Re: [mailop] Proofpoint Contact
> In the past, I've found them to be totally unresponsive and gave up on > them. That can't be right. I literally contacted them a few days ago and had a successful response (unlisting) within minutes during US business hours. Go here, put in your IP address, and they give you an opportunity to input a text description about the issue. https://ipcheck.proofpoint.com/ Note, they may not contact you, they did not contact me, but they did read what I wrote to them and they removed their listing of my IP address. I would add as a further point, it's up to you to make certain that your IP is clean before you ask them to unblock it. Put your IP(s) in https://multirbl.valli.org/ and see what lots of folks think about it. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] verifier.port25.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Lots of good responses for alternatives to verifier.port25.com, but do any of them support aliased feedback address whereby you could send an email to check-auth-lhs=domain@verifier.port25.com and the response would be returned to the aliased address not the sender? I've used that many times in the past as a "bastads". - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmRtHZoACgkQPcxbabkK GJ勠䀂汔ک줚䞦ඬ綝�豋㦺羛藩ꗌ鍒꽶त帆芗 so0LALZrWXXsyS5rrvadKY/g9m9WWUDg0X5oLyLI7fOxYv7eT/Qꅸ뻯툱쏕 U/954m5KYBHErW⺗߬簄弸䪼㠂珢㺈駙�樀줘佾ᯫ殊䧋鴟 KkQV4TJW3DbswXqGzUOgDrpF00M5TrBTrBeQkKjbdSui0BgU5eBGRghu9fwhzu2v xyuibL3MPilBoP3txs4nVnsYyQDiKyhWINz40W8/HDJrT7MhrOBKJ6gdDsbB5i1p ujhjTHGBhf3ARVpZS翲᷽盧띯ᰠ稗䊟錺⮅䓟䒝낀⃮䤖芷 ENTVxrꣴ㴅⮜䞥닼㉉讽䗩鹓�멃ᆉ貧�⨷�⡄ꩆ魙 3nJQhpTAt5Za5Px0ZAeuoxfBMLVx3evHwReTw300KrI6co/D0G㗭奡嵭땜 dtE2ukr5QUrbFVOZYcyPBaIGYA4uHg6z42uoBuH8RVTkWzqgY09rxx7zOeFcTGlo MG0scUvrLAR9bZSGfHIFhRhMCTBqbxSziLjUGeY0Flc7uzI5Ѿ俽ﺐ疅 uA/UbpOSxiC1ljB4ZefYI5ib1hUeSQ8bzMJNhGDxe3ZgvTI5Sl8= =bres -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Mailing lists, Apple and failing DKIM signatures
On Mon, 2023-05-22 at 22:18 +0200, Benny Pedersen via mailop wrote: > Jim Popovitch via mailop skrev den 2023-05-22 20:49: > > > DO use Mailman's built-in DMARC mitigations for re-writing From > > for DMARC identified domains, including p=none. > > fine tool to break dkim, it would not help repeat why not break > dkim, there would be endless debate why keep the problem, old > software from 1970 does not break new standard You are the sole carrier of that "debate", and, despite many many previous attempts at correcting you, your assertions that the way Mailman replaces the From address somehow breaks *your* DKIM setup, is a hill that we all know you will die on, and 99% of us no longer care if that occurs. :) Also, please install a spell-checker in your environment. Thanks! -Jim P. (one of the many "bastads from hell", as Benny puts it) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Mailing lists, Apple and failing DKIM signatures
On Mon, 2023-05-22 at 19:20 +0100, Simon Arlott via mailop wrote: > If you're running a mailing list that retains the original DKIM > signatures [that will fail because the message subject and body > have been modified] you might want to strip/hide them because... DON'T remove standard pre-existing mail headers. DO use Mailman's built-in DMARC mitigations for re-writing From for DMARC identified domains, including p=none. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Proofpoint bottleneck to ibm.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Someone has reached out to me off-list. Thanks all! - -Jim P. On Sun, 2023-02-05 at 19:48 -0500, Jim Popovitch via mailop wrote: > Hello! > > Anyone else seeing a delay in delivering email to *.ibm.com via > Proofpoint? All IPs are good on ipcheck.proofpoint.com, have been > getting 421's for ~8 hours now. > > Thanks! > > -Jim P. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmPgV/UACgkQPcxbabkK GJ/IOg/8CqBh4pwkTkUSwbGMQLZMKD43fFyzujTtuSXH89zWN5jOnqhoSRukn+7w g4uQ12lvfnw8vnXF4fhlNMR3OvHn1KDBGr54JBImf0pA3Ep/zgjB6zlwPdTkONkE wQe4qU+jRlwDkjAsu18ENgA03SF7+IF0P384dK2O1xtwnlEyvXLIQeE3QEu2GhKu iiYpCefeuJHabOr4EXkFKbGEBQ5CgByoUj814Oh9yOeGSP1ilrJYAlX0HU9i/5QN YZ4kweLlCDAgw/WM5WYwtkj388GtIYgU6xnO5yPsIKZARKG89RRCtZEkPKSwj+/u fUkOMmMTM/08owYtUMaADF4NT4I9roWiW3X143IWur687jx/yVnJfGlr+FMKsdJz bsI+6BAB9UHMIFYVTSOfk6iIWhd+a+50fnZcUVxeXD7AScfU/5MroUAxJT6BslHh 2QBAToo6sx0lEZf54MOH+edNV2FkbtUQ32aG1Fparzfl/VaUJd+0Ma8/6LPrcnvD eaCOJj7tt1RZBQxqc1fQ09Kh6QX2M4uzCRLQ/Ss47l0+XxP4y86NFWDZYhDM8OqG SGgmBsXOqqX0FfyDJ2RRV7wccOEM5f9hahebNysqWbCb8SOdXcxGCYbL8izCbcaL VTPsp6ASx+UldEeNBE2hi1TUVLEY7L0BnXF33IqaKcjQ+a8PwzA= =o6py -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Proofpoint bottleneck to ibm.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello! Anyone else seeing a delay in delivering email to *.ibm.com via Proofpoint? All IPs are good on ipcheck.proofpoint.com, have been getting 421's for ~8 hours now. Thanks! - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmPgTlUACgkQPcxbabkK GJ86qw//XkM+houfINXlkfAMLduzozUvxr6r1SCxM14NCNXHbWchYisAsXG/d7X4 ANarA5Lcr2PprOk2+Ee1qel7MLPom82LwxUdOn6H9tHP6Eue/Pd4SOOEiMBs6LUY aVI+svawsX2E1YRBsCrDxlF5SRuuokQ5b8/cHboLqlUsHgPX2loJ70Opf9LFoLq1 en5jX19xGVzkrtWbd29ZOmtc0za5fiF7Gnw55J8FklgaIu1xx9xbS1qNzKvPiguG KoYlIePNb+8Jg7/tLYraR2UM5fGS+9gSrE3Sn3fn9EQ1cZ908M1VtfjYsDs1of8H gye9Ws3kU0OnlF/nBSl5whuJxmyPWWCU+70tpaXMDLnaPXYQoDIGxegawlWTsWZV RA9nlNjd2JRTFpNjZRCuJsXb8IKDyS4XGhXWMaJq2YeHm6184YWfXRObE87rEZmD zEBduaXDqeZIiJnn2521v4omSH8emZf71Pq3+hSoh9VUubFkHUwX1r4sKgLu2OAi fwC1P+m2fxA42PZsxtfMWDZoQaF1fQsAYXYrpQV7VnpSb928n7Psakz7SarW+PPq O10ApIg6pQ9E2mOGHaZlChdHt/GY6xOBPsmMkirSfwe9SuZL4kKmwtPRm636Xa+l Fw8M3n79FMFvBKcw3dONVAcMyh+dwhAibL1d0FN6TzveAWtlkCw= =6Ql3 -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DigitalOcean IP ranges gone
On Fri, 2022-11-25 at 18:05 +, Slavko via mailop wrote: > Hi, > > i was using https://digitalocean.com/geo/google.csv to fill my > internal rbldnsd, but recently i start getting 404 for it. I do not > update these IP ranges too often, thus i am not sure when it > starts to happen, but the problem persists about one week. > > I checked DO docs, but the URL doesn't changed in it. > > Please, know someone if it is some temporary problem, list > is gone, or that URL changed? > It hasn't been there since at least 2022-Feb according to this: https://www.digitalocean.com/community/questions/what-happened-to-the-digitalocean-ip-address-list ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Postfix.org borked?
On Mon, 2022-11-21 at 17:52 -0800, Jay Hennigan via mailop wrote: > On 11/21/22 17:30, Jim Popovitch via mailop wrote: > > On Mon, 2022-11-21 at 17:10 -0800, Jay Hennigan via mailop wrote: > > > On 11/21/22 16:24, Jim Popovitch via mailop wrote: > > > > > > > I still think there's some weirdness going on. Firstly I'd be surprised > > > > if Wietse hung www off of 1 NS, and then the base domain off of 2 NSes > > > > on the same subnet. > > > > > > Unless they're anycast. As a mild example, 4.2.2.1 and 4.2.2.2 > > > > > > > Of course, but in this case simple testing says they aren't... unless > > all the anycast end-points are hanging off a HE node in NYC. > > Alternatively, if the resource that you're trying to reach is on the > same LAN (or machine) as both/all of its authoritative nameservers, it > doesn't matter in the larger scheme of things. > > If a resource isn't reachable because its subnet is unreachable, then > whether or not authoritative DNS on the same subnet is working really > becomes kind of moot. You're not going to reach that resource whether or > not it resolves until the underlying issue gets fixed. > > This doesn't seem to be the case with Postfix, however. > I'm not really certain of what your point is, but do you realize why having a single NS server, or more than 1 NS servers all on the same subnet, is bad? -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Postfix.org borked?
On Mon, 2022-11-21 at 17:10 -0800, Jay Hennigan via mailop wrote: > On 11/21/22 16:24, Jim Popovitch via mailop wrote: > > > I still think there's some weirdness going on. Firstly I'd be surprised > > if Wietse hung www off of 1 NS, and then the base domain off of 2 NSes > > on the same subnet. > > Unless they're anycast. As a mild example, 4.2.2.1 and 4.2.2.2 > Of course, but in this case simple testing says they aren't... unless all the anycast end-points are hanging off a HE node in NYC. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Postfix.org borked?
On Mon, 2022-11-21 at 16:07 -0800, Dan Mahoney via mailop wrote: > > To be clear, I was also hitting errors when I was trying to (from a direct > google link) hit the www.postfix.org mailing lists page, and getting a safari > timeout. I still think there's some weirdness going on. Firstly I'd be surprised if Wietse hung www off of 1 NS, and then the base domain off of 2 NSes on the same subnet. jimpop@work~$ dig NS www.postfix.org postfix-mirror.horus-it.com. jimpop@work~$ dig NS postfix.org ns4.porcupine.org. ns2.porcupine.org. jimpop@work~$ host ns4.porcupine.org. ns4.porcupine.org has address 168.100.3.72 jimpop@work~$ host ns2.porcupine.org. ns2.porcupine.org has address 168.100.3.75 -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders
On Mon, 2022-09-19 at 17:07 +0200, Alessandro Vesely via mailop wrote: > > ARC is the authentication of choice in this case because, being devised for > this task, it is supposedly straightforward to configure for it, whereas > whitelisting after SPF or DKIM smells like a hack. I wish ARC was straighforward to configure and implement, but sadly I haven't experienced that. Can teams at Google, Microsoft, AOL, etc., wrap ARC into their offerings, sure. Can I wrap ARC into my mail flows, not without a team. Generally that team would be something like OpenDKIM, OpenDMARC, Postfix, or even Mailman (although the latter one have moved on to a product version that even they often admit isn't ready for full replacement of the version of Mailman I use). Now, you might be thinking that OpenARC is the solution, but it isn't, and it appears to be abandoned (last commit was 4 years ago, and there are currently 31 outstanding issues). Should I jump in and try to help resolve 31 open issues in an abandoned project? Let's see who the project was created by and associated with... oh look, OpenDKIM and OpenDMARC (those other technologies that promised solutions that now need ARC to solve). I know I'm on a soapbox here, but looking back this whole band-aide after band-aide of wrap-around solution(s) for email delivery sounds more like a Congressional/Legislative "solution" of promise after promise rather than a solid solution. This is why the bigbox mailbox providers are winning. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] DMARC Stockholm syndrome, Reject vs spam folders
On Sat, 2022-09-17 at 11:48 +0200, Alessandro Vesely via mailop wrote: > > Yes, ARC can fix what DMARC broke. You must be new around here :) If ARC is fixing what DMARC broke, and DMARC was to fix what DKIM broke, and DKIM was to fix what SPF broke, and SPF was to fix (what was SPF suppose to fix, oh yeah... provider greed and irresponsibility). Have we fixed that last part yet, because I don't think ARC is going to be any better at fixing the real problem. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] The oligopoly has won.
On Wed, 2022-09-14 at 10:57 +0200, Alessandro Vesely via mailop wrote: > On Wed 14/Sep/2022 00:09:49 +0200 Jim Popovitch wrote: > > On Tue, 2022-09-13 at 15:56 -0600, Grant Taylor via mailop wrote: > > > On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote: > > > > > > > > It's not hard to do, it's just not super easy. > > > > > > Try writing down all the things that you've done and would need to re-do > > > if you were to build a mail server anew to comply with the same > > > standards that you're complying with now. > > > > My list would be: > > > > Reputable hosting company, or BYOIP > > Reputable domain and TLD. > > FCrDNS > > SPF > > DKIM > 1024b and rotated regularly. > > DMARC as either reject or quarantine. > > Making sure your system doesn't backscatter. > > Sign up at dnswl.org > > > No blacklisting/ abuse reporting? I don't see those things as a hindrance to setting up a non-oligopoly email system. I personally feel a lot of personal and small time providers spend way too much effort on such things (including robust DNSSEC reporting without out of the box configurations). Just 5xx what you can't deliver and/or you don't want. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] The oligopoly has won.
On Tue, 2022-09-13 at 15:56 -0600, Grant Taylor via mailop wrote: > On 9/13/22 3:33 PM, Jim Popovitch via mailop wrote: > > Right, that's why I have said repeatedly that it is not super easy. > > It's not hard to do, it's just not super easy. > > I agree that it's not easy by any stretch of the imagination. > > I dare say that it's more on the hard end than I'd like to admit. > > Try writing down all the things that you've done and would need to re-do > if you were to build a mail server anew to comply with the same > standards that you're complying with now. > > I suspect that you might be mildly surprised in hindsight of all the > things that you have done. It would probably take 15 minutes or more to > mention what needs to be done with at most one sentence description per > thing so that someone not skilled in the art might have an inkling of an > understanding. > My list would be: Reputable hosting company, or BYOIP Reputable domain and TLD. FCrDNS SPF DKIM > 1024b and rotated regularly. DMARC as either reject or quarantine. Making sure your system doesn't backscatter. Sign up at dnswl.org I've done those things at least every other year with various domains (both testing and in-use) and never had trouble sending. Yes, there have (and will always be) the big mailbox providers who see a new IP/domain and stuff it in bulk/spam folder, but after the receiver clicks "this is not spam" most of the time there are no future problems. And, if there ever was, the folks here on mailop are overwhelmingly glad to help. There's no secret sauce to deliverability, it's just common sense stuff. It's not easy, but it's not hard. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] The oligopoly has won.
On Tue, 2022-09-13 at 15:18 -0500, Chris Adams via mailop wrote: > Once upon a time, Jim Popovitch said: > > I agree. Self hosted email is not hard, and it's just not super easy. :) > > > > The much harder aspect of email is getting your peers, family, and > > friends to adopt encryption. > > Self-hosted email is hard (or really, impossible) for a high enough > percentage of the Internet population that it is effectively 100%. My > father has been using computers since well before I was born, is still > working on rockets today, but I have to explain email technicalities to > him sometimes, things that we just take for granted. > > It's similar in a way to how blogs were popular before a succession of > social media megacorps took over; the average techy could pop up > something on their ISP-provided web space back in the day, but the > average individual online now could not possibly do that. Even dealing > with a hosted WordPress or the like is beyond most. And even the > density of capabale people is way to low to support friends-and-family. Right, that's why I have said repeatedly that it is not super easy. It's not hard to do, it's just not super easy. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] The oligopoly has won.
On Mon, 2022-09-12 at 19:02 +0800, Henrik Pang via mailop wrote: > why bother to self host an email? using gmail/gsuite save a lot of > time. > > Why make a home cooked meal when you can buy the same processed meal that everyone else buys? Why make your kids custom toys, just buy them the same toys all their friends have. Life should be about variety, not alignment. Self hosted email is not hard, it's just not super easy. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] $GOOG
On Sun, 2022-04-17 at 11:06 -0600, Rob Nagler via mailop wrote: > Laura, did you notice the To line in the email to which I am replying > is "Bill Cole via mailop ". The reason you see that is because your MUA is auto-saving email addresses of the people that email you. The "Bill Cole via mailop" is a DMARC mitigation feature of Mailman. Sometime in the past you received an email from MailOP, that originated by Bill, and your MUA nicely saved it for you (albeit I would argue that your MUA incorrectly saved it for you). -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] USPS mailing
On Fri, 2022-03-04 at 18:05 +, Matthew Stith via mailop wrote: > Hey there Mailop folks, > On Monday March 7th and going on for a few days Microsoft and Amazon > will be sending out messages on behalf of USPS in relation to Covid > Home-test-kits. They ask that these message be allowed. We were > provided with the following information regarding the mailing: > USPS March 7th mailing > U.S. Postal Service > Sending Domain email-special.usps.com > Sending Address nore...@email-special.usps.com > Main URL https://special.usps.com/testkits > The messages are going to be coming from Amazon space. I have added > the list of IPs that they will be sending from. > Added them where? :) Did you also remove them from the PBL? The last time they did a blast like this these were the headers of what I received: X-Client-Addr: 56.0.143.49 (mx3) Received: from gk-c49-email.usps.gov (gk-c49-email.usps.gov [56.0.143.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "gk-c-mail.srvs.usps.gov", Issuer "Sectigo RSA Organization Validation Secure Server CA" (not verified)) by mx3.domainmail.net (Postfix) with ESMTPS id 4JrNs86Y8dz5wKG for ; Sat, 5 Feb 2022 07:12:44 + (UTC) DKIM-Signature: v=1; a=rsa-sha256; d=usps.com; s=uspscom1008; c=relaxed/simple; q=dns/txt; i=@usps.com; t=1644045157; x=1659597157; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=dF+2v+s7VySk8VKb2y1aHfOGTO+N/k9FSG7eq4XAd2g=; b=mGcIPkd/D/mqalQ9Rp8l7S3cJushw1ckyBbPcSwwPWJRbmoOBftZAy8Nka39rISh N0D9xGEvKyu4hBmKf3trnqyAZwJYOpIuR8CMlB1ktsF7lULNIyP0jC10AXukDUtU zCA0LQYm7SOwGYzRdaDqfLSa1za1gclfQlzXRm+N281pTgqVLW0qF1Qltx20CDa1 +7W1gzkfxtch5jaOwPsOlajn7PHCfZxTT69dPRIz7A1Ypf3/5ddCnViT4VbYANiF qQjdB13eGlz3Jxs5DMC1YxtGECGRyXvBBMOdGSiuaulYQDvRTnmPL/rxkfGD6T2c 22rVRr/xGWMdHlsQP7UVwQ==; Received: from mailrelay-c9i.usps.gov (eagnmnmbp627.usps.gov [56.207.40.120]) by gk-c49-email.usps.gov (Sendmail 8.14.3) with SMTP id DD.28.01377.5632EF16; Sat, 5 Feb 2022 01:12:37 -0600 (CST) X-AuditID: 38008f27-07fe82400561-82-61fe23654b05 Received: from eagnmnmep1e40.usps.gov (eagnmnmep1e40.usps.gov [56.201.222.71]) by mailrelay-c9i.usps.gov (Symantec Messaging Gateway) with SMTP id 4C.CE.01589.5632EF16; Sat, 5 Feb 2022 01:12:37 -0600 (CST) From: auto-re...@usps.com Date: Sat, 5 Feb 2022 01:12:37 -0600 (CST) Sender: auto-re...@usps.com To: REDACTED Message-ID: <1151028025.11203.1644045157024.javamail.ppts...@eagnmnmep1e40.usps.gov> Subject: =?UTF-8?Q?USPS=C2=AE_Expected_Delivery_by_Tuesday,_February_8,_2022_?= =?UTF-8?Q?arriving_by_9:00pm_4203032445189200190314713204344571?= MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_Part_11202_893814898.1644045157024" X-Brightmail-Tracker: H4sIA+NgFlrHLMWRmVeSWpSXmKPExsVicV6jQjdV+V+iwZk90haLJ/1lcWD0mLnp G3sAYxS3TVJiSVlwZnqevl0Cd8bupsmMBU25FTuutbA1MF5I7GLk5JAQMJE4sXkJUxcjF4eQ wGFGicNbWthhErf/LWaFSFxglJjUepu5i5GDg01AUuJZhxlIDYuAlsSZj91MILawgLTE8xnX WEBsEQFBicu3HoLZvAIhEjcvngWbIywwmVHi79EnzBAJQYmTM5+AFTELhEpM+NnEDFIkIbCJ VWLRhyZGiCvEJPacvss0gZFvFpKeWUh6IGxxieur/kPZ2hLLFr5mXsDIsopRND1bN9nYUjc1 NzEzR6+0uKBYLz2/bBMjKOAY+tV3MC77bXeIkYmD8RCjBAezkghv9rTfiUK8KYmVValF+fFF pTmpxYcYpTlYlMR5k3zaEoQE0hNLUrNTUwtSi2CyTBycIN1cUiLFqXkpqUWJpSUZ8aCAjy8G hrxUA+OhaTVsy88vtnl5JvvKn8rPTatM1CZffngq/8zrKS/Z0k1uaeRPnenkkfj0uuabqv+b ej9/m79qXl22+C3+nW//H/k+dX8Dx2YTU+7965tPNIcemmV14vLrNZ7+B4ozbqXPXMQeJ/lB Plv3xK9aTSGeqktTyj70MbT+DVvVm+848XWA99ojlbyrlFiKMxINtZiLihMBXlxi9EECAAA= X-Brightmail-Tracker: H4sIA+NgFnrIJMWRmVeSWpSXmKPExsVicfKeu26q8r9Eg+4/jBaLJ/1lcWD0mLnp G3sAYxSXTUpqTmZZapG+XQJXxu6myYwFTbkVO661sDUwXkjsYuTkkBAwkbj9bzFrFyMXh5DA BUaJSa23mbsYOTjYBCQlnnWYgdSwCGhJnPnYzQRiCwtISzyfcY0FxBYREJS4fOshmM0rECJx 8+JZsDnCApMZJf4efcIMkRCUODnzCVgRs0CoxISfTcwTGLlmIUnNQpKCsMUlrq/6D2VrSyxb +Jp5ASPLKkax3MTMnKLUnMRK3WTLTL3S4oJivfT8sk2MoGA4r2G6g/Hym5RDjEwcjIcYJTiY lUR4s6f9ThTiTUmsrEotyo8vKs1JLT7EKM3BoiTO23X+bqKQQHpiSWp2ampBahFMlomDU6qB cYufuLjlgsV7zSftOqE043d1UsPk+Tv33jcwWmT8PiZtx3vulxp3Hf7PeihgMOPC651feM7H tIoxW4t/cZmREF3z/R1LVWL9k9bPa0KvFZ+X/N6uIL5U7uiZBwzPm7WbX/k6V03+eOjMTffn HU4yF98ce5fgoMYvVtT6p2e664Sny/W3HEt+JafEUpyRaKjFXFScCADMI2e39AEAAA== X-CFilter-Eagan: DLP04 X-Virus-Scanned: clamav-milter 0.103.5 at mx3.domainmail.net X-Virus-Status: Clean X-Spam-Flag: YES X-Spam-Status: Yes, score=108.0 required=5.0 tests=RCVD_IN_ZEN_LASTEXTERNAL, SHORTCIRCUIT shortcircuit=spam autolearn=disabled version=3.4.6 X-Spam-Report: * 100 SHORTCIRCUIT Not all rules were run, due to a shortcircuited * rule * 8.0 RCVD_IN_ZEN_LASTEXTERNAL The last untrusted relay is listed in * Spamhaus ZEN X-Spam-Level:
Re: [mailop] m-365 still works like a spammer !
On Sat, 2021-07-24 at 17:14 +0200, Xavier Beaudouin via mailop wrote: > Hello, > > > > But it seems they never trys the best preference first. > > > > > > > Are you greylisting or running pregreet tests on your MXes? > > > > Here's what I think is happening. MS first tries the priority 10 MX, > > and postscreen (or such) issues some tests that delay the transaction, > > so then MS tries the next (next, next...) priority MX and eventually > > ends up on your highest priority MX. > > I use greylisting... BUT... there is not log trace from microsoft servers on > the 10 MX... so they didn't bother about greylisting... > Maybe they had some issue... I changed the priority to 50... let's see > if there is something different... Another possibility is routing issues. Does your primary MX(es) have address space in Level3/Lumen/CenturyLink? I have an outbound MX in that space that can't reach 1/2 the world. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] m-365 still works like a spammer !
On Sat, 2021-07-24 at 13:23 +0200, Xavier Beaudouin via mailop wrote: > > > But it seems they never trys the best preference first. > Are you greylisting or running pregreet tests on your MXes? Here's what I think is happening. MS first tries the priority 10 MX, and postscreen (or such) issues some tests that delay the transaction, so then MS tries the next (next, next...) priority MX and eventually ends up on your highest priority MX. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Paging Barracuda/EmailReg
On Mon, 2021-04-05 at 09:06 -0700, Erwin Harte via mailop wrote: > On 4/3/21 8:59 AM, Jim Popovitch via mailop wrote: > > Paging someone from Barracuda or EmailReg. EmailReg.org has been > > offline for a while now. > > > > https://www.barracudacentral.org/about/emailreg > > As I understand it that should be deprecated/removed, I've nudged > someone about it. > +1 Thanks! I just saved $20, AMA! -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Paging Barracuda/EmailReg
Paging someone from Barracuda or EmailReg. EmailReg.org has been offline for a while now. https://www.barracudacentral.org/about/emailreg -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Yahoo: This mailbox is disabled (554.30)
On Mon, 2021-03-22 at 18:04 +, Laura Atkins wrote: > On 22 Mar 2021, at 16:06, Jim Popovitch via mailop wrote: > > Something I've never fully understood: Is a disabled account permanent > > or subject to reactivation upon some action? This is for a mailinglist > > subscriber, so I'd prefer to not remove the subscriber if there's a > > chance the participant can re-activate their account. > > Some of the consumer mailbox providers disable the ability of a > mailbox to accept mail if it’s not logged into for a certain length of > time. However, if the mailbox owner logs in and reclaims it mail will > start flowing again. > > Yahoo, in particular, has been sending out ‘if you don’t log in, we’re > going to disable your ability to receive mail.’ Yahoo accounts are > associated with a lot of other services (I have one I don’t use for > mail but is associated with my paid Flickr account, for instance) so > the accounts do still exist and I can always log back in and turn mail > on again. > > They can be reactivated if the subscriber logs in and re-activates the > mail. But the fact that it’s been deactivated means it’s very likely > your subscriber likely hasn’t logged in for 6 - 12 months. I would > suggest you stop sending mail to that account as repeatedly sending > mail to an address that is dead is a hit to your reputation. > > laura As always, excellent feedback Laura thank you very much. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Yahoo: This mailbox is disabled (554.30)
On Mon, 2021-03-22 at 09:24 -0700, John Brahy wrote: > Pretty sure the only time it’s opened back up is to make a spam trap Heh, I've seen that. So, 554.30 is permanent disable. Is there any listing of these codes to better understand if an account is in-flux? Thanks! -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Yahoo: This mailbox is disabled (554.30)
Something I've never fully understood: Is a disabled account permanent or subject to reactivation upon some action? This is for a mailinglist subscriber, so I'd prefer to not remove the subscriber if there's a chance the participant can re-activate their account. -- Mar 22 13:37:33 smtp1 postfix/smtp[3675]: 4F3wXp35xSz1fC9H: to=< xxx...@yahoo.com>, relay=mta6.am0.yahoodns.net[67.195.228.109]:25, delay=3.2, delays=0.03/1.6/0.73/0.89, dsn=5.0.0, status=bounced (host mta6.am0.yahoodns.net[67.195.228.109] said: 554 30 Sorry, your message to xx @yahoo.com cannot be delivered. This mailbox is disabled (554.30). (in reply to end of DATA command)) --- -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Spamhaus Public Mirror Error Return Code Update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 2021-02-15 at 18:53 +0100, Jaroslaw Rafa via mailop wrote: > Dnia 15.02.2021 o godz. 15:43:56 Matthew Stith via mailop pisze: > > Wanted to get this out to you all for awareness for anyone who is using > > the Spamhaus public mirrors to query our DNSBLs. Beginning in March > > Spamhaus will start enforcing the follow error return codes for these > > news codes announced in 2019: > > > > 127.255.255.252 - Typing error in DNSBL Name > > 127.255.255.254 - Query via public/open resolver/generic unattributable rDNS > > 127.255.255.255 - Excessive Number of Queries > > > > The main thing to take away from this announcement is that these codes > > are meant to be treated as errors and not an indicator of negative > > reputation. The plugins that we have developed for Spamassassin and > > Rspamd already properly parse out these errors. You can read more about > > the change here: > > Are these "error" codes covered by any RFC? > If not, I suppose that Wietse will refuse to implement them in Postfix :) Anyone can implement it in postfix. Just use: postscreen_dnsbl_sites = zen.spamhaus.org=127.0.0.[0..255]*3 If you are using a version so old that it doesn't support postscreen, then Wietse isn't your friend. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAqudEACgkQPcxbabkK GJ9EJQ/+K7ZUqwEffWh7RFgyzLU9SxuNZWDAGLXEVWaKB4POB73lnIokyyrzDo6D Q8o/Bh9HnheCtrdim/RnoEcmWQyV3ylUNo0xz4RMZCfxsOi5SD+rVnQ1e+JneZYf BvGSTUrS0KOyERjITK3VXwXoRMFilgR9eMNX553bCvd58SW41fTlJcdy7GAFccM4 zpKQxWJqCBrXXfd61iTMQMMqhktpFzgKRgrpKJXTb9Tju2fQ3hO5ZgSfAJO6A16H BE1/jcr4IBe8LNROXnNi6+wA7UqtUUcOFnkaYAJTQnAVcU7Rat/L2tqCZaWlqm2X re+lmadYx0WsVJP7NP/oWpXOQQgQUKCZ13dEVqeY82LrwazwaU2sy76KkLOnsCYg iIOg9QIxfO49rnPC8EbGXHs/x9EqwAKjxTjSDRHD9yFdTxJfIR9njOJlAwqyZl8x cD3ElJZ/L6jHPrn1/wyK3nd4AcF54X9hx27USzZ9YT2gZJyle+LdzeTquVRbuHSn xSGfxD7vuHlRaoK8zsvscdqZsgS5fyUzyX3ZlkngR63Xh/8pkHQ4nFYivqKAuR+L 4Ifk6YQAjMVyVVWUSFRkm/k8j7tMtDqw+MmjDA6bPW7jF5ErHeA6p63wRmxV8ZNk QLTqK+TVwDNkWIaXdv4RccboM2fY3GitCsgYpq+zzplM8u/224g= =xlW/ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: Last post by me on this thread Graeme. On Fri, 2021-01-22 at 20:45 +, Gregory Heytings via mailop wrote: > At the time we were discussing this 24 hours ago, there were about ~2400 > IPs in their network that were flagged. This number suddenly dropped to > zero (I'd guess that OVH paid something to that guy to clear their > history), but it is now raising again, at a rate of ~350-400 IPs/day (the > same rate as during the previous three days). Which means that, given > that the limit for OVH is 717 flagged IPs, in 24 hours the entire OVH > network will again be on UCEPROTECT® Level 3, unless of course OVH pays > something again (and again and again). See > http://www.uceprotect.net/en/rblcheck.php?asn=16276 . I just believe that you are thinking wrongly about this. The drop is most likely due to OVH being on top of their network, not paying money to UCEPROTECT. Rinse, repeat. There is no nefarious angle to either one's business. > > With that setup, I have yet to see people unable to send email to my > > systems. > > > > With that setup, you cannot send an email from one of your OVH servers to > your systems. While true, that would be for just the time that it takes to the cycle to rinse and repeat itself. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmALPaUACgkQPcxbabkK GJ8Anw//XqmkhHil6WlCGXoGQA4sZdX7+CO89neO7TPGIjGDkrHbKcrkc7cCT7CH baCUPewBNVPbfoaHHPdxCl7cp+O+L6D68+i/FEfTcR/FK4e+1cwLY9fCmiB8tApz HVBaIIoiFOJ2kURkvcnireO4IBMjbRDFjhrPdSzU6I7AGSadgo8RsI4o91d7Q+G/ PXcv+BCBQ1Zz7BzCT+MarT0yAKIvakZIgdTa+li0GQwuSlSI5yqscbGEmh1cd1f7 v2/V8KHwDi3L2C21idad5N9hDL2rGeZFL5npnME9e96Y6MN265RCh3XKtxq79SNA /PRIgPLe1bqylsQhVxkN9S77POgyVKbasWtbzyzMHM25Jm1fj/6QM4GpA9xsG/H5 9TBsExcmr0dRmEX1WeJ1nOJp6JILPuEi0YCe1vMcyWE13T/cAJXqmMIuw/9pSyWo iEuhaoN65Qnu2Sl79EtWTziZOYuqzlpx2VaoNOeMMaciNnU8fWPatwWt7DTmAE0x fG5+D7mg+0YyJqcMcjMKf0kafob0JT3OzCsepCrzBAENonJrvApXIXNKO38+HhCC 89XXuF+8eSYMJ96PW1xMcfjaylwvcfzzNSqqMGpCkM3hXEJEEjQtdwDBXkbV8AuM rrUUscw3Zh/eDbetPRKqTkha/PTDF8O/iTKr64j8S3rGqHAfXZk= =1mJY -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, 2021-01-22 at 19:12 +0100, Alessandro Vesely via mailop wrote: > On Thu 21/Jan/2021 19:09:04 +0100 Graeme Fowler via mailop wrote: > > [Admin note] > > > > Unless you are a representative of UCEPROTECT, or you have something to > > actually add to the discussion rather than endlessly nitting on statistics > > etc, please refrain from continuing this thread. > > Jim has been on these lists for a long time, and is often a good poster. An > interesting question would be why he is playing public defender for OVH > (assuming he's not their representative). I'd like to not think of myself as an OVH or UCEPROTECT defender. Those 2 entities can stand on their own without my input. Disclaimer: I got a spam from 135.148.37.130 (OVH) this AM. It was a Drone spam, mostly due to that email being harvested from a recent FAA SolarWinds hack. I have no evidence that is the case, just theorizing. That email address was given to the FAA well over 4 years ago for a drone registration. I've been an odd OVH customer over the past few years, and I've seen their vetting process first hand. I don't know if they vet everyone they way the vetted me, but it was a pretty thorough process (ID scan, CC, waiting period, email back-n-forth, etc.) Of course, now that I'm in their system I can spin up hosts all day long without human review. But I'm satisfied that they take new sign ups seriously, and my honeypots rarely see any sign of them compared to other big entities. I've been a steady user of UCEPROTECT for years now. I use their levels 1, 2, and 3 with postscreen rankings along side other popular RBLs. On my systems a UCEPROTECT level 3 rating will reject, unless the IP is listed in ips.whitelisted.org. But even then just 1 RBL hit anywhere else would override the ips.whitelisted.org listing. With that setup, I have yet to see people unable to send email to my systems. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmALKC4ACgkQPcxbabkK GJ9MnA//bTgDba00sDCROufzL2HgRQ+7//IUQKwFiW3uh/oNAcy7xY6wW8WNPrYt ZotQynTc/Nv6rw/r0LMKj/Tei96FeH9Ex4d2X8N8Gcexou3jbTgXXBY7iWk3KCFU A5D96Y5TKaTLXImw/ZVaL6LA6L8X8Ek3eI96+oaCO3EVErPXHr7Cw7NdfL2oWlzK kOpfn8vDJ6uQvno75OEOZuQMVNKsiYYfa+TZ6+1175eRn9OjGupUikULjg7CwAOa APvev7ZLPuf20RxrLxX7661t3fPcR1RlWCqDM4jAIo2z9Mb1+uKE4EvA21stncti ciSublA+MqKPfPPyE/ZPYVNA08qUIhbwobX8InBe1BuzIFv8ijidDdSpGoSSBhKK 9jq/aNiwQh+Q/x1cvRWWUE43JvbbCXRlMn4Tf3qjCD46vWs+lQwlVXPVYIY5lVac TZfTUGuG2j6ygpZqYPN3HSyCLoJVUNrIpaha4UAdgM1pLrDWodVumLN++km3XKJg 0kfBK14lzlL/UNx8HGG0bUmVikpWmc2J8WTh5647mHttu6IlDrtSkVYSQZavUloX DckZot3wQvpNyb4TDKjCpnG7vaYRuGQA8RnsZm1YqMjQwbZTf1WYqbx9xmvug2WU 7Tch8fWhDai8ZWyfBgFryleitY+inQ4UXhqbN49g/mrf/nfRiaA= =hBam -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 18:36 +0100, Vittorio Bertola via mailop wrote: > > Il 21/01/2021 15:03 Jim Popovitch via mailop ha scritto: > > > > Neither of those situations describe the reality of what uceprotect is > > doing. They are saying that if you choose to operate in a shady area, > > The problem here is that they are defining on their own the criteria to > identify a shady area, Isn't that their right? If not, who gets to define what others think? > doing all of this in a way that maximizes their revenues, Do you have evidence of this? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJxOcACgkQPcxbabkK GJ8peg//Sks+WJxqqZCI5aoNzMQ6vodsb58Jlg65cLJLzde/d/mLz7V0+1sD+GMK zfqa7Fg0jv23XlnhS26y/NWiWVITLu0o3a24SRTE+dkrp3/Qb+5V+0D1UGWlra6r nWdsnWKrKyXO8SehV21sC3JEAij+zX8RB1IRhpjJFW8hu8dN+XQLwlsf20g1HjtV ljmf8V4ozLm7noY6a95ZWmMCa6kv0OQjt+wz34PKN++xeaOKvlyy5RKPgz9K7EHX n74XoF2zmLwWaLntWql5a30UqJg0ZM03VQyoQBMgqeTnLeXxakdObbBz8xw9Lz8P 7PDaIReyk/KBHwHHyl5+FFrlOXoDbUdjiebGHbheZOU1Zmj5PisR7VCyrE5Ue3ZB v7cm0NhLdn1h8NBrI38nZsiOXMqWhO3HEc0OtyyE7xOa2NQtO4DldRRj6wnk4NzK oVQVxJrWa15P/wGaHQTjlkyOCklgnff2TYGboSt1JvRmNnXRIW4qSCkSUFDvxzAk xSOD860szZIiw8q37GQ95xzSH6SvS/yJtA7VVg2HnW8WAgf49q6kVHpSG6y1Xv+e cKIi740PU1JOm/zHh1/hzrL23mJdLz36TOAk8vLa5pVhbWbEnWNTy93oQ8nvZeER Kfglzsx9TH2tNr7p4J93Y66pJV8F95DPmVJfXwD9rB4fWK5+zsI= =nBUw -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 17:33 +, Gregory Heytings via mailop wrote: > > > This make me think to the "First the came..." thing: saying that around > > > 1 million OVH customers *chose* to operate in *shady area* is a strong > > > statement. > > > > ... and OVH cleaned up their act. > > > > Yet they are (black)listed by uceprotect. OVH is AS16276, the one with > 2327 of their 3583744 IPs that have sent spam in the last seven days... As someone else said "honest customers". Look, listing happen for reasons, and there are consequences. > > > Maybe you'll grasp the issue only when they will list Ramnode :-) > > > Or maybe you'll be happy to pay or to move to another ASN until they > > > catch up... > > > > You seem to be under the assumption that uceprotect is just looking for > > providers to list. I think, and I know, that Ramnode is a responsible > > hosting provider. They take abuse report seriously, and act swiftly. If > > you read the details about the ASNs that uceprotect list, it's clear > > that those ASNs do not. > > > > According to uceprotect 3 of their 42240 IP addresses have sent spam in > the last seven days. That's only 0.01%, which is not that far from 0.05%. > A few more hacked servers, and Ramnode will be listed, too... Are you sure they were hacked? What if those were spammers that rented servers to spam, wouldn't you want the responsible party blocked if they failed to act? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJwIAACgkQPcxbabkK GJ9IKg//dGhFsZGt7J/YK/hmC3OxWMNrGGyAEUpopUriw5ulxd6MjckhTmAi61+W krY8zgriRXT4ayPDwplHZdeN6LdqLKLhGPORlY17Cec6+yKqifI+mdoqIwkbnYat 4Mr8G/X+aSaG8X4DZeK7oHn+xUMHSPiPzF/IQ0j+BFl1KOlrq4wPaGt8Lx/QA3FZ 8kmGUpU/3h2KabUJFHdrCpZYpDcpqogoqVW4jeqrsvpQ+mie4D/gXTLz3kNJ6hI6 j0S4vL/dxiN1Zj1rWndnV+l8WzCnTJAiJTJKbYGYTd/mQ+P+r7vRY48NJvPdS3bT zImYqd1t0YgNhiTcoiJWn4dKCn8kSMfQbo7eOcVSZhuzLu3Qn7vQzCPfH+i0we9i ONnyq2O4cmJuGXfAXSyqHECB1IGaZUz3zWz6wF0fTskMuOk/sbZt3azwc6OT7dUJ KnyEe4gjl7ZpfhckMFTbbJOPhSwbSw0aZIaDs6ruUvz4g5ERmdABgUKmLjzYeW3r /XxQ+jPgEbdd1Cm3GGtOcv6rzm7erp4mbvo8h62ic3aEXX3kmZGclVtD+wFRYYTx MFc2fpcyE4X3jOc6z+wwq+AmTq/QUdvUrA6eXlfy8L9gJ/Og273DpJpOJaTLuAYH pVdo/2Y+3gx+peqEKbGKVq61Af0Ihjn/7LlKwUJyGMSnQSRAquU= =oRMP -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 17:23 +, Gregory Heytings via mailop wrote: > > I'm not advocating anything, and that's again orthogonal to the point at > hand. The point is that when a website gets hacked and starts to send > spam, all other IPs of the server provider get flagged. You conveniently left out the span of time between "a website gets hacked" and "all other IPs of the server provider get flagged". At what point in time, do you think it's appropriate for me to start blocking email from "all other IPs of the server provider" once "a website gets hacked" ? 1 hour, 1 day, 1 week, 1 month, 1 year, ??? how long? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJv1oACgkQPcxbabkK GJ/ezhAAkwL35a0s6rvjGPTj96cQT7blSaKyOH0kIkAU9CL6mK+BIGBw4Gs2ZRRV 4dLZ3JJWXOhp3sRt0WIWsHVu3LGDAELvMLfFC0p7fy0IVupq6K/frOCCuWOPcoxi 3tPuXhclGE9DE/rt2UukImVwQTo03E08IbEmnm/JSqNHBHpKU1imYFlFFuAhCqNf 0HYhd6Ew3AwKIsWR4WtTAJf9E0YKUFxqzNO6FIpwwU5nmrmGIQx5qF8ivq40LdJn EbhPVWsM0AgoywY6BbovSVfdPw5E4OcOr+XSXDT2IWdj6CxQpDeozVFSX2UIqu+C aHqsLJ463zBUy51fprHLO97QfMOkGF5eQkIkR8lKDdL0ge4BTULf5ZFkKapcShCj Mbrp5N95C5eB2L/jn5RJFNdZSWL0G8m3FZrrxJkJyETFFpjRkhu3+2RQCdk2ihob m0/3RZi0xeRoZnTX/MFz2DyIxGdckKDevaduRnSUpOzKJvXVEK+OZpsOuUzeDwk4 ha04ShmOxqzDNMlJHroSjsYYjcOjVvyBtwl0LVL1XFX4yfe7ukE2PzDgfE9sspVN ZMmFamMgANj75ATLsD/Ih3utvBMW+Q5zIHP40tznXAr96YVhlF+PwrJSxsTk5QYQ AZ5EqUx1OnNmyxLY8klbAy0IbK9tf286i5E5II18kg7INB04t6M= =mR4D -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 17:07 +, Gregory Heytings via mailop wrote: > > > One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent > > > a spam in the last 7 days according to uceprotect. That might seem > > > like a high number, but it's only 0.05% of the address space of that > > > AS. Because of this all IPs of AS16276 are blacklisted. > > > > 2327 IPs from that ASN sent spam in 7 days, and you are hear arguing > > that is OK?!? > > > > 2327 out of 3583744. Are you saying that only 0% is okay? We do not live > in a perfect world, errors happen, that's unavoidable. I don't look at the 3583744, I look at the 2327. How many emails can those 2327 IPs send in 1 hour? That's a lot of spam. > > > The a few things that make those 4 providers good are 1) They act on > > abuse reports, 2) they block outbound port 25 by default, and 3) they > > require real ID. > > > > As I said, none of these things are enough. You can act on abuse reports, > block outbound port 25, and require real ids, and yet see honest customers > being hacked. But that is not enough. If you have honest customers getting hacked then you have an obligation to all other ASNs to promptly and swiftly disengage and deactivate those honest customers. What level 3 uceprotect is saying is that AS16276 did not act swiftly and promptly and festered for days culminating in 2327 honest customer IPs sending spam. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJu0wACgkQPcxbabkK GJ8g3Q//ezt/4/AXRlFIl+DHmaiKz8QbkSOtsow9ktZXZuif10/7NOVW8CQvByng JzNRz9KWnKlAT2xiyd1uAuHJ3tMKN35xwpOvDzdIUUJ+9pLYu8XTC8xWEn6ybMor mwPfe4FqRcGiX5FOIdGAzL6KI9i55Aro5baoSmrEXH07ii4C3FFiY+/I4z3kU14d DHCpErrrAW5Mg8PmAYg0KbCPYKpO+GZg0dFqPyWp9X2fuC2R9w0gjloojvyaKJko VSTrrymdJbu5MAEV2WyCYyauQVsvqXpSKqbn5FAwYRFLq0bCzeWFvMIPuTqrhGJV Hu9ZEsRiZjkWMtOmfBj7N9IM20pQvV3zm6dfj6IDgRP8bl5+PzeoS5u6mrBgM6hU uTGYMOp6tIcovnUpXV6PNyPhJ7u2bDLQ5Q/0nR3vP9EE3gSN7FMxKICRQg3HE/d9 eC6Jh8mlPUFu2Z4avA5Dondh2NhPmP7iWdEUNKoYafAVzHP3rK9eehoR9mIm8W6C 3sdlcImk7yIBpNfJGQhdJ2xMY+2nKy3llgwKq1T2NZ1vCKIhHO+thUYTSP5n1zxJ m5iCYk4+e+QPFCmfefhnFQ5UgqiM4KDcFiEy5e044FOq0U/msr+CV7l6CQ7tkgax Vm17GFcq9jwnMuo9XzmMde9i3xXNLXkh3Spsf3U4iXZ5AVgI1PY= =TmFe -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 15:15 +0100, Stefano Bagnara via mailop wrote: > On Thu, 21 Jan 2021 at 15:04, Jim Popovitch via mailop > wrote: > > > "Pay us for protection", when it really means "pay us or we'll [break > > > your knees|set your house on fire|break your windows...]" isn't > > > insurance, and can get you arrested. > > > > Neither of those situations describe the reality of what uceprotect is > > doing. They are saying that if you choose to operate in a shady area, > > they will, for a payment, whitelist your address so that you can send > > email. Historically, email delivery was always tied to knowing who the > > sender was. This has been going on for decades, even with folks like > > Barracuda. It's never been about the $$, it's always been about > > identifying the responsible party. > > This make me think to the "First the came..." thing: saying that around 1 > million OVH customers *chose* to operate in *shady area* is a strong > statement. ... and OVH cleaned up their act. > Maybe you'll grasp the issue only when they will list Ramnode :-) > Or maybe you'll be happy to pay or to move to another ASN until they catch > up... You seem to be under the assumption that uceprotect is just looking for providers to list. I think, and I know, that Ramnode is a responsible hosting provider. They take abuse report seriously, and act swiftly. If you read the details about the ASNs that uceprotect list, it's clear that those ASNs do not. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJs88ACgkQPcxbabkK GJ8SCA//d0h9EzFSFDffJlntPa490qWxFtncCypS51qsNNcpv3bj1pn4qf+d8FzT qdW/lFI4sLtbImfAVyIF6EnWR85BiPnZZ4q4juBNdRi2nyRbNUVM5XSrCV4exiTN xOTbqbiVZJqkLle3STYSPhpAK6Lg753qbJx59EHFgSdfX8+1PjfG7TiDIcbS6Y9r 0pmMiWerrPd2admS8PcOdWUAAiKlYlxO6ELGFgGzHL+90HPterSGdoh3s05bfrSG qIYwSrHJwX+gY4TkrVcrI4Rs/kWzy3PuRnd0NhqVFeDSX4/yH5n6oSSeRx1vvhZW QFwnryi2emqZeIXULfeLHDkOOyLIlImIS9rgaGlpAxD37J+sEOsfAWYPh6TNMZOT sRNhCkz00bpvqEed3LNkmYdfPNcyofJJNcyOJRvp5l7xjN48DkuflJTElaJgaLFc HVOCSbxKQ2/jM3l/GlcWXYczGXxtSoXa2QhMOvkv6hTDyOX/uBRbrXDk1yWQrJJd s8p2xVofmqA+H098SSsHQSwH+15pdVUeGWJSjVxjeKz94WHS6HAXiSjvuhZKQlz7 utZeAtBsHiaz5dmyG86HpLJYpvPfoNcNGyhQBniCcTmDD7mX1fa4g/Wh0K78TYn6 1yCXXu2noFOqFb1E2baGlKlYj7uvrj6sBycH14DxWoIwMC0o9rs= =cQ/c -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 16:44 +, Gregory Heytings via mailop wrote: > > > How can a server provider do this? Apart from blocking port 25 of > > > course, and forcing all emails of their customers to go through their > > > SMTP server, in which case they wouldn't be selling a bare machine > > > anymore. If it was "not even that difficult", I'd guess they would all > > > do it. > > > > Linode blocks port 25 on all new accounts/servers. You need to talk to > > them and explain who and what you are, before they open it manually for > > you. > > > > Apparently that's not a good strategy: their 509952 IPs are blocked by > uceprotect, too; 217 of these IPs (again 0.05%) sent spam in the last > seven days. And indeed what you suggest is not a solution for the > WordPress site of a honest customer that get hacked, for instance. You keep bringing up wordpress, a web application. There is nothing being listed by uceprotect that would prohibit a honest (or even dishonest) customer from running a wordpress site. Sending email from a wordpress site is much easier to do through a MX provider than to self host, so why are you even advocating for self hosted wordpress sites to host their own email? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJsdgACgkQPcxbabkK GJ8HWA//fyw9PtQpyBEuyj9OTLSlexrESusenEzdLr08G/hZjzMECDF6uaJlflqV aQ+cIVkJEEVvOZvFjjkw7kbQeRCRTqxBuOA4OH5ntkpmrp/1rI+6BAMTz+8y/cdc iOZjo0TnsP6/ddwJh48PsNyYDi/zzqCIdFKQUnBTJJILi5TAJAK1xtdnyqaqA1vP QXT3jnuSzzzdW96r/H74YC/GUZSUDBputeBsX/JV69oBVqkEyGV5dVmvYO9IZsTF ZujjdXF0kglfk2P+3naO1Gw5F7ypVWWs4FtNXtRgUTzbOjbHLbSlzi9TV8ExPGw6 ByuUff6C1KEbKTBsOvzaO9ZGSuDBPKwgkv4lCJHN69NtWxWs0gW0tG9eQGF308oD GwBFY0Xwok+J39vek3ylpellJHHal20vzxWV8P0wk51F9EM4flXZnzDm3RTkNXcJ twX9z5UIcDYtN/GRxOZNmt+6RvpzGowDYbA+W+9JdfIaNYYaQ++U9p35efDY3r7M wV9XPzJZ2p+kglh7kps7ZKtxRxAxbK8m5EGnAMsvxZdmRIxBscO+NQTUokIirjfZ nRb+VlzmTxwUAqZVSsF2VBAQZOBBGW5owPJUPIe7OxOvJkwTpI5w3SKrdHrCy8WM 74G8LIqUZQPKC2zH1Nv9HUZ+O9TF7sve+o6BJ+h0JpcBchAoGBg= =MzhH -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 16:20 +, Gregory Heytings via mailop wrote: > > First off, I'm subscribed to this list, there is no need to email me AND > > the list. > > > > Sorry, I was just honoring the "Reply-To:" header set by the list. > > > > It's what they themselves say: they changed their formula two days ago, > > > and because of this thousands IP addresses that were not listed are now > > > listed. See http://www.uceprotect.net/en/index.php?m=12=0 . > > > > I know they did that change, I support it just like I thing the PBL is a > > good thing. Are you saying they should be prohibited from making that > > change? > > > > The point is not whether they should be prohibited from doing this, the > point is whether it's a right thing to do. And yes, I do think it is > wrong to blacklist tens of thousands of IPs because a few of them (less > than 1%) misbehaved, and to ask the other 99% to pay to be whitelisted. The PBL does just that. But I think you are wrong to use the term "blacklist", it's just a list. You could use that list as a whitelist if you wanted to. I highly encourage you to do so. :) > One concrete example: AS16276 has 3583744 IPs. Out of these, 2327 sent a > spam in the last 7 days according to uceprotect. That might seem like a > high number, but it's only 0.05% of the address space of that AS. > Because of this all IPs of AS16276 are blacklisted. 2327 IPs from that ASN sent spam in 7 days, and you are hear arguing that is OK?!? > (By the way, the numbers I gave in a previous email were a too low > estimation: they actually blocked millions of IPs (see above). If only > 0.1% of these blocked IPs paid their whitelist fee, that would mean an > income of at least 250,000 USD/year...) Why does 0.1% of those IPs need to send email? Do you know that even 10 of those 0.1% need to send email? > > > That's orthogonal to the point at hand. The point is that honest > > > customers can have their WordPress website hacked. This might indeed > > > happen because of apathy on the part of that customer, but a server > > > provider cannot do anything to detect customers that do not upgrade > > > their website regularly enough. The product they sell is a bare > > > machine in a datacenter. > > > > That is the problem, and it should not be a business model without > > consequences. It's not a stretch to say those bare metal machines are > > munitions, should they be allowed open access? Be careful what you ask > > for. > > > > AFAICS that business model, which is the one pretty much everyone uses > (Amazon, OVH, Hetzner, ...) is the only way for smaller and medium-sized > businesses to run a server. > > What other business model would you suggest? Are there existing providers > that use the better business model you have in mind? Yes, I can think of 4 right now, and I'm sure there are many more. One of those 4 is in your short list above. The a few things that make those 4 providers good are 1) They act on abuse reports, 2) they block outbound port 25 by default, and 3) they require real ID. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJr24ACgkQPcxbabkK GJ+LZA/+L8wS/Kr0wlN7Ul8d8LkttbOAgGQrl3mfAh4yeBIa5PBhdTzIBwOAzH0y 1XXg4mfHQwzVMuxsAinmqF39/IOQKsU/1kC6z/UqzE834kBwVhMxEvN3O1uw9cI1 VSnTZpynBZd/Zq9H5bnViBULCiFgHUy6EcRz0iD7JK9joM44+TDyKy3oVaTC8M6t A9LHlV/9plzWlH1wvpiOGxIDc5aSYMb1FQXeyUPyS2JYCJRN7QkDJI6rFDyxbYgM tbb25pB/njfqfBGXM7XUOSsgarAYz3zgPaiIvrOGQOyavA6nLOg8BE27iskYnpwv eWinQnrnWHo2zF4Ejk+lyleFSgnDG0nC83u5IL983wV4H1nXxKabfrE/syTowCPr bIErTuLtfHYa7mQSksq0vfLb3L9zEteXdryPBQNewiUJwB1KFNgGQsiysE7Zjcre rwl5ENhGmGTjquuJkLRATI3oLJF3PJML5ezJQLUhgLgS0Jb70Wa9Tk3oQsWR7e1i PcvQf27SVpYOyL+ytGyAvhSiD/Nv0aeQQml8c09jhwdVgu9EAp7g7Ux3iLmWcMb+ v9tBHOjUFK9S1JRljc8Wr5xr7jwI0lQoueVEi8r8Lk3MsvryfkV8ZXkRMAOr5B6h 36+iZpj6rtk3l5LnX2jT2s75YgK8atAAWFuncTgNccg5jt4A4yM= =wYZq -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 14:38 +, Gregory Heytings wrote: > > > > That's a fair point, there's no reason to not question their motives. > > > > I just personally don't see that it's a profit center for them. > > > > > > Just do the math. They blocked at least 100K IPs, because 1% of these > > > IPs sent spam in the last 7 days. If 0.5% of those 100K IPs decide to > > > subscribe to their whitelist, that's at least 5 CHF / 24 months. > > > Which is I guess a rather comfortable income that largely exceeds their > > > costs. > > > > How do you know that's not the same situation as the PBL? Who says that > > it was uceprotect's decision alone to list 100K IPs? > > First off, I'm subscribed to this list, there is no need to email me AND the list. > It's what they themselves say: they changed their formula two days ago, > and because of this thousands IP addresses that were not listed are now > listed. See http://www.uceprotect.net/en/index.php?m=12=0 . I know they did that change, I support it just like I thing the PBL is a good thing. Are you saying they should be prohibited from making that change? > > > Also, they seem to ignore that, while it is feasible for ISPs to > > > eradicate spam on their network, it is impossible for server providers > > > to do this: > > > > That sounds a lot like apathy. Even the banks are required to KYC. > > > > So what? If you use the bank analogy, it would mean pestering 1000 > customers because 1 customer got robbed. And then explain that they got > robbed because of apathy, because they did not install an alarm. But if customers keep getting robbbed, over and over in that neighborhood, then the right thing to do is...? > > > "If big providers like DTAG and Microsoft can so effectively prevent > > > that their customers are sending spam, why can your provider not also > > > do so? The simple answer is: The Abuse Departements of providers NOT > > > listed in our Level 3 are doing an excellent job, while those listed do > > > not. If your provider really wants to stop the excessive spam coming > > > from their ranges they would simply install some preventive measures." > > > > > > Honest customers can have their WordPress website hacked. > > > > Most don't, case studies have shown that it's apathy that causes most > > wordpress hacks. > > > > That's orthogonal to the point at hand. The point is that honest > customers can have their WordPress website hacked. This might indeed > happen because of apathy on the part of that customer, but a server > provider cannot do anything to detect customers that do not upgrade their > website regularly enough. The product they sell is a bare machine in a > datacenter. That is the problem, and it should not be a business model without consequences. It's not a stretch to say those bare metal machines are munitions, should they be allowed open access? Be careful what you ask for. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJkyUACgkQPcxbabkK GJ/Ouw//Urjf/dL0ERAruBba/muU1NanH2LgeAlUqMVPhc92klY+FT4xjZAA590a AgTDoNddF4W8eZGy6q12DMjIMS9oS1PuMnFQIMv6vAJ844Tmyu/3u7eBdUQTAhKd VLbA2Lm9VyBx+tuRHif4E40O5h41CY7GM/Cd49wXknWGPBHGOm6cB5mAvX1o0r9W cY4cEDtfweNWPS+cEtn/s3xiqXg/MsErbuE6rDt0+KLmOMmKmhO3Ty0nxFW5nuYg w9emH9Gv86VnYTgEkl4rieiC6Mtw0iOIBoHw0L75eHaY8aGKnCvxKsNjIpF2iMFi IsXcd4B2IRZA9+9XNffkRt5zvkQWSZT/7cCPIniNorNRQRIBj+sj7A0NvS+XrKkA ZG2GBL4PG4vd6qOoRnIBD5KuySA9Ec1AkiWpjlJeiWLJgcbP+OUmqXNCNsUTYFFM LxE9DBJGl18VFnjZjSzsr9y8mRXtCfaPKIfi0ocuepFcxr2/v16aT+H2oVfGXUBi sU5lR/xm4HXGWkYfNccFR8FnXIhj+SztkifXJxfh734PC2bEN80dwNNhd3nqQ//W 6j/SrVcuAeZbCP7JRh5sSvuIY8wxE97tSKzA1mgvNGFAZgaxxwDqLIub1mjpgJjx zMzvpDKf6vPJofxjeymaUQKH9aWf3L0wjsnTo6ihIbzphnIwbMs= =pG7g -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 14:01 +, Gregory Heytings wrote: > > > > > From their web site: WHITELISTING IS RECOMMENDED FOR IP > > > > > 217.182.79.147. Registration is available for 1 Month (25 CHF), 6 > > > > > Month (50 CHF), 12 Month (70 CHF), 24 Month (90 CHF) . So yes, > > > > > perhaps it's not extortion. We may call it demanding money with > > > > > menaces, exaction, extraction, blackmail... > > > > > > > > Lot's of things in life require payment(s), or purchase of addon > > > > equipment, depending on your circumstances in life, your living > > > > arrangements, or your location. If you are in a high-crime area your > > > > mortgage insurance will probably require you to purchase an alarm, or > > > > if your home is prone to house fires, a smoke detector. Then there > > > > are taxes, fees, licenses, etc. Life is self is pay-to-play, whether > > > > you realize it or not. > > > > > > Yeah, and when they'll need more beer they can just update their > > > formula so as to blacklist a whole AS on the first spam, or maybe the > > > whole RIR. > > > > That's a fair point, there's no reason to not question their motives. I > > just personally don't see that it's a profit center for them. > > > > Just do the math. They blocked at least 100K IPs, because 1% of these IPs > sent spam in the last 7 days. If 0.5% of those 100K IPs decide to > subscribe to their whitelist, that's at least 5 CHF / 24 months. > Which is I guess a rather comfortable income that largely exceeds their > costs. How do you know that's not the same situation as the PBL? Who says that it was uceprotect's decision alone to list 100K IPs? > Also, they seem to ignore that, while it is feasible for ISPs to eradicate > spam on their network, it is impossible for server providers to do this: That sounds a lot like apathy. Even the banks are required to KYC. > > "If big providers like DTAG and Microsoft can so effectively prevent that > their customers are sending spam, why can your provider not also do so? > The simple answer is: The Abuse Departements of providers NOT listed in > our Level 3 are doing an excellent job, while those listed do not. If your > provider really wants to stop the excessive spam coming from their ranges > they would simply install some preventive measures." > > Honest customers can have their WordPress website hacked. Most don't, case studies have shown that it's apathy that causes most wordpress hacks. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJirUACgkQPcxbabkK GJ/jMQ//Rz6ksQNBXDOja83J6D0bGY9YEejL5tvPjOKMEbb8N5kQnmz6acDMZmAl 9lHkKUMAGy0nGwggXxFaE8pyFg6ClGeOSz+6yQsxOvzz2KszprsV/xEENQRAUrrh VuqpTThAGC2Ltg4gbe9VUF0PNfpvw7KiuUpaeHssO2fch8ePJ6GRmwR3LUBH16Bh wYmxhWS2OGP87WcqcYQJzPgK67pvbi7u/LXgf+3Brw3trgXnI7HUVKr3ulMlpKot RkzfaoCmsPGKNi0Upa7PwgRMSZ+/JpO6E5g5FoYtVq6UCZmEXth3dT9pLFUvzhus voUNPUkRsaQtyRi1j5B3GpL+PwHPKVQW2cITnjG45a8T8ShxZMIAMEvKHEDqxk4m q6nApxtLvSA211o/LrpGYYYTcFv1Q836E8Rkt2LEZ8Di6WvRIdQkhceR/glMWdEX 3WgpMXPyJQj93/boiTF+S9trie4CI4n++mWBL1WYMONd9qWkJhHzpPqEBYMrc8aA +UP0Xvfggty/IxPw+wdQVvT+aDi4V0Tw5Qwnt0mFVoMMX1Nc2Ny3cv+muICoAeWL RuyJwVac/c4J6SrD5BCKLbbuUi2AsDCSR71XAomLfNKTbICe1Z3UMRHjPlGc9Cuj FoHnxIVUckRf0s0M+nH95UzB8RbD/fg7eMkRGcsej7o6TzC07+E= =73Hx -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 08:54 -0500, Chris via mailop wrote: > On 2021-01-21 07:26, Jim Popovitch via mailop wrote: > > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: > > > So yes, perhaps it's not extortion. We may call it demanding money with > > > menaces, exaction, extraction, blackmail... > > > > Lot's of things in life require payment(s), or purchase of addon > > equipment, depending on your circumstances in life, your living > > arrangements, or your location. If you are in a high-crime area your > > mortgage insurance will probably require you to purchase an alarm, or if > > your home is prone to house fires, a smoke detector. Then there are > > taxes, fees, licenses, etc. Life is self is pay-to-play, whether you > > realize it or not. > > Demanding a payment to protect someone from a threat, that you > *yourself* create is called a "protection racket" - classic extortion. > > "Pay us for protection", when it really means "pay us or we'll [break > your knees|set your house on fire|break your windows...]" isn't > insurance, and can get you arrested. Neither of those situations describe the reality of what uceprotect is doing. They are saying that if you choose to operate in a shady area, they will, for a payment, whitelist your address so that you can send email. Historically, email delivery was always tied to knowing who the sender was. This has been going on for decades, even with folks like Barracuda. It's never been about the $$, it's always been about identifying the responsible party. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJicoACgkQPcxbabkK GJ9J4RAAgy/aqivPvN9uyjzYmz0AvhKhddxa92DLEoh4FGmDYocWGHIvXTPsbhGV fYsbU4byKEx+UkrBhXACKTU3cmpe+2TmGBRlZKDATXS8zuYujlmDm9VCt9gL5nsR nMBnZ4lIkx/is57n4cnxPnFFISrNnrLvfnkiCc9Ob5JWI9Fe1uTM3LMxFKSbwGqs PMIv6HDNKmsDAaiyHDpho1BcUvzC1t7YWEWZApmpk7wl8n281ZUqmyirYgRqmUq0 tVkd0BnyDGMZqF5dDOn0Av34x9z51+iDmaMPnMiAQIFfoDfQ7+9TRz4GpXtKlONU azDEeoWMCXtzXTjvhc/FbPdMPtSLSozq3qmfYMtCu8uubdVaJvJYE3siztAWewBM mHN9AtMSlQY/LKtG/xlLo2h7kzM12VpbYlZLv4iLDMOLt0ih2MN0hDu+cNMOI6/Y AzVXjTW1tUxBoyCfOWqXsLpbt1cY+QyScuE201sGcr1pe8wGrXCdvcmTMo446ogA idmVFqjywYq6G4Op2ZBeiaUU0y/MVQt2oFk9DYN67mNvTpOJOHy4OL3oPxFTiA8m AtBvEBhKLW3FC84Weehxrxl3LeymNV1ElWtknpAQXCk8ZEF54bF6PG46DhEy897i fzEiRa68pFr4br7nimhNuMou5eZ4f2ssMPZh56cmtlgcJlGRu10= =LKhQ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 13:44 +0100, Alessandro Vesely via mailop wrote: > On Thu 21/Jan/2021 13:26:43 +0100 Jim Popovitch via mailop wrote: > > On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: > > > On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote: > > > > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: > > > > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: > > > > > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop > > > > > > wrote: > > > > > > > > > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > > > > > > > > > > > > You failed to mention this bit from that link: > > > > > > > > > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those > > > > > > approved > > > > > > and clean IP's that are registered at ips.whitelisted.org" > > > > > > > > > > Isn't that exactly what is called as extortion/blackmail? > > > > > > > > No, no it's not. I'll leave it to your legal dept to explain that to > > > > you. > > > From their web site: > > > WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. > > > Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 > > > Month (70 > > > CHF), 24 Month (90 CHF) . > > > So yes, perhaps it's not extortion. We may call it demanding money with > > > menaces, exaction, extraction, blackmail... > > > > Lot's of things in life require payment(s), or purchase of addon > > equipment, depending on your circumstances in life, your living > > arrangements, or your location. If you are in a high-crime area your > > mortgage insurance will probably require you to purchase an alarm, or if > > your home is prone to house fires, a smoke detector. Then there are > > taxes, fees, licenses, etc. Life is self is pay-to-play, whether you > > realize it or not. > > Yeah, and when they'll need more beer they can just update their formula so > as > to blacklist a whole AS on the first spam, or maybe the whole RIR. That's a fair point, there's no reason to not question their motives. I just personally don't see that it's a profit center for them. > Even taxes are being payed for better reasons. As an American tax payer I strongly disagree. :) - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJfsEACgkQPcxbabkK GJ+IMQ/8DfhbxscxTt7Rc68AGxsUKw80YTz8AoZm54q+h/Sr16bH8R+G6WvSR2PO uTzVwkNiYz3/XtdpNXfjS0D3G/2yACFj0EcATKLp6k47kJY7dRWQknOCZVHb4gpn ig+5IEDrxIE8G0qkE9dE1A2avfEU8WIOpqKFAmjUNE8A+D7OJVnGJNc/qm8Mc+ed c/vDLxlMT/NYxKxrWXq31ghzm5ieAp4Fks9bvjuJO4wzQniK46kpYTrw82p2zMyo +joMWrW94F+iF15bRh0fCxU+E2V09n7+URWexDwnlaJ3f331J9ReopoWn5E//fGI Rtxld65wRDDE2yqQ0b1w49MCmen7+4N2KUisrgOGOwFua/Oon3y7COLho5pX8N4C jKndZZ9835xuiVnr/93OZJa//ogqwywRA2Zz69wXptRum85O+tiXEZ2XcFuMWYsP 1/VUf1HnNCCDr7cPRQrmmnsWOsxV+SGMzw7FWDJVD47A32onLwp6nK9Jv3bWJzNF Xx7Z1IHCOq0XAJuXS87o9crFJnEt4PUR2JBeYHGzgIhSe+jDmsIBPa2LcAd8HXyE JFjAZ5EzEMBOZlSGsM/C8C5YkiFWnulHn4T2HyLpGtwx4AOY0HTcextl+pLtSA7w jQpzzDGofT06hCE/V7Is9qrHJNZQKSQAyBkrY5YP8H/OXbZ/vQ8= =0KAd -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: > On Wed 20/Jan/2021 14:25:10 +0100 Jim Popovitch via mailop wrote: > > On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: > > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: > > > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: > > > > > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > > > > > > > > You failed to mention this bit from that link: > > > > > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved > > > > and clean IP's that are registered at ips.whitelisted.org" > > > > > > Isn't that exactly what is called as extortion/blackmail? > > > > No, no it's not. I'll leave it to your legal dept to explain that to > > you. > > From their web site: > > WHITELISTING IS RECOMMENDED FOR IP 217.182.79.147. > > Registration is available for 1 Month (25 CHF), 6 Month (50 CHF), 12 Month > (70 > CHF), 24 Month (90 CHF) . > > > So yes, perhaps it's not extortion. We may call it demanding money with > menaces, exaction, extraction, blackmail... Lot's of things in life require payment(s), or purchase of addon equipment, depending on your circumstances in life, your living arrangements, or your location. If you are in a high-crime area your mortgage insurance will probably require you to purchase an alarm, or if your home is prone to house fires, a smoke detector. Then there are taxes, fees, licenses, etc. Life is self is pay-to-play, whether you realize it or not. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAJcwMACgkQPcxbabkK GJ9Vlg/+J/7GiIC17+cMuT8b2O7+JI7YxSP2WQ3rEaLtLlL+eNSmyqCxoll5A07o RCneiBzyTKejnS5YJHNksUtq4avI4LSE4e17OsKMW1QWCozBMzfEqLtdiBBLItnf 2s2MpE6WIF504CGrwpsUf9DgVgC1Eg8mFxy3f+XQQsj3kMFZaYyoMAHQamxssz8t ZVT/5AudYnO4wXRVzyxZ1XgmfUL57lEGtlFhSGTWEbmoAyM+0KCxBF6i3qTONDSv LSVImbPFnyy/tZHR0QsHhB+fFPxV23hGoFwMahSJR4T/nK2YFC4JJvFjF54/QtB6 i+mbWZBA9nSuCFGhPXJBUtyOmC2WtwEuOIXR3S+mclbeIqFz/yGDODXXBsvWS0l5 qiMP+gxGy3xxbJ/DB7Hh+jY8OsPkuY4BbdfB0bZj43BJVbNVD87JwtRua61OG2oj uXFnNBDYyd7/Imp0qiLISb0TX58DLtYupkVcihlbLy5yQkC6S6CXT/5ruQ9bs7Ml VccejPk1GSxepFLjGeG1uFqr0SDuCKQR1JSayahR8ObAtLPNpYQ/h8+a+/AHMTF4 fsb3QYn3J6btVzOZAQWKztqmIBq9xxubgg0YjVVx0ddQSdYoqir7HbZMJoZSWGu6 EmEBDBGEwGRQGztqfkDDT5lI37PeJTsvY4Fu3NyPYAwmLs6CBdo= =0Lyp -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 08:27 -0800, Russell Clemings via mailop wrote: > I don't really understand why anybody would use UCEPROTECT3 anyway. > > The first sentence of their web page says: > > "This blacklist has been created for HARDLINERS. It can, and probably will > cause collateral damage to innocent users when used to block email." But the line right before that says: "Level 3 lists IP Space of the worst ASN's." Your server, your rules... - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAIb4QACgkQPcxbabkK GJ/hAg//S1eaUC0rPNcN3GYMJlVh0twQOwCeiqx8YEN19Vnv/3Oma4iF7C9wwCQ0 qTIIX8Z+3GqiK5cms/IfnqUOZjWCEXDsB++v5/XulpYx1MkM3j8v8qlRGi6JsR56 ANHZkfDdMvA1Y8KKGLo5KS8vS8QHkU7Pwv3tW7yVH3Chb3aAQUXk+96Zh5a+FGyA miKbaW0Iu6gWz9Lkklt20ElOGsGCWQ4gQrImEo6MCzPn1wUU6msx/W2NU+blkPM3 lLXkhV/bzzl+PJSJZSbBFQmxMJ7KXsZWVviRDIRRn+iOVdXWhYMEysk0bSmKiIPI j+cDqFLCvvO8UaiMf1NR9azkC5uggPucQPAGJ98HUHWwdoYz+kzv0iEWWw53L82n /eXxXtsYewKx1XJegDuvWCHrhYdmIfpmOPT5zoGXyjgKT7kNr4/Z6jG/wlR9i1te dpxrQAdsFvmGG8oNtol5XL2+wPnfiV1mGBLkmXUSidMczl4ovqACgwh6MxgI6yOj 1R3imW3/FNgLOpvw97PJaBhmqYmFMoVZL90a4hifJOjnzJBQzvBouiHOtanQg+de FthIAaXOpaYcFIme88IMdCBTnWqW7qLkI2HpezjI1TdpOL8ULDpfIk9yrRAl+WHX Uq2kzyOhVG8FPBBOnVXQBYErRrHpL1pGyhz999U4GbICg2Rp0TQ= =LYYZ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 14:10 +0100, Renaud Allard via mailop wrote: > > On 1/20/21 1:58 PM, Jim Popovitch via mailop wrote: > > On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: > > > > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > > > > You failed to mention this bit from that link: > > > > "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved > > and clean IP's that are registered at ips.whitelisted.org" > > > > > > Isn't that exactly what is called as extortion/blackmail? No, no it's not. I'll leave it to your legal dept to explain that to you. > Anyway, your network, your rules, don't complain if you are using > UCEPROTECT above level 1 and rejecting perfectly valid emails. As I previously said, in the past 10 years I haven't rejected any legitimate email from senders in uceprotect level 2 or 3 (nor even level 1). - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAILzYACgkQPcxbabkK GJ9rUQ//elMv/hFjq+Ic4qh4kw8fX9BWzJtwM1/V2lL9qxU405aCIIUEo4nz6cJO jec4/Noua4xQ4IcAPCBtqFG39lTWhGheB93GUKAcBev0Mn9I+Y7F1bxePlsbSBus cXOl8L55R+FvEESFnonyJGIlXNFmaqUeHqnZ9kJhpnB1i23IeuYb7RAG3vCDcN/l vvlBLNCpVVRZYDutOXPfGM9UbIj1Eyoew2sgzbMUrOzhVZVVRx1NdZPIC2bPFE2W 5XeRWy+oDwULivfolctjQchuJx6HYfASrUzY2ov1IDViSpA9imd8IPCwD1jjiUip BArihCn3pJ/iULkNI2tsgrPHe6VbLZa3ypAk6Vw1yDx7TRGXNtmwKB8C+o152VCa F07Oba0oXsNkvw/R/CS4KY8TGJgLTWajqPgVbY/FZ2DJFJ5VVop1JJgA9tVUHGwV i2y6eQ1vafxI6DAWrznbYFJbtlf9qpZhBBwp6hfNf6pexw2k6JwbN3okh0x7t14u 0hedn30xSw7+FtyrxAhzLD8yFmCmYHhp35hcSCoxvaM1L6QqKhDvT87wzI4fDLlj TBiolK6s9/ApBiYpEUAeXOSSEkX9yZfBU0uz+RZxAC++HRLcOqu/KdpdpDKCpi5Q +KjiXptrI7lLMFo9R1duaDBqVwjZZmQModgCLZbm+zlnDeBwWP8= =0O2S -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 13:29 +0100, Hetzner Blacklist via mailop wrote: > > New/current policy: http://www.uceprotect.net/en/index.php?m=3=5 > You failed to mention this bit from that link: "UCEPROTECT-Level 3 lists all IP's within an ASN except those approved and clean IP's that are registered at ips.whitelisted.org" - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAIKQYACgkQPcxbabkK GJ+Q7g/+NlwaU7H/ZzrWbgEOXtCg29Ve0PYOCaovmmG4hVPazhGneKr70BhA7ZGu 0UzcWNluHnxgrs+aadoiZ8X+u0PchjDw7ZVlJ0DCGpNR431RkN0ta03EgK7oPvtX 6oHKnoGJZ+ZuI3yt8fV9+u0oY9iB2aOuxk8RVUkpqQOn91DKXlkXD8dvHpDwRHKO kOUizjpXm7Xpg/eV+aD9OXa6HEXgJStExIAW5wiyT/5efWv+EcunwFET+/ktOuim TmEJHQHKSh3Be8eVAKRzo/7YvCBwnV9r8nCB9geWOaoCPh/3reB92Vy2HTsN4h+V tHoNghmM5OQ5OFJP0dUI+dh4va+R35NGcwNpODHMxPXOOZ6cwqlGvh76oYxR0jG3 XJAhn7PgU73+yZXezfK/8/OnStuzbK064DXWWwnRvf4ov84u69BgmbufOz02gRUO sycSGmLZqkpsItZts2IuWiMTYps6xLPFmTpSLksnWS3x7dPoC78Tl1m3Xa0tV/f7 vNAXABoeAWPUMQMH4TQkCwld5h0EiPeo7XxOWKFnQbMJzOyl/JjtZJWGJZXW+6Jp 3pjyuatlp8Mi1kfqLz4ARladWgt2uBvy6QeOUYSc2qwuCazldNMRWe3lc6HWdLyh /+TYMqU2CqDYdlVLq54Ep6gFdZ7XjYlUVmq5GzozYG6hYMbCCOk= =0+9X -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Is it something to worry about?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 2021-01-20 at 11:21 +0100, Renaud Allard via mailop wrote: > > I agree with what you said. That said, those who use UCEPROTECT above > level 1 to unconditionally block mails deserve to lose mails. > For me, it's "appreciate never seeing those emails". I outright block level 2 and level 3, and high score level 1. I've been doing that for years now and have never seen a reject log message that wasn't already listed in Zen, Sorbs, or Psbl. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmAICcUACgkQPcxbabkK GJ9TyxAAoyrSMOuuEOss2Rmv37XdCV1ptlVs/gSevk2Fipdrla50K3AH5onnHFmI Bv7F/RYIsI6ubJcKrOqk5deKUumK9TpOBgucRRjvVMDovL/DNBzUVl8gBbR+HVLe rIliqVd1v/cK0QGC/D5c/SRjLIimKmYeVxwUo1gt9y1g3yQNwnNrjRG3b9kEU/bS /yFwaHNN5HMBszhl/W1op4900KMlemnMOEAiUIZznFyWHKJgRk1XvHhU1UDGkZAQ xnomauf/TwR7XY7NkRNoJsYLdI7oPJGhOIZujOeA9/KAKyDMee4YWfaIYZn3IpQq mKmQRtT4QuT1JNwKPjiE7kAwgqnkdxpYbVwKkbBJd3TkK0H2NO+gn4VNkteeRicy zeM2dVjGCV4JNoiW+em+IKGYPTGUt/BaAnFrGFcAd7hN8RlXzUO4rscF6cBaoQdA CxfgE/G+5AzbBRlgnMW9DXzVyEwxq/wZYqD+j6XMzWYjNANhQMKp6JTmn7eDeV/x iGHXk+iQu7YWhmMeVSlcgOxfN4r3GEC14w0m7slF9sqxRfq7kJHhj0bEEaITFWo0 sZh0PYsl5WsPYYw42RdNCotztcWDEB91AWuTyxhONXFQVURmxWdlR+pE1+MwfEHc D9glzzfaCnXO8tFaLG1dYlFYwdiJcBGsBLttN5d01f9uI5XhvuY= =mcMZ -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] New server email being treated as spam by Google
On Mon, 2020-11-23 at 10:15 +0100, Ewald Kessler | Webpower wrote: > Hi Jim, > > There's one 'e' too many > > > googleemail.com smtp-v4: Heh, Thanks. I've had that like that for close to a decade now and never realized that. -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] New server email being treated as spam by Google
On Sat, 2020-11-21 at 13:59 +0100, Thomas Walter via mailop wrote: > Hello, > > On 21.11.20 12:54, Jaroslaw Rafa via mailop wrote: > > You can configure your MTA to disable IPv6 only for delivery to Google - at > > least with Postfix it should be possible. > > how would one do that? With a custom transport table and a custom master.cf entry. > We don't know all domains that sue Google MXs, we don't know all MXs > Google uses and they might change. Do we know Google's IPv6 addresses? > Do those change? It's done by destination domain, not IP address. Here's the relevant transport table entries of domains that I enforce IPv4 delivery to: gmail.com smtp-v4: google.com smtp-v4: googleemail.com smtp-v4: hotmail.com smtp-v4: live.comsmtp-v4: outlook.com smtp-v4: microsoft.com smtp-v4: msn.com smtp-v4: yahoo.com smtp-v4: yahoo.com.mxsmtp-v4: yahoo.co.uk smtp-v4: yahoo.essmtp-v4: yahoo.com.brsmtp-v4: yahoo.co.in smtp-v4: sbcglobal.net smtp-v4: sky.com smtp-v4: rocketmail.com smtp-v4: aol.com smtp-v4: Here's the relevant master.cf entry: # ipv4-only outbound smtp-v4 unix - - y - 200 smtp -o inet_protocols=ipv4 ... -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] opendkim bad signature data from mx.mailop.org
On Sat, 2020-11-07 at 17:08 +0100, Jaroslaw Rafa via mailop wrote: > Dnia 7.11.2020 o godz. 11:58:03 Mary via mailop pisze: > > In another mailing list, they automatically replace the From: with > > something like "Mary via listname ", then its easy to > > re-sign the email with the list DKIM signature. > > Replacement of the From: address is usually done only if original sender > domain specifies p=reject in it's DMARC policy. Otherwise, there's no > apparent reason to do that. While it may be "usually", with an up-to-date version of Mailman there are options for "quarantine" and even "none". -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [ADMIN] List migration complete
On Wed, 2020-09-30 at 22:07 +1300, Simon Lyall via mailop wrote: > I've just gone though some unsubscribes for the last few days ago > hopefully we are now synced. If you have unsubscribed from the list > recently and are still subscribed then please unsubscribe again and it > should stick. > > I am going to temporarily enable the mailman's monthly password reminder. > This should send out an email tomorrow to all subscribers with their > password. I will turn it off after the single mailout. > > PS: In the past we have been hit be a problem where gmail will reject > emails sent to multiple domains (all with the same gmail MX) at once. Does > anyone remember the postfix/mailman setting to disable this? I've always done it via SMTP_MAX_RCPTS = 1 in mm_cfg.py -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [ADMIN] List migration complete
On Wed, 2020-09-30 at 12:08 +0200, Patrick Ben Koetter via mailop wrote: > Bjoern! > > * Bjoern Franke via mailop : > > Hi, > > > > > FYI we have, finally, completed the mailing list migration to a new VM. > > > > > > Firstly: many, many thanks to Andy Davidson for administering & hosting > > > the list on his own kit for all the years it's been running. First > > > message sent to the list was from Andy, way back in 2007! > > > > Thanks for your efforts. > > > > It seems like the hostname isn't the mailname, as amavis puts the > > hostname into the header: > > X-Virus-Scanned: Debian amavisd-new at v220191126877101294.luckysrv.de > > Well spotted! And I already had a look at this yesterday, but didn't > investigate any further because we had to sort out deliverability issues by > then. > > And I don't consider this a critical issue. It doesn't open a security hole > and AFAIK the additional hostname will not have an impact on deliverabilty. Or > am I wrong? Nope, it's more of a cosmetic thing, than anything. Assuming you are using clamav-milter.conf, you can append ReportHostname clamav.mailop.org -hth -Jim P. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service
On Thu, 2020-08-20 at 09:43 +0800, Philip Paeps via mailop wrote: > On 2020-08-20 05:17:09 (+0800), Michael Wise via mailop wrote: > > BotNet? > > Were they listed in the SpamHaus XBL as being compromised? > > The problem is that the subscriptions come in through the Mailman web > interface, not through email. > > Arguably, this is a variant of the old "send an email greeting card" > spam. > > I don't know of anyone who checks the XBL (or other blocklists) on the > web server. Or if that would even be effective. Does the XBL list > botnets that abuse web services that lead to email being sent too? This > may actually be an interesting hack to perpetrate. :) You should probably also know about these 2 additional MM settings: BLOCK_SPAMHAUS_LISTED_IP_SUBSCRIBE = Yes BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE = Yes -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mailman confirmation email denial of service
On Wed, 2020-08-19 at 12:24 +0200, Andreas Schamanek via mailop wrote: > On Wed, 19 Aug 2020, at 09:51, Andy Smith via mailop wrote: > > > Since yesterday I've been seeing a large number of attempted > > subscriptions to all the public lists on one of my Mailman servers. > > (...) > > I can confirm this for my servers from top to end including some of > the hashes. > > BTW, Mailman mm_cfg.py option `SUBSCRIBE_FORM_SECRET` apparently > mitigates the DoS, too. +1 to this. Also, fail2ban on subscription 404s in your web server logs. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] BIMI pilot @ Google
On Wed, 2020-07-22 at 11:56 -0700, Marcel Becker via mailop wrote: > > On Wed, Jul 22, 2020 at 11:35 AM Jim Popovitch via mailop > wrote: > > On Wed, 2020-07-22 at 14:49 +0200, Sidsel Jensen via mailop wrote: > > > but if the effect is that it will drive up the adoption rate for DMARC > > > then I am clapping my hands. > > > > "Once verified, the BIMI file tells the email service where to find the > > sender’s logo and the email service pulls that logo into the inbox." > > > > > > I don't think this is anything about DMARC, this is about inbox > > tracking. > > Um. No. > 1: DMARC is required for BIMI. Good, DMARC is good, but we don't need yet another standard to get DKIM and SPF into the wider use. > 2: A proper setup will proxy and cache the logo. eg: for us all you can track > through BIMI is if our logo service is alive and well... I hope you understand that most providers don't care if your logo service is alive and well. Surely we don't need a spec for that. Whether you understand it or not, if a proxy or cache fetches your logo, you can get very valuable data about inbox hit rate data, eg tracking. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] BIMI pilot @ Google
On Thu, 2020-07-23 at 00:19 +0200, Jaroslaw Rafa via mailop wrote: > Dnia 22.07.2020 o godz. 14:27:52 Jim Popovitch via mailop pisze: > > "Once verified, the BIMI file tells the email service where to find the > > sender’s logo and the email service pulls that logo into the inbox." > > > > > > I don't think this is anything about DMARC, this is about inbox > > tracking. > > Do I understand correctly that this works on MUA level and not MTA? To me, it seems pretty clear based on their text "pulls that logo into the inbox". That's inbox tracking, just like tracking pixels that are blocked by most reasonable and sane filters/firewalls. > Hope that reasonable MUAs won't implement it anytime soon (or maybe at > all?), and when they do, it will be possible to turn this "feature" off (as > it is with downloading images embedded in HTML emails). I'm putting > "feature" in quotes because I see absolutely no benefit to the email user > that may be provided by such a mechanism. +1 -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] BIMI pilot @ Google
On Wed, 2020-07-22 at 14:49 +0200, Sidsel Jensen via mailop wrote: > but if the effect is that it will drive up the adoption rate for DMARC then I > am clapping my hands. "Once verified, the BIMI file tells the email service where to find the sender’s logo and the email service pulls that logo into the inbox." I don't think this is anything about DMARC, this is about inbox tracking. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why does this list break DKIM?
On Tue, 2020-02-11 at 11:34 +0100, Alessandro Vesely via mailop wrote: > On Sun 09/Feb/2020 00:33:34 +0100 Simon Lyall via mailop wrote: > > On Sat, 8 Feb 2020, Aragon Gouveia via mailop wrote: > > > Does anyone know why this list breaks DKIM verification? In particular it > > > looks like it's altering From, Reply-To, and Cc headers, and failing to > > > perform any kind of resigning too. > > > > Changing the From (and other headers) needs to be done by the mailing list. > > If > > we [don't] change the From then the list will be blocked for SPF failures. > > That's not exact. SPF uses the envelope from. The From: header field has to > be changed because of DMARC. The list could also add a sig which would add a lot of value, but that's probably already known. There is no easy panacea for mailinglists to responsibly reflect email without disrupting DKIM and therefore DMARC. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Help - Tucows/OpenSRS
On Tue, 2019-09-10 at 08:15 -0500, Michael Rathbun via mailop wrote: > On Mon, 09 Sep 2019 22:32:39 -0400, Jim Popovitch via mailop > wrote: > > > Oh my gawd, don't get me started on their support desk. > > I have to admit that I liked them a lot more when TUCOWS stood for > The Ultimate Collection Of Windows Software. +1 :) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Help - Tucows/OpenSRS
On September 9, 2019 7:12:14 PM UTC, Al Iverson via mailop wrote: > Looks like OpenSRS is sending domain verification emails with a from > address of the domain technical contact. Not authenticated, as far as > I can tell, and it probably violates a domain's DMARC policy, if they > have a restrictive one. > > It's 2019...you can't fake somebody else's from address when sending > with DKIM and/or SPF. > > Trying to work through this with support, but also, I wanted to throw > this out here to see if anyone from Tucows/OpenSRS was here or if > anyone knew of a higher level contact that we could discuss this with. Oh my gawd, don't get me started on their support desk. To be fair, they do respond, but man sometimes it seems like they don't want or care to do what I want or need. For instance, I am still in the middle of an weeks long (note: this is the 3rd iteration of this over the past 12 months) effort to get whois anonymity removed from the domain sending this email, after they "generously" decided that I should be granted forced anonymity on a domain that sends bulk email. They're not brain- dead, they just do things differently and don't seem to give a sh*t about it at times. -Jim P. (yes, I know this was sent to the list) ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mail problem with Outlook/Hotmail and mail.python.org
On June 30, 2019 11:31:49 AM UTC, Ralf Hildebrandt via mailop wrote: >I'm in the postmas...@python.org team. >https://sendersupport.olc.protection.outlook.com/snds/ is displaying >the IP for mail.python.org (188.166.95.178) as red/yellow. > >We're seing a constant stream of mails to Outlook/Hotmail (mailing >list mail, double opt in, about 1500-3000 mails per day, less on >weekendes), and consequently the complaint rate is >consistenly at "< 0.1%", spam trap hits is at "0" all the time as >well. > >So yhy the red/yellow status? > I saw the same thing from them ~2 weeks ago. I went back and forth with them through email, but the only resolution was time. I firmly believe that they just wiped|lost their reputation DB and started over from scratch. I believe this because their emails to me (about volume and timing) did not match up with my logs. Specifically the days they say my systems sent bad email there was zero emails sent. I run mailing lists, so this is easy to prove. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.
On April 29, 2019 3:46:03 AM UTC, John Levine via mailop wrote: > >Still waiting to hear when mailop.org adds its SPF record. Didn't it take almost 2 years the last time we waited on mailop.org to fix a cert? -Jim P. On mobile so pls excuse any brevity, typos, lack of taste, crudeness, down right insults, and insinuations. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Outlook/Hotmail Blacklist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-03-13 at 13:50 -0400, Scott Mutter wrote: > >Received: from hawk.wznoc.com ([209.140.28.140]) > >envelope-from > >From: Scott Mutter > >Message-ID: <20190306210316.gb19...@ams-salesandsupport.com> > > > > That's 3 different domains for the same simple email... Hm... > > Well, it's important to note that this address that I am writing from, the > server I am sending these messages through, everything to do with the > communication TO and FROM this discussion list has absolutely no bearings on > the server or IP address I am referring to. > > We have several servers and IP addresses. I don't use just one for > everything. In fact, I think it's a good policy to keep my communication > completely separate from any interactions that our clients may have with > their emails and the emails that they send out. > > Second to all of this... I have message for this particular mailing list set > up completely separate from our normal support system. So yea, I agree it's > complicated... but it also has absolutely nothing to do with the server/IP > that was experiencing this problem. Going slightly off-topic... I actually > abhor mailing lists, I would much rather see this "list" as a forum or > discussion board, but that's something else entirely. There's a Slack channel that might interest you then. https://emailgeeks.slac k.com > > So again, I would encourage anyone reading through this thread to focus on > the content of the messages (you know... what's in the "body" of the message) > and not the inner workings as to "how these messages got to this Mailops > mailing list." Just so you don't miss my earlier comment, your separate mail system is DKIM signing "Mailing list specific" headers: DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=amssupport. info; s=default; h=In-Reply-To:Content-Type:MIME-Version: References:Message- ID:Subject:To:From:Date:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content- ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent- To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List- Subscribe:List-Post:List-Owner:List-Archive; > But again, just to make sure it's abundantly clear, my issue with all of this > has been resolved. Good to hear, - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlyJSegACgkQdRlcPb+1 fkXV+xAAlNFN53aQxh+YtWF7PcCg9SYT/L8DdaqV4ZJBuOYNqNF8UYmACHi6FqW1 NsslSZc+t4iajUgd8G3xWHYwbh4ZfkEszNGhK87wOgrEArDXA5KXd5/BwHyQO4u9 IFSfPLFZaT3mwqnUcuTGtcf018o1L5L8NO2gLnLS30216EVZDkfvk8cz3AfA9koM mPFPY9IJMObPy8FZKdPdGZOGaXodhxe2R5lyGtR2mI4dSuY7ACFrUSMhu7G7m4vq 6y77H1zD7Z2EtzL3g5I3/Wt6QBuuKnRauwZm70/yIgGDF5dtBYNUPwWauiI2Var8 o1HMqOlcV70D3M30QeKJLHthrhdFU9vBv9FrN1nO599vaoRgUoTrb53OnnNOKjU6 SfFhzBfQv5+1kz0MiaRUMBJ6kPhsNyCh/1Lix6cSdHO6fL4REekoJe1yJXLQfj9A xTGjk60uUZkR1nIJfWbfVFrb9NS9J1Vxqf0b1hH2MosaehUChWa7rxTO+QmINkUz TyaEfw8/hhoPuFjunJ4gnZCKGGXsABb7zBz0ohgtXk1r1Z40/AK8xSjeREoyXkzH Csuwe8JFYr8vBjNILiFoPXHFlafraVLqMVtT9554XnkMnn2d4YsP7lYqSWdThwOh 4c2ol8VGYA7S9CzIQMN5KBtUIv9ITPd3XVASi9i5qkWe2k++V/A= =ayQF -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Outlook/Hotmail Blacklist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2019-03-06 at 16:03 -0500, Scott Mutter wrote: > Hello list > > I'm looking for any assistance in trying to get off of an Outlook/Hotmail > mailinst list with Microsoft. Received: from hawk.wznoc.com ([209.140.28.140]) envelope-from From: Scott Mutter Message-ID: <20190306210316.gb19...@ams-salesandsupport.com> That's 3 different domains for the same simple email... Hm... And then there's the short TTLs on the SPF RRs. H... ~$ dig +noall +answer TXT amssupport.info amssupport.info.12 IN TXT "v=spf1 include:ams- salesandsupport.com ip4:209.140.28.141 ~all" ~$ dig +noall +answer TXT hawk.wznoc.com. hawk.wznoc.com. 900 IN TXT "v=spf1 a mx ip4:192.110.160.37 +ip4:168.235.104.229 ip4:72.44.93.24 ip4:209.140.28.140 ip4:162.219.26.34 -all" ~$ dig +noall +answer TXT ams-salesandsupport.com ams-salesandsupport.com. 505IN TXT "v=spf1 ip4:192.154.108.91 ip4:209.236.125.156 ip4:72.44.93.24 ip4:69.90.152.138 ip4:108.61.48.234 ip4:184.171.247.137 ip4:209.140.28.140 ip4:76.72.170.148 a mx ip4:192.110.160.35 ip4:104.245.200.178 ip4:108.61.48.236 ip4:108.61.48.238 - -all" I'm not an expert, but what you have appears extremely overly complicated for a service provider within a service provider. Also, something that is not quite yet clear to me, it looks like you are DKIM signing List-* headers. Best wishes! - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEECPbAhaBWEfiXj/kxdRlcPb+1fkUFAlyIXjUACgkQdRlcPb+1 fkVCCg//VG/WUmH7PSfjYZ8k34O3LhNwObj4pKbPTpipDTAIXfA8Ey4mVTuuUn1v PebtorzLB6ZAxjX9cBvChn+YLAyKnWVVglWcYVMpcOwGIEnRvbXXxzcWdjddyTal t+jUZ5H2gwsEP6Fqo6NxDFoJpX5DjQyHfdeRLbJAJsylb99ckHzTXHDyEpw69Mpm uWypCAHF+T0gwF9xryMgL/dN6l0vOK9nGVyk6OdWp1+ai4N+CMiWY2UNB3SnWVuY imMFU7YkeHI9hWHlMVLNkcu+eX2PgX07Ss9nZFfrzoYOzMwzrciJC2tpOboF6/Hi ocjZf9ihUD91/O+vedtOzpuycoFXoq4v7jh4reuztt/NLr5bgyrlIwIyYA+0UiN+ GhcQZD/BG5WbQ/t1sxrYPd/HRDtfiDY+PGAX5GRS8ZZeVhmp+KMXpsePLMX/5uQK v1OFNOjmADi+zgkRJxhbUlZYwaDhrzUAhm32RmvGJ9TasSlJ8nvntVw3y65JgdYx qBjo3NrUU/yJnbFys+rW9DHzKNb1YTWI9AxNyFaEWD5ffYZ6ly5MaurvYGJK0x6k +zxWwJ4PKZW2o9Hp+nX84YNCSL0fTZR6gticYSq52oEhIgagBXzDV3yC30XWlisW Xnx5g4/+7kwtAttNKvKx8pOlIqj/oUQZxHDCGzBhSC+z9zUCGGc= =RkDU -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] how can we get better?
On Sun, 2019-01-20 at 09:28 +, Laura Atkins wrote: > > On 19 Jan 2019, at 09:42, Jim Popovitch via mailop > rg> wrote: > > > > On Fri, 2019-01-18 at 17:07 +, Benjamin BILLON wrote: > > > I'm not convinced Mailop is the best place to get help on your > > > very > > > specific deliverability issues. You might want join slack > > > workspaces > > > like "emailgeeks" to discuss that, > > > > FWIW, Slack's a bit odd about workspaces. > > > > From: https://emailgeeks.slack.com/ > > > > If you have an @displayblock.com, @beyondtheenvelope.co.uk, > > @litmus.com, @campaignmonitor.com, @actionrocket.co, > > @rebelmail.com, @taxiforemail.com, @dotmailer.com, or > > @apsis.com email address, you can create an account. > > > > So that's a tightly controlled workspace, the only other way would > > be to administratively (Settings & Permissions -> Workspace Signup > > Mode) change it to an Invitation-Only workspace. > > There are hundreds of people in the workspace that don’t work at > those companies. Approval is pretty simple, you just have to ask. > Hi Laura, Thanks for the response. This is me asking. :-) I use Slack, but I'm not 100% sure if it's possible, but you should probably add something to the default page at https://emailgeeks.slack.com/ that indicates who/how to contact. As it is right now access is very limited and there is no information or details for how to get access. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] how can we get better?
On Fri, 2019-01-18 at 17:07 +, Benjamin BILLON wrote: > I'm not convinced Mailop is the best place to get help on your very > specific deliverability issues. You might want join slack workspaces > like "emailgeeks" to discuss that, FWIW, Slack's a bit odd about workspaces. From: https://emailgeeks.slack.com/ If you have an @displayblock.com, @beyondtheenvelope.co.uk, @litmus.com, @campaignmonitor.com, @actionrocket.co, @rebelmail.com, @taxiforemail.com, @dotmailer.com, or @apsis.com email address, you can create an account. So that's a tightly controlled workspace, the only other way would be to administratively (Settings & Permissions -> Workspace Signup Mode) change it to an Invitation-Only workspace. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Thu, 2019-01-10 at 11:37 -0500, Rob McEwen wrote: > On 1/10/2019 10:44 AM, Jim Popovitch via mailop wrote: > > you are de-valuing mine, > > Actually, your opinion about these organizations was important and > noteworthy. if someone has a conflict of interest, it *is* helpful to > get feedback indicating that such an entity is reported to be > operating ethically, even if the conflict of interest remains. That > is noteworthy and valued. So I actually *do* value your opinion on > this matter. I just think you have a poor understanding of how/why > some entity's ethics doesn't and shouldn't necessarily be enough to > counter the problems caused by them having a "conflict of interest" > (even if your opinions are still very helpful) > > > strictly because I have a biz agreement with some entity you > > dislike. > > You're attributing beliefs/opinions/feels/assumptions to me that I > haven't expressed. Yet 2 days ago (Tue, 8 Jan 2019 16:36:28 -0500) you said: > At the very least, it is a suspicious practice. And certain people > high up in the industry have strongly warned me against ever doing > ANYTHING like that Clearly that is a stated "dislike" of an entity's practice. > The PRINCIPLES I expressed stand alone and stand on their own apart > from my feelings or motivations or likes or dislikes. I'm morbidly > fascinated that you can't see that. (but as an INTP personality type > - I'm wired to have an objectivity that often transcends and > overcomes my own personal feelings - one that is often brutally > honest, even to a point that I am my worst critic!) > > > I gave you, and this list, my fair assessment of the entity based > > on years of doing business with them > > And as I said, that was valuable (even if PARTLY "besides the point") At least once, if not multiple times you have expressed to me the following: > (there is just so much going on here that you're missing...) So, admittedly, I'm confused about your responses. Clearly, to me, it seems that you feel I have no idea about what I am saying, therefore my experienced opinion (which btw was also stated by others) is lacking. I'm done wagging this dog, have your last words and revel in them. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Thu, 2019-01-10 at 09:33 -0500, Rob McEwen wrote: > ... [snip] ... > > So I'll stop here and quit before I put my foot in my mouth! But ya didn't, did ya? Look dude, everybody has opinions. You are de-valuing mine, strictly because I have a biz agreement with some entity you dislike. Pffft. I gave you, and this list, my fair assessment of the entity based on years of doing business with them. If you have years of doing business with them then speak up or else . (now that is how you stop and quit before you put your foot in your mouth) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 16:36 -0500, Rob McEwen wrote: > On 1/8/2019 4:26 PM, Jim Popovitch via mailop wrote: > > Any value greater than a reasonable amount to provide a > > communications > > portal, and actual communications with, the entity requesting the > > de- > > listing. > > Jim, > I get offers OFTEN from those who had been blacklisted by > invaluement, where they ask, "Rob, can we pay you to up us set up our > system better so that we won't have the kind of security breaches > that caused us to get blacklisted?" (and then I kindly state about a > dozen extremely high quality tips, based on their specific situation, > for them in about 5-10 free minutes of my time that I donate to them) I'm not sure how security breaches got into this They happen, if someone gets listed (or worse) because of it, than paying to clean it up is reasonable and expected. > Occasionally, some have even offered to fly me out to their location > to train them - I imagine that those might have been high ticket > consultancy jobs! > > As a DNSBL operator, can you guess WHY it wouldn't be ethical for me > to start saying "yes" to those offers? I can see the ethics issue involved with playing both sides of the line, sure. I also see an issue where you probably shouldn't criticize another DNSBL unless you have data that they are misstating why and how they collect fees for their efforts. ;-) > (there is just so much going on here that you're missing...) I disagree. While I never profess to know everything, I have been receiving and sending bulk email for ~20 years now. I've received a lot of good help along the way, but I've also received a lot of questionable advice, that seemed right at the time (and was given to me with good intentions). As with most things, fill a room full of people and you'll get varying opinions, and those opinions evolve! ;-) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 18:03 +, Olaf Petry - Hornetsecurity wrote: > > > If the barrier had been $1000, then sure > > > I would have said "it's extortion", but it wasn't. > > Where does the extortion barrier start in your opinion? 1000, 500, > 100, 20 or 1 Buck? Any value greater than a reasonable amount to provide a communications portal, and actual communications with, the entity requesting the de- listing. > Let me ask you a second question before you answer: when does murder > begin: 100, 20 or 1 people killed? "Murder" is declared by a court system, long after a killing takes place. That said, there are reasonable and justifiable reasons to kill someone. But we're way off course now, unless you're advocating for an Internet Court system ;-) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 12:04 -0500, Rob McEwen wrote: > On 1/8/2019 11:46 AM, Jim Popovitch via mailop wrote: > > The same has been said about HTML emails...but that hasn't stopped > > folks from using them.;-) > > "apples to oranges" comparison - sort of like saying it is ok to > cheat on your taxes because some people drive 5 miles above the speed > limit. Sometimes an "apples to apples" comparison doesn't quite exist. > > IMO "suspicious practice" is a wide brush. One might say the same > > about all DNSBLs being suspicious because there is a fair amount of > > ambiguity, mystery, and uncertainty. The reality is pay-to-play > > works (both at Barracuda and UCE Protect), like it or not, it is an > > extremely small entry point for entry level players and it provides > > a way for the operators of those BLs to know exactly who they are > > whitelisting. The only other solution would be an Internet > > Operators License;-) > > My "suspicious practice" label was almost a sarcastic understatement. > I was trying to be generous and forgiving. I don't think you're > understanding exactly how/why pay-for-play for a blacklist comes > across as an unethical extortion scam. Pretend you just got > blacklisted and your users are mad as hell about how much of their > outbound legitimate messages are currently being blocked. Then > pretend that the DNSBL that blacklisted you is willing to delist you, > but ONLY if you would just pay them money. But that's not how it really works. There is no extortion occurring, there is a reasonable entry fee...AND that fee is never requested until you cross a threshold. For everyone who says "extortion" is it not legitimate to question their motives for saying so? Let me be clear, the folks that I hear make the extortion claim, all provide competitive offerings or sell fee-based deliverability consulting services. O.o > Then think hard about all the motivations involved. For example, > suppose you had a security hole that was very brief, and less than 1K > spams went out - you had fixed it quickly - but now a lot more legit > messages are being blocked... and this has been happening for > days now. Then the DNSBL states that they don't care, and you'll stay > listed for almost another week until you pay up. That has never been my experience in almost 20 years of sending legitimate yet sometimes spammy email (think: prostate cancer discussions). I've hit their walls before, but they (Barracuda and UCE Protect) both worked with me and explained the barrier and the reason for the barrier to be lifted. If the barrier had been $1000, then sure I would have said "it's extortion", but it wasn't. It took years to build a good bulk sender reputation, and that reputation is tied to a named entity, and that named entity is verified by a credit card transaction. > Its like that, fwiw. Do you see that there might be a conflict of > interest in their blacklisting/delisting decisions? I see where there can be bad actors, but I have yet to see a bad actor operating a BL used by any relevant receiver. > (unfortunately, some will have to be on the receiving end of this to > actually know how this feels) I've been there, and it never felt like extortion. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 11:26 -0500, Rob McEwen wrote: > On 1/8/2019 10:26 AM, Jim Popovitch via mailop wrote: > > > Which spammer would not pay that fee if they would be interested > > > to > > > get whitelisted? > > > > That's not how it works, and frankly you should know that as a > > security > > expert. > > At the very least, it is a suspicious practice. And certain people > high up in the industry have strongly warned me against ever doing > ANYTHING like that... The same has been said about HTML emails...but that hasn't stopped folks from using them. ;-) IMO "suspicious practice" is a wide brush. One might say the same about all DNSBLs being suspicious because there is a fair amount of ambiguity, mystery, and uncertainty. The reality is pay-to-play works (both at Barracuda and UCE Protect), like it or not, it is an extremely small entry point for entry level players and it provides a way for the operators of those BLs to know exactly who they are whitelisting. The only other solution would be an Internet Operators License ;-) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 15:06 +, Olaf Petry - Hornetsecurity wrote: > > > the $$ is to validate the responsible entity behind a sending > > > domain that is whitelisted > > > You are kidding, don't you? No I am not kidding. > Which spammer would not pay that fee if they would be interested to > get whitelisted? That's not how it works, and frankly you should know that as a security expert. > Any service that requests a fee to get whitelisted or unlisted from a > blocklist is at least dubious IMHO. Your ISP charges a fee for access through their network. Think about that for a minute. If you don't pay the fee you have to jump through hoops+loops to access their network (find a friend to bum their wifi, get your mom's password, etc.). If you do pay the fee, that doesn't mean you have free reign to abuse their network. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 13:56 +, Mathieu Bourdin wrote: > Wasnt that the paying "service"? I think remember something like 20$ > for getting delisted for each IP or domain. Yep, that's $20 per year. The $$ isn't to fund their vacations or service, the $$ is to validate the responsible entity behind a sending domain that is whitelisted. YMMV, but $20 seems like a pittance to pay to not have to worry or deal with Barracuda BL issues. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...
On December 1, 2018 12:22:21 AM UTC, "Kurt Andersen (b)" wrote: >One of about 5 hyphenated *marriott* domains that I have received mail >from over the last year :-P > It's the not unique to Marriott, Prudential does the same..same exact format. I wonder if all these companies were identified, could data point back to a specific person and time that this practice was recommended -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Unsubscribe
On October 31, 2018 3:37:12 PM UTC, Tracy Morgan wrote: >Please unsubscribe me. > >[id:image001.png@01D36CE4.60810D90] > >Tracy Morgan | DIGITAL CAMPAIGN SPECIALIST > There is a certain irony in a bulk sender asking for others to intervene and unsubscribe them. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Expires SSL cert for mailop
On Mon, 2018-10-29 at 13:18 -0400, Bill Cole wrote: > On 29 Oct 2018, at 12:41, Jim Popovitch via mailop wrote: > > > N.B. please don't CC me, I'm subscribed to the list. > > I normally wouldn't, but your posts all have this header: > > Reply-To: Jim Popovitch > > Perhaps that's being added by Mailman for some reason... Ahh, you are correct. Mailman populates Reply-To when it munges a post from a DMARC enabled domain. IIRC this was done to preserve the original address in a form that would make it to most end-user MUAs. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Expires SSL cert for mailop
On Mon, 2018-10-29 at 12:32 -0400, Bill Cole wrote: > On 29 Oct 2018, at 10:40, Jim Popovitch via mailop wrote: > > > You allow nsupdate from your cgi/php/java enabled webserver(s)? > > My **what?*** Are you high? Do you mean to be insulting??? Of course not. I only asked a simple question. You plus-one'd a solution in a thread about using LE for a website. > > But no, I don't run anything on my webserver that modifies its own > DNS. Ok, thanks. It seemed like you were recommending acme.sh + nsupdate for https://chilli.nosignal.org/ -Jim P. N.B. please don't CC me, I'm subscribed to the list. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Expires SSL cert for mailop
On Mon, 2018-10-29 at 11:31 -0400, Dave Brockman wrote: > On 10/29/2018 10:40 AM, Jim Popovitch via mailop wrote: > > You allow nsupdate from your cgi/php/java enabled webserver(s)? > > > > -Jim P. > > No, the whole point of using acme.sh and the nsupdate module is to > avoid running a web server. You can also run LE with a webserver that > doesn'tsupport cgi, php, or java, it only has to serve up a static > directory. Obviously. My point being that it's saner to run a tightened webserver on a host using certbot than it is to run acme.sh and nsupdate on a full feature webserver. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Expires SSL cert for mailop
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2018-10-29 at 09:52 -0400, Bill Cole wrote: > On 29 Oct 2018, at 5:44, Frands Bjerring Hansen wrote: > > > Noel, > > > > LE does not insist on certbot. They recommend it, and why wouldn't > > they? :) > > > > Use acme.sh instead if you are not able adhere to the requirements > > of Certbot. Acme.sh requires nothing but sh. > > > > Also, it seems like you did not properly read about ways to address > > the problems you mention. Instead of having a webserver you could > > do DNS validation. Acme.sh already supports a ton of DNS > > implementations: https://github.com/Neilpang/acme.sh/tree/master/dns > > api - and if yours is not there, it's easy to write an > > implementation. > > +1 for acme.sh. > > I use acme.sh (with the nsupdate module for validation) and it has > been flawless and simple to set up and use. Having been specifically > tasked with setting up Certbot for others, I cannot understand why > anyone would choose Certbot over acme.sh. > You allow nsupdate from your cgi/php/java enabled webserver(s)? - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlvXG+4ACgkQJxVetMRa JwXnug//Q8iNeUi3xFmf2aG4R16CRVn0A9OPHnk9GCjPfJytnqx+oCO8xg5sTwrp bkxgqTYaqoKGLONhjqIefQfBgCdKxYy8LaL9XKOS945BsGCkGu1VbSl6xZmGEPSr zAzs7/3mpf9INmFNASqHiJksoW8KhJXRzqgmpqBvMCsefWSl1D/WLEqZTxknS+fV Fz9x//9wMLpb/dVyf7aJVc6hayBJHFcbm+yHlBCZWcT+07ZrrX+9PCWUFg6M2TB8 ZpVihB0tv5KZqjrvi6rnoJDFAsvCNwJe9tsEG7ZMeFmILJ0tk+F4ytBKcOcUcowh /qM/fa6GzzKFE6QLzzs0mLS2i60tZk8B0BZhEwHYxQ8pRsSz6F4sNuzkJrtqZeUp 9pIxVAKG5DwGlXRAD0uN9lQjQhJ0Au9rY1GGgWyDucWeMEFOTcGZqkmQVDNULciR GXaZFeMPWjVD7rpeaZ7H7FU9aawpTTpfTQeD9EmWxNETtiXp+lwOGTQg1ifgpZRR JFwHDIQedxAlo6ocOyRH/WAQpemuZJ6Ygz6mgGmrfd/iJZ1sPhYA1czTBfoaajkp rUNMEL+QFQjWinMmNpK1aQAs5EfSQLPDBibKzQFgESoQgVddjwpHtYXE9+QMde1D GfzRbRPVmA0BNK4ZrLCgchHu3RSw0L9tYT8vOM9eosMaUcXv/OM= =M+IP -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RESOLVED messagingengine.com / fastmail.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Just to close the loop on this... Thank you to Marc and everyone else who relied and offered advise and assistance, the ivmURI listing has been removed. I want to specifically thank Rob @ Invaluement for not calling me out publicly for intially forwarding him the spam email that triggered the listing. There's a meme jpg floating around that I swear is not entirely accurate. ;-) - -Jim P. On Thu, 2018-09-06 at 08:05 +1000, Marc Bradshaw via mailop wrote: > Replied off list. > > > - Original message ----- > From: Jim Popovitch via mailop > To: mailop@mailop.org > Subject: [mailop] messagingengine.com / fastmail.com > Date: Wed, 05 Sep 2018 10:34:33 -0400 > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Can someone from messagingengine.com/fastmail.com please contact me. > I'm seeing lots of: > > 4251pv49w5z118G 5091 Wed Sep 5 11:35:35 > list-boun...@spammers.dontlike.us > (host in1-smtp.messagingengine.com[66.111.4.73] refused to talk to me: > 451 4.7.1 : Client host rejected: > domainmail.org is blacklisted - RLR621 - ip=<192.249.57.241>, > host=, helo=, > from_domain=spammers.dontlike.us>) u...@redacted.tld > > I'm particularly interested in the RLR621 code. > > Thanks!! > > - -Jim P. > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAluP6XoACgkQJxVetMRa > JwUY1xAAgB1Ebe0y90pDEt58fH3MVpVo2V1p9DYRg3BNeSKHZnDR0baCxWnltdM1 > EbRL4QD1L1ubAZ1DTrLDdVqJMTyK0TjrOrcL2V1fh40szf8SjVWemMU/AxmRZelF > klHSg4kCHWMEffHW6JwX68beQnuxCW4nwwNF/+5rTflXn7hsJXwI2UaDw327vEg5 > RMyEU88mWXk7qDOjWtf/YTYRGB6t0dTdQytByqNufrFk/Zkn+RGTWDEO5ifHx79e > zIWUaZew0cVS5onG3TqFUDm+xmUFvVyGHBS5og2VM8CPTiOW6pFr9FMSktL9wh+Y > Kmb25JR3gyQfJzwGpggvnM0zzXz4bTvymJbG/2lB0K2DaOtSA85vlk+oT0SGW52L > JjGY79Dm1TkhOpFyMjGotCnf1EDm8EEkeJJTUrvg6Lfm9AhnD4L96M1PnUrSEb+A > WbNc7BDIuIIljYOW/OXeh9tTADvXVBTeGvnTzdSuTMBhcNiyJEt6GQWkrYRmx1sD > uwwdqd64TZxywFR0Ib0fpbGrnsnKDICczCRdALqimQKpWwes+XMZUgNVQxQgTiZP > /2eMNmQkfy/mUYjuv//1H0nDvq7p0u5VfWyNaIBAtwCleyeqAnAYmacCHOWQ/sjo > jHoaHyQCv3Ka4FwU4h66cmSoPkG4Bsdmg1AGwwmwlpGUxKcsPO8= > =ssDG > -END PGP SIGNATURE- > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > -- > > Marc Bradshaw - Deliverability/Abuse at FastMail > m...@fastmailteam.com | @marcbradshaw > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAluQYogACgkQJxVetMRa JwWipBAAkbyif2ZTAL6m3xx8DEOYfxyk9CegI26X21RBQlyQLLqmhWOZIT/09BlX RUBtNCqgtfxNuz14j91zq4fccUmtvqv9wxhLKFvoEUPU6uFS3HCD25GiUj8JMStd urxCmy+88zV5/IlW/hOoIuLlrEd85Vaa96XPWjQRC+2FYskSekD6sCwEDbcpvXy2 9sUlM1Xc6KHl912erQb4OKayveNx29SXpfQkVIEvi9Qv0xftQ+4Npxg8zG1D0yLg EGjrwso70XYdi7V1Uo8OEH1fOrQm9Kq+4De7I4vXovM7vgqDyqL9XgVWmamo/7di WWr+fZejQxh91HjDzIi+lCFSk4beaoTMtLXhUnPPMw+yPrrEU9suT9Ma+pB90MAu BOmITRfa/8YUpAlvBLPaPNlR3KxGswgXZmKrs6k3c/CEvahPvyYtpyktolIw7XB3 m+bgZM3PNOQcA4OsAd/YKpfmQVKVRhFqipnYE65eE+rqhAwh7d4mMkQDWODtg6n4 tphoo0ienaZ+ldvZb7K9nf7AIyQctZj05usKPv8YkxegVvB4wYcTiPd057m44yF0 YalNGi2qAVRjE2/0+6l6hFhe6RYvSzSMysTQj4uXmJYGm+WmnnZiv/tllbUPJq8k xhpnYRjAPmXTGQ72o59hMDLHI+OvERVU2VXRQ1qocL5GSZR5Zk0= =Qa1T -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] messagingengine.com / fastmail.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Can someone from messagingengine.com/fastmail.com please contact me. I'm seeing lots of: 4251pv49w5z118G 5091 Wed Sep 5 11:35:35 list-boun...@spammers.dontlike.us (host in1-smtp.messagingengine.com[66.111.4.73] refused to talk to me: 451 4.7.1 : Client host rejected: domainmail.org is blacklisted - RLR621 - ip=<192.249.57.241>, host=, helo=, from_domain=spammers.dontlike.us>) u...@redacted.tld I'm particularly interested in the RLR621 code. Thanks!! - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAluP6XoACgkQJxVetMRa JwUY1xAAgB1Ebe0y90pDEt58fH3MVpVo2V1p9DYRg3BNeSKHZnDR0baCxWnltdM1 EbRL4QD1L1ubAZ1DTrLDdVqJMTyK0TjrOrcL2V1fh40szf8SjVWemMU/AxmRZelF klHSg4kCHWMEffHW6JwX68beQnuxCW4nwwNF/+5rTflXn7hsJXwI2UaDw327vEg5 RMyEU88mWXk7qDOjWtf/YTYRGB6t0dTdQytByqNufrFk/Zkn+RGTWDEO5ifHx79e zIWUaZew0cVS5onG3TqFUDm+xmUFvVyGHBS5og2VM8CPTiOW6pFr9FMSktL9wh+Y Kmb25JR3gyQfJzwGpggvnM0zzXz4bTvymJbG/2lB0K2DaOtSA85vlk+oT0SGW52L JjGY79Dm1TkhOpFyMjGotCnf1EDm8EEkeJJTUrvg6Lfm9AhnD4L96M1PnUrSEb+A WbNc7BDIuIIljYOW/OXeh9tTADvXVBTeGvnTzdSuTMBhcNiyJEt6GQWkrYRmx1sD uwwdqd64TZxywFR0Ib0fpbGrnsnKDICczCRdALqimQKpWwes+XMZUgNVQxQgTiZP /2eMNmQkfy/mUYjuv//1H0nDvq7p0u5VfWyNaIBAtwCleyeqAnAYmacCHOWQ/sjo jHoaHyQCv3Ka4FwU4h66cmSoPkG4Bsdmg1AGwwmwlpGUxKcsPO8= =ssDG -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] DKIM headers - which do you sign and why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2018-07-24 at 00:30 +0200, Stefano Bagnara wrote: > And still I'm honestly looking for stats about how many domains are > really currently sending DMARC reports to senders (I get reports for > much less than 1% of my recipients: is it what you all get or is > there something wrong in my setup/target?). > In the past 120 days, I've received 1154 reports, for 7 of my domains (456 fail, 689 good) from 105 domains that send reports. One caveat: 23 of those domains all belong to Y!. One thing to check is are you blocking/filtering dmarc reports, not all come from clean/rdns/expected IPs. Another thing to check is pct=100. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAltWX90ACgkQJxVetMRa JwVi+xAAlRKPAmTg5p+QEuQLq+83TkEMETobDNXHMf3vVHZZNL/HR/5+dI5V+f1g BRO1+JUaifSnqzDfaICHdR6cM3k7U45simQUNT68VluthKZbDDISI4DRGP6m1Fbc F2OvOomn+DpJDJrPc/2iMiKCUNU1GyWjzYGa78YYylqXWN+0+92L8R4exKHBiu8A i+Is1dsNzWJL6pZI3qI8quwbYrFG9zr8hSk+QjXPToh8PYc+L0Nyl5BdhQj3tauK sSUv+FIt9QkzvULBlS0d/yDv3bMci445E1vI1KmvYB2Ml4Dq9y2uB2lqSThasZn7 0tJNImWkMq4jeVVcjVPTLCyfHkRE4WWum3JYXnjYM+7JwsfJeguBqzGkBNv6ROVo ItZoKyhygL5Z1nFTVJ5UgrlrcyJXit7ZO2cdR3qKptBEg9m70iyI2a7C6zUm/loS b3y4ou7pocwrBoCh25IvebYIfXa+w+znJ9onz8zEY6M9SKDQqvEOCFdrP39qLau3 xy2K08g73RugU38e67Dqdg+gmunjBF+O7VmM1Axu5dQ5EwoMT1JToeV+nUIRO8P1 NoZH0kLbuJ1RfWBMgZ1+FaNj6VIsRO4bvMZEUEX3YrdWDY0qZy7o3QUxTT8zrFZa qWZFAOH25OFoQ3etrsvxzqlK0fSLoUqME4S9ZhnkpXGCl5ghlDw= =kLFM -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] QQ Postmaster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2018-07-16 at 17:46 -0400, Vick Khera wrote: > I'd be curious to know if you are successful. My recollection is they > just spam you if you are outside of China. FTFY! ;-) - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAltNG1QACgkQJxVetMRa JwUCNxAAsRMchZUXXp/A/v4EIjiDSHb22P9x/4KqOS8N8Bk8fysNrGyXuBvZcQp3 GX7+qGQgi1J2mzNl9nlYAILFC4vGLj0oqAy5ALIC+9xFbWnS5PAOvSUXZsjOl59o v3Gb8qn1a9LKxGmKvNvlV5k5La5Bm5qpV1I+gVuT2cKspGnEEvL+gIL4NtaoleNf p6lrZOQh5AZOaXBceWQPcLlqnKK+hek+3l29QSE895TtDYjQtKEo3hQYkJJ2xgER /pemoqaEE3medcLArhY098YebPzia4qU4HmgG6tMEK6y7CSoCn8UimEzliXwboB3 9w+vxGTTNYH4P8nDlULJvnip/nzK/qqMngC1/yN0XrGrFfGitVCaYJa6HzbwCvcj XFxHvZKkTQPOKzOqMueJ6zRIjrWGE0iOFIMAadBap/rs+bIKdWGCZidh3aflOKY3 j9luDKdXAgQRVYwx/EtzOPNLvwMu55cjk8Ib+9P4vLxWMHAdDZ5HfiRdBX36Ea2q TAhaBdv0BJBE7FMUMYX2OZQTTZCmlJKofBVT+veFvej5c7ZgdTsVYbre6DpAVT0M nBPYgqqmtWPUpb76RNSBTrnNl/gd6FrOsoySIr0tTNJS3c87MA/LUbl0gwOeTuiy NJLhzCzC9aHwr9kO+qxc9ttMI60gSNYGHBUpMBKSplTrp4OCNWk= =TS5d -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Should mail servers publish IPv6 MX records? Could this harm your spam filtering?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-06-08 at 17:21 +0200, Stefano Bagnara wrote: > On Fri, 8 Jun 2018 at 16:47, Jim Popovitch via mailop org> wrote: > > On Fri, 2018-06-08 at 10:27 -0400, Rob McEwen wrote: > > > there has to be some justified level of "collateral damage" these > > > days, due to the very high frequency of hijacked accounts, > > > hijacked > > > websites, and spamming ESP customers (from ESP that are overall > > > good). > > > > Rather than dumping a piece of technology (ipv6), dump the ESPs > > that > > enable cheap sending. (Win! Win!). If those ESP customers had to > > build > > out their own infrastructure then they would take better care of > > it... > > regardless of ipv4, ipv6, ipv8, etc. > > If you really think that rejecting email from senders that want to > optimize their costs is a good strategy > Well, IPv6 is simply a way to make email sending cheaper. So not > supporting Ipv6 is an effective way to dump cheap sending. > > I guess anyone with a good corpus can easily check that "inexpensive > ESP" are not more spammy than "fortune 500 ESP". > > Someone proposed to simply add some cost to every SMTP transaction as > a way to stop the spam, some blacklist offer paid unlisting services, > too... but spammers sometimes have more money to send email than the > average user IMHO. Fair points! My comment was mostly tongue-in-cheek, but there is something to be said about how relatively easy it is to send bulk spam. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsaomoACgkQJxVetMRa JwVGKA/+JNNIAJq05rmovo8xZxPQZqUsdUJ5Y+ZqaMIynlGNg6tLy+qfKFF1wtFa dF01Rhyo0L3f7muWU4UDG7+o2nCp0n6elwvrwZtMnC6KnkEaNM8EhxOOq0b6L5ad Nj/0m0jkvz2R5eoIpfcN17u3TG3cafn4iWMzXJlJXs/gvpwggIN8NPHXS7mry7WW LC0m1Zr2wMc6396TEky5LCTFPsqdTSENhh9krJsN4xYCJmcggUd7vokLjqe7tPuA KmoftehvJ1Tyfeav7R8IY7GMhE3lJMLnlo4sdprg++U9PphSYeVtdeb+OHpdmHu1 JkS0Dl5ttpTvWqmVILtZOx7l2IwdrKtcErW0r435sFTJysqrbrxRkzEOMUrg/L8P ycvQMMgo6CK4NzZ3NatJnRe1frvLpsrWtvdyV6XxsMNC1vGq/ITWdYe8TknwDF8O vMMYNL5z4/CMu/YgV28QVF5ZyAP3aXNb8Z6co8+FGINtyU8O4XM+1WWo6JWQeIKS zZ1ddv99PNhYJFhgWoI7GTPoa76pXsL7mWV1Qopd6vvCQkdU0CzoxXpZe/lbhIO7 ztR+AXw+k82lc4dGyTfuyn33hwgshI7LkndxLyU2c49xHitHkIfWqcPQUy/q0qTZ gzvAEzNypr59YI1Hv9Vr8gtRA+23fEigc/kJMzMKRypZNVJ2eo0= =QYPF -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Should mail servers publish IPv6 MX records? Could this harm your spam filtering?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-06-08 at 10:27 -0400, Rob McEwen wrote: > there has to be some justified level of "collateral damage" these > days, due to the very high frequency of hijacked accounts, hijacked > websites, and spamming ESP customers (from ESP that are overall > good). Rather than dumping a piece of technology (ipv6), dump the ESPs that enable cheap sending. (Win! Win!). If those ESP customers had to build out their own infrastructure then they would take better care of it... regardless of ipv4, ipv6, ipv8, etc. - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsaloYACgkQJxVetMRa JwUxXxAAu0CqqhxNX+IbYfyJBZWZwfEwLrZ7Ku4DPBTLWab4YAxas9uewt1sMgO1 6TpmV4cVM3C1z/Co+duFEsYfadDcOY6WEuYQAaxC5sVQXLZqba3lrjVMG5Bstm5O qUXD9EGyieE7un96yP/WhBpTdIxQwRpq5piXknu7FVQqarqDfLwNm2osprpAD1IG GZnV0V52HqImaW6QFDtBonX9OhAOPzwS7m6Z3DMRzkrYFQKYA594WC1q3Q15g4ZB tYRPlTX1ReHuESGOaHrgFCAKowgMAxPgxDCT2FsYltqdh+3gSf+0YNpV5TcBTaBZ SX4uJoetZWFdWc+9Kf7DeFzVUl+ACqOCtXDFECwHXuE56yLFyk8dn1lMBtdtqk5S 07vk7X4B0De2wklbn8dBX2dpXQBkYAOE19VnVsf4Ad2A7bXn7BE2PMdnTEVf6r8l mhefDGOvgYYP07QLMn/lQOUhstnp64CLwWLPCzlWlvnIXDrKE8XkQJl8ac4EfSqd DmYH7W3kfP094d4O0Bv8hvAkLY44PRAeHOjuntWC/v1g4PQTKejWzwfHHyccX1dK iY0/6vEyh2ALuwqLfL+ei+iiAU+TD7ZJTu/b+UBLDwefMHtImjSs2jKEenQhFmIt mRyrwN+IL2jjlqv4CYN0MpnCvPqqsT0l9WX5xMyDm9ZKOU3pbWE= =mvOW -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] No MX records for mail.mil
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-05-03 at 09:33 -0500, Frank Bulk wrote: > This doesn’t look so good, though: > http://dnsviz.net/d/mail.mil/dnssec/ but this did: http://dnsviz.net/d/mail.mil/WsaG2w/dnssec/ and before that there was: http://dnsviz.net/d/mail.mil/WusxjQ/dnssec/ This flip-flop behaviour on mail.mil has been going on for more than a year. I'm going to guess that the responsible contractor doesn't know what they're doing. :-) - -Jim P. -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlrrM0wACgkQJxVetMRa JwV3ExAAnEIcG1kmh4NWuuloJ/jaoMoaKMtMUfyOx0QAGXzkPAl6BXMoVojxGupg M+u951aSYjr0MZelpxyLjMnHXBKwHsUFUkgurT9q7G/fktnUUSDatSUIpZ0YnM/V 4tdCBjp4r0UvK93IAC+JzMLs5RrZ/qX6xwKXO+3eO7BXnHI3jOhW9YRPkJKSwV0f T7H5oxh69Zz2dQazlGMThMuU99E04T+P7Nt3RS0xxNkahEeQbqzi5jLfsZtgBOZm mhdW705pcs5gM2GeUvaafazuFgkV4+88fd+kjx4xrbWu0xPfCs5xfGLYNZZnDn27 SttcGFqvZYwI3HIriVFYMF+rQPU8oNdDx1dkBtpKb0LTeMCZCJQOGxX91EEVjk+t IODTTZIhLZnBAsLHwUOeU0/KaF5r6fr8QUPRd0Mt8BmYwNNk4DeQlHCmmUxLNJol nDWkRMfYOveogOID4wJK0czCw5uAPrmVaxXG3ZUCmAPHjGqJwOh31XDNTfzdIZ5E U3PPTUzIoIGQJbmYysiIdbehydtHXJWFtakTPIfaa7f7UMZvlf4NXflqdm2mwhBe TKZpjbdzMc3qxHsXtcxT5pufi3nLOTnP91iHbYU0SPnSrQWO3ThebR7RuFl48AG2 O5XrmaNRuNuKJFE3UVjxTOM3qkKDYdNGC6VS9dZHaaPurWi6los= =pUnj -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..
On February 8, 2018 1:05:59 AM UTC, Michael Peddemorswrote: >Spammers are abusing Google Groups lists of course, and I am sure they >are working on it, but the issue is with the unsubscribe URL methods.. >Comments at the bottom of the example.. > I've been reporting this to Google for 4 weeks now. Unsubbing from the www interface doesn't work either. They don't seem to care... -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SPF recommendations (was: Re: Earthlink trouble with our PTR)
On Thu, Dec 14, 2017 at 8:07 PM, Bill Cole <mailop-20160...@billmail.scconsult.com> wrote: > On 14 Dec 2017, at 14:01 (-0500), Jim Popovitch wrote: > >> Aside from a few HUGE providers, those with very large and disparate >> networks/offices/topology > > > SPF isn't related to the complexity of a network, but control of users using > a domain name, which is a very different thing. Forget about users, think IoT devices. ~all makes it easy for a hacked device to send emails using your domain. >> -all means that the domain operator knows what they are doing, > > > No, it means they know what their users do. Not every network or domain is used as a mailbox provider. > Or that they THINK they do. > >> knows >> what their network consists of and how email is routed within their >> network. It further states that the -all publisher has committed to >> staying abreast of what happens in their environment in order to >> assure their IP space is properly routing email. It instills >> confidence. > > > There continue to be sites that do traditional ~/.forward-style transparent > SMTP forwarding, which preserves the envelope sender as received. There > continue to be websites which give users the ability to send content to > others which use the address of the user initiating the action as the > envelope sender, so that bounces go to the person who might care. > > Last I checked, it was frowned upon for sysadmins to execute users who > obliviously violate a SPF '-all' policy by mailing a 'wrong' person or using > a 'wrong' 3rd-party system. > > >> ~all is just plain lazy, and is akin to saying that you don't have >> confidence in your ability to own and control your own network; > > > You keep using that word. I do not think it means what you think it means. Ahh, a Princess Bride fan... > If you consider users to be a subordinate part of a "network" then no > "network" is controllable or should be. No, that's not what I'm saying. Forget about users, think spambot infested devices on your network (or on someone else's network using your domain). >> and >> you want others to spend some level of time/money (in the form of CPU >> cycles) analyzing email emitted from your network to determine it's >> suitability for deliverability. > > > There you go saying "your network" again, yet fundamentally '~all' says 'my > users might cause mail using my domain name to come from networks OTHER THAN > mine.' Which is true of almost any significant set of users. Mail actually > from the domain owner's network properly will be authenticated by what comes > BEFORE the '~all' default. Of course, but we're not really discussing what comes before the ~all or-all, rather what comes after the properly identified network resources listed in the SPF RR. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SPF recommendations (was: Re: Earthlink trouble with our PTR)
On Thu, Dec 14, 2017 at 11:33 AM, Vladimir Dubrovin via mailopwrote: > > In fact, you should not use "-all" for your mail domain if you care > about deliverability. FALSE! (Also, you should not randomly add CC recipients to the same mailinglist that you are responding to) Aside from a few HUGE providers, those with very large and disparate networks/offices/topology -all means that the domain operator knows what they are doing, knows what their network consists of and how email is routed within their network. It further states that the -all publisher has committed to staying abreast of what happens in their environment in order to assure their IP space is properly routing email. It instills confidence. ~all is just plain lazy, and is akin to saying that you don't have confidence in your ability to own and control your own network; and you want others to spend some level of time/money (in the form of CPU cycles) analyzing email emitted from your network to determine it's suitability for deliverability. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SPF failures at Yahoo
On Oct 27, 2017 11:42, "Jim Popovitch" <jim...@gmail.com> wrote: Is there someone from Yahoo! who can provide some insight into why there is always 1 SPF lookup failure in your DMARC reports. http://domainmail.org/reports/yahoo.com!netcoolusers.org!150 6556800!1506643199.xml http://domainmail.org/reports/yahoo.com!netcoolusers.org!150 6988800!1507075199.xml http://domainmail.org/reports/yahoo.com!netcoolusers.org!150 7939200!1508025599.xml It seems odd, and 3 more today (1 spf failure per every ~40 emails) http://domainmail.org/reports/yahoo.com!netcoolusers.org!150 6470400!1506556799.xml http://domainmail.org/reports/yahoo.com!netcoolusers.org! 1506902400!1506988799.xml http://domainmail.org/reports/yahoo.com!netcoolusers.org!150 8976000!1509062399.xml -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SPF record
On Mon, May 22, 2017 at 6:05 PM, Michael Wise via mailopwrote: > > At least a Mailing List is in a position to rewrite the headers so that SPF > works when it sends the traffic out. > Yep, but only those managed by ppl who know how to keep things updated, patched, etc. Lots of bad managed mailing lists out there/here.. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )
On Apr 10, 2017 12:15, "Laura Atkins" <la...@wordtothewise.com> wrote: On Apr 9, 2017, at 11:00 AM, Jim Popovitch <jim...@gmail.com> wrote: On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq." <amitch...@isipp.com> wrote: This brings up a good point...back in 'the day' folks would report spam on NANAE; is there a managed, moderated mailing list to report spam, that has the main ESPs and such on it? SDLU ? Reporting spam in public just makes it harder for the abuse desks to handle thing. If there is a working abuse desk, then abuse@ is fine. If there’s not, reporting in public is performance art at best. Pfft. SDLU is somewhere between public and private. Limiting reporting to one of the many walled gardens makes it easier for consultants to protect revenue streams -Jim P. (I know how bread is buttered) ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] AOL Service unavailable on connect
On Mon, Jan 23, 2017 at 10:29 AM, Derek Digetwrote: > > Anyone else seeing connection issues to AOL? Saturday morning (EST) we > started getting > > 421 mtaig-maa03.mx.aol.com Service unavailable - try again later > Yep, ~$ mailq Queue ID- --Size-- ---Arrival Time --Sender/Recipient-- 3v6VYJ2sZpz1vdw 11396 Mon Jan 23 12:12:04 users-boun...@netcoolusers.org (host mailin-01.mx.aol.com[152.163.0.68] refused to talk to me: 421 mtaig-aad03.mx.aol.com Service unavailable - try again later) xxx...@aol.com 3v5tbl151Yz1vg5 14271 Sun Jan 22 12:12:03 users-boun...@netcoolusers.org (host mailin-01.mx.aol.com[152.163.0.99] refused to talk to me: 421 mtaig-aae03.mx.aol.com Service unavailable - try again later) ...@aol.com 3v5tbm10Hlz2V2r 12347 Sun Jan 22 12:12:04 users-boun...@netcoolusers.org (host mailin-03.mx.aol.com[152.163.0.100] refused to talk to me: 421 mtaig-aad01.mx.aol.com Service unavailable - try again later) xxx...@aol.com 3v6VYL2Fwtz2V4H 12588 Mon Jan 23 12:12:06 users-boun...@netcoolusers.org (host mailin-02.mx.aol.com[152.163.0.100] refused to talk to me: 421 mtaig-aam04.mx.aol.com Service unavailable - try again later) xxx...@aol.com -- 57 Kbytes in 4 Requests. BTW, mailop.org (chilli.nosignal.org) your SSL cert is still broken: "There are issues with the site's certificate chain (net::ERR_CERT_DATE_INVALID)." -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Storing 821 envelope recipients in an 822.Header?
On Wed, Dec 7, 2016 at 2:13 PM, Eric Hensonwrote: > Just be aware that using XY will have you labeled as misogynist , XX will > have you labeled a SJW, and XXX will get you blocked by porn filters. > > :-) Damn the world is complicated. All I was thinking of was Pokémon. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Storing 821 envelope recipients in an 822.Header?
On Wed, Dec 7, 2016 at 12:17 PM, John Levinewrote: >>5. Does not override existing specifications that legislate the use >>of "X-" for particular application protocols (e.g., the "x-name" >>token in [RFC5545]); this is a matter for the designers of those >>protocols. >> >>So, X headers are still the way to go it seems for SMTP.. > > Perhaps you missed this part of RFC 6648: > >As explained more fully under Appendix A, this convention was >encouraged for many years in application protocols such as file >transfer, email, and the World Wide Web. In particular, it was >codified for email by [RFC822] (via the distinction between >"Extension-fields" and "user-defined-fields"), but then removed by >[RFC2822] based on implementation and deployment experience. > > Really, if you need to invent a header, just invent one and don't > pretend that anyone told you to use a X- name. So you can choose any name you want as long as it doesn't start with X- ? :-)I'm going to start naming headers XY- just because it's allowed by RFCs. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Yahoo blacklist removal
On Wed, Nov 16, 2016 at 3:53 PM, David Sgro, Dataspindlewrote: > Check Proofpoint.com to see if you listed > https://support.proofpoint.com/rbl-lookup.cgi?ip= It's almost the end of the 2nd decade of the 2nd century that IPv6 has been in use... I would have thought ProofPoint would be out to prove a point by supporting IPv6. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Barracuda hosted spam filtering having issues?
On Wed, Nov 2, 2016 at 4:05 PM, Eric Tykwinskiwrote: > I'm seeing a lot of session timeouts on connections to > .ess.barracudanetworks.com servers. > Just checking to see if it's a known issue... Same here (domainmail.org). At first it looked like they had SSL issues (http://paste.debian.net/plainh/4a759f68) so I disabled TLS for the domain in question and now it's just: Nov 2 20:09:01 svr5 postfix/smtp[17976]: 5B4F1514D7: lost connection with d92740a.ess.barracudanetworks.com[64.235.153.2] while receiving the initial server greeting Nov 2 20:11:04 svr5 postfix/smtp[17976]: 5B4F1514D7: conversation with d92740a.ess.barracudanetworks.com[64.235.150.252] timed out while receiving the initial server greeting Kinda odd tho, -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Google: Increase in false positives?
On Fri, Sep 2, 2016 at 11:12 PM, John Levinewrote: >>But I'm not sure what native would look like. After Lavabit, would the >>type of folks who use pgp actually trust our implementation if they >>couldn't see it and verify it? > > In my experience there are two kinds of PGP users. One is the hard > core who go to key signing parties with their passports in their > pockets. The other is the casual ones who get keys from keyservers > when they send moderately touchy stuff. > > The latter group would probably be OK with your implementation. The > others would not, so they'd have to use POP/IMAP/SUBMIT and do the > crypto at home. > >>Also, the spam problem becomes challenging in that environment... > > For the latter group, you can ask them if it's OK to use their keys > for spam filtering and they'll probably say it is. For the former > group, it's a problem. Of course, they're only likely to exchange > encrypted mail with a tiny set of friends, so perhaps you could say > that the sender's key isn't in someone's address book, rate limit it > down to one or two messages per day. That gives an opportunity for > initial contact, at least until the spammers figure out that their > botnets have plenty of CPU to invent a new identity and a new key for > every spam. In addition to what John said, I think a very useful first step component would be for Google (Microsoft too!) to run an internal PGP keyserver (if you don't already have one) and then use it reject signed msgs that fail a basic sig test. You don't need anyone's private key, and you could sync your keyserver the same way all the other keyservers do. This would go a long way towards true message integrity. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] DKIM + mailinglists (rehash)
Hello! If Mailman (and other MLMs) would provide some header data that listed msg modifications (i.e. pre-pended subject with 6 chars, post-pended body with 6 lines, etc), would this be beneficial for anyone to use in order to reconstruct an original msg and validate the original DKIM sig (X-Google-DKIM-Signature, etc.) ? -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
On Tue, Jun 14, 2016 at 5:33 PM, Peter Bowen <pzbo...@gmail.com> wrote: > On Tue, Jun 14, 2016 at 1:48 PM, Jim Popovitch <jim...@gmail.com> wrote: >> On Tue, Jun 14, 2016 at 12:16 PM, Suresh Ramasubramanian >> <ops.li...@gmail.com> wrote: >>> >>> 163 is an email provider that I doubt provides dynamic IP space of any sort. >>> And as Junping says, 700 million mailboxes. Well north of 30 million, like >>> I said :) >> >> Where does 123.com fit into all this? >> http://paste.debian.net/plainh/4f41f8c4 > > I'm assuming you mean 126.com, based on the paste. Opps, yes, 126 (what is up with all the numbered domains?!?!) > 163.com, 126.com, yeah.net, vip.163.com, vip.126.com, vip.188.com, and > netease.com are all NetEase domains. So the paste is evidence that SpamRats is doing the right thing? -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Multiple DKIM signatures -- any benefit or detriment?
On Sat, May 21, 2016 at 1:22 PM, Steve Atkins <st...@blighty.com> wrote: > >> On May 21, 2016, at 9:41 AM, Jim Popovitch <jim...@gmail.com> wrote: >> >> On Sat, May 21, 2016 at 12:23 PM, Steve Atkins <st...@blighty.com> wrote: >>> >>>> On May 21, 2016, at 8:45 AM, Jim Popovitch <jim...@gmail.com> wrote: >>>> >>>> On Fri, May 20, 2016 at 5:21 PM, Michael Rathbun <m...@honet.com> wrote: >>>>> On Fri, 20 May 2016 17:00:37 -0400, Jim Popovitch <jim...@gmail.com> >>>>> wrote: >>>>> >>>>>> Give me a (real world) example of how 2 DKIM sigs will be in the same >>>>>> email msg and both sigs will verify. >>>>> >>>>> Here are two: >>>>> >>>>>> Authentication-Results: mx.google.com; >>>>>> dkim=pass (test mode) header.i=@humblebundle.com; >>>>>> dkim=pass (test mode) header.i=@dynect.net; >>>>> >>>>>> Authentication-Results: mx.google.com; >>>>>> dkim=pass header.i=@cpro30.com; >>>>>> dkim=pass header.i=@morningconsult.com; >>>>> >>>> >>>> >>>> That's quite vague. What was signed by each key? When most people >>>> think of DKIM they think of a DKIM key being used to guarantee that >>>> parts of a message haven't been modified in transit. >>> >>> If they do, they're thinking about it wrong. DKIM is *not* about message >>> integrity, it's about someone taking responsibility for the message in >>> a way that is provable by a third party. Or, if you prefer a more mechanical >>> model, it's about attaching an unforgeable identifier to a message so that >>> that identifier can be used as a key to track the history of the email >>> author. >> >> Email is multi-faceted. I really don't think there is any one person >> who has seen all sides and knows whats best for all sides. > > It's not about what's "best", it's about understanding what a protocol > is, and what it provides. That's important because if someone misunderstands > what DKIM is for, you they misusing the results it provides. > >> Correct me if I am wrong (with details please). ESPs are the only >> ones using 2 or more DKIM sigs, and one or more of those DKIM sigs is >> just an identifier injected along the way, that seeks to verify the >> middle-man by signing zero or a few headers (but not any headers wrt >> deliverability, hops, received lines, etc.) > > *All* DKIM signatures are just identifiers injected along the way. All > reasonable[1] DKIM signatures sign a sensible subset of the headers and > the entire body. > > There is no "primary" or "main" DKIM signature. A message may have > zero or more DKIM signatures; none is intrinsically more valid or > valuable than the others. There is an order to them, but that's just the > order in which the signatures were applied rather than anything inherently > meaningful. > > (Though, obviously, you can intuit things from the order, and there is > broken software out there that, for example, treats the first or last > DKIM signature differently. And there are protocols out there that > pay more attention to DKIM identifiers that bytewise match other > elements of the email. That's all outside the scope of DKIM itself.) > > The result of validating DKIM is a list of zero or more identifiers (one > from each DKIM signature that validates). > > Mailserver automation can do whatever it pleases with that result, > but that's the only information it gets from DKIM - a list of zero or > more identifiers (typically the d= value from each DKIM-Signature > header). > > Cheers, > Steve > > [1] There's a lot of leeway in the DKIM spec about what you can > sign and still be a "valid" DKIM signature, but that's mostly theoretical. > In the wild you'll see everyone signing something like mime-version, > in-reply-to, references, date, message-id, subject, from, to and the > entire body. > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Thanks Steve for the details. Some explanation for my deep curiosity Mailman (which I hack on here and there) and other MLMs had problems in the past because Mailman modifies the body and appends a footer (as seen on this list). So the advice, years ago, was to strip any incoming DKIM sig, than add a new DKIM sig from the MLM host before reflecting the msg. That worked for years... then multiple DKIM sigs came into parlance, then came DMARC, then came the advice to not strip incoming DKIM sigs and just add a new one. What I would like to do is find a way to keep incoming sigs, keep the mailing list footer, add the MLM's DKIM sig, and have all sigs validate. How does this work in the ESP world where a client originates and signs a msg that is then handed to an ESP who adds a sig and distributes it? Does the client sign the body? -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Multiple DKIM signatures -- any benefit or detriment?
On Sat, May 21, 2016 at 12:23 PM, Steve Atkins <st...@blighty.com> wrote: > >> On May 21, 2016, at 8:45 AM, Jim Popovitch <jim...@gmail.com> wrote: >> >> On Fri, May 20, 2016 at 5:21 PM, Michael Rathbun <m...@honet.com> wrote: >>> On Fri, 20 May 2016 17:00:37 -0400, Jim Popovitch <jim...@gmail.com> wrote: >>> >>>> Give me a (real world) example of how 2 DKIM sigs will be in the same >>>> email msg and both sigs will verify. >>> >>> Here are two: >>> >>>> Authentication-Results: mx.google.com; >>>> dkim=pass (test mode) header.i=@humblebundle.com; >>>> dkim=pass (test mode) header.i=@dynect.net; >>> >>>> Authentication-Results: mx.google.com; >>>> dkim=pass header.i=@cpro30.com; >>>> dkim=pass header.i=@morningconsult.com; >>> >> >> >> That's quite vague. What was signed by each key? When most people >> think of DKIM they think of a DKIM key being used to guarantee that >> parts of a message haven't been modified in transit. > > If they do, they're thinking about it wrong. DKIM is *not* about message > integrity, it's about someone taking responsibility for the message in > a way that is provable by a third party. Or, if you prefer a more mechanical > model, it's about attaching an unforgeable identifier to a message so that > that identifier can be used as a key to track the history of the email > author. Email is multi-faceted. I really don't think there is any one person who has seen all sides and knows whats best for all sides. Correct me if I am wrong (with details please). ESPs are the only ones using 2 or more DKIM sigs, and one or more of those DKIM sigs is just an identifier injected along the way, that seeks to verify the middle-man by signing zero or a few headers (but not any headers wrt deliverability, hops, received lines, etc.) > That it does that partly by using a cryptographic signature that includes > some subset of the content is an implementation detail that's only there to > mitigate replay attacks. That "subset" is the part that interests me. >> So, for this >> discussion, I think it's important to identify the parts of the >> message that are being signed, no? > > Not generally, no. But that info is in the DKIM-Signature headers > if you want it. I do want it, and since MDR provided the incomplete example I was asking him to provide the rest. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop