the aliased address not the sender?
I've used that many times in the past as a "bastads".

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmRtHZoACgkQPcxbabkK
GJ勠䀂汔ک줚䞦ඬ綝�豋㦺羛藩ꗌ鍒꽶त帆芗
so0LALZrWXXsyS5rrvadKY/g9m9WWUDg0X5oLyLI7fOxYv7eT/Qꅸ뻯툱쏕
U/954m5KYBHErW⺗߬簄弸䪼㠂珢㺈駙�樀줘佾ᯫ殊䧋鴟
KkQV4TJW3DbswXqGzUOgDrpF00M5TrBTrBeQkKjbdSui0BgU5eBGRghu9fwhzu2v
xyuibL3MPilBoP3txs4nVnsYyQDiKyhWINz40W8/HDJrT7MhrOBKJ6gdDsbB5i1p
ujhjTHGBhf3ARVpZS翲᜜᷽盧띯ᰠ稗䊟錺⮅䓟䒝낀⃮䤖芷
ENTVxrꣴ㴅⮜䞥닼㉉讽䗩鹓�멃ᆉ貧�⨷�⡄ꩆ魙
3nJQhpTAt5Za5Px0ZAeuoxfBMLVx3evHwReTw300KrI6co/D0G㗭奡嵭땜
dtE2ukr5QUrbFVOZYcyPBaIGYA4uHg6z42uoBuH8RVTkWzqgY09rxx7zOeFcTGlo
MG0scUvrLAR9bZSGfHIFhRhMCTBqbxSziLjUGeY0Flc7uzI5Ѿ俽ﺐ疅
uA/UbpOSxiC1ljB4ZefYI5ib1hUeSQ8bzMJNhGDxe3ZgvTI5Sl8=
=bres
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mailing lists, Apple and failing DKIM signatures

[Jim Popovitch via mailop]

On Mon, 2023-05-22 at 22:18 +0200, Benny Pedersen via mailop wrote:
> Jim Popovitch via mailop skrev den 2023-05-22 20:49:
> 
> > DO use Mailman's built-in DMARC mitigations for re-writing From
> > for DMARC identified domains, including p=none.
> 
> fine tool to break dkim, it would not help repeat why not break
> dkim, there would be endless debate why keep the problem, old
> software from 1970 does not break new standard


You are the sole carrier of that "debate", and, despite many many
previous attempts at correcting you, your assertions that the way
Mailman replaces the From address somehow breaks *your* DKIM setup,
is a hill that we all know you will die on, and 99% of us no longer
care if that occurs. :)

Also, please install a spell-checker in your environment.  Thanks!

-Jim P. (one of the many "bastads from hell", as Benny puts it)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mailing lists, Apple and failing DKIM signatures

[Jim Popovitch via mailop]

On Mon, 2023-05-22 at 19:20 +0100, Simon Arlott via mailop wrote:
> If you're running a mailing list that retains the original DKIM
> signatures [that will fail because the message subject and body
> have been modified] you might want to strip/hide them because... 


DON'T remove standard pre-existing mail headers.

DO use Mailman's built-in DMARC mitigations for re-writing From for
DMARC identified domains, including p=none.


-Jim P.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Proofpoint bottleneck to ibm.com

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Someone has reached out to me off-list.  Thanks all!

- -Jim P.

On Sun, 2023-02-05 at 19:48 -0500, Jim Popovitch via mailop wrote:
> Hello!
> 
> Anyone else seeing a delay in delivering email to *.ibm.com via
> Proofpoint?   All IPs are good on ipcheck.proofpoint.com, have been
> getting 421's for ~8 hours now.
> 
> Thanks!
> 
> -Jim P.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmPgV/UACgkQPcxbabkK
GJ/IOg/8CqBh4pwkTkUSwbGMQLZMKD43fFyzujTtuSXH89zWN5jOnqhoSRukn+7w
g4uQ12lvfnw8vnXF4fhlNMR3OvHn1KDBGr54JBImf0pA3Ep/zgjB6zlwPdTkONkE
wQe4qU+jRlwDkjAsu18ENgA03SF7+IF0P384dK2O1xtwnlEyvXLIQeE3QEu2GhKu
iiYpCefeuJHabOr4EXkFKbGEBQ5CgByoUj814Oh9yOeGSP1ilrJYAlX0HU9i/5QN
YZ4kweLlCDAgw/WM5WYwtkj388GtIYgU6xnO5yPsIKZARKG89RRCtZEkPKSwj+/u
fUkOMmMTM/08owYtUMaADF4NT4I9roWiW3X143IWur687jx/yVnJfGlr+FMKsdJz
bsI+6BAB9UHMIFYVTSOfk6iIWhd+a+50fnZcUVxeXD7AScfU/5MroUAxJT6BslHh
2QBAToo6sx0lEZf54MOH+edNV2FkbtUQ32aG1Fparzfl/VaUJd+0Ma8/6LPrcnvD
eaCOJj7tt1RZBQxqc1fQ09Kh6QX2M4uzCRLQ/Ss47l0+XxP4y86NFWDZYhDM8OqG
SGgmBsXOqqX0FfyDJ2RRV7wccOEM5f9hahebNysqWbCb8SOdXcxGCYbL8izCbcaL
VTPsp6ASx+UldEeNBE2hi1TUVLEY7L0BnXF33IqaKcjQ+a8PwzA=
=o6py
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Proofpoint bottleneck to ibm.com

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hello!

Anyone else seeing a delay in delivering email to *.ibm.com via
Proofpoint?   All IPs are good on ipcheck.proofpoint.com, have been
getting 421's for ~8 hours now.

Thanks!

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmPgTlUACgkQPcxbabkK
GJ86qw//XkM+houfINXlkfAMLduzozUvxr6r1SCxM14NCNXHbWchYisAsXG/d7X4
ANarA5Lcr2PprOk2+Ee1qel7MLPom82LwxUdOn6H9tHP6Eue/Pd4SOOEiMBs6LUY
aVI+svawsX2E1YRBsCrDxlF5SRuuokQ5b8/cHboLqlUsHgPX2loJ70Opf9LFoLq1
en5jX19xGVzkrtWbd29ZOmtc0za5fiF7Gnw55J8FklgaIu1xx9xbS1qNzKvPiguG
KoYlIePNb+8Jg7/tLYraR2UM5fGS+9gSrE3Sn3fn9EQ1cZ908M1VtfjYsDs1of8H
gye9Ws3kU0OnlF/nBSl5whuJxmyPWWCU+70tpaXMDLnaPXYQoDIGxegawlWTsWZV
RA9nlNjd2JRTFpNjZRCuJsXb8IKDyS4XGhXWMaJq2YeHm6184YWfXRObE87rEZmD
zEBduaXDqeZIiJnn2521v4omSH8emZf71Pq3+hSoh9VUubFkHUwX1r4sKgLu2OAi
fwC1P+m2fxA42PZsxtfMWDZoQaF1fQsAYXYrpQV7VnpSb928n7Psakz7SarW+PPq
O10ApIg6pQ9E2mOGHaZlChdHt/GY6xOBPsmMkirSfwe9SuZL4kKmwtPRm636Xa+l
Fw8M3n79FMFvBKcw3dONVAcMyh+dwhAibL1d0FN6TzveAWtlkCw=
=6Ql3
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DigitalOcean IP ranges gone

[Jim Popovitch via mailop]

On Fri, 2022-11-25 at 18:05 +, Slavko via mailop wrote:
> Hi,
> 
> i was using https://digitalocean.com/geo/google.csv to fill my
> internal rbldnsd, but recently i start getting 404 for it. I do not
> update these IP ranges too often, thus i am not sure when it
> starts to happen, but the problem persists about one week.
> 
> I checked DO docs, but the URL doesn't changed in it.
> 
> Please, know someone if it is some temporary problem, list
> is gone, or that URL changed?
> 

It hasn't been there since at least 2022-Feb according to this:
https://www.digitalocean.com/community/questions/what-happened-to-the-digitalocean-ip-address-list


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Postfix.org borked?

[Jim Popovitch via mailop]

On Mon, 2022-11-21 at 17:52 -0800, Jay Hennigan via mailop wrote:
> On 11/21/22 17:30, Jim Popovitch via mailop wrote:
> > On Mon, 2022-11-21 at 17:10 -0800, Jay Hennigan via mailop wrote:
> > > On 11/21/22 16:24, Jim Popovitch via mailop wrote:
> > > 
> > > > I still think there's some weirdness going on.  Firstly I'd be surprised
> > > > if Wietse hung www off of 1 NS, and then the base domain off of 2 NSes
> > > > on the same subnet.
> > > 
> > > Unless they're anycast. As a mild example, 4.2.2.1 and 4.2.2.2
> > > 
> > 
> > Of course, but in this case simple testing says they aren't... unless
> > all the anycast end-points are hanging off a HE node in NYC.
> 
> Alternatively, if the resource that you're trying to reach is on the 
> same LAN (or machine) as both/all of its authoritative nameservers, it 
> doesn't matter in the larger scheme of things.
> 
> If a resource isn't reachable because its subnet is unreachable, then 
> whether or not authoritative DNS on the same subnet is working really 
> becomes kind of moot. You're not going to reach that resource whether or 
> not it resolves until the underlying issue gets fixed.
> 
> This doesn't seem to be the case with Postfix, however.
> 

I'm not really certain of what your point is, but do you realize why
having a single NS server, or more than 1 NS servers all on the same
subnet, is bad?

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Postfix.org borked?

[Jim Popovitch via mailop]

On Mon, 2022-11-21 at 17:10 -0800, Jay Hennigan via mailop wrote:
> On 11/21/22 16:24, Jim Popovitch via mailop wrote:
> 
> > I still think there's some weirdness going on.  Firstly I'd be surprised
> > if Wietse hung www off of 1 NS, and then the base domain off of 2 NSes
> > on the same subnet.
> 
> Unless they're anycast. As a mild example, 4.2.2.1 and 4.2.2.2
> 

Of course, but in this case simple testing says they aren't... unless
all the anycast end-points are hanging off a HE node in NYC.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Postfix.org borked?

[Jim Popovitch via mailop]

On Mon, 2022-11-21 at 16:07 -0800, Dan Mahoney via mailop wrote:
> 
> To be clear, I was also hitting errors when I was trying to (from a direct 
> google link) hit the www.postfix.org mailing lists page, and getting a safari 
> timeout.

I still think there's some weirdness going on.  Firstly I'd be surprised
if Wietse hung www off of 1 NS, and then the base domain off of 2 NSes
on the same subnet.


jimpop@work~$ dig NS www.postfix.org
postfix-mirror.horus-it.com.

jimpop@work~$ dig NS postfix.org
ns4.porcupine.org.
ns2.porcupine.org.

jimpop@work~$ host ns4.porcupine.org.
ns4.porcupine.org has address 168.100.3.72
jimpop@work~$ host ns2.porcupine.org.
ns2.porcupine.org has address 168.100.3.75


-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Jim Popovitch via mailop]

On Mon, 2022-09-19 at 17:07 +0200, Alessandro Vesely via mailop wrote:
> 
> ARC is the authentication of choice in this case because, being devised for 
> this task, it is supposedly straightforward to configure for it, whereas 
> whitelisting after SPF or DKIM smells like a hack.

I wish ARC was straighforward to configure and implement, but sadly I
haven't experienced that.  Can teams at Google, Microsoft, AOL, etc.,
wrap ARC into their offerings, sure.  Can I wrap ARC into my mail flows,
not without a team.  Generally that team would be something like
OpenDKIM, OpenDMARC, Postfix, or even Mailman (although the latter one
have moved on to a product version that even they often admit isn't
ready for full replacement of the version of Mailman I use).  Now, you
might be thinking that OpenARC is the solution, but it isn't, and it
appears to be abandoned (last commit was 4 years ago, and there are
currently 31 outstanding issues).  Should I jump in and try to help
resolve 31 open issues in an abandoned project?  Let's see who the
project was created by and associated with... oh look, OpenDKIM and
OpenDMARC (those other technologies that promised solutions that now
need ARC to solve).  I know I'm on a soapbox here, but looking back this
whole band-aide after band-aide of wrap-around solution(s) for email
delivery sounds more like a Congressional/Legislative "solution" of
promise after promise rather than a solid solution.  This is why the
bigbox mailbox providers are winning.

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders

[Jim Popovitch via mailop]

On Sat, 2022-09-17 at 11:48 +0200, Alessandro Vesely via mailop wrote:
> 
> Yes, ARC can fix what DMARC broke.  

You must be new around here :)

If ARC is fixing what DMARC broke, and DMARC was to fix what DKIM broke,
and DKIM was to fix what SPF broke, and SPF was to fix (what was SPF
suppose to fix, oh yeah... provider greed and irresponsibility).   Have
we fixed that last part yet, because I don't think ARC is going to be
any better at fixing the real problem.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jim Popovitch via mailop]

On Wed, 2022-09-14 at 10:57 +0200, Alessandro Vesely via mailop wrote:
> On Wed 14/Sep/2022 00:09:49 +0200 Jim Popovitch wrote:
> > On Tue, 2022-09-13 at 15:56 -0600, Grant Taylor via mailop wrote:
> > > On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote:
> > > > 
> > > > It's not hard to do, it's just not super easy.
> > > 
> > > Try writing down all the things that you've done and would need to re-do 
> > > if you were to build a mail server anew to comply with the same 
> > > standards that you're complying with now.
> > 
> > My list would be:
> > 
> > Reputable hosting company, or BYOIP
> > Reputable domain and TLD.
> > FCrDNS
> > SPF
> > DKIM > 1024b and rotated regularly.
> > DMARC as either reject or quarantine.
> > Making sure your system doesn't backscatter.
> > Sign up at dnswl.org
> 
> 
> No blacklisting/ abuse reporting?

I don't see those things as a hindrance to setting up a non-oligopoly
email system.  I personally feel a lot of personal and small time
providers spend way too much effort on such things (including robust
DNSSEC reporting without out of the box configurations). Just 5xx what
you can't deliver and/or you don't want. 

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jim Popovitch via mailop]

On Tue, 2022-09-13 at 15:56 -0600, Grant Taylor via mailop wrote:
> On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote:
> > Right, that's why I have said repeatedly that it is not super easy.
> > It's not hard to do, it's just not super easy.
> 
> I agree that it's not easy by any stretch of the imagination.
> 
> I dare say that it's more on the hard end than I'd like to admit.
> 
> Try writing down all the things that you've done and would need to re-do 
> if you were to build a mail server anew to comply with the same 
> standards that you're complying with now.
> 
> I suspect that you might be mildly surprised in hindsight of all the 
> things that you have done.  It would probably take 15 minutes or more to 
> mention what needs to be done with at most one sentence description per 
> thing so that someone not skilled in the art might have an inkling of an 
> understanding.
> 

My list would be:

Reputable hosting company, or BYOIP
Reputable domain and TLD.
FCrDNS
SPF
DKIM > 1024b and rotated regularly.
DMARC as either reject or quarantine.
Making sure your system doesn't backscatter.
Sign up at dnswl.org

I've done those things at least every other year with various domains
(both testing and in-use) and never had trouble sending.  Yes, there
have (and will always be) the big mailbox providers who see a new
IP/domain and stuff it in bulk/spam folder, but after the receiver
clicks "this is not spam" most of the time there are no future problems.
And, if there ever was, the folks here on mailop are overwhelmingly glad
to help.  There's no secret sauce to deliverability, it's just common
sense stuff.  It's not easy, but it's not hard.


-Jim P.








___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jim Popovitch via mailop]

On Tue, 2022-09-13 at 15:18 -0500, Chris Adams via mailop wrote:
> Once upon a time, Jim Popovitch  said:
> > I agree. Self hosted email is not hard, and it's just not super easy. :)
> > 
> > The much harder aspect of email is getting your peers, family, and
> > friends to adopt encryption.
> 
> Self-hosted email is hard (or really, impossible) for a high enough
> percentage of the Internet population that it is effectively 100%.  My
> father has been using computers since well before I was born, is still
> working on rockets today, but I have to explain email technicalities to
> him sometimes, things that we just take for granted.
> 
> It's similar in a way to how blogs were popular before a succession of
> social media megacorps took over; the average techy could pop up
> something on their ISP-provided web space back in the day, but the
> average individual online now could not possibly do that.  Even dealing
> with a hosted WordPress or the like is beyond most.  And even the
> density of capabale people is way to low to support friends-and-family.

Right, that's why I have said repeatedly that it is not super easy. 
It's not hard to do, it's just not super easy.

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] The oligopoly has won.

[Jim Popovitch via mailop]

On Mon, 2022-09-12 at 19:02 +0800, Henrik Pang via mailop wrote:
> why bother to self host an email? using gmail/gsuite save a lot of
> time.

> > 
Why make a home cooked meal when you can buy the same processed meal
that everyone else buys?   Why make your kids custom toys, just buy them
the same toys all their friends have.   Life should be about variety,
not alignment.

Self hosted email is not hard, it's just not super easy.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] $GOOG

[Jim Popovitch via mailop]

On Sun, 2022-04-17 at 11:06 -0600, Rob Nagler via mailop wrote:
> Laura, did you notice the To line in the email to which I am replying
> is "Bill Cole via mailop ". 


The reason you see that is because your MUA is auto-saving email
addresses of the people that email you. The "Bill Cole via mailop" is a
DMARC mitigation feature of Mailman.  Sometime in the past you received
an email from MailOP, that originated by Bill, and your MUA nicely saved
it for you (albeit I would argue that your MUA incorrectly saved it for
you).

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] USPS mailing

[Jim Popovitch via mailop]

On Fri, 2022-03-04 at 18:05 +, Matthew Stith via mailop wrote:
> Hey there Mailop folks,
> On Monday March 7th and going on for a few days Microsoft and Amazon
> will be sending out messages on behalf of USPS in relation to Covid
> Home-test-kits. They ask that these message be allowed. We were
> provided with the following information regarding the mailing:
> USPS March 7th mailing
>  U.S. Postal Service
>  Sending Domain email-special.usps.com
>  Sending Address nore...@email-special.usps.com
>  Main URL https://special.usps.com/testkits
> The messages are going to be coming from Amazon space. I have added
> the list of IPs that they will be sending from. 
>  


Added them where? :)  Did you also remove them from the PBL?  The last
time they did a blast like this these were the headers of what I
received:


X-Client-Addr: 56.0.143.49 (mx3)
Received: from gk-c49-email.usps.gov (gk-c49-email.usps.gov [56.0.143.49])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gk-c-mail.srvs.usps.gov", Issuer "Sectigo RSA Organization
 Validation Secure Server CA" (not verified)) by mx3.domainmail.net
 (Postfix) with ESMTPS id 4JrNs86Y8dz5wKG for ; Sat,  5 Feb
 2022 07:12:44 + (UTC)
DKIM-Signature: v=1; a=rsa-sha256; d=usps.com; s=uspscom1008;
 c=relaxed/simple; q=dns/txt; i=@usps.com; t=1644045157; x=1659597157;
 h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:
 
Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:
 
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
 List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=dF+2v+s7VySk8VKb2y1aHfOGTO+N/k9FSG7eq4XAd2g=;
 b=mGcIPkd/D/mqalQ9Rp8l7S3cJushw1ckyBbPcSwwPWJRbmoOBftZAy8Nka39rISh
 N0D9xGEvKyu4hBmKf3trnqyAZwJYOpIuR8CMlB1ktsF7lULNIyP0jC10AXukDUtU
 zCA0LQYm7SOwGYzRdaDqfLSa1za1gclfQlzXRm+N281pTgqVLW0qF1Qltx20CDa1
 +7W1gzkfxtch5jaOwPsOlajn7PHCfZxTT69dPRIz7A1Ypf3/5ddCnViT4VbYANiF
 qQjdB13eGlz3Jxs5DMC1YxtGECGRyXvBBMOdGSiuaulYQDvRTnmPL/rxkfGD6T2c
 22rVRr/xGWMdHlsQP7UVwQ==;
Received: from mailrelay-c9i.usps.gov (eagnmnmbp627.usps.gov
 [56.207.40.120]) by gk-c49-email.usps.gov (Sendmail 8.14.3) with SMTP id
 DD.28.01377.5632EF16; Sat,  5 Feb 2022 01:12:37 -0600 (CST)
X-AuditID: 38008f27-07fe82400561-82-61fe23654b05
Received: from eagnmnmep1e40.usps.gov (eagnmnmep1e40.usps.gov
 [56.201.222.71]) by mailrelay-c9i.usps.gov (Symantec Messaging Gateway)
 with SMTP id 4C.CE.01589.5632EF16; Sat,  5 Feb 2022 01:12:37 -0600 (CST)
From: auto-re...@usps.com
Date: Sat, 5 Feb 2022 01:12:37 -0600 (CST)
Sender: auto-re...@usps.com
To: REDACTED
Message-ID: 
<1151028025.11203.1644045157024.javamail.ppts...@eagnmnmep1e40.usps.gov>
Subject:
 =?UTF-8?Q?USPS=C2=AE_Expected_Delivery_by_Tuesday,_February_8,_2022_?=
 =?UTF-8?Q?arriving_by_9:00pm_4203032445189200190314713204344571?=
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_Part_11202_893814898.1644045157024"
X-Brightmail-Tracker:
 H4sIA+NgFlrHLMWRmVeSWpSXmKPExsVicV6jQjdV+V+iwZk90haLJ/1lcWD0mLnp
 G3sAYxS3TVJiSVlwZnqevl0Cd8bupsmMBU25FTuutbA1MF5I7GLk5JAQMJE4sXkJUxcjF4eQ
 wGFGicNbWthhErf/LWaFSFxglJjUepu5i5GDg01AUuJZhxlIDYuAlsSZj91MILawgLTE8xnX
 WEBsEQFBicu3HoLZvAIhEjcvngWbIywwmVHi79EnzBAJQYmTM5+AFTELhEpM+NnEDFIkIbCJ
 VWLRhyZGiCvEJPacvss0gZFvFpKeWUh6IGxxieur/kPZ2hLLFr5mXsDIsopRND1bN9nYUjc1
 NzEzR6+0uKBYLz2/bBMjKOAY+tV3MC77bXeIkYmD8RCjBAezkghv9rTfiUK8KYmVValF+fFF
 pTmpxYcYpTlYlMR5k3zaEoQE0hNLUrNTUwtSi2CyTBycIN1cUiLFqXkpqUWJpSUZ8aCAjy8G
 hrxUA+OhaTVsy88vtnl5JvvKn8rPTatM1CZffngq/8zrKS/Z0k1uaeRPnenkkfj0uuabqv+b
 ej9/m79qXl22+C3+nW//H/k+dX8Dx2YTU+7965tPNIcemmV14vLrNZ7+B4ozbqXPXMQeJ/lB
 Plv3xK9aTSGeqktTyj70MbT+DVvVm+848XWA99ojlbyrlFiKMxINtZiLihMBXlxi9EECAAA=
X-Brightmail-Tracker:
 H4sIA+NgFnrIJMWRmVeSWpSXmKPExsVicfKeu26q8r9Eg+4/jBaLJ/1lcWD0mLnp
 G3sAYxSXTUpqTmZZapG+XQJXxu6myYwFTbkVO661sDUwXkjsYuTkkBAwkbj9bzFrFyMXh5DA
 BUaJSa23mbsYOTjYBCQlnnWYgdSwCGhJnPnYzQRiCwtISzyfcY0FxBYREJS4fOshmM0rECJx
 8+JZsDnCApMZJf4efcIMkRCUODnzCVgRs0CoxISfTcwTGLlmIUnNQpKCsMUlrq/6D2VrSyxb
 +Jp5ASPLKkax3MTMnKLUnMRK3WTLTL3S4oJivfT8sk2MoGA4r2G6g/Hym5RDjEwcjIcYJTiY
 lUR4s6f9ThTiTUmsrEotyo8vKs1JLT7EKM3BoiTO23X+bqKQQHpiSWp2ampBahFMlomDU6qB
 cYufuLjlgsV7zSftOqE043d1UsPk+Tv33jcwWmT8PiZtx3vulxp3Hf7PeihgMOPC651feM7H
 tIoxW4t/cZmREF3z/R1LVWL9k9bPa0KvFZ+X/N6uIL5U7uiZBwzPm7WbX/k6V03+eOjMTffn
 HU4yF98ce5fgoMYvVtT6p2e664Sny/W3HEt+JafEUpyRaKjFXFScCADMI2e39AEAAA==
X-CFilter-Eagan: DLP04
X-Virus-Scanned: clamav-milter 0.103.5 at mx3.domainmail.net
X-Virus-Status: Clean
X-Spam-Flag: YES
X-Spam-Status: Yes, score=108.0 required=5.0
 tests=RCVD_IN_ZEN_LASTEXTERNAL, SHORTCIRCUIT shortcircuit=spam
 autolearn=disabled version=3.4.6
X-Spam-Report: 
*  100 SHORTCIRCUIT Not all rules were run, due to a shortcircuited
*  rule
*  8.0 RCVD_IN_ZEN_LASTEXTERNAL The last untrusted relay is listed in
*  Spamhaus ZEN
X-Spam-Level: 

Re: [mailop] m-365 still works like a spammer !

[Jim Popovitch via mailop]

On Sat, 2021-07-24 at 17:14 +0200, Xavier Beaudouin via mailop wrote:
> Hello,
> 
> > > But it seems they never trys the best preference first.
> > > 
> > 
> > Are you greylisting or running pregreet tests on your MXes?
> > 
> > Here's what I think is happening.  MS first tries the priority 10 MX,
> > and postscreen (or such) issues some tests that delay the transaction,
> > so then MS tries the next (next, next...) priority MX and eventually
> > ends up on your highest priority MX.
> 
> I use greylisting... BUT... there is not log trace from microsoft servers on 
> the 10 MX... so they didn't bother about greylisting...
> Maybe they had some issue... I changed the priority to 50... let's see
> if there is something different...

Another possibility is routing issues.  Does your primary MX(es) have
address space in Level3/Lumen/CenturyLink?  I have an outbound MX in
that space that can't reach 1/2 the world.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] m-365 still works like a spammer !

[Jim Popovitch via mailop]

On Sat, 2021-07-24 at 13:23 +0200, Xavier Beaudouin via mailop wrote:
> 
> 
> But it seems they never trys the best preference first.
> 

Are you greylisting or running pregreet tests on your MXes?   

Here's what I think is happening.  MS first tries the priority 10 MX,
and postscreen (or such) issues some tests that delay the transaction,
so then MS tries the next (next, next...) priority MX and eventually
ends up on your highest priority MX. 

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Paging Barracuda/EmailReg

[Jim Popovitch via mailop]

On Mon, 2021-04-05 at 09:06 -0700, Erwin Harte via mailop wrote:
> On 4/3/21 8:59 AM, Jim Popovitch via mailop wrote:
> > Paging someone from Barracuda or EmailReg.  EmailReg.org has been
> > offline for a while now.
> > 
> > https://www.barracudacentral.org/about/emailreg
> 
> As I understand it that should be deprecated/removed, I've nudged 
> someone about it.
> 

+1  Thanks!

I just saved $20, AMA! 

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Paging Barracuda/EmailReg

[Jim Popovitch via mailop]

Paging someone from Barracuda or EmailReg.  EmailReg.org has been
offline for a while now.

https://www.barracudacentral.org/about/emailreg

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: This mailbox is disabled (554.30)

[Jim Popovitch via mailop]

On Mon, 2021-03-22 at 18:04 +, Laura Atkins wrote:
> On 22 Mar 2021, at 16:06, Jim Popovitch via mailop  wrote:
> > Something I've never fully understood: Is a disabled account permanent
> > or subject to reactivation upon some action?   This is for a mailinglist
> > subscriber, so I'd prefer to not remove the subscriber if there's a
> > chance the participant can re-activate their account.  
> 
> Some of the consumer mailbox providers disable the ability of a
> mailbox to accept mail if it’s not logged into for a certain length of
> time. However, if the mailbox owner logs in and reclaims it mail will
> start flowing again. 
> 
> Yahoo, in particular, has been sending out ‘if you don’t log in, we’re
> going to disable your ability to receive mail.’ Yahoo accounts are
> associated with a lot of other services (I have one I don’t use for
> mail but is associated with my paid Flickr account, for instance) so
> the accounts do still exist and I can always log back in and turn mail
> on again. 
> 
> They can be reactivated if the subscriber logs in and re-activates the
> mail. But the fact that it’s been deactivated means it’s very likely
> your subscriber likely hasn’t logged in for 6 - 12 months. I would
> suggest you stop sending mail to that account as repeatedly sending
> mail to an address that is dead is a hit to your reputation. 
> 
> laura 

As always, excellent feedback Laura thank you very much.

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Yahoo: This mailbox is disabled (554.30)

[Jim Popovitch via mailop]

On Mon, 2021-03-22 at 09:24 -0700, John Brahy wrote:
> Pretty sure the only time it’s opened back up is to make a spam trap  

Heh, I've seen that.  So, 554.30 is permanent disable.  Is there any
listing of these codes to better understand if an account is in-flux?

Thanks!

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Yahoo: This mailbox is disabled (554.30)

[Jim Popovitch via mailop]

Something I've never fully understood: Is a disabled account permanent
or subject to reactivation upon some action?   This is for a mailinglist
subscriber, so I'd prefer to not remove the subscriber if there's a
chance the participant can re-activate their account.  

--
Mar 22 13:37:33 smtp1 postfix/smtp[3675]: 4F3wXp35xSz1fC9H: to=<
xxx...@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.228.109]:25,
delay=3.2, delays=0.03/1.6/0.73/0.89, dsn=5.0.0, status=bounced (host
mta6.am0.yahoodns.net[67.195.228.109] said: 554 30 Sorry, your message
to xx @yahoo.com cannot be delivered. This mailbox is disabled
(554.30). (in reply to end of DATA command))
---


-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus Public Mirror Error Return Code Update

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, 2021-02-15 at 18:53 +0100, Jaroslaw Rafa via mailop wrote:
> Dnia 15.02.2021 o godz. 15:43:56 Matthew Stith via mailop pisze:
> > Wanted to get this out to you all for awareness for anyone who is using
> > the Spamhaus public mirrors to query our DNSBLs. Beginning in March
> > Spamhaus will start enforcing the follow error return codes for these
> > news codes announced in 2019:
> > 
> > 127.255.255.252 - Typing error in DNSBL Name
> > 127.255.255.254 - Query via public/open resolver/generic unattributable rDNS
> > 127.255.255.255 - Excessive Number of Queries
> > 
> > The main thing to take away from this announcement is that these codes
> > are meant to be treated as errors and not an indicator of negative
> > reputation. The plugins that we have developed for Spamassassin and
> > Rspamd already properly parse out these errors. You can read more about
> > the change here:
> 
> Are these "error" codes covered by any RFC?
> If not, I suppose that Wietse will refuse to implement them in Postfix :)

Anyone can implement it in postfix.  Just use:

postscreen_dnsbl_sites =
zen.spamhaus.org=127.0.0.[0..255]*3

If you are using a version so old that it doesn't support postscreen,
then Wietse isn't your friend.

- -Jim P.



-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAqudEACgkQPcxbabkK
GJ9EJQ/+K7ZUqwEffWh7RFgyzLU9SxuNZWDAGLXEVWaKB4POB73lnIokyyrzDo6D
Q8o/Bh9HnheCtrdim/RnoEcmWQyV3ylUNo0xz4RMZCfxsOi5SD+rVnQ1e+JneZYf
BvGSTUrS0KOyERjITK3VXwXoRMFilgR9eMNX553bCvd58SW41fTlJcdy7GAFccM4
zpKQxWJqCBrXXfd61iTMQMMqhktpFzgKRgrpKJXTb9Tju2fQ3hO5ZgSfAJO6A16H
BE1/jcr4IBe8LNROXnNi6+wA7UqtUUcOFnkaYAJTQnAVcU7Rat/L2tqCZaWlqm2X
re+lmadYx0WsVJP7NP/oWpXOQQgQUKCZ13dEVqeY82LrwazwaU2sy76KkLOnsCYg
iIOg9QIxfO49rnPC8EbGXHs/x9EqwAKjxTjSDRHD9yFdTxJfIR9njOJlAwqyZl8x
cD3ElJZ/L6jHPrn1/wyK3nd4AcF54X9hx27USzZ9YT2gZJyle+LdzeTquVRbuHSn
xSGfxD7vuHlRaoK8zsvscdqZsgS5fyUzyX3ZlkngR63Xh/8pkHQ4nFYivqKAuR+L
4Ifk6YQAjMVyVVWUSFRkm/k8j7tMtDqw+MmjDA6bPW7jF5ErHeA6p63wRmxV8ZNk
QLTqK+TVwDNkWIaXdv4RccboM2fY3GitCsgYpq+zzplM8u/224g=
=xlW/
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Note: Last post by me on this thread Graeme. 

On Fri, 2021-01-22 at 20:45 +, Gregory Heytings via mailop wrote:
> At the time we were discussing this 24 hours ago, there were about ~2400 
> IPs in their network that were flagged.  This number suddenly dropped to 
> zero (I'd guess that OVH paid something to that guy to clear their 
> history), but it is now raising again, at a rate of ~350-400 IPs/day (the 
> same rate as during the previous three days).  Which means that, given 
> that the limit for OVH is 717 flagged IPs, in 24 hours the entire OVH 
> network will again be on UCEPROTECT® Level 3, unless of course OVH pays 
> something again (and again and again).  See 
> http://www.uceprotect.net/en/rblcheck.php?asn=16276 .

I just believe that you are thinking wrongly about this.  The drop is
most likely due to OVH being on top of their network, not paying money
to UCEPROTECT.  Rinse, repeat.  There is no nefarious angle to either
one's business.

> > With that setup, I have yet to see people unable to send email to my 
> > systems.
> > 
> 
> With that setup, you cannot send an email from one of your OVH servers to 
> your systems.

While true, that would be for just the time that it takes to the cycle
to rinse and repeat itself.

- -Jim P.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmALPaUACgkQPcxbabkK
GJ8Anw//XqmkhHil6WlCGXoGQA4sZdX7+CO89neO7TPGIjGDkrHbKcrkc7cCT7CH
baCUPewBNVPbfoaHHPdxCl7cp+O+L6D68+i/FEfTcR/FK4e+1cwLY9fCmiB8tApz
HVBaIIoiFOJ2kURkvcnireO4IBMjbRDFjhrPdSzU6I7AGSadgo8RsI4o91d7Q+G/
PXcv+BCBQ1Zz7BzCT+MarT0yAKIvakZIgdTa+li0GQwuSlSI5yqscbGEmh1cd1f7
v2/V8KHwDi3L2C21idad5N9hDL2rGeZFL5npnME9e96Y6MN265RCh3XKtxq79SNA
/PRIgPLe1bqylsQhVxkN9S77POgyVKbasWtbzyzMHM25Jm1fj/6QM4GpA9xsG/H5
9TBsExcmr0dRmEX1WeJ1nOJp6JILPuEi0YCe1vMcyWE13T/cAJXqmMIuw/9pSyWo
iEuhaoN65Qnu2Sl79EtWTziZOYuqzlpx2VaoNOeMMaciNnU8fWPatwWt7DTmAE0x
fG5+D7mg+0YyJqcMcjMKf0kafob0JT3OzCsepCrzBAENonJrvApXIXNKO38+HhCC
89XXuF+8eSYMJ96PW1xMcfjaylwvcfzzNSqqMGpCkM3hXEJEEjQtdwDBXkbV8AuM
rrUUscw3Zh/eDbetPRKqTkha/PTDF8O/iTKr64j8S3rGqHAfXZk=
=1mJY
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, 2021-01-22 at 19:12 +0100, Alessandro Vesely via mailop wrote:
> On Thu 21/Jan/2021 19:09:04 +0100 Graeme Fowler via mailop wrote:
> > [Admin note]
> > 
> > Unless you are a representative of UCEPROTECT, or you have something to 
> > actually add to the discussion rather than endlessly nitting on statistics 
> > etc, please refrain from continuing this thread.
> 
> Jim has been on these lists for a long time, and is often a good poster.  An 
> interesting question would be why he is playing public defender for OVH 
> (assuming he's not their representative).

I'd like to not think of myself as an OVH or UCEPROTECT defender.  Those
2 entities can stand on their own without my input.  

Disclaimer: I got a spam from 135.148.37.130 (OVH) this AM. It was a 
Drone spam, mostly due to that email being harvested from a recent FAA
SolarWinds hack.  I have no evidence that is the case, just theorizing.
That email address was given to the FAA well over 4 years ago for a
drone registration.

I've been an odd OVH customer over the past few years, and I've seen
their vetting process first hand.  I don't know if they vet everyone
they way the vetted me, but it was a pretty thorough process (ID scan,
CC, waiting period, email back-n-forth, etc.)  Of course, now that I'm
in their system I can spin up hosts all day long without human review. 
But I'm satisfied that they take new sign ups seriously, and my
honeypots rarely see any sign of them compared to other big entities.

I've been a steady user of UCEPROTECT for years now.  I use their levels
1, 2, and 3 with postscreen rankings along side other popular RBLs. On
my systems a UCEPROTECT level 3 rating will reject, unless the IP is
listed in ips.whitelisted.org.  But even then just 1 RBL hit anywhere
else would override the ips.whitelisted.org listing.  With that setup, I
have yet to see people unable to send email to my systems.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmALKC4ACgkQPcxbabkK
GJ9MnA//bTgDba00sDCROufzL2HgRQ+7//IUQKwFiW3uh/oNAcy7xY6wW8WNPrYt
ZotQynTc/Nv6rw/r0LMKj/Tei96FeH9Ex4d2X8N8Gcexou3jbTgXXBY7iWk3KCFU
A5D96Y5TKaTLXImw/ZVaL6LA6L8X8Ek3eI96+oaCO3EVErPXHr7Cw7NdfL2oWlzK
kOpfn8vDJ6uQvno75OEOZuQMVNKsiYYfa+TZ6+1175eRn9OjGupUikULjg7CwAOa
APvev7ZLPuf20RxrLxX7661t3fPcR1RlWCqDM4jAIo2z9Mb1+uKE4EvA21stncti
ciSublA+MqKPfPPyE/ZPYVNA08qUIhbwobX8InBe1BuzIFv8ijidDdSpGoSSBhKK
9jq/aNiwQh+Q/x1cvRWWUE43JvbbCXRlMn4Tf3qjCD46vWs+lQwlVXPVYIY5lVac
TZfTUGuG2j6ygpZqYPN3HSyCLoJVUNrIpaha4UAdgM1pLrDWodVumLN++km3XKJg
0kfBK14lzlL/UNx8HGG0bUmVikpWmc2J8WTh5647mHttu6IlDrtSkVYSQZavUloX
DckZot3wQvpNyb4TDKjCpnG7vaYRuGQA8RnsZm1YqMjQwbZTf1WYqbx9xmvug2WU
7Tch8fWhDai8ZWyfBgFryleitY+inQ4UXhqbN49g/mrf/nfRiaA=
=hBam
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 18:36 +0100, Vittorio Bertola via mailop wrote:
> > Il 21/01/2021 15:03 Jim Popovitch via mailop  ha scritto:
> > 
> > Neither of those situations describe the reality of what uceprotect is
> > doing.  They are saying that if you choose to operate in a shady area,
> 
> The problem here is that they are defining on their own the criteria to 
> identify a shady area,

Isn't that their right?  If not, who gets to define what others think?


> doing all of this in a way that maximizes their revenues,

Do you have evidence of this?  


- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJxOcACgkQPcxbabkK
GJ8peg//Sks+WJxqqZCI5aoNzMQ6vodsb58Jlg65cLJLzde/d/mLz7V0+1sD+GMK
zfqa7Fg0jv23XlnhS26y/NWiWVITLu0o3a24SRTE+dkrp3/Qb+5V+0D1UGWlra6r
nWdsnWKrKyXO8SehV21sC3JEAij+zX8RB1IRhpjJFW8hu8dN+XQLwlsf20g1HjtV
ljmf8V4ozLm7noY6a95ZWmMCa6kv0OQjt+wz34PKN++xeaOKvlyy5RKPgz9K7EHX
n74XoF2zmLwWaLntWql5a30UqJg0ZM03VQyoQBMgqeTnLeXxakdObbBz8xw9Lz8P
7PDaIReyk/KBHwHHyl5+FFrlOXoDbUdjiebGHbheZOU1Zmj5PisR7VCyrE5Ue3ZB
v7cm0NhLdn1h8NBrI38nZsiOXMqWhO3HEc0OtyyE7xOa2NQtO4DldRRj6wnk4NzK
oVQVxJrWa15P/wGaHQTjlkyOCklgnff2TYGboSt1JvRmNnXRIW4qSCkSUFDvxzAk
xSOD860szZIiw8q37GQ95xzSH6SvS/yJtA7VVg2HnW8WAgf49q6kVHpSG6y1Xv+e
cKIi740PU1JOm/zHh1/hzrL23mJdLz36TOAk8vLa5pVhbWbEnWNTy93oQ8nvZeER
Kfglzsx9TH2tNr7p4J93Y66pJV8F95DPmVJfXwD9rB4fWK5+zsI=
=nBUw
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 17:33 +, Gregory Heytings via mailop wrote:
> > > This make me think to the "First the came..." thing: saying that around 
> > > 1 million OVH customers *chose* to operate in *shady area* is a strong 
> > > statement.
> > 
> > ... and OVH cleaned up their act.
> > 
> 
> Yet they are (black)listed by uceprotect.  OVH is AS16276, the one with 
> 2327 of their 3583744 IPs that have sent spam in the last seven days...

As someone else said "honest customers".  Look, listing happen for
reasons, and there are consequences. 

> > > Maybe you'll grasp the issue only when they will list Ramnode :-)
> > > Or maybe you'll be happy to pay or to move to another ASN until they 
> > > catch up...
> > 
> > You seem to be under the assumption that uceprotect is just looking for 
> > providers to list.  I think, and I know, that Ramnode is a responsible 
> > hosting provider.  They take abuse report seriously, and act swiftly. If 
> > you read the details about the ASNs that uceprotect list, it's clear 
> > that those ASNs do not.
> > 
> 
> According to uceprotect 3 of their 42240 IP addresses have sent spam in 
> the last seven days.  That's only 0.01%, which is not that far from 0.05%. 
> A few more hacked servers, and Ramnode will be listed, too...

Are you sure they were hacked?  What if those were spammers that rented
servers to spam, wouldn't you want the responsible party blocked if they
failed to act?

- -Jim P.


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJwIAACgkQPcxbabkK
GJ9IKg//dGhFsZGt7J/YK/hmC3OxWMNrGGyAEUpopUriw5ulxd6MjckhTmAi61+W
krY8zgriRXT4ayPDwplHZdeN6LdqLKLhGPORlY17Cec6+yKqifI+mdoqIwkbnYat
4Mr8G/X+aSaG8X4DZeK7oHn+xUMHSPiPzF/IQ0j+BFl1KOlrq4wPaGt8Lx/QA3FZ
8kmGUpU/3h2KabUJFHdrCpZYpDcpqogoqVW4jeqrsvpQ+mie4D/gXTLz3kNJ6hI6
j0S4vL/dxiN1Zj1rWndnV+l8WzCnTJAiJTJKbYGYTd/mQ+P+r7vRY48NJvPdS3bT
zImYqd1t0YgNhiTcoiJWn4dKCn8kSMfQbo7eOcVSZhuzLu3Qn7vQzCPfH+i0we9i
ONnyq2O4cmJuGXfAXSyqHECB1IGaZUz3zWz6wF0fTskMuOk/sbZt3azwc6OT7dUJ
KnyEe4gjl7ZpfhckMFTbbJOPhSwbSw0aZIaDs6ruUvz4g5ERmdABgUKmLjzYeW3r
/XxQ+jPgEbdd1Cm3GGtOcv6rzm7erp4mbvo8h62ic3aEXX3kmZGclVtD+wFRYYTx
MFc2fpcyE4X3jOc6z+wwq+AmTq/QUdvUrA6eXlfy8L9gJ/Og273DpJpOJaTLuAYH
pVdo/2Y+3gx+peqEKbGKVq61Af0Ihjn/7LlKwUJyGMSnQSRAquU=
=oRMP
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 17:23 +, Gregory Heytings via mailop wrote:
> 
> I'm not advocating anything, and that's again orthogonal to the point at 
> hand.  The point is that when a website gets hacked and starts to send 
> spam, all other IPs of the server provider get flagged.

You conveniently left out the span of time between "a website gets
hacked" and "all other IPs of the server provider get flagged".  

At what point in time, do you think it's appropriate for me to start
blocking email from "all other IPs of the server provider" once "a
website gets hacked" ?  1 hour, 1 day, 1 week, 1 month, 1 year, ??? how
long?


- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJv1oACgkQPcxbabkK
GJ/ezhAAkwL35a0s6rvjGPTj96cQT7blSaKyOH0kIkAU9CL6mK+BIGBw4Gs2ZRRV
4dLZ3JJWXOhp3sRt0WIWsHVu3LGDAELvMLfFC0p7fy0IVupq6K/frOCCuWOPcoxi
3tPuXhclGE9DE/rt2UukImVwQTo03E08IbEmnm/JSqNHBHpKU1imYFlFFuAhCqNf
0HYhd6Ew3AwKIsWR4WtTAJf9E0YKUFxqzNO6FIpwwU5nmrmGIQx5qF8ivq40LdJn
EbhPVWsM0AgoywY6BbovSVfdPw5E4OcOr+XSXDT2IWdj6CxQpDeozVFSX2UIqu+C
aHqsLJ463zBUy51fprHLO97QfMOkGF5eQkIkR8lKDdL0ge4BTULf5ZFkKapcShCj
Mbrp5N95C5eB2L/jn5RJFNdZSWL0G8m3FZrrxJkJyETFFpjRkhu3+2RQCdk2ihob
m0/3RZi0xeRoZnTX/MFz2DyIxGdckKDevaduRnSUpOzKJvXVEK+OZpsOuUzeDwk4
ha04ShmOxqzDNMlJHroSjsYYjcOjVvyBtwl0LVL1XFX4yfe7ukE2PzDgfE9sspVN
ZMmFamMgANj75ATLsD/Ih3utvBMW+Q5zIHP40tznXAr96YVhlF+PwrJSxsTk5QYQ
AZ5EqUx1OnNmyxLY8klbAy0IbK9tf286i5E5II18kg7INB04t6M=
=mR4D
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 17:07 +, Gregory Heytings via mailop wrote:
> > > One concrete example: AS16276 has 3583744 IPs.  Out of these, 2327 sent 
> > > a spam in the last 7 days according to uceprotect.  That might seem 
> > > like a high number, but it's only 0.05% of the address space of that 
> > > AS. Because of this all IPs of AS16276 are blacklisted.
> > 
> > 2327 IPs from that ASN sent spam in 7 days, and you are hear arguing 
> > that is OK?!?
> > 
> 
> 2327 out of 3583744.  Are you saying that only 0% is okay?  We do not live 
> in a perfect world, errors happen, that's unavoidable.

I don't look at the 3583744, I look at the 2327.  How many emails can
those 2327 IPs send in 1 hour?  That's a lot of spam.

> 
> > The a few things that make those 4 providers good are 1) They act on 
> > abuse reports, 2) they block outbound port 25 by default, and 3) they 
> > require real ID.
> > 
> 
> As I said, none of these things are enough.  You can act on abuse reports, 
> block outbound port 25, and require real ids, and yet see honest customers 
> being hacked.

But that is not enough.  If you have honest customers getting hacked
then you have an obligation to all other ASNs to promptly and swiftly
disengage and deactivate those honest customers.  What level 3
uceprotect is saying is that AS16276 did not act swiftly and promptly
and festered for days culminating in 2327 honest customer IPs sending
spam.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJu0wACgkQPcxbabkK
GJ8g3Q//ezt/4/AXRlFIl+DHmaiKz8QbkSOtsow9ktZXZuif10/7NOVW8CQvByng
JzNRz9KWnKlAT2xiyd1uAuHJ3tMKN35xwpOvDzdIUUJ+9pLYu8XTC8xWEn6ybMor
mwPfe4FqRcGiX5FOIdGAzL6KI9i55Aro5baoSmrEXH07ii4C3FFiY+/I4z3kU14d
DHCpErrrAW5Mg8PmAYg0KbCPYKpO+GZg0dFqPyWp9X2fuC2R9w0gjloojvyaKJko
VSTrrymdJbu5MAEV2WyCYyauQVsvqXpSKqbn5FAwYRFLq0bCzeWFvMIPuTqrhGJV
Hu9ZEsRiZjkWMtOmfBj7N9IM20pQvV3zm6dfj6IDgRP8bl5+PzeoS5u6mrBgM6hU
uTGYMOp6tIcovnUpXV6PNyPhJ7u2bDLQ5Q/0nR3vP9EE3gSN7FMxKICRQg3HE/d9
eC6Jh8mlPUFu2Z4avA5Dondh2NhPmP7iWdEUNKoYafAVzHP3rK9eehoR9mIm8W6C
3sdlcImk7yIBpNfJGQhdJ2xMY+2nKy3llgwKq1T2NZ1vCKIhHO+thUYTSP5n1zxJ
m5iCYk4+e+QPFCmfefhnFQ5UgqiM4KDcFiEy5e044FOq0U/msr+CV7l6CQ7tkgax
Vm17GFcq9jwnMuo9XzmMde9i3xXNLXkh3Spsf3U4iXZ5AVgI1PY=
=TmFe
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 15:15 +0100, Stefano Bagnara via mailop wrote:
> On Thu, 21 Jan 2021 at 15:04, Jim Popovitch via mailop  
> wrote:
> > > "Pay us for protection", when it really means "pay us or we'll [break 
> > > your knees|set your house on fire|break your windows...]" isn't 
> > > insurance, and can get you arrested.
> > 
> > Neither of those situations describe the reality of what uceprotect is
> > doing.  They are saying that if you choose to operate in a shady area,
> > they will, for a payment, whitelist your address so that you can send
> > email.  Historically, email delivery was always tied to knowing who the
> > sender was.  This has been going on for decades, even with folks like
> > Barracuda.  It's never been about the $$, it's always been about
> > identifying the responsible party.
> 
> This make me think to the "First the came..." thing: saying that around 1 
> million OVH customers *chose* to operate in *shady area* is a strong 
> statement. 

... and OVH cleaned up their act.


> Maybe you'll grasp the issue only when they will list Ramnode :-)
> Or maybe you'll be happy to pay or to move to another ASN until they catch 
> up...


You seem to be under the assumption that uceprotect is just looking for
providers to list.  I think, and I know, that Ramnode is a responsible
hosting provider.  They take abuse report seriously, and act swiftly. 
If you read the details about the ASNs that uceprotect list, it's clear
that those ASNs do not.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJs88ACgkQPcxbabkK
GJ8SCA//d0h9EzFSFDffJlntPa490qWxFtncCypS51qsNNcpv3bj1pn4qf+d8FzT
qdW/lFI4sLtbImfAVyIF6EnWR85BiPnZZ4q4juBNdRi2nyRbNUVM5XSrCV4exiTN
xOTbqbiVZJqkLle3STYSPhpAK6Lg753qbJx59EHFgSdfX8+1PjfG7TiDIcbS6Y9r
0pmMiWerrPd2admS8PcOdWUAAiKlYlxO6ELGFgGzHL+90HPterSGdoh3s05bfrSG
qIYwSrHJwX+gY4TkrVcrI4Rs/kWzy3PuRnd0NhqVFeDSX4/yH5n6oSSeRx1vvhZW
QFwnryi2emqZeIXULfeLHDkOOyLIlImIS9rgaGlpAxD37J+sEOsfAWYPh6TNMZOT
sRNhCkz00bpvqEed3LNkmYdfPNcyofJJNcyOJRvp5l7xjN48DkuflJTElaJgaLFc
HVOCSbxKQ2/jM3l/GlcWXYczGXxtSoXa2QhMOvkv6hTDyOX/uBRbrXDk1yWQrJJd
s8p2xVofmqA+H098SSsHQSwH+15pdVUeGWJSjVxjeKz94WHS6HAXiSjvuhZKQlz7
utZeAtBsHiaz5dmyG86HpLJYpvPfoNcNGyhQBniCcTmDD7mX1fa4g/Wh0K78TYn6
1yCXXu2noFOqFb1E2baGlKlYj7uvrj6sBycH14DxWoIwMC0o9rs=
=cQ/c
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 16:44 +, Gregory Heytings via mailop wrote:
> > > How can a server provider do this?  Apart from blocking port 25 of 
> > > course, and forcing all emails of their customers to go through their 
> > > SMTP server, in which case they wouldn't be selling a bare machine 
> > > anymore.  If it was "not even that difficult", I'd guess they would all 
> > > do it.
> > 
> > Linode blocks port 25 on all new accounts/servers. You need to talk to 
> > them and explain who and what you are, before they open it manually for 
> > you.
> > 
> 
> Apparently that's not a good strategy: their 509952 IPs are blocked by 
> uceprotect, too; 217 of these IPs (again 0.05%) sent spam in the last 
> seven days.  And indeed what you suggest is not a solution for the 
> WordPress site of a honest customer that get hacked, for instance.

You keep bringing up wordpress, a web application.  There is nothing
being listed by uceprotect that would prohibit a honest (or even
dishonest) customer from running a wordpress site.   Sending email from
a wordpress site is much easier to do through a MX provider than to self
host, so why are you even advocating for self hosted wordpress sites to
host their own email?

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJsdgACgkQPcxbabkK
GJ8HWA//fyw9PtQpyBEuyj9OTLSlexrESusenEzdLr08G/hZjzMECDF6uaJlflqV
aQ+cIVkJEEVvOZvFjjkw7kbQeRCRTqxBuOA4OH5ntkpmrp/1rI+6BAMTz+8y/cdc
iOZjo0TnsP6/ddwJh48PsNyYDi/zzqCIdFKQUnBTJJILi5TAJAK1xtdnyqaqA1vP
QXT3jnuSzzzdW96r/H74YC/GUZSUDBputeBsX/JV69oBVqkEyGV5dVmvYO9IZsTF
ZujjdXF0kglfk2P+3naO1Gw5F7ypVWWs4FtNXtRgUTzbOjbHLbSlzi9TV8ExPGw6
ByuUff6C1KEbKTBsOvzaO9ZGSuDBPKwgkv4lCJHN69NtWxWs0gW0tG9eQGF308oD
GwBFY0Xwok+J39vek3ylpellJHHal20vzxWV8P0wk51F9EM4flXZnzDm3RTkNXcJ
twX9z5UIcDYtN/GRxOZNmt+6RvpzGowDYbA+W+9JdfIaNYYaQ++U9p35efDY3r7M
wV9XPzJZ2p+kglh7kps7ZKtxRxAxbK8m5EGnAMsvxZdmRIxBscO+NQTUokIirjfZ
nRb+VlzmTxwUAqZVSsF2VBAQZOBBGW5owPJUPIe7OxOvJkwTpI5w3SKrdHrCy8WM
74G8LIqUZQPKC2zH1Nv9HUZ+O9TF7sve+o6BJ+h0JpcBchAoGBg=
=MzhH
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 16:20 +, Gregory Heytings via mailop wrote:
> > First off, I'm subscribed to this list, there is no need to email me AND 
> > the list.
> > 
> 
> Sorry, I was just honoring the "Reply-To:" header set by the list.
> 
> > > It's what they themselves say: they changed their formula two days ago, 
> > > and because of this thousands IP addresses that were not listed are now 
> > > listed.  See http://www.uceprotect.net/en/index.php?m=12=0 .
> > 
> > I know they did that change, I support it just like I thing the PBL is a 
> > good thing.  Are you saying they should be prohibited from making that 
> > change?
> > 
> 
> The point is not whether they should be prohibited from doing this, the 
> point is whether it's a right thing to do.  And yes, I do think it is 
> wrong to blacklist tens of thousands of IPs because a few of them (less 
> than 1%) misbehaved, and to ask the other 99% to pay to be whitelisted.

The PBL does just that. But I think you are wrong to use the term
"blacklist", it's just a list.  You could use that list as a whitelist
if you wanted to. I highly encourage you to do so. :)

> One concrete example: AS16276 has 3583744 IPs.  Out of these, 2327 sent a 
> spam in the last 7 days according to uceprotect.  That might seem like a 
> high number, but it's only 0.05% of the address space of that AS. 
> Because of this all IPs of AS16276 are blacklisted.

2327 IPs from that ASN sent spam in 7 days, and you are hear arguing
that is OK?!?

> (By the way, the numbers I gave in a previous email were a too low 
> estimation: they actually blocked millions of IPs (see above).  If only 
> 0.1% of these blocked IPs paid their whitelist fee, that would mean an 
> income of at least 250,000 USD/year...)

Why does 0.1% of those IPs need to send email?  Do you know that even 10
of those 0.1% need to send email?

> > > That's orthogonal to the point at hand.  The point is that honest 
> > > customers can have their WordPress website hacked.  This might indeed 
> > > happen because of apathy on the part of that customer, but a server 
> > > provider cannot do anything to detect customers that do not upgrade 
> > > their website regularly enough.  The product they sell is a bare 
> > > machine in a datacenter.
> > 
> > That is the problem, and it should not be a business model without 
> > consequences.  It's not a stretch to say those bare metal machines are 
> > munitions, should they be allowed open access?  Be careful what you ask 
> > for.
> > 
> 
> AFAICS that business model, which is the one pretty much everyone uses 
> (Amazon, OVH, Hetzner, ...) is the only way for smaller and medium-sized 
> businesses to run a server.
> 
> What other business model would you suggest?  Are there existing providers 
> that use the better business model you have in mind?

Yes, I can think of 4 right now, and I'm sure there are many more.  One
of those 4 is in your short list above.  The a few things that make
those 4 providers good are 1) They act on abuse reports, 2) they block
outbound port 25 by default, and 3) they require real ID.

- -Jim P.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJr24ACgkQPcxbabkK
GJ+LZA/+L8wS/Kr0wlN7Ul8d8LkttbOAgGQrl3mfAh4yeBIa5PBhdTzIBwOAzH0y
1XXg4mfHQwzVMuxsAinmqF39/IOQKsU/1kC6z/UqzE834kBwVhMxEvN3O1uw9cI1
VSnTZpynBZd/Zq9H5bnViBULCiFgHUy6EcRz0iD7JK9joM44+TDyKy3oVaTC8M6t
A9LHlV/9plzWlH1wvpiOGxIDc5aSYMb1FQXeyUPyS2JYCJRN7QkDJI6rFDyxbYgM
tbb25pB/njfqfBGXM7XUOSsgarAYz3zgPaiIvrOGQOyavA6nLOg8BE27iskYnpwv
eWinQnrnWHo2zF4Ejk+lyleFSgnDG0nC83u5IL983wV4H1nXxKabfrE/syTowCPr
bIErTuLtfHYa7mQSksq0vfLb3L9zEteXdryPBQNewiUJwB1KFNgGQsiysE7Zjcre
rwl5ENhGmGTjquuJkLRATI3oLJF3PJML5ezJQLUhgLgS0Jb70Wa9Tk3oQsWR7e1i
PcvQf27SVpYOyL+ytGyAvhSiD/Nv0aeQQml8c09jhwdVgu9EAp7g7Ux3iLmWcMb+
v9tBHOjUFK9S1JRljc8Wr5xr7jwI0lQoueVEi8r8Lk3MsvryfkV8ZXkRMAOr5B6h
36+iZpj6rtk3l5LnX2jT2s75YgK8atAAWFuncTgNccg5jt4A4yM=
=wYZq
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 14:38 +, Gregory Heytings wrote:
> > > > That's a fair point, there's no reason to not question their motives. 
> > > > I just personally don't see that it's a profit center for them.
> > > 
> > > Just do the math.  They blocked at least 100K IPs, because 1% of these 
> > > IPs sent spam in the last 7 days.  If 0.5% of those 100K IPs decide to 
> > > subscribe to their whitelist, that's at least 5 CHF / 24 months. 
> > > Which is I guess a rather comfortable income that largely exceeds their 
> > > costs.
> > 
> > How do you know that's not the same situation as the PBL?  Who says that 
> > it was uceprotect's decision alone to list 100K IPs?
> > 

First off, I'm subscribed to this list, there is no need to email me AND
the list.

> It's what they themselves say: they changed their formula two days ago, 
> and because of this thousands IP addresses that were not listed are now 
> listed.  See http://www.uceprotect.net/en/index.php?m=12=0 .

I know they did that change, I support it just like I thing the PBL is a
good thing.  Are you saying they should be prohibited from making that
change?

> > > Also, they seem to ignore that, while it is feasible for ISPs to 
> > > eradicate spam on their network, it is impossible for server providers 
> > > to do this:
> > 
> > That sounds a lot like apathy.  Even the banks are required to KYC.
> > 
> 
> So what?  If you use the bank analogy, it would mean pestering 1000 
> customers because 1 customer got robbed.  And then explain that they got 
> robbed because of apathy, because they did not install an alarm.

But if customers keep getting robbbed, over and over in that
neighborhood, then the right thing to do is...?

> > > "If big providers like DTAG and Microsoft can so effectively prevent 
> > > that their customers are sending spam, why can your provider not also 
> > > do so? The simple answer is: The Abuse Departements of providers NOT 
> > > listed in our Level 3 are doing an excellent job, while those listed do 
> > > not. If your provider really wants to stop the excessive spam coming 
> > > from their ranges they would simply install some preventive measures."
> > > 
> > > Honest customers can have their WordPress website hacked.
> > 
> > Most don't, case studies have shown that it's apathy that causes most 
> > wordpress hacks.
> > 
> 
> That's orthogonal to the point at hand.  The point is that honest 
> customers can have their WordPress website hacked.  This might indeed 
> happen because of apathy on the part of that customer, but a server 
> provider cannot do anything to detect customers that do not upgrade their 
> website regularly enough.  The product they sell is a bare machine in a 
> datacenter.

That is the problem, and it should not be a business model without
consequences.  It's not a stretch to say those bare metal machines are
munitions, should they be allowed open access?  Be careful what you ask
for.

- -Jim P.


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJkyUACgkQPcxbabkK
GJ/Ouw//Urjf/dL0ERAruBba/muU1NanH2LgeAlUqMVPhc92klY+FT4xjZAA590a
AgTDoNddF4W8eZGy6q12DMjIMS9oS1PuMnFQIMv6vAJ844Tmyu/3u7eBdUQTAhKd
VLbA2Lm9VyBx+tuRHif4E40O5h41CY7GM/Cd49wXknWGPBHGOm6cB5mAvX1o0r9W
cY4cEDtfweNWPS+cEtn/s3xiqXg/MsErbuE6rDt0+KLmOMmKmhO3Ty0nxFW5nuYg
w9emH9Gv86VnYTgEkl4rieiC6Mtw0iOIBoHw0L75eHaY8aGKnCvxKsNjIpF2iMFi
IsXcd4B2IRZA9+9XNffkRt5zvkQWSZT/7cCPIniNorNRQRIBj+sj7A0NvS+XrKkA
ZG2GBL4PG4vd6qOoRnIBD5KuySA9Ec1AkiWpjlJeiWLJgcbP+OUmqXNCNsUTYFFM
LxE9DBJGl18VFnjZjSzsr9y8mRXtCfaPKIfi0ocuepFcxr2/v16aT+H2oVfGXUBi
sU5lR/xm4HXGWkYfNccFR8FnXIhj+SztkifXJxfh734PC2bEN80dwNNhd3nqQ//W
6j/SrVcuAeZbCP7JRh5sSvuIY8wxE97tSKzA1mgvNGFAZgaxxwDqLIub1mjpgJjx
zMzvpDKf6vPJofxjeymaUQKH9aWf3L0wjsnTo6ihIbzphnIwbMs=
=pG7g
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 14:01 +, Gregory Heytings wrote:
> > > > > From their web site: WHITELISTING IS RECOMMENDED FOR IP 
> > > > > 217.182.79.147. Registration is available for 1 Month (25 CHF), 6 
> > > > > Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes, 
> > > > > perhaps it's not extortion.  We may call it demanding money with 
> > > > > menaces, exaction, extraction, blackmail...
> > > > 
> > > > Lot's of things in life require payment(s), or purchase of addon 
> > > > equipment, depending on your circumstances in life, your living 
> > > > arrangements, or your location.  If you are in a high-crime area your 
> > > > mortgage insurance will probably require you to purchase an alarm, or 
> > > > if your home is prone to house fires, a smoke detector.  Then there 
> > > > are taxes, fees, licenses, etc.  Life is self is pay-to-play, whether 
> > > > you realize it or not.
> > > 
> > > Yeah, and when they'll need more beer they can just update their 
> > > formula so as to blacklist a whole AS on the first spam, or maybe the 
> > > whole RIR.
> > 
> > That's a fair point, there's no reason to not question their motives. I 
> > just personally don't see that it's a profit center for them.
> > 
> 
> Just do the math.  They blocked at least 100K IPs, because 1% of these IPs 
> sent spam in the last 7 days.  If 0.5% of those 100K IPs decide to 
> subscribe to their whitelist, that's at least 5 CHF / 24 months. 
> Which is I guess a rather comfortable income that largely exceeds their 
> costs.

How do you know that's not the same situation as the PBL?  Who says that
it was uceprotect's decision alone to list 100K IPs?


> Also, they seem to ignore that, while it is feasible for ISPs to eradicate 
> spam on their network, it is impossible for server providers to do this:

That sounds a lot like apathy.  Even the banks are required to KYC.

> 
> "If big providers like DTAG and Microsoft can so effectively prevent that 
> their customers are sending spam, why can your provider not also do so? 
> The simple answer is: The Abuse Departements of providers NOT listed in 
> our Level 3 are doing an excellent job, while those listed do not. If your 
> provider really wants to stop the excessive spam coming from their ranges 
> they would simply install some preventive measures."
> 
> Honest customers can have their WordPress website hacked.

Most don't, case studies have shown that it's apathy that causes most
wordpress hacks.

- -Jim P.


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJirUACgkQPcxbabkK
GJ/jMQ//Rz6ksQNBXDOja83J6D0bGY9YEejL5tvPjOKMEbb8N5kQnmz6acDMZmAl
9lHkKUMAGy0nGwggXxFaE8pyFg6ClGeOSz+6yQsxOvzz2KszprsV/xEENQRAUrrh
VuqpTThAGC2Ltg4gbe9VUF0PNfpvw7KiuUpaeHssO2fch8ePJ6GRmwR3LUBH16Bh
wYmxhWS2OGP87WcqcYQJzPgK67pvbi7u/LXgf+3Brw3trgXnI7HUVKr3ulMlpKot
RkzfaoCmsPGKNi0Upa7PwgRMSZ+/JpO6E5g5FoYtVq6UCZmEXth3dT9pLFUvzhus
voUNPUkRsaQtyRi1j5B3GpL+PwHPKVQW2cITnjG45a8T8ShxZMIAMEvKHEDqxk4m
q6nApxtLvSA211o/LrpGYYYTcFv1Q836E8Rkt2LEZ8Di6WvRIdQkhceR/glMWdEX
3WgpMXPyJQj93/boiTF+S9trie4CI4n++mWBL1WYMONd9qWkJhHzpPqEBYMrc8aA
+UP0Xvfggty/IxPw+wdQVvT+aDi4V0Tw5Qwnt0mFVoMMX1Nc2Ny3cv+muICoAeWL
RuyJwVac/c4J6SrD5BCKLbbuUi2AsDCSR71XAomLfNKTbICe1Z3UMRHjPlGc9Cuj
FoHnxIVUckRf0s0M+nH95UzB8RbD/fg7eMkRGcsej7o6TzC07+E=
=73Hx
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 08:54 -0500, Chris via mailop wrote:
> On 2021-01-21 07:26, Jim Popovitch via mailop wrote:
> > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
> > > So yes, perhaps it's not extortion.  We may call it demanding money with
> > > menaces, exaction, extraction, blackmail...
> > 
> > Lot's of things in life require payment(s), or purchase of addon
> > equipment, depending on your circumstances in life, your living
> > arrangements, or your location.  If you are in a high-crime area your
> > mortgage insurance will probably require you to purchase an alarm, or if
> > your home is prone to house fires, a smoke detector.  Then there are
> > taxes, fees, licenses, etc.  Life is self is pay-to-play, whether you
> > realize it or not.
> 
> Demanding a payment to protect someone from a threat, that you 
> *yourself* create is called a "protection racket" - classic extortion.
> 
> "Pay us for protection", when it really means "pay us or we'll [break 
> your knees|set your house on fire|break your windows...]" isn't 
> insurance, and can get you arrested.

Neither of those situations describe the reality of what uceprotect is
doing.  They are saying that if you choose to operate in a shady area,
they will, for a payment, whitelist your address so that you can send
email.  Historically, email delivery was always tied to knowing who the
sender was.  This has been going on for decades, even with folks like
Barracuda.  It's never been about the $$, it's always been about
identifying the responsible party.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJicoACgkQPcxbabkK
GJ9J4RAAgy/aqivPvN9uyjzYmz0AvhKhddxa92DLEoh4FGmDYocWGHIvXTPsbhGV
fYsbU4byKEx+UkrBhXACKTU3cmpe+2TmGBRlZKDATXS8zuYujlmDm9VCt9gL5nsR
nMBnZ4lIkx/is57n4cnxPnFFISrNnrLvfnkiCc9Ob5JWI9Fe1uTM3LMxFKSbwGqs
PMIv6HDNKmsDAaiyHDpho1BcUvzC1t7YWEWZApmpk7wl8n281ZUqmyirYgRqmUq0
tVkd0BnyDGMZqF5dDOn0Av34x9z51+iDmaMPnMiAQIFfoDfQ7+9TRz4GpXtKlONU
azDEeoWMCXtzXTjvhc/FbPdMPtSLSozq3qmfYMtCu8uubdVaJvJYE3siztAWewBM
mHN9AtMSlQY/LKtG/xlLo2h7kzM12VpbYlZLv4iLDMOLt0ih2MN0hDu+cNMOI6/Y
AzVXjTW1tUxBoyCfOWqXsLpbt1cY+QyScuE201sGcr1pe8wGrXCdvcmTMo446ogA
idmVFqjywYq6G4Op2ZBeiaUU0y/MVQt2oFk9DYN67mNvTpOJOHy4OL3oPxFTiA8m
AtBvEBhKLW3FC84Weehxrxl3LeymNV1ElWtknpAQXCk8ZEF54bF6PG46DhEy897i
fzEiRa68pFr4br7nimhNuMou5eZ4f2ssMPZh56cmtlgcJlGRu10=
=LKhQ
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 13:44 +0100, Alessandro Vesely via mailop wrote:
> On Thu 21/Jan/2021 13:26:43 +0100 Jim Popovitch via mailop wrote:
> > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
> > > On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote:
> > > > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
> > > > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote:
> > > > > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop 
> > > > > > wrote:
> > > > > > 
> > > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5
> > > > > > 
> > > > > > You failed to mention this bit from that link:
> > > > > > 
> > > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those 
> > > > > > approved
> > > > > > and clean IP's that are registered at ips.whitelisted.org"
> > > > > 
> > > > > Isn't that exactly what is called as extortion/blackmail?
> > > > 
> > > > No, no it's not.  I'll leave it to your legal dept to explain that to
> > > > you.
> > >  From their web site:
> > > WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147.
> > > Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 
> > > Month (70
> > > CHF), 24 Month (90 CHF) .
> > > So yes, perhaps it's not extortion.  We may call it demanding money with
> > > menaces, exaction, extraction, blackmail...
> > 
> > Lot's of things in life require payment(s), or purchase of addon
> > equipment, depending on your circumstances in life, your living
> > arrangements, or your location.  If you are in a high-crime area your
> > mortgage insurance will probably require you to purchase an alarm, or if
> > your home is prone to house fires, a smoke detector.  Then there are
> > taxes, fees, licenses, etc.  Life is self is pay-to-play, whether you
> > realize it or not.
> 
> Yeah, and when they'll need more beer they can just update their formula so 
> as 
> to blacklist a whole AS on the first spam, or maybe the whole RIR.

That's a fair point, there's no reason to not question their motives. I
just personally don't see that it's a profit center for them.

> Even taxes are being payed for better reasons.

As an American tax payer I strongly disagree. :)

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJfsEACgkQPcxbabkK
GJ+IMQ/8DfhbxscxTt7Rc68AGxsUKw80YTz8AoZm54q+h/Sr16bH8R+G6WvSR2PO
uTzVwkNiYz3/XtdpNXfjS0D3G/2yACFj0EcATKLp6k47kJY7dRWQknOCZVHb4gpn
ig+5IEDrxIE8G0qkE9dE1A2avfEU8WIOpqKFAmjUNE8A+D7OJVnGJNc/qm8Mc+ed
c/vDLxlMT/NYxKxrWXq31ghzm5ieAp4Fks9bvjuJO4wzQniK46kpYTrw82p2zMyo
+joMWrW94F+iF15bRh0fCxU+E2V09n7+URWexDwnlaJ3f331J9ReopoWn5E//fGI
Rtxld65wRDDE2yqQ0b1w49MCmen7+4N2KUisrgOGOwFua/Oon3y7COLho5pX8N4C
jKndZZ9835xuiVnr/93OZJa//ogqwywRA2Zz69wXptRum85O+tiXEZ2XcFuMWYsP
1/VUf1HnNCCDr7cPRQrmmnsWOsxV+SGMzw7FWDJVD47A32onLwp6nK9Jv3bWJzNF
Xx7Z1IHCOq0XAJuXS87o9crFJnEt4PUR2JBeYHGzgIhSe+jDmsIBPa2LcAd8HXyE
JFjAZ5EzEMBOZlSGsM/C8C5YkiFWnulHn4T2HyLpGtwx4AOY0HTcextl+pLtSA7w
jQpzzDGofT06hCE/V7Is9qrHJNZQKSQAyBkrY5YP8H/OXbZ/vQ8=
=0KAd
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote:
> On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote:
> > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
> > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote:
> > > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
> > > > 
> > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5
> > > > 
> > > > You failed to mention this bit from that link:
> > > > 
> > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved
> > > > and clean IP's that are registered at ips.whitelisted.org"
> > > 
> > > Isn't that exactly what is called as extortion/blackmail?
> > 
> > No, no it's not.  I'll leave it to your legal dept to explain that to
> > you.
> 
>  From their web site:
> 
> WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147.
> 
> Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month 
> (70 
> CHF), 24 Month (90 CHF) .
> 
> 
> So yes, perhaps it's not extortion.  We may call it demanding money with 
> menaces, exaction, extraction, blackmail...

Lot's of things in life require payment(s), or purchase of addon
equipment, depending on your circumstances in life, your living
arrangements, or your location.  If you are in a high-crime area your
mortgage insurance will probably require you to purchase an alarm, or if
your home is prone to house fires, a smoke detector.  Then there are
taxes, fees, licenses, etc.  Life is self is pay-to-play, whether you
realize it or not. 

- -Jim P.


-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJcwMACgkQPcxbabkK
GJ9Vlg/+J/7GiIC17+cMuT8b2O7+JI7YxSP2WQ3rEaLtLlL+eNSmyqCxoll5A07o
RCneiBzyTKejnS5YJHNksUtq4avI4LSE4e17OsKMW1QWCozBMzfEqLtdiBBLItnf
2s2MpE6WIF504CGrwpsUf9DgVgC1Eg8mFxy3f+XQQsj3kMFZaYyoMAHQamxssz8t
ZVT/5AudYnO4wXRVzyxZ1XgmfUL57lEGtlFhSGTWEbmoAyM+0KCxBF6i3qTONDSv
LSVImbPFnyy/tZHR0QsHhB+fFPxV23hGoFwMahSJR4T/nK2YFC4JJvFjF54/QtB6
i+mbWZBA9nSuCFGhPXJBUtyOmC2WtwEuOIXR3S+mclbeIqFz/yGDODXXBsvWS0l5
qiMP+gxGy3xxbJ/DB7Hh+jY8OsPkuY4BbdfB0bZj43BJVbNVD87JwtRua61OG2oj
uXFnNBDYyd7/Imp0qiLISb0TX58DLtYupkVcihlbLy5yQkC6S6CXT/5ruQ9bs7Ml
VccejPk1GSxepFLjGeG1uFqr0SDuCKQR1JSayahR8ObAtLPNpYQ/h8+a+/AHMTF4
fsb3QYn3J6btVzOZAQWKztqmIBq9xxubgg0YjVVx0ddQSdYoqir7HbZMJoZSWGu6
EmEBDBGEwGRQGztqfkDDT5lI37PeJTsvY4Fu3NyPYAwmLs6CBdo=
=0Lyp
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 2021-01-20 at 08:27 -0800, Russell Clemings via mailop wrote:
> I don't really understand why anybody would use UCEPROTECT3 anyway.
> 
> The first sentence of their web page says:
> 
> "This blacklist has been created for HARDLINERS. It can, and probably will 
> cause collateral damage to innocent users when used to block email."

But the line right before that says:

  "Level 3 lists IP Space of the worst ASN's."

Your server, your rules... 

- -Jim P.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAIb4QACgkQPcxbabkK
GJ/hAg//S1eaUC0rPNcN3GYMJlVh0twQOwCeiqx8YEN19Vnv/3Oma4iF7C9wwCQ0
qTIIX8Z+3GqiK5cms/IfnqUOZjWCEXDsB++v5/XulpYx1MkM3j8v8qlRGi6JsR56
ANHZkfDdMvA1Y8KKGLo5KS8vS8QHkU7Pwv3tW7yVH3Chb3aAQUXk+96Zh5a+FGyA
miKbaW0Iu6gWz9Lkklt20ElOGsGCWQ4gQrImEo6MCzPn1wUU6msx/W2NU+blkPM3
lLXkhV/bzzl+PJSJZSbBFQmxMJ7KXsZWVviRDIRRn+iOVdXWhYMEysk0bSmKiIPI
j+cDqFLCvvO8UaiMf1NR9azkC5uggPucQPAGJ98HUHWwdoYz+kzv0iEWWw53L82n
/eXxXtsYewKx1XJegDuvWCHrhYdmIfpmOPT5zoGXyjgKT7kNr4/Z6jG/wlR9i1te
dpxrQAdsFvmGG8oNtol5XL2+wPnfiV1mGBLkmXUSidMczl4ovqACgwh6MxgI6yOj
1R3imW3/FNgLOpvw97PJaBhmqYmFMoVZL90a4hifJOjnzJBQzvBouiHOtanQg+de
FthIAaXOpaYcFIme88IMdCBTnWqW7qLkI2HpezjI1TdpOL8ULDpfIk9yrRAl+WHX
Uq2kzyOhVG8FPBBOnVXQBYErRrHpL1pGyhz999U4GbICg2Rp0TQ=
=LYYZ
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote:
> 
> On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote:
> > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
> > 
> > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5
> > 
> > You failed to mention this bit from that link:
> > 
> >   "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved
> > and clean IP's that are registered at ips.whitelisted.org"
> > 
> > 
> 
> Isn't that exactly what is called as extortion/blackmail?

No, no it's not.  I'll leave it to your legal dept to explain that to
you.

> Anyway, your network, your rules, don't complain if you are using 
> UCEPROTECT above level 1 and rejecting perfectly valid emails.

As I previously said, in the past 10 years I haven't rejected any
legitimate email from senders in uceprotect level 2 or 3 (nor even level
1).

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAILzYACgkQPcxbabkK
GJ9rUQ//elMv/hFjq+Ic4qh4kw8fX9BWzJtwM1/V2lL9qxU405aCIIUEo4nz6cJO
jec4/Noua4xQ4IcAPCBtqFG39lTWhGheB93GUKAcBev0Mn9I+Y7F1bxePlsbSBus
cXOl8L55R+FvEESFnonyJGIlXNFmaqUeHqnZ9kJhpnB1i23IeuYb7RAG3vCDcN/l
vvlBLNCpVVRZYDutOXPfGM9UbIj1Eyoew2sgzbMUrOzhVZVVRx1NdZPIC2bPFE2W
5XeRWy+oDwULivfolctjQchuJx6HYfASrUzY2ov1IDViSpA9imd8IPCwD1jjiUip
BArihCn3pJ/iULkNI2tsgrPHe6VbLZa3ypAk6Vw1yDx7TRGXNtmwKB8C+o152VCa
F07Oba0oXsNkvw/R/CS4KY8TGJgLTWajqPgVbY/FZ2DJFJ5VVop1JJgA9tVUHGwV
i2y6eQ1vafxI6DAWrznbYFJbtlf9qpZhBBwp6hfNf6pexw2k6JwbN3okh0x7t14u
0hedn30xSw7+FtyrxAhzLD8yFmCmYHhp35hcSCoxvaM1L6QqKhDvT87wzI4fDLlj
TBiolK6s9/ApBiYpEUAeXOSSEkX9yZfBU0uz+RZxAC++HRLcOqu/KdpdpDKCpi5Q
+KjiXptrI7lLMFo9R1duaDBqVwjZZmQModgCLZbm+zlnDeBwWP8=
=0O2S
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote:
> 
> New/current policy: http://www.uceprotect.net/en/index.php?m=3=5
> 

You failed to mention this bit from that link:

 "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved
and clean IP's that are registered at ips.whitelisted.org"


- -Jim P.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAIKQYACgkQPcxbabkK
GJ+Q7g/+NlwaU7H/ZzrWbgEOXtCg29Ve0PYOCaovmmG4hVPazhGneKr70BhA7ZGu
0UzcWNluHnxgrs+aadoiZ8X+u0PchjDw7ZVlJ0DCGpNR431RkN0ta03EgK7oPvtX
6oHKnoGJZ+ZuI3yt8fV9+u0oY9iB2aOuxk8RVUkpqQOn91DKXlkXD8dvHpDwRHKO
kOUizjpXm7Xpg/eV+aD9OXa6HEXgJStExIAW5wiyT/5efWv+EcunwFET+/ktOuim
TmEJHQHKSh3Be8eVAKRzo/7YvCBwnV9r8nCB9geWOaoCPh/3reB92Vy2HTsN4h+V
tHoNghmM5OQ5OFJP0dUI+dh4va+R35NGcwNpODHMxPXOOZ6cwqlGvh76oYxR0jG3
XJAhn7PgU73+yZXezfK/8/OnStuzbK064DXWWwnRvf4ov84u69BgmbufOz02gRUO
sycSGmLZqkpsItZts2IuWiMTYps6xLPFmTpSLksnWS3x7dPoC78Tl1m3Xa0tV/f7
vNAXABoeAWPUMQMH4TQkCwld5h0EiPeo7XxOWKFnQbMJzOyl/JjtZJWGJZXW+6Jp
3pjyuatlp8Mi1kfqLz4ARladWgt2uBvy6QeOUYSc2qwuCazldNMRWe3lc6HWdLyh
/+TYMqU2CqDYdlVLq54Ep6gFdZ7XjYlUVmq5GzozYG6hYMbCCOk=
=0+9X
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is it something to worry about?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, 2021-01-20 at 11:21 +0100, Renaud Allard via mailop wrote:
> 
> I agree with what you said. That said, those who use UCEPROTECT above 
> level 1 to unconditionally block mails deserve to lose mails.
> 

For me, it's "appreciate never seeing those emails".  I outright block
level 2 and level 3, and high score level 1.  I've been doing that for
years now and have never seen a reject log message that wasn't already
listed in Zen, Sorbs, or Psbl.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAICcUACgkQPcxbabkK
GJ9TyxAAoyrSMOuuEOss2Rmv37XdCV1ptlVs/gSevk2Fipdrla50K3AH5onnHFmI
Bv7F/RYIsI6ubJcKrOqk5deKUumK9TpOBgucRRjvVMDovL/DNBzUVl8gBbR+HVLe
rIliqVd1v/cK0QGC/D5c/SRjLIimKmYeVxwUo1gt9y1g3yQNwnNrjRG3b9kEU/bS
/yFwaHNN5HMBszhl/W1op4900KMlemnMOEAiUIZznFyWHKJgRk1XvHhU1UDGkZAQ
xnomauf/TwR7XY7NkRNoJsYLdI7oPJGhOIZujOeA9/KAKyDMee4YWfaIYZn3IpQq
mKmQRtT4QuT1JNwKPjiE7kAwgqnkdxpYbVwKkbBJd3TkK0H2NO+gn4VNkteeRicy
zeM2dVjGCV4JNoiW+em+IKGYPTGUt/BaAnFrGFcAd7hN8RlXzUO4rscF6cBaoQdA
CxfgE/G+5AzbBRlgnMW9DXzVyEwxq/wZYqD+j6XMzWYjNANhQMKp6JTmn7eDeV/x
iGHXk+iQu7YWhmMeVSlcgOxfN4r3GEC14w0m7slF9sqxRfq7kJHhj0bEEaITFWo0
sZh0PYsl5WsPYYw42RdNCotztcWDEB91AWuTyxhONXFQVURmxWdlR+pE1+MwfEHc
D9glzzfaCnXO8tFaLG1dYlFYwdiJcBGsBLttN5d01f9uI5XhvuY=
=mcMZ
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New server email being treated as spam by Google

[Jim Popovitch via mailop]

On Mon, 2020-11-23 at 10:15 +0100, Ewald Kessler | Webpower wrote:
> Hi Jim,
> 
> There's one 'e' too many
> 
> > googleemail.com smtp-v4:


Heh, Thanks.  I've had that like that for close to a decade now and
never realized that.

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] New server email being treated as spam by Google

[Jim Popovitch via mailop]

On Sat, 2020-11-21 at 13:59 +0100, Thomas Walter via mailop wrote:
> Hello,
> 
> On 21.11.20 12:54, Jaroslaw Rafa via mailop wrote:
> > You can configure your MTA to disable IPv6 only for delivery to Google - at
> > least with Postfix it should be possible.
> 
> how would one do that?

With a custom transport table and a custom master.cf entry.


> We don't know all domains that sue Google MXs, we don't know all MXs
> Google uses and they might change. Do we know Google's IPv6 addresses?
> Do those change?

It's done by destination domain, not IP address.

Here's the relevant transport table entries of domains that I enforce
IPv4 delivery to:

gmail.com   smtp-v4:
google.com  smtp-v4:
googleemail.com smtp-v4:
hotmail.com smtp-v4:
live.comsmtp-v4:
outlook.com smtp-v4:
microsoft.com   smtp-v4:
msn.com smtp-v4:
yahoo.com   smtp-v4:
yahoo.com.mxsmtp-v4:
yahoo.co.uk smtp-v4:
yahoo.essmtp-v4:
yahoo.com.brsmtp-v4:
yahoo.co.in smtp-v4:
sbcglobal.net   smtp-v4:
sky.com smtp-v4:
rocketmail.com  smtp-v4:
aol.com smtp-v4:


Here's the relevant master.cf entry:

# ipv4-only outbound 
smtp-v4  unix  - - y - 200  smtp
-o inet_protocols=ipv4
...


-Jim P.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] opendkim bad signature data from mx.mailop.org

[Jim Popovitch via mailop]

On Sat, 2020-11-07 at 17:08 +0100, Jaroslaw Rafa via mailop wrote:
> Dnia  7.11.2020 o godz. 11:58:03 Mary via mailop pisze:
> > In another mailing list, they automatically replace the From: with
> > something like "Mary via listname ", then its easy to
> > re-sign the email with the list DKIM signature.
> 
> Replacement of the From: address is usually done only if original sender
> domain specifies p=reject in it's DMARC policy. Otherwise, there's no
> apparent reason to do that.

While it may be "usually", with an up-to-date version of Mailman there
are options for "quarantine" and even "none".

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [ADMIN] List migration complete

[Jim Popovitch via mailop]

On Wed, 2020-09-30 at 22:07 +1300, Simon Lyall via mailop wrote:
> I've just gone though some unsubscribes for the last few days ago 
> hopefully we are now synced. If you have unsubscribed from the list 
> recently and are still subscribed then please unsubscribe again and it 
> should stick.
> 
> I am going to temporarily enable the mailman's monthly password reminder. 
> This should send out an email tomorrow to all subscribers with their 
> password. I will turn it off after the single mailout.
> 
> PS: In the past we have been hit be a problem where gmail will reject 
> emails sent to multiple domains (all with the same gmail MX) at once. Does 
> anyone remember the postfix/mailman setting to disable this?

I've always done it via SMTP_MAX_RCPTS = 1 in mm_cfg.py

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [ADMIN] List migration complete

[Jim Popovitch via mailop]

On Wed, 2020-09-30 at 12:08 +0200, Patrick Ben Koetter via mailop wrote:
> Bjoern!
> 
> * Bjoern Franke via mailop :
> > Hi,
> > 
> > > FYI we have, finally, completed the mailing list migration to a new VM.
> > > 
> > > Firstly: many, many thanks to Andy Davidson for administering & hosting 
> > > the list on his own kit for all the years it's been running. First 
> > > message sent to the list was from Andy, way back in 2007!
> > 
> > Thanks for your efforts.
> > 
> > It seems like the hostname isn't the mailname, as amavis puts the
> > hostname into the header:
> > X-Virus-Scanned: Debian amavisd-new at v220191126877101294.luckysrv.de
> 
> Well spotted! And I already had a look at this yesterday, but didn't
> investigate any further because we had to sort out deliverability issues by
> then.
> 
> And I don't consider this a critical issue. It doesn't open a security hole
> and AFAIK the additional hostname will not have an impact on deliverabilty. Or
> am I wrong?

Nope, it's more of a cosmetic thing, than anything.

Assuming you are using clamav-milter.conf, you can append

ReportHostname clamav.mailop.org

-hth

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

[Jim Popovitch via mailop]

On Thu, 2020-08-20 at 09:43 +0800, Philip Paeps via mailop wrote:
> On 2020-08-20 05:17:09 (+0800), Michael Wise via mailop wrote:
> > BotNet?
> > Were they listed in the SpamHaus XBL as being compromised?
> 
> The problem is that the subscriptions come in through the Mailman web 
> interface, not through email.
> 
> Arguably, this is a variant of the old "send an email greeting card" 
> spam.
> 
> I don't know of anyone who checks the XBL (or other blocklists) on the 
> web server.  Or if that would even be effective.  Does the XBL list 
> botnets that abuse web services that lead to email being sent too?  This 
> may actually be an interesting hack to perpetrate. :)

You should probably also know about these 2 additional MM settings:

BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes
BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE = Yes


-Jim P.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mailman confirmation email denial of service

[Jim Popovitch via mailop]

On Wed, 2020-08-19 at 12:24 +0200, Andreas Schamanek via mailop wrote:
> On Wed, 19 Aug 2020, at 09:51, Andy Smith via mailop wrote:
> 
> > Since yesterday I've been seeing a large number of attempted
> > subscriptions to all the public lists on one of my Mailman servers. 
> > (...)
> 
> I can confirm this for my servers from top to end including some of 
> the hashes.
> 
> BTW, Mailman mm_cfg.py option `SUBSCRIBE_FORM_SECRET` apparently 
> mitigates the DoS, too.

+1 to this.  Also, fail2ban on subscription 404s in your web server
logs.

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Jim Popovitch via mailop]

On Wed, 2020-07-22 at 11:56 -0700, Marcel Becker via mailop wrote:
> 
> On Wed, Jul 22, 2020 at 11:35 AM Jim Popovitch via mailop  
> wrote:
> > On Wed, 2020-07-22 at 14:49 +0200, Sidsel Jensen via mailop wrote:
> > > but if the effect is that it will drive up the adoption rate for DMARC 
> > > then I am clapping my hands.
> > 
> > "Once verified, the BIMI file tells the email service where to find the
> > sender’s logo and the email service pulls that logo into the inbox."
> > 
> > 
> > I don't think this is anything about DMARC, this is about inbox
> > tracking.
> 
> Um. No.
> 1: DMARC is required for BIMI. 

Good, DMARC is good, but we don't need yet another standard to get DKIM
and SPF into the wider use.

> 2: A proper setup will proxy and cache the logo. eg: for us all you can track 
> through BIMI is if our logo service is alive and well...

I hope you understand that most providers don't care if your logo
service is alive and well.  Surely we don't need a spec for that.

Whether you understand it or not, if a proxy or cache fetches your logo,
you can get very valuable data about inbox hit rate data, eg tracking.

-Jim P.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Jim Popovitch via mailop]

On Thu, 2020-07-23 at 00:19 +0200, Jaroslaw Rafa via mailop wrote:
> Dnia 22.07.2020 o godz. 14:27:52 Jim Popovitch via mailop pisze:
> > "Once verified, the BIMI file tells the email service where to find the
> > sender’s logo and the email service pulls that logo into the inbox."
> > 
> > 
> > I don't think this is anything about DMARC, this is about inbox
> > tracking.
> 
> Do I understand correctly that this works on MUA level and not MTA?

To me, it seems pretty clear based on their text "pulls that logo into
the inbox".  That's inbox tracking, just like tracking pixels that are
blocked by most reasonable and sane filters/firewalls.

> Hope that reasonable MUAs won't implement it anytime soon (or maybe at
> all?), and when they do, it will be possible to turn this "feature" off (as
> it is with downloading images embedded in HTML emails). I'm putting
> "feature" in quotes because I see absolutely no benefit to the email user
> that may be provided by such a mechanism.

+1

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Jim Popovitch via mailop]

On Wed, 2020-07-22 at 14:49 +0200, Sidsel Jensen via mailop wrote:
> but if the effect is that it will drive up the adoption rate for DMARC then I 
> am clapping my hands.

"Once verified, the BIMI file tells the email service where to find the
sender’s logo and the email service pulls that logo into the inbox."


I don't think this is anything about DMARC, this is about inbox
tracking.

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why does this list break DKIM?

[Jim Popovitch via mailop]

On Tue, 2020-02-11 at 11:34 +0100, Alessandro Vesely via mailop wrote:
> On Sun 09/Feb/2020 00:33:34 +0100 Simon Lyall via mailop wrote:
> > On Sat, 8 Feb 2020, Aragon Gouveia via mailop wrote:
> > > Does anyone know why this list breaks DKIM verification?  In particular it
> > > looks like it's altering From, Reply-To, and Cc headers, and failing to
> > > perform any kind of resigning too.
> > 
> > Changing the From (and other headers) needs to be done by the mailing list. 
> > If
> > we [don't] change the From then the list will be blocked for SPF failures.
> 
> That's not exact.  SPF uses the envelope from.  The From: header field has to
> be changed because of DMARC.

The list could also add a sig which would add a lot of value, but that's
probably already known.  There is no easy panacea for mailinglists to
responsibly reflect email without disrupting DKIM and therefore DMARC.

-Jim P.  


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Help - Tucows/OpenSRS

[Jim Popovitch via mailop]

On Tue, 2019-09-10 at 08:15 -0500, Michael Rathbun via mailop wrote:
> On Mon, 09 Sep 2019 22:32:39 -0400, Jim Popovitch via mailop
>  wrote:
> 
> > Oh my gawd, don't get me started on their support desk.
> 
> I have to admit that I liked them a lot more when TUCOWS stood for 
> The Ultimate Collection Of Windows Software.

+1   :)


-Jim P.
   



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Help - Tucows/OpenSRS

[Jim Popovitch via mailop]

On September 9, 2019 7:12:14 PM UTC, Al Iverson via mailop  
wrote:
> Looks like OpenSRS is sending domain verification emails with a from
> address of the domain technical contact. Not authenticated, as far as
> I can tell, and it probably violates a domain's DMARC policy, if they
> have a restrictive one.
> 
> It's 2019...you can't fake somebody else's from address when sending
> with DKIM and/or SPF.
> 
> Trying to work through this with support, but also, I wanted to throw
> this out here to see if anyone from Tucows/OpenSRS was here or if
> anyone knew of a higher level contact that we could discuss this with.

Oh my gawd, don't get me started on their support desk.  To be fair,
they do respond, but man sometimes it seems like they don't want or care
to do what I want or need.  For instance, I am still in the middle of an
weeks long (note: this is the 3rd iteration of this over the past 12
months) effort to get whois anonymity removed from the domain sending
this email, after they "generously" decided that I should be granted
forced anonymity on a domain that sends bulk email.  They're not brain-
dead, they just do things differently and don't seem to give a sh*t
about it at times.

-Jim P. (yes, I know this was sent to the list)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail problem with Outlook/Hotmail and mail.python.org

[Jim Popovitch via mailop]

On June 30, 2019 11:31:49 AM UTC, Ralf Hildebrandt via mailop 
 wrote:
>I'm in the postmas...@python.org team. 
>https://sendersupport.olc.protection.outlook.com/snds/ is displaying
>the IP for mail.python.org (188.166.95.178) as red/yellow.
>
>We're seing a constant stream of mails to Outlook/Hotmail (mailing
>list mail, double opt in, about 1500-3000 mails per day, less on
>weekendes), and consequently the complaint rate is
>consistenly at "< 0.1%", spam trap hits is at "0" all the time as
>well.
>
>So yhy the red/yellow status?
>

I saw the same thing from them ~2 weeks ago. I went back and forth with them 
through email, but the only resolution was time. I firmly believe that they 
just wiped|lost their reputation DB and started over from scratch. I believe 
this because their emails to me (about volume and timing) did not match up with 
my logs. Specifically the days they say my systems sent bad email there was 
zero emails sent. I run mailing lists, so this is easy to prove.

-Jim P. 





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.

[Jim Popovitch via mailop]

On April 29, 2019 3:46:03 AM UTC, John Levine via mailop  
wrote:
>
>Still waiting to hear when mailop.org adds its SPF record.

Didn't it take almost 2 years the last time we waited on mailop.org to fix a 
cert?

-Jim P.

On mobile so pls excuse any brevity, typos, lack of taste, crudeness, down 
right insults, and insinuations.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Outlook/Hotmail Blacklist

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, 2019-03-13 at 13:50 -0400, Scott Mutter wrote:
> >Received: from hawk.wznoc.com ([209.140.28.140])
> >envelope-from 
> >From: Scott Mutter 
> >Message-ID: <20190306210316.gb19...@ams-salesandsupport.com>
> > 
> > That's 3 different domains for the same simple email...  Hm...
> 
> Well, it's important to note that this address that I am writing from, the 
> server I am sending these messages through, everything to do with the 
> communication TO and FROM this discussion list has absolutely no bearings on 
> the server or IP address I am referring to.
> 
> We have several servers and IP addresses.  I don't use just one for 
> everything.  In fact, I think it's a good policy to keep my communication 
> completely separate from any interactions that our clients may have with 
> their emails and the emails that they send out.
> 
> Second to all of this... I have message for this particular mailing list set 
> up completely separate from our normal support system.  So yea, I agree it's 
> complicated... but it also has absolutely nothing to do with the server/IP 
> that was experiencing this problem.  Going slightly off-topic... I actually 
> abhor mailing lists, I would much rather see this "list" as a forum or 
> discussion board, but that's something else entirely.

There's a Slack channel that might interest you then.  https://emailgeeks.slac
k.com 


> 
> So again, I would encourage anyone reading through this thread to focus on 
> the content of the messages (you know... what's in the "body" of the message) 
> and not the inner workings as to "how these messages got to this Mailops 
> mailing list."

Just so you don't miss my earlier comment, your separate mail system is DKIM
signing "Mailing list specific" headers:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=amssupport.
info; s=default; h=In-Reply-To:Content-Type:MIME-Version:
 References:Message-
ID:Subject:To:From:Date:Sender:Reply-To:Cc:
 Content-Transfer-Encoding:Content-
ID:Content-Description:Resent-Date:
 Resent-From:Resent-Sender:Resent-
To:Resent-Cc:Resent-Message-ID:List-Id:
 List-Help:List-Unsubscribe:List-
Subscribe:List-Post:List-Owner:List-Archive;


> But again, just to make sure it's abundantly clear, my issue with all of this 
> has been resolved.

Good to hear, 

- -Jim P.





-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlyJSegACgkQdRlcPb+1
fkXV+xAAlNFN53aQxh+YtWF7PcCg9SYT/L8DdaqV4ZJBuOYNqNF8UYmACHi6FqW1
NsslSZc+t4iajUgd8G3xWHYwbh4ZfkEszNGhK87wOgrEArDXA5KXd5/BwHyQO4u9
IFSfPLFZaT3mwqnUcuTGtcf018o1L5L8NO2gLnLS30216EVZDkfvk8cz3AfA9koM
mPFPY9IJMObPy8FZKdPdGZOGaXodhxe2R5lyGtR2mI4dSuY7ACFrUSMhu7G7m4vq
6y77H1zD7Z2EtzL3g5I3/Wt6QBuuKnRauwZm70/yIgGDF5dtBYNUPwWauiI2Var8
o1HMqOlcV70D3M30QeKJLHthrhdFU9vBv9FrN1nO599vaoRgUoTrb53OnnNOKjU6
SfFhzBfQv5+1kz0MiaRUMBJ6kPhsNyCh/1Lix6cSdHO6fL4REekoJe1yJXLQfj9A
xTGjk60uUZkR1nIJfWbfVFrb9NS9J1Vxqf0b1hH2MosaehUChWa7rxTO+QmINkUz
TyaEfw8/hhoPuFjunJ4gnZCKGGXsABb7zBz0ohgtXk1r1Z40/AK8xSjeREoyXkzH
Csuwe8JFYr8vBjNILiFoPXHFlafraVLqMVtT9554XnkMnn2d4YsP7lYqSWdThwOh
4c2ol8VGYA7S9CzIQMN5KBtUIv9ITPd3XVASi9i5qkWe2k++V/A=
=ayQF
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Outlook/Hotmail Blacklist

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, 2019-03-06 at 16:03 -0500, Scott Mutter wrote:
> Hello list
> 
> I'm looking for any assistance in trying to get off of an Outlook/Hotmail 
> mailinst list with Microsoft.

   Received: from hawk.wznoc.com ([209.140.28.140])
   envelope-from 
   From: Scott Mutter 
   Message-ID: <20190306210316.gb19...@ams-salesandsupport.com>

That's 3 different domains for the same simple email...  Hm...

And then there's the short TTLs on the SPF RRs. H...

~$ dig +noall +answer TXT amssupport.info
amssupport.info.12  IN  TXT "v=spf1 include:ams-
salesandsupport.com ip4:209.140.28.141 ~all"

~$ dig +noall +answer TXT  hawk.wznoc.com.
hawk.wznoc.com. 900 IN  TXT "v=spf1 a mx
ip4:192.110.160.37 +ip4:168.235.104.229 ip4:72.44.93.24 ip4:209.140.28.140
ip4:162.219.26.34 -all"

~$ dig +noall +answer TXT ams-salesandsupport.com
ams-salesandsupport.com. 505IN  TXT "v=spf1
ip4:192.154.108.91 ip4:209.236.125.156 ip4:72.44.93.24 ip4:69.90.152.138
ip4:108.61.48.234 ip4:184.171.247.137 ip4:209.140.28.140 ip4:76.72.170.148 a
mx ip4:192.110.160.35 ip4:104.245.200.178 ip4:108.61.48.236 ip4:108.61.48.238
- -all"


I'm not an expert, but what you have appears extremely overly complicated for
a service provider within a service provider.  Also, something that is not
quite yet clear to me, it looks like you are DKIM signing List-* headers.

Best wishes!

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlyIXjUACgkQdRlcPb+1
fkVCCg//VG/WUmH7PSfjYZ8k34O3LhNwObj4pKbPTpipDTAIXfA8Ey4mVTuuUn1v
PebtorzLB6ZAxjX9cBvChn+YLAyKnWVVglWcYVMpcOwGIEnRvbXXxzcWdjddyTal
t+jUZ5H2gwsEP6Fqo6NxDFoJpX5DjQyHfdeRLbJAJsylb99ckHzTXHDyEpw69Mpm
uWypCAHF+T0gwF9xryMgL/dN6l0vOK9nGVyk6OdWp1+ai4N+CMiWY2UNB3SnWVuY
imMFU7YkeHI9hWHlMVLNkcu+eX2PgX07Ss9nZFfrzoYOzMwzrciJC2tpOboF6/Hi
ocjZf9ihUD91/O+vedtOzpuycoFXoq4v7jh4reuztt/NLr5bgyrlIwIyYA+0UiN+
GhcQZD/BG5WbQ/t1sxrYPd/HRDtfiDY+PGAX5GRS8ZZeVhmp+KMXpsePLMX/5uQK
v1OFNOjmADi+zgkRJxhbUlZYwaDhrzUAhm32RmvGJ9TasSlJ8nvntVw3y65JgdYx
qBjo3NrUU/yJnbFys+rW9DHzKNb1YTWI9AxNyFaEWD5ffYZ6ly5MaurvYGJK0x6k
+zxWwJ4PKZW2o9Hp+nX84YNCSL0fTZR6gticYSq52oEhIgagBXzDV3yC30XWlisW
Xnx5g4/+7kwtAttNKvKx8pOlIqj/oUQZxHDCGzBhSC+z9zUCGGc=
=RkDU
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how can we get better?

[Jim Popovitch via mailop]

On Sun, 2019-01-20 at 09:28 +, Laura Atkins wrote:
> > On 19 Jan 2019, at 09:42, Jim Popovitch via mailop  > rg> wrote:
> > 
> > On Fri, 2019-01-18 at 17:07 +, Benjamin BILLON wrote:
> > > I'm not convinced Mailop is the best place to get help on your
> > > very
> > > specific deliverability issues. You might want join slack
> > > workspaces
> > > like "emailgeeks" to discuss that, 
> > 
> > FWIW, Slack's a bit odd about workspaces.
> > 
> > From: https://emailgeeks.slack.com/ 
> > 
> >  If you have an @displayblock.com, @beyondtheenvelope.co.uk,
> >  @litmus.com, @campaignmonitor.com, @actionrocket.co, 
> >  @rebelmail.com, @taxiforemail.com, @dotmailer.com, or 
> >  @apsis.com email address, you can create an account.
> > 
> > So that's a tightly controlled workspace, the only other way would
> > be to administratively (Settings & Permissions -> Workspace Signup
> > Mode) change it to an Invitation-Only workspace.
> 
> There are hundreds of people in the workspace that don’t work at
> those companies. Approval is pretty simple, you just have to ask. 
> 

Hi Laura,

Thanks for the response.  This is me asking. :-)  I use Slack, but I'm
not 100% sure if it's possible, but you should probably add something
to the default page at https://emailgeeks.slack.com/ that indicates
who/how to contact.  As it is right now access is very limited and
there is no information or details for how to get access.

-Jim P.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] how can we get better?

[Jim Popovitch via mailop]

On Fri, 2019-01-18 at 17:07 +, Benjamin BILLON wrote:
> I'm not convinced Mailop is the best place to get help on your very
> specific deliverability issues. You might want join slack workspaces
> like "emailgeeks" to discuss that, 

FWIW, Slack's a bit odd about workspaces.

From: https://emailgeeks.slack.com/ 

  If you have an @displayblock.com, @beyondtheenvelope.co.uk,
  @litmus.com, @campaignmonitor.com, @actionrocket.co, 
  @rebelmail.com, @taxiforemail.com, @dotmailer.com, or 
  @apsis.com email address, you can create an account.

So that's a tightly controlled workspace, the only other way would be to
administratively (Settings & Permissions -> Workspace Signup Mode)
change it to an Invitation-Only workspace.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Thu, 2019-01-10 at 11:37 -0500, Rob McEwen wrote:
> On 1/10/2019 10:44 AM, Jim Popovitch via mailop wrote:
> > you are de-valuing mine, 
> 
> Actually, your opinion about these organizations was important and
> noteworthy. if someone has a conflict of interest, it *is* helpful to
> get feedback indicating that such an entity is reported to be
> operating ethically, even if the conflict of interest remains. That
> is noteworthy and valued. So I actually *do* value your opinion on
> this matter. I just think you have a poor understanding of how/why
> some entity's ethics doesn't and shouldn't necessarily be enough to
> counter the problems caused by them having a "conflict of interest"
> (even if your opinions are still very helpful)
> 
> > strictly because I have a biz agreement with some entity you
> > dislike.
> 
> You're attributing beliefs/opinions/feels/assumptions to me that I
> haven't expressed. 


Yet 2 days ago (Tue, 8 Jan 2019 16:36:28 -0500) you said:

  > At the very least, it is a suspicious practice. And certain people
  > high up in the industry have strongly warned me against ever doing 
  > ANYTHING like that 

Clearly that is a stated "dislike" of an entity's practice.


> The PRINCIPLES I expressed stand alone and stand on their own apart
> from my feelings or motivations or likes or dislikes. I'm morbidly
> fascinated that you can't see that. (but as an INTP personality type
> - I'm wired to have an objectivity that often transcends and
> overcomes my own personal feelings - one that is often brutally
> honest, even to a point that I am my worst critic!)
> 
> > I gave you, and this list, my fair assessment of the entity based
> > on years of doing business with them
> 
> And as I said, that was valuable (even if PARTLY "besides the point")

At least once, if not multiple times you have expressed to me the
following:

  > (there is just so much going on here that you're missing...)

So, admittedly, I'm confused about your responses. Clearly, to me, it
seems that you feel I have no idea about what I am saying, therefore my
experienced opinion (which btw was also stated by others) is lacking.

I'm done wagging this dog, have your last words and revel in them.

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Thu, 2019-01-10 at 09:33 -0500, Rob McEwen wrote:
> ... [snip] ...
> 
> So I'll stop here and quit before I put my foot in my mouth!

But ya didn't, did ya?

Look dude, everybody has opinions.  You are de-valuing mine, strictly
because I have a biz agreement with some entity you dislike.  Pffft.  I
gave you, and this list, my fair assessment of the entity based on years
of doing business with them.   If you have years of doing business with
them then speak up or else . 

(now that is how you stop and quit before you put your foot in your
mouth)

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Tue, 2019-01-08 at 16:36 -0500, Rob McEwen wrote:
> On 1/8/2019 4:26 PM, Jim Popovitch via mailop wrote:
> > Any value greater than a reasonable amount to provide a
> > communications
> > portal, and actual communications with, the entity requesting the
> > de-
> > listing.
> 
> Jim,
> I get offers OFTEN from those who had been blacklisted by
> invaluement, where they ask, "Rob, can we pay you to up us set up our
> system better so that we won't have the kind of security breaches
> that caused us to get blacklisted?" (and then I kindly state about a
> dozen extremely high quality tips, based on their specific situation,
> for them in about 5-10 free minutes of my time that I donate to them)

I'm not sure how security breaches got into this  They happen, if
someone gets listed (or worse) because of it, than paying to clean it
up is reasonable and expected. 

> Occasionally, some have even offered to fly me out to their location
> to train them - I imagine that those might have been high ticket
> consultancy jobs!
>
> As a DNSBL operator, can you guess WHY it wouldn't be ethical for me
> to start saying "yes" to those offers?

I can see the ethics issue involved with playing both sides of the
line, sure.  I also see an issue where you probably shouldn't criticize
another DNSBL unless you have data that they are misstating why and how
they collect fees for their efforts. ;-)

> (there is just so much going on here that you're missing...)

I disagree. While I never profess to know everything, I have been
receiving and sending bulk email for ~20 years now.  I've received a
lot of good help along the way, but I've also received a lot of
questionable advice, that seemed right at the time (and was given to me
with good intentions).  As with most things, fill a room full of people
and you'll get varying opinions, and those opinions evolve!  ;-)

-Jim P.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Tue, 2019-01-08 at 18:03 +, Olaf Petry - Hornetsecurity wrote:
> > > If the barrier had been $1000, then sure
> > > I would have said "it's extortion", but it wasn't.  
> 
> Where does the extortion barrier start in your opinion? 1000, 500,
> 100, 20 or 1 Buck?

Any value greater than a reasonable amount to provide a communications
portal, and actual communications with, the entity requesting the de-
listing.

> Let me ask you a second question before you answer: when does murder
> begin: 100, 20 or 1 people killed?

"Murder" is declared by a court system, long after a killing takes
place.  That said, there are reasonable and justifiable reasons to kill
someone.  But we're way off course now, unless you're advocating for an
Internet Court system ;-)

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Tue, 2019-01-08 at 12:04 -0500, Rob McEwen wrote:
> On 1/8/2019 11:46 AM, Jim Popovitch via mailop wrote:
> > The same has been said about HTML emails...but that hasn't stopped
> > folks from using them.;-)
> 
> "apples to oranges" comparison - sort of like saying it is ok to
> cheat on your taxes because some people drive 5 miles above the speed
> limit.

Sometimes an "apples to apples" comparison doesn't quite exist. 
 
> > IMO "suspicious practice" is a wide brush.  One might say the same
> > about all DNSBLs being suspicious because there is a fair amount of
> > ambiguity, mystery, and uncertainty.   The reality is pay-to-play
> > works (both at Barracuda and UCE Protect), like it or not, it is an
> > extremely small entry point for entry level players and it provides
> > a way for the operators of those BLs to know exactly who they are
> > whitelisting.  The only other solution would be an Internet
> > Operators License;-)
> 
> My "suspicious practice" label was almost a sarcastic understatement.
> I was trying to be generous and forgiving. I don't think you're 
> understanding exactly how/why pay-for-play for a blacklist comes
> across as an unethical extortion scam. Pretend you just got
> blacklisted and your users are mad as hell about how much of their
> outbound legitimate messages are currently being blocked. Then
> pretend that the DNSBL that blacklisted you is willing to delist you,
> but ONLY if you would just pay them money. 

But that's not how it really works.  There is no extortion occurring,
there is a reasonable entry fee...AND that fee is never requested until
you cross a threshold.  For everyone who says "extortion" is it not
legitimate to question their motives for saying so?  Let me be clear,
the folks that I hear make the extortion claim, all provide competitive
offerings or sell fee-based deliverability consulting services. O.o

> Then think hard about all the motivations involved. For example,
> suppose you had a security hole that was very brief, and less than 1K
> spams went out - you had fixed it quickly - but now a lot more legit
> messages are being blocked... and this has been happening for
> days now. Then the DNSBL states that they don't care, and you'll stay
> listed for almost another week until you pay up. 

That has never been my experience in almost 20 years of sending
legitimate yet sometimes spammy email (think: prostate cancer
discussions).  I've hit their walls before, but they (Barracuda and UCE
Protect) both worked with me and explained the barrier and the reason
for the barrier to be lifted. If the barrier had been $1000, then sure
I would have said "it's extortion", but it wasn't.  It took years to
build a good bulk sender reputation, and that reputation is tied to a
named entity, and that named entity is verified by a credit card
transaction.

> Its like that, fwiw. Do you see that there might be a conflict of
> interest in their blacklisting/delisting decisions?

I see where there can be bad actors, but I have yet to see a bad actor
operating a BL used by any relevant receiver. 

> (unfortunately, some will have to be on the receiving end of this to 
> actually know how this feels)

I've been there, and it never felt like extortion. 

-Jim P.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Tue, 2019-01-08 at 11:26 -0500, Rob McEwen wrote:
> On 1/8/2019 10:26 AM, Jim Popovitch via mailop wrote:
> > > Which spammer would not pay that fee if they would be interested
> > > to
> > > get whitelisted?
> > 
> > That's not how it works, and frankly you should know that as a
> > security
> > expert.
> 
> At the very least, it is a suspicious practice. And certain people
> high up in the industry have strongly warned me against ever doing
> ANYTHING like that...

The same has been said about HTML emails...but that hasn't stopped
folks from using them.  ;-)

IMO "suspicious practice" is a wide brush.  One might say the same
about all DNSBLs being suspicious because there is a fair amount of
ambiguity, mystery, and uncertainty.   The reality is pay-to-play works
(both at Barracuda and UCE Protect), like it or not, it is an extremely
small entry point for entry level players and it provides a way for the
operators of those BLs to know exactly who they are whitelisting.  The
only other solution would be an Internet Operators License  ;-)

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Tue, 2019-01-08 at 15:06 +, Olaf Petry - Hornetsecurity wrote:
> > > the $$ is to validate the responsible entity behind a sending
> > > domain that is whitelisted
> 
>
> You are kidding, don't you? 

No I am not kidding.

> Which spammer would not pay that fee if they would be interested to
> get whitelisted?

That's not how it works, and frankly you should know that as a security
expert.

> Any service that requests a fee to get whitelisted or unlisted from a
> blocklist is at least dubious IMHO.

Your ISP charges a fee for access through their network. Think about
that for a minute.  If you don't pay the fee you have to jump through
hoops+loops to access their network (find a friend to bum their wifi,
get your mom's password, etc.).  If you do pay the fee, that doesn't
mean you have free reign to abuse their network.

-Jim P.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Jim Popovitch via mailop]

On Tue, 2019-01-08 at 13:56 +, Mathieu Bourdin wrote:
> Wasnt that the paying "service"? I think remember something like 20$
> for getting delisted for each IP or domain.

Yep, that's $20 per year.  The $$ isn't to fund their vacations or
service, the $$ is to validate the responsible entity behind a sending
domain that is whitelisted.  

YMMV, but $20 seems like a pittance to pay to not have to worry or deal
with Barracuda BL issues.   

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

[Jim Popovitch via mailop]

On December 1, 2018 12:22:21 AM UTC, "Kurt Andersen (b)"  
wrote:
>One of about 5 hyphenated *marriott* domains that I have received mail
>from over the last year :-P
>

It's the not unique to Marriott, Prudential does the same..same exact format.  
I wonder if all these companies were identified, could data point back to a 
specific person and time that this practice was recommended

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Unsubscribe

[Jim Popovitch via mailop]

On October 31, 2018 3:37:12 PM UTC, Tracy Morgan  
wrote:
>Please unsubscribe me.
>
>[id:image001.png@01D36CE4.60810D90]
>
>Tracy Morgan |  DIGITAL CAMPAIGN SPECIALIST
>


There is a certain irony in a bulk sender asking for others to intervene and 
unsubscribe them.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Expires SSL cert for mailop

[Jim Popovitch via mailop]

On Mon, 2018-10-29 at 13:18 -0400, Bill Cole wrote:
> On 29 Oct 2018, at 12:41, Jim Popovitch via mailop wrote:
> 
> > N.B. please don't CC me, I'm subscribed to the list.
> 
> I normally wouldn't, but your posts all have this header:
> 
>    Reply-To: Jim Popovitch 
> 
> Perhaps that's being added by Mailman for some reason...

Ahh, you are correct.  Mailman populates Reply-To when it munges a post
from a DMARC enabled domain.  IIRC this was done to preserve the
original address in a form that would make it to most end-user MUAs.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Expires SSL cert for mailop

[Jim Popovitch via mailop]

On Mon, 2018-10-29 at 12:32 -0400, Bill Cole wrote:
> On 29 Oct 2018, at 10:40, Jim Popovitch via mailop wrote:
> 
> > You allow nsupdate from your cgi/php/java enabled webserver(s)?
> 
> My **what?*** Are you high? Do you mean to be insulting???

Of course not.  I only asked a simple question.  You plus-one'd a
solution in a thread about using LE for a website.

> 
> But no, I don't run anything on my webserver that modifies its own
> DNS. 

Ok, thanks.  It seemed like you were recommending acme.sh + nsupdate for
 https://chilli.nosignal.org/


-Jim P.

N.B. please don't CC me, I'm subscribed to the list.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Expires SSL cert for mailop

[Jim Popovitch via mailop]

On Mon, 2018-10-29 at 11:31 -0400, Dave Brockman wrote:
> On 10/29/2018 10:40 AM, Jim Popovitch via mailop wrote:
> > You allow nsupdate from your cgi/php/java enabled webserver(s)?  
> > 
> > -Jim P.
> 
> No, the whole point of using acme.sh and the nsupdate module is to
> avoid running a web server.  You can also run LE with a webserver that
> doesn'tsupport cgi, php, or java, it only has to serve up a static
> directory.

Obviously.  My point being that it's saner to run a tightened webserver
on a host using certbot than it is to run acme.sh and nsupdate on a full
feature webserver.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Expires SSL cert for mailop

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2018-10-29 at 09:52 -0400, Bill Cole wrote:
> On 29 Oct 2018, at 5:44, Frands Bjerring Hansen wrote:
> 
> > Noel, 
> > 
> > LE does not insist on certbot. They recommend it, and why wouldn't 
> > they? :) 
> > 
> > Use acme.sh instead if you are not able adhere to the requirements
> > of Certbot. Acme.sh requires nothing but sh.
> > 
> > Also, it seems like you did not properly read about ways to address 
> > the problems you mention. Instead of having a webserver you could
> > do DNS validation. Acme.sh already supports a ton of DNS 
> > implementations: https://github.com/Neilpang/acme.sh/tree/master/dns
> > api   - and if yours is not there, it's easy to write an
> > implementation.
> 
> +1 for acme.sh.
> 
> I use acme.sh (with the nsupdate module for validation) and it has
> been flawless and simple to set up and use. Having been specifically
> tasked with setting up Certbot for others, I cannot understand why
> anyone would  choose Certbot over acme.sh.
> 

You allow nsupdate from your cgi/php/java enabled webserver(s)?  

- -Jim P.



-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlvXG+4ACgkQJxVetMRa
JwXnug//Q8iNeUi3xFmf2aG4R16CRVn0A9OPHnk9GCjPfJytnqx+oCO8xg5sTwrp
bkxgqTYaqoKGLONhjqIefQfBgCdKxYy8LaL9XKOS945BsGCkGu1VbSl6xZmGEPSr
zAzs7/3mpf9INmFNASqHiJksoW8KhJXRzqgmpqBvMCsefWSl1D/WLEqZTxknS+fV
Fz9x//9wMLpb/dVyf7aJVc6hayBJHFcbm+yHlBCZWcT+07ZrrX+9PCWUFg6M2TB8
ZpVihB0tv5KZqjrvi6rnoJDFAsvCNwJe9tsEG7ZMeFmILJ0tk+F4ytBKcOcUcowh
/qM/fa6GzzKFE6QLzzs0mLS2i60tZk8B0BZhEwHYxQ8pRsSz6F4sNuzkJrtqZeUp
9pIxVAKG5DwGlXRAD0uN9lQjQhJ0Au9rY1GGgWyDucWeMEFOTcGZqkmQVDNULciR
GXaZFeMPWjVD7rpeaZ7H7FU9aawpTTpfTQeD9EmWxNETtiXp+lwOGTQg1ifgpZRR
JFwHDIQedxAlo6ocOyRH/WAQpemuZJ6Ygz6mgGmrfd/iJZ1sPhYA1czTBfoaajkp
rUNMEL+QFQjWinMmNpK1aQAs5EfSQLPDBibKzQFgESoQgVddjwpHtYXE9+QMde1D
GfzRbRPVmA0BNK4ZrLCgchHu3RSw0L9tYT8vOM9eosMaUcXv/OM=
=M+IP
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RESOLVED messagingengine.com / fastmail.com

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Just to close the loop on this...

Thank you to  Marc and everyone else who relied and offered advise and 
assistance, the
ivmURI listing has been removed.

I want to specifically thank Rob @ Invaluement for not calling me out publicly 
for
intially forwarding him the spam email that triggered the listing. There's a 
meme jpg
floating around that I swear is not entirely accurate.  ;-)  

- -Jim P.


On Thu, 2018-09-06 at 08:05 +1000, Marc Bradshaw via mailop wrote:
> Replied off list.
> 
> 
> - Original message -----
> From: Jim Popovitch via mailop 
> To: mailop@mailop.org
> Subject: [mailop] messagingengine.com / fastmail.com
> Date: Wed, 05 Sep 2018 10:34:33 -0400
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Can someone from messagingengine.com/fastmail.com please contact me.
> I'm seeing lots of:
> 
> 4251pv49w5z118G   5091 Wed Sep  5 11:35:35 
> list-boun...@spammers.dontlike.us
> (host in1-smtp.messagingengine.com[66.111.4.73] refused to talk to me:
> 451 4.7.1 : Client host rejected:
> domainmail.org is blacklisted - RLR621 - ip=<192.249.57.241>,
> host=, helo=,
> from_domain=spammers.dontlike.us>) u...@redacted.tld
> 
> I'm particularly interested in the RLR621 code.
> 
> Thanks!!
> 
> - -Jim P.
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAluP6XoACgkQJxVetMRa
> JwUY1xAAgB1Ebe0y90pDEt58fH3MVpVo2V1p9DYRg3BNeSKHZnDR0baCxWnltdM1
> EbRL4QD1L1ubAZ1DTrLDdVqJMTyK0TjrOrcL2V1fh40szf8SjVWemMU/AxmRZelF
> klHSg4kCHWMEffHW6JwX68beQnuxCW4nwwNF/+5rTflXn7hsJXwI2UaDw327vEg5
> RMyEU88mWXk7qDOjWtf/YTYRGB6t0dTdQytByqNufrFk/Zkn+RGTWDEO5ifHx79e
> zIWUaZew0cVS5onG3TqFUDm+xmUFvVyGHBS5og2VM8CPTiOW6pFr9FMSktL9wh+Y
> Kmb25JR3gyQfJzwGpggvnM0zzXz4bTvymJbG/2lB0K2DaOtSA85vlk+oT0SGW52L
> JjGY79Dm1TkhOpFyMjGotCnf1EDm8EEkeJJTUrvg6Lfm9AhnD4L96M1PnUrSEb+A
> WbNc7BDIuIIljYOW/OXeh9tTADvXVBTeGvnTzdSuTMBhcNiyJEt6GQWkrYRmx1sD
> uwwdqd64TZxywFR0Ib0fpbGrnsnKDICczCRdALqimQKpWwes+XMZUgNVQxQgTiZP
> /2eMNmQkfy/mUYjuv//1H0nDvq7p0u5VfWyNaIBAtwCleyeqAnAYmacCHOWQ/sjo
> jHoaHyQCv3Ka4FwU4h66cmSoPkG4Bsdmg1AGwwmwlpGUxKcsPO8=
> =ssDG
> -END PGP SIGNATURE-
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 
> --
> 
>   Marc Bradshaw - Deliverability/Abuse at FastMail
>    m...@fastmailteam.com | @marcbradshaw
>  
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAluQYogACgkQJxVetMRa
JwWipBAAkbyif2ZTAL6m3xx8DEOYfxyk9CegI26X21RBQlyQLLqmhWOZIT/09BlX
RUBtNCqgtfxNuz14j91zq4fccUmtvqv9wxhLKFvoEUPU6uFS3HCD25GiUj8JMStd
urxCmy+88zV5/IlW/hOoIuLlrEd85Vaa96XPWjQRC+2FYskSekD6sCwEDbcpvXy2
9sUlM1Xc6KHl912erQb4OKayveNx29SXpfQkVIEvi9Qv0xftQ+4Npxg8zG1D0yLg
EGjrwso70XYdi7V1Uo8OEH1fOrQm9Kq+4De7I4vXovM7vgqDyqL9XgVWmamo/7di
WWr+fZejQxh91HjDzIi+lCFSk4beaoTMtLXhUnPPMw+yPrrEU9suT9Ma+pB90MAu
BOmITRfa/8YUpAlvBLPaPNlR3KxGswgXZmKrs6k3c/CEvahPvyYtpyktolIw7XB3
m+bgZM3PNOQcA4OsAd/YKpfmQVKVRhFqipnYE65eE+rqhAwh7d4mMkQDWODtg6n4
tphoo0ienaZ+ldvZb7K9nf7AIyQctZj05usKPv8YkxegVvB4wYcTiPd057m44yF0
YalNGi2qAVRjE2/0+6l6hFhe6RYvSzSMysTQj4uXmJYGm+WmnnZiv/tllbUPJq8k
xhpnYRjAPmXTGQ72o59hMDLHI+OvERVU2VXRQ1qocL5GSZR5Zk0=
=Qa1T
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] messagingengine.com / fastmail.com

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Can someone from messagingengine.com/fastmail.com please contact me. 
I'm seeing lots of:

4251pv49w5z118G   5091 Wed Sep  5 11:35:35 list-boun...@spammers.dontlike.us
(host in1-smtp.messagingengine.com[66.111.4.73] refused to talk to me:
451 4.7.1 : Client host rejected:
domainmail.org is blacklisted - RLR621 - ip=<192.249.57.241>,
host=, helo=,
from_domain=spammers.dontlike.us>) u...@redacted.tld

I'm particularly interested in the RLR621 code.

Thanks!!

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAluP6XoACgkQJxVetMRa
JwUY1xAAgB1Ebe0y90pDEt58fH3MVpVo2V1p9DYRg3BNeSKHZnDR0baCxWnltdM1
EbRL4QD1L1ubAZ1DTrLDdVqJMTyK0TjrOrcL2V1fh40szf8SjVWemMU/AxmRZelF
klHSg4kCHWMEffHW6JwX68beQnuxCW4nwwNF/+5rTflXn7hsJXwI2UaDw327vEg5
RMyEU88mWXk7qDOjWtf/YTYRGB6t0dTdQytByqNufrFk/Zkn+RGTWDEO5ifHx79e
zIWUaZew0cVS5onG3TqFUDm+xmUFvVyGHBS5og2VM8CPTiOW6pFr9FMSktL9wh+Y
Kmb25JR3gyQfJzwGpggvnM0zzXz4bTvymJbG/2lB0K2DaOtSA85vlk+oT0SGW52L
JjGY79Dm1TkhOpFyMjGotCnf1EDm8EEkeJJTUrvg6Lfm9AhnD4L96M1PnUrSEb+A
WbNc7BDIuIIljYOW/OXeh9tTADvXVBTeGvnTzdSuTMBhcNiyJEt6GQWkrYRmx1sD
uwwdqd64TZxywFR0Ib0fpbGrnsnKDICczCRdALqimQKpWwes+XMZUgNVQxQgTiZP
/2eMNmQkfy/mUYjuv//1H0nDvq7p0u5VfWyNaIBAtwCleyeqAnAYmacCHOWQ/sjo
jHoaHyQCv3Ka4FwU4h66cmSoPkG4Bsdmg1AGwwmwlpGUxKcsPO8=
=ssDG
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DKIM headers - which do you sign and why?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Tue, 2018-07-24 at 00:30 +0200, Stefano Bagnara wrote:
> And still I'm honestly looking for stats about how many domains are
> really currently sending DMARC reports to senders (I get reports for
> much less than 1% of my recipients: is it what you all get or is
> there something wrong in my setup/target?).
> 

In the past 120 days, I've received 1154 reports, for 7 of my domains
(456 fail, 689 good) from 105 domains that send reports.  One caveat:
23 of those domains all belong to Y!.  One thing to check is are you
blocking/filtering dmarc reports, not all come from clean/rdns/expected
IPs.  Another thing to check is pct=100.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAltWX90ACgkQJxVetMRa
JwVi+xAAlRKPAmTg5p+QEuQLq+83TkEMETobDNXHMf3vVHZZNL/HR/5+dI5V+f1g
BRO1+JUaifSnqzDfaICHdR6cM3k7U45simQUNT68VluthKZbDDISI4DRGP6m1Fbc
F2OvOomn+DpJDJrPc/2iMiKCUNU1GyWjzYGa78YYylqXWN+0+92L8R4exKHBiu8A
i+Is1dsNzWJL6pZI3qI8quwbYrFG9zr8hSk+QjXPToh8PYc+L0Nyl5BdhQj3tauK
sSUv+FIt9QkzvULBlS0d/yDv3bMci445E1vI1KmvYB2Ml4Dq9y2uB2lqSThasZn7
0tJNImWkMq4jeVVcjVPTLCyfHkRE4WWum3JYXnjYM+7JwsfJeguBqzGkBNv6ROVo
ItZoKyhygL5Z1nFTVJ5UgrlrcyJXit7ZO2cdR3qKptBEg9m70iyI2a7C6zUm/loS
b3y4ou7pocwrBoCh25IvebYIfXa+w+znJ9onz8zEY6M9SKDQqvEOCFdrP39qLau3
xy2K08g73RugU38e67Dqdg+gmunjBF+O7VmM1Axu5dQ5EwoMT1JToeV+nUIRO8P1
NoZH0kLbuJ1RfWBMgZ1+FaNj6VIsRO4bvMZEUEX3YrdWDY0qZy7o3QUxTT8zrFZa
qWZFAOH25OFoQ3etrsvxzqlK0fSLoUqME4S9ZhnkpXGCl5ghlDw=
=kLFM
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] QQ Postmaster

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2018-07-16 at 17:46 -0400, Vick Khera wrote:
> I'd be curious to know if you are successful. My recollection is they
> just spam you if you are outside of China.

FTFY!  ;-)

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAltNG1QACgkQJxVetMRa
JwUCNxAAsRMchZUXXp/A/v4EIjiDSHb22P9x/4KqOS8N8Bk8fysNrGyXuBvZcQp3
GX7+qGQgi1J2mzNl9nlYAILFC4vGLj0oqAy5ALIC+9xFbWnS5PAOvSUXZsjOl59o
v3Gb8qn1a9LKxGmKvNvlV5k5La5Bm5qpV1I+gVuT2cKspGnEEvL+gIL4NtaoleNf
p6lrZOQh5AZOaXBceWQPcLlqnKK+hek+3l29QSE895TtDYjQtKEo3hQYkJJ2xgER
/pemoqaEE3medcLArhY098YebPzia4qU4HmgG6tMEK6y7CSoCn8UimEzliXwboB3
9w+vxGTTNYH4P8nDlULJvnip/nzK/qqMngC1/yN0XrGrFfGitVCaYJa6HzbwCvcj
XFxHvZKkTQPOKzOqMueJ6zRIjrWGE0iOFIMAadBap/rs+bIKdWGCZidh3aflOKY3
j9luDKdXAgQRVYwx/EtzOPNLvwMu55cjk8Ib+9P4vLxWMHAdDZ5HfiRdBX36Ea2q
TAhaBdv0BJBE7FMUMYX2OZQTTZCmlJKofBVT+veFvej5c7ZgdTsVYbre6DpAVT0M
nBPYgqqmtWPUpb76RNSBTrnNl/gd6FrOsoySIr0tTNJS3c87MA/LUbl0gwOeTuiy
NJLhzCzC9aHwr9kO+qxc9ttMI60gSNYGHBUpMBKSplTrp4OCNWk=
=TS5d
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Should mail servers publish IPv6 MX records? Could this harm your spam filtering?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2018-06-08 at 17:21 +0200, Stefano Bagnara wrote:
> On Fri, 8 Jun 2018 at 16:47, Jim Popovitch via mailop  org> wrote:
> > On Fri, 2018-06-08 at 10:27 -0400, Rob McEwen wrote:
> > > there has to be some justified level of "collateral damage" these
> > > days, due to the very high frequency of hijacked accounts,
> > > hijacked
> > > websites, and spamming ESP customers (from ESP that are overall
> > > good).
> > 
> > Rather than dumping a piece of technology (ipv6), dump the ESPs
> > that
> > enable cheap sending. (Win! Win!).  If those ESP customers had to
> > build
> > out their own infrastructure then they would take better care of
> > it...
> > regardless of ipv4, ipv6, ipv8, etc.
> 
> If you really think that rejecting email from senders that want to
> optimize their costs is a good strategy
> Well, IPv6 is simply a way to make email sending cheaper. So not
> supporting Ipv6 is an effective way to dump cheap sending.
> 
> I guess anyone with a good corpus can easily check that "inexpensive
> ESP" are not more spammy than "fortune 500 ESP".
> 
> Someone proposed to simply add some cost to every SMTP transaction as
> a way to stop the spam, some blacklist offer paid unlisting services,
> too... but spammers sometimes have more money to send email than the
> average user IMHO.

Fair points!  My comment was mostly tongue-in-cheek, but there is
something to be said about how relatively easy it is to send bulk spam.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsaomoACgkQJxVetMRa
JwVGKA/+JNNIAJq05rmovo8xZxPQZqUsdUJ5Y+ZqaMIynlGNg6tLy+qfKFF1wtFa
dF01Rhyo0L3f7muWU4UDG7+o2nCp0n6elwvrwZtMnC6KnkEaNM8EhxOOq0b6L5ad
Nj/0m0jkvz2R5eoIpfcN17u3TG3cafn4iWMzXJlJXs/gvpwggIN8NPHXS7mry7WW
LC0m1Zr2wMc6396TEky5LCTFPsqdTSENhh9krJsN4xYCJmcggUd7vokLjqe7tPuA
KmoftehvJ1Tyfeav7R8IY7GMhE3lJMLnlo4sdprg++U9PphSYeVtdeb+OHpdmHu1
JkS0Dl5ttpTvWqmVILtZOx7l2IwdrKtcErW0r435sFTJysqrbrxRkzEOMUrg/L8P
ycvQMMgo6CK4NzZ3NatJnRe1frvLpsrWtvdyV6XxsMNC1vGq/ITWdYe8TknwDF8O
vMMYNL5z4/CMu/YgV28QVF5ZyAP3aXNb8Z6co8+FGINtyU8O4XM+1WWo6JWQeIKS
zZ1ddv99PNhYJFhgWoI7GTPoa76pXsL7mWV1Qopd6vvCQkdU0CzoxXpZe/lbhIO7
ztR+AXw+k82lc4dGyTfuyn33hwgshI7LkndxLyU2c49xHitHkIfWqcPQUy/q0qTZ
gzvAEzNypr59YI1Hv9Vr8gtRA+23fEigc/kJMzMKRypZNVJ2eo0=
=QYPF
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Should mail servers publish IPv6 MX records? Could this harm your spam filtering?

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2018-06-08 at 10:27 -0400, Rob McEwen wrote:
> there has to be some justified level of "collateral damage" these
> days, due to the very high frequency of hijacked accounts, hijacked
> websites, and spamming ESP customers (from ESP that are overall
> good). 

Rather than dumping a piece of technology (ipv6), dump the ESPs that
enable cheap sending. (Win! Win!).  If those ESP customers had to build
out their own infrastructure then they would take better care of it...
regardless of ipv4, ipv6, ipv8, etc.

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsaloYACgkQJxVetMRa
JwUxXxAAu0CqqhxNX+IbYfyJBZWZwfEwLrZ7Ku4DPBTLWab4YAxas9uewt1sMgO1
6TpmV4cVM3C1z/Co+duFEsYfadDcOY6WEuYQAaxC5sVQXLZqba3lrjVMG5Bstm5O
qUXD9EGyieE7un96yP/WhBpTdIxQwRpq5piXknu7FVQqarqDfLwNm2osprpAD1IG
GZnV0V52HqImaW6QFDtBonX9OhAOPzwS7m6Z3DMRzkrYFQKYA594WC1q3Q15g4ZB
tYRPlTX1ReHuESGOaHrgFCAKowgMAxPgxDCT2FsYltqdh+3gSf+0YNpV5TcBTaBZ
SX4uJoetZWFdWc+9Kf7DeFzVUl+ACqOCtXDFECwHXuE56yLFyk8dn1lMBtdtqk5S
07vk7X4B0De2wklbn8dBX2dpXQBkYAOE19VnVsf4Ad2A7bXn7BE2PMdnTEVf6r8l
mhefDGOvgYYP07QLMn/lQOUhstnp64CLwWLPCzlWlvnIXDrKE8XkQJl8ac4EfSqd
DmYH7W3kfP094d4O0Bv8hvAkLY44PRAeHOjuntWC/v1g4PQTKejWzwfHHyccX1dK
iY0/6vEyh2ALuwqLfL+ei+iiAU+TD7ZJTu/b+UBLDwefMHtImjSs2jKEenQhFmIt
mRyrwN+IL2jjlqv4CYN0MpnCvPqqsT0l9WX5xMyDm9ZKOU3pbWE=
=mvOW
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] No MX records for mail.mil

[Jim Popovitch via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, 2018-05-03 at 09:33 -0500, Frank Bulk wrote:
> This doesn’t look so good, though:
> http://dnsviz.net/d/mail.mil/dnssec/

but this did:
http://dnsviz.net/d/mail.mil/WsaG2w/dnssec/
 
and before that there was:
http://dnsviz.net/d/mail.mil/WusxjQ/dnssec/

This flip-flop behaviour on mail.mil has been going on for more than a
year.  I'm going to guess that the responsible contractor doesn't know
what they're doing.  :-)

- -Jim P.
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlrrM0wACgkQJxVetMRa
JwV3ExAAnEIcG1kmh4NWuuloJ/jaoMoaKMtMUfyOx0QAGXzkPAl6BXMoVojxGupg
M+u951aSYjr0MZelpxyLjMnHXBKwHsUFUkgurT9q7G/fktnUUSDatSUIpZ0YnM/V
4tdCBjp4r0UvK93IAC+JzMLs5RrZ/qX6xwKXO+3eO7BXnHI3jOhW9YRPkJKSwV0f
T7H5oxh69Zz2dQazlGMThMuU99E04T+P7Nt3RS0xxNkahEeQbqzi5jLfsZtgBOZm
mhdW705pcs5gM2GeUvaafazuFgkV4+88fd+kjx4xrbWu0xPfCs5xfGLYNZZnDn27
SttcGFqvZYwI3HIriVFYMF+rQPU8oNdDx1dkBtpKb0LTeMCZCJQOGxX91EEVjk+t
IODTTZIhLZnBAsLHwUOeU0/KaF5r6fr8QUPRd0Mt8BmYwNNk4DeQlHCmmUxLNJol
nDWkRMfYOveogOID4wJK0czCw5uAPrmVaxXG3ZUCmAPHjGqJwOh31XDNTfzdIZ5E
U3PPTUzIoIGQJbmYysiIdbehydtHXJWFtakTPIfaa7f7UMZvlf4NXflqdm2mwhBe
TKZpjbdzMc3qxHsXtcxT5pufi3nLOTnP91iHbYU0SPnSrQWO3ThebR7RuFl48AG2
O5XrmaNRuNuKJFE3UVjxTOM3qkKDYdNGC6VS9dZHaaPurWi6los=
=pUnj
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

[Jim Popovitch via mailop]

On February 8, 2018 1:05:59 AM UTC, Michael Peddemors  
wrote:
>Spammers are abusing Google Groups lists of course, and I am sure they 
>are working on it, but the issue is with the unsubscribe URL methods.. 
>Comments at the bottom of the example..
>


I've been reporting this to Google for 4 weeks now.  Unsubbing from the www 
interface doesn't work either.  They don't seem to care...



-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF recommendations (was: Re: Earthlink trouble with our PTR)

[Jim Popovitch]

On Thu, Dec 14, 2017 at 8:07 PM, Bill Cole
<mailop-20160...@billmail.scconsult.com> wrote:
> On 14 Dec 2017, at 14:01 (-0500), Jim Popovitch wrote:
>
>> Aside from a few HUGE providers, those with very large and disparate
>> networks/offices/topology
>
>
> SPF isn't related to the complexity of a network, but control of users using
> a domain name, which is a very different thing.

Forget about users, think IoT devices.   ~all makes it easy for a
hacked device to send emails using your domain.

>> -all means that the domain operator knows what they are doing,
>
>
> No, it means they know what their users do.

Not every network or domain is used as a mailbox provider.

> Or that they THINK they do.
>
>> knows
>> what their network consists of and how email is routed within their
>> network.  It further states that the -all publisher has committed to
>> staying abreast of what happens in their environment in order to
>> assure their IP space is properly routing email.  It instills
>> confidence.
>
>
> There continue to be sites that do traditional ~/.forward-style transparent
> SMTP forwarding, which preserves the envelope sender as received. There
> continue to be websites which give users the ability to send content to
> others which use the address of the user initiating the action as the
> envelope sender, so that bounces go to the person who might care.
>
> Last I checked, it was frowned upon for sysadmins to execute users who
> obliviously violate a SPF '-all' policy by mailing a 'wrong' person or using
> a 'wrong' 3rd-party system.
>
>
>> ~all is just plain lazy, and is akin to saying that you don't have
>> confidence in your ability to own and control your own network;
>
>
> You keep using that word. I do not think it means what you think it means.

Ahh, a Princess Bride fan...

> If you consider users to be a subordinate part of a "network" then no
> "network" is controllable or should be.

No, that's not what I'm saying.  Forget about users, think spambot
infested devices on your network (or on someone else's network using
your domain).

>> and
>> you want others to spend some level of time/money (in the form of CPU
>> cycles) analyzing email emitted from your network to determine it's
>> suitability for deliverability.
>
>
> There you go saying "your network" again, yet fundamentally '~all' says 'my
> users might cause mail using my domain name to come from networks OTHER THAN
> mine.' Which is true of almost any significant set of users. Mail actually
> from the domain owner's network properly will be authenticated by what comes
> BEFORE the '~all' default.

Of course, but we're not really discussing what comes before the ~all
or-all, rather what comes after the properly identified network
resources listed in the SPF RR.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF recommendations (was: Re: Earthlink trouble with our PTR)

[Jim Popovitch]

On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailop
 wrote:
>
> In fact, you should not use "-all" for your mail domain if you care
> about deliverability.

FALSE!  (Also, you should not randomly add CC recipients to the same
mailinglist that you are responding to)

Aside from a few HUGE providers, those with very large and disparate
networks/offices/topology

-all means that the domain operator knows what they are doing, knows
what their network consists of and how email is routed within their
network.  It further states that the -all publisher has committed to
staying abreast of what happens in their environment in order to
assure their IP space is properly routing email.  It instills
confidence.

~all is just plain lazy, and is akin to saying that you don't have
confidence in your ability to own and control your own network; and
you want others to spend some level of time/money (in the form of CPU
cycles) analyzing email emitted from your network to determine it's
suitability for deliverability.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF failures at Yahoo

[Jim Popovitch]

On Oct 27, 2017 11:42, "Jim Popovitch" <jim...@gmail.com> wrote:

Is there someone from Yahoo! who can provide some insight into why
there is always 1 SPF lookup failure in your DMARC reports.

http://domainmail.org/reports/yahoo.com!netcoolusers.org!150
6556800!1506643199.xml

http://domainmail.org/reports/yahoo.com!netcoolusers.org!150
6988800!1507075199.xml

http://domainmail.org/reports/yahoo.com!netcoolusers.org!150
7939200!1508025599.xml

It seems odd,


and 3 more today (1 spf failure per every ~40 emails)

http://domainmail.org/reports/yahoo.com!netcoolusers.org!150
6470400!1506556799.xml

http://domainmail.org/reports/yahoo.com!netcoolusers.org!
1506902400!1506988799.xml

http://domainmail.org/reports/yahoo.com!netcoolusers.org!150
8976000!1509062399.xml

-Jim P.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

[Jim Popovitch]

On Mon, May 22, 2017 at 6:05 PM, Michael Wise via mailop
 wrote:
>
> At least a Mailing List is in a position to rewrite the headers so that SPF 
> works when it sends the traffic out.
>

Yep, but only those managed by ppl who know how to keep things
updated, patched, etc.   Lots of bad managed mailing lists out
there/here..

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Jim Popovitch]

On Apr 10, 2017 12:15, "Laura Atkins" <la...@wordtothewise.com> wrote:


On Apr 9, 2017, at 11:00 AM, Jim Popovitch <jim...@gmail.com> wrote:

On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq." <amitch...@isipp.com> wrote:

This brings up a good point...back in 'the day' folks would report spam on
NANAE;  is there a managed, moderated mailing list to report spam, that has
the main ESPs and such on it?


SDLU ?


Reporting spam in public just makes it harder for the abuse desks to handle
thing. If there is a working abuse desk, then abuse@ is fine. If there’s
not, reporting in public is performance art at best.


Pfft.

SDLU is somewhere between public and private.  Limiting reporting to one of
the many walled gardens makes it easier for consultants to protect revenue
streams

-Jim P.  (I know how bread is buttered)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AOL Service unavailable on connect

[Jim Popovitch]

On Mon, Jan 23, 2017 at 10:29 AM, Derek Diget
 wrote:
>
> Anyone else seeing connection issues to AOL?  Saturday morning (EST) we
> started getting
>
> 421 mtaig-maa03.mx.aol.com Service unavailable - try again later
>

Yep,


~$ mailq
Queue ID- --Size-- ---Arrival Time --Sender/Recipient--
3v6VYJ2sZpz1vdw  11396 Mon Jan 23 12:12:04 users-boun...@netcoolusers.org
(host mailin-01.mx.aol.com[152.163.0.68] refused to talk to me: 421
mtaig-aad03.mx.aol.com Service unavailable - try again later)
   xxx...@aol.com

3v5tbl151Yz1vg5  14271 Sun Jan 22 12:12:03 users-boun...@netcoolusers.org
(host mailin-01.mx.aol.com[152.163.0.99] refused to talk to me: 421
mtaig-aae03.mx.aol.com Service unavailable - try again later)
   ...@aol.com

3v5tbm10Hlz2V2r  12347 Sun Jan 22 12:12:04 users-boun...@netcoolusers.org
(host mailin-03.mx.aol.com[152.163.0.100] refused to talk to me: 421
mtaig-aad01.mx.aol.com Service unavailable - try again later)
   xxx...@aol.com

3v6VYL2Fwtz2V4H  12588 Mon Jan 23 12:12:06 users-boun...@netcoolusers.org
(host mailin-02.mx.aol.com[152.163.0.100] refused to talk to me: 421
mtaig-aam04.mx.aol.com Service unavailable - try again later)
   xxx...@aol.com

-- 57 Kbytes in 4 Requests.



BTW, mailop.org (chilli.nosignal.org) your SSL cert is still broken:

  "There are issues with the site's certificate chain
(net::ERR_CERT_DATE_INVALID)."



-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Storing 821 envelope recipients in an 822.Header?

[Jim Popovitch]

On Wed, Dec 7, 2016 at 2:13 PM, Eric Henson  wrote:
> Just be aware that using XY will have you labeled as misogynist , XX will 
> have you labeled a SJW, and XXX will get you blocked by porn filters.
>
> :-)

Damn the world is complicated.  All I was thinking of was Pokémon.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Storing 821 envelope recipients in an 822.Header?

[Jim Popovitch]

On Wed, Dec 7, 2016 at 12:17 PM, John Levine  wrote:
>>5.  Does not override existing specifications that legislate the use
>>of "X-" for particular application protocols (e.g., the "x-name"
>>token in [RFC5545]); this is a matter for the designers of those
>>protocols.
>>
>>So, X headers are still the way to go it seems for SMTP..
>
> Perhaps you missed this part of RFC 6648:
>
>As explained more fully under Appendix A, this convention was
>encouraged for many years in application protocols such as file
>transfer, email, and the World Wide Web.  In particular, it was
>codified for email by [RFC822] (via the distinction between
>"Extension-fields" and "user-defined-fields"), but then removed by
>[RFC2822] based on implementation and deployment experience.
>
> Really, if you need to invent a header, just invent one and don't
> pretend that anyone told you to use a X- name.


So you can choose any name you want as long as it doesn't start with
X- ?   :-)I'm going to start naming headers XY- just because it's
allowed by RFCs.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo blacklist removal

[Jim Popovitch]

On Wed, Nov 16, 2016 at 3:53 PM, David Sgro, Dataspindle
 wrote:
> Check Proofpoint.com to see if you listed 
> https://support.proofpoint.com/rbl-lookup.cgi?ip=

It's almost the end of the 2nd decade of the 2nd century that IPv6 has
been in use... I would have thought ProofPoint would be out to prove a
point by supporting IPv6.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Barracuda hosted spam filtering having issues?

[Jim Popovitch]

On Wed, Nov 2, 2016 at 4:05 PM, Eric Tykwinski  wrote:
> I'm seeing a lot of session timeouts on connections to
> .ess.barracudanetworks.com servers.
> Just checking to see if it's a known issue...

Same here (domainmail.org).  At first it looked like they had SSL
issues (http://paste.debian.net/plainh/4a759f68) so I disabled TLS for
the domain in question and now it's just:

Nov  2 20:09:01 svr5 postfix/smtp[17976]: 5B4F1514D7: lost connection
with d92740a.ess.barracudanetworks.com[64.235.153.2] while receiving
the initial server greeting
Nov  2 20:11:04 svr5 postfix/smtp[17976]: 5B4F1514D7: conversation
with d92740a.ess.barracudanetworks.com[64.235.150.252] timed out while
receiving the initial server greeting

Kinda odd tho,

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google: Increase in false positives?

[Jim Popovitch]

On Fri, Sep 2, 2016 at 11:12 PM, John Levine  wrote:
>>But I'm not sure what native would look like.  After Lavabit, would the
>>type of folks who use pgp actually trust our implementation if they
>>couldn't see it and verify it?
>
> In my experience there are two kinds of PGP users.  One is the hard
> core who go to key signing parties with their passports in their
> pockets. The other is the casual ones who get keys from keyservers
> when they send moderately touchy stuff.
>
> The latter group would probably be OK with your implementation.  The
> others would not, so they'd have to use POP/IMAP/SUBMIT and do the
> crypto at home.
>
>>Also, the spam problem becomes challenging in that environment...
>
> For the latter group, you can ask them if it's OK to use their keys
> for spam filtering and they'll probably say it is.  For the former
> group, it's a problem.  Of course, they're only likely to exchange
> encrypted mail with a tiny set of friends, so perhaps you could say
> that the sender's key isn't in someone's address book, rate limit it
> down to one or two messages per day.  That gives an opportunity for
> initial contact, at least until the spammers figure out that their
> botnets have plenty of CPU to invent a new identity and a new key for
> every spam.

In addition to what John said, I think a very useful first step
component would be for Google (Microsoft too!) to run an internal PGP
keyserver (if you don't already have one) and then use it reject
signed msgs that fail a basic sig test.  You don't need anyone's
private key, and you could sync your keyserver the same way all the
other keyservers do.   This would go a long way towards true message
integrity.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] DKIM + mailinglists (rehash)

[Jim Popovitch]

Hello!

If Mailman (and other MLMs) would provide some header data that listed
msg modifications (i.e. pre-pended subject with 6 chars, post-pended
body with 6 lines, etc), would this be beneficial for anyone to use in
order to reconstruct an original msg and validate the original DKIM
sig (X-Google-DKIM-Signature, etc.) ?

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why "not comply with best practices" on SpamRats?

[Jim Popovitch]

On Tue, Jun 14, 2016 at 5:33 PM, Peter Bowen <pzbo...@gmail.com> wrote:
> On Tue, Jun 14, 2016 at 1:48 PM, Jim Popovitch <jim...@gmail.com> wrote:
>> On Tue, Jun 14, 2016 at 12:16 PM, Suresh Ramasubramanian
>> <ops.li...@gmail.com> wrote:
>>>
>>> 163 is an email provider that I doubt provides dynamic IP space of any sort.
>>> And as Junping says, 700 million mailboxes.  Well north of 30 million, like
>>> I said :)
>>
>> Where does 123.com fit into all this?   
>> http://paste.debian.net/plainh/4f41f8c4
>
> I'm assuming you mean 126.com, based on the paste.

Opps, yes, 126  (what is up with all the numbered domains?!?!)

> 163.com, 126.com, yeah.net, vip.163.com, vip.126.com, vip.188.com, and
> netease.com are all NetEase domains.


So the paste is evidence that SpamRats is doing the right thing?

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Multiple DKIM signatures -- any benefit or detriment?

[Jim Popovitch]

On Sat, May 21, 2016 at 1:22 PM, Steve Atkins <st...@blighty.com> wrote:
>
>> On May 21, 2016, at 9:41 AM, Jim Popovitch <jim...@gmail.com> wrote:
>>
>> On Sat, May 21, 2016 at 12:23 PM, Steve Atkins <st...@blighty.com> wrote:
>>>
>>>> On May 21, 2016, at 8:45 AM, Jim Popovitch <jim...@gmail.com> wrote:
>>>>
>>>> On Fri, May 20, 2016 at 5:21 PM, Michael Rathbun <m...@honet.com> wrote:
>>>>> On Fri, 20 May 2016 17:00:37 -0400, Jim Popovitch <jim...@gmail.com> 
>>>>> wrote:
>>>>>
>>>>>> Give me a (real world) example of how 2 DKIM sigs will be in the same
>>>>>> email msg and both sigs will verify.
>>>>>
>>>>> Here are two:
>>>>>
>>>>>> Authentication-Results: mx.google.com;
>>>>>> dkim=pass (test mode) header.i=@humblebundle.com;
>>>>>> dkim=pass (test mode) header.i=@dynect.net;
>>>>>
>>>>>> Authentication-Results: mx.google.com;
>>>>>> dkim=pass header.i=@cpro30.com;
>>>>>> dkim=pass header.i=@morningconsult.com;
>>>>>
>>>>
>>>>
>>>> That's quite vague.  What was signed by each key? When most people
>>>> think of DKIM they think of a DKIM key being used to guarantee that
>>>> parts of a message haven't been modified in transit.
>>>
>>> If they do, they're thinking about it wrong. DKIM is *not* about message
>>> integrity, it's about someone taking responsibility for the message in
>>> a way that is provable by a third party. Or, if you prefer a more mechanical
>>> model, it's about attaching an unforgeable identifier to a message so that
>>> that identifier can be used as a key to track the history of the email
>>> author.
>>
>> Email is multi-faceted.  I really don't think there is any one person
>> who has seen all sides and knows whats best for all sides.
>
> It's not about what's "best", it's about understanding what a protocol
> is, and what it provides. That's important because if someone misunderstands
> what DKIM is for, you they misusing the results it provides.
>
>> Correct me if I am wrong (with details please).   ESPs are the only
>> ones using 2 or more DKIM sigs, and one or more of those DKIM sigs is
>> just an identifier injected along the way, that seeks to verify the
>> middle-man by signing zero or a few headers (but not any headers wrt
>> deliverability, hops, received lines, etc.)
>
> *All* DKIM signatures are just identifiers injected along the way. All
> reasonable[1] DKIM signatures sign a sensible subset of the headers and
> the entire body.
>
> There is no "primary" or "main" DKIM signature. A message may have
> zero or more DKIM signatures; none is intrinsically more valid or
> valuable than the others. There is an order to them, but that's just the
> order in which the signatures were applied rather than anything inherently
> meaningful.
>
> (Though, obviously, you can intuit things from the order, and there is
> broken software out there that, for example, treats the first or last
> DKIM signature differently. And there are protocols out there that
> pay more attention to DKIM identifiers that bytewise match other
> elements of the email. That's all outside the scope of DKIM itself.)
>
> The result of validating DKIM is a list of zero or more identifiers (one
> from each DKIM signature that validates).
>
> Mailserver automation can do whatever it pleases with that result,
> but that's the only information it gets from DKIM - a list of zero or
> more identifiers (typically the d= value from each DKIM-Signature
> header).
>
> Cheers,
>   Steve
>
> [1] There's a lot of leeway in the DKIM spec about what you can
> sign and still be a "valid" DKIM signature, but that's mostly theoretical.
> In the wild you'll see everyone signing something like mime-version,
> in-reply-to, references, date, message-id, subject, from, to and the
> entire body.
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


Thanks Steve for the details.

Some explanation for my deep curiosity   Mailman (which I hack on
here and there) and other MLMs had problems in the past because
Mailman modifies the body and appends a footer (as seen on this list).
So the advice, years ago, was to strip any incoming DKIM sig, than add
a new DKIM sig from the MLM host before reflecting the msg.  That
worked for years... then multiple DKIM sigs came into parlance, then
came DMARC, then came the advice to not strip incoming DKIM sigs and
just add a new one.  What I would like to do is find a way to keep
incoming sigs, keep the mailing list footer,  add the MLM's DKIM sig,
and have all sigs validate.  How does this work in the ESP world where
a client originates and signs a msg that is then handed to an ESP who
adds a sig and distributes it?  Does the client sign the body?

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Multiple DKIM signatures -- any benefit or detriment?

[Jim Popovitch]

On Sat, May 21, 2016 at 12:23 PM, Steve Atkins <st...@blighty.com> wrote:
>
>> On May 21, 2016, at 8:45 AM, Jim Popovitch <jim...@gmail.com> wrote:
>>
>> On Fri, May 20, 2016 at 5:21 PM, Michael Rathbun <m...@honet.com> wrote:
>>> On Fri, 20 May 2016 17:00:37 -0400, Jim Popovitch <jim...@gmail.com> wrote:
>>>
>>>> Give me a (real world) example of how 2 DKIM sigs will be in the same
>>>> email msg and both sigs will verify.
>>>
>>> Here are two:
>>>
>>>> Authentication-Results: mx.google.com;
>>>>  dkim=pass (test mode) header.i=@humblebundle.com;
>>>>  dkim=pass (test mode) header.i=@dynect.net;
>>>
>>>> Authentication-Results: mx.google.com;
>>>>  dkim=pass header.i=@cpro30.com;
>>>>  dkim=pass header.i=@morningconsult.com;
>>>
>>
>>
>> That's quite vague.  What was signed by each key? When most people
>> think of DKIM they think of a DKIM key being used to guarantee that
>> parts of a message haven't been modified in transit.
>
> If they do, they're thinking about it wrong. DKIM is *not* about message
> integrity, it's about someone taking responsibility for the message in
> a way that is provable by a third party. Or, if you prefer a more mechanical
> model, it's about attaching an unforgeable identifier to a message so that
> that identifier can be used as a key to track the history of the email
> author.

Email is multi-faceted.  I really don't think there is any one person
who has seen all sides and knows whats best for all sides.

Correct me if I am wrong (with details please).   ESPs are the only
ones using 2 or more DKIM sigs, and one or more of those DKIM sigs is
just an identifier injected along the way, that seeks to verify the
middle-man by signing zero or a few headers (but not any headers wrt
deliverability, hops, received lines, etc.)

> That it does that partly by using a cryptographic signature that includes
> some subset of the content is an implementation detail that's only there to
> mitigate replay attacks.

That "subset" is the part that interests me.

>> So, for this
>> discussion, I think it's important to identify the parts of the
>> message that are being signed, no?
>
> Not generally, no. But that info is in the DKIM-Signature headers
> if you want it.

I do want it, and since MDR provided the incomplete example I was
asking him to provide the rest.

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop