Re: [mailop] [EXTERNAL] v=spf1 -all SPF treewalk?

[Michael Wise via mailop]

That seems a troublesome assumption, but okay.
This may be the case they are checking for, however.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: Mark Alley 
Sent: Thursday, May 16, 2024 3:40 PM
To: Michael Wise ; mailop@mailop.org
Subject: Re: [EXTERNAL] [mailop] v=spf1 -all SPF treewalk?


In this case, assume no wildcard exists intentionally.



- Mark Alley
On 5/16/2024 5:18 PM, Michael Wise wrote:

... seems legit? Although perhaps a bit too restrictive if the subdomains have 
valid SPF records that allow.
DEFAULT DENY ALL ... except ...
But this seems to imply problems with a sender's wildcard dns?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On 
Behalf Of Mark Alley via mailop
Sent: Thursday, May 16, 2024 3:11 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] v=spf1 -all SPF treewalk?


Hey all, got a dubious claim I read today that's somewhat of a head-scratcher.

Let's lay out the scenario.

  1.  The following DNS answers are returned when queried (pseudocode):

 *   domain.com IN TXT "v=spf1 -all"
 *   test.domain.com IN TXT  - NXDOMAIN
 *   _dmarc.test.domain.com IN TXT - NXDOMAIN
 *   _dmarc.domain.com IN TXT - NXDOMAIN

  1.  An email is sent with the RFC5321.mailfrom and RFC5322.from 
"t...@test.domain.com".
  2.  The email is not signed with DKIM.
  3.  The HELO FQDN has an SPF record with the corresponding MTA's IP in it.

This claim stated that (and I'm quoting verbatim here), "I forced many ESPs to 
start failing SPF for any subdomain of a domain that has no explicit SPF, and 
fails SPF at the primary domain level (Context note: when v=spf1 -all exists at 
the primary domain)".

Has anyone observed or heard of this SPF treewalk-esque evaluation logic being 
used by Receivers when an empty SPF fail policy is used at the organizational 
domain, but the subdomain used for SPF evaluation doesn't exist?



- Mark Alley


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] v=spf1 -all SPF treewalk?

[Michael Wise via mailop]

… seems legit? Although perhaps a bit too restrictive if the subdomains have 
valid SPF records that allow.
DEFAULT DENY ALL … except …
But this seems to imply problems with a sender’s wildcard dns?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Mark Alley via mailop
Sent: Thursday, May 16, 2024 3:11 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] v=spf1 -all SPF treewalk?


Hey all, got a dubious claim I read today that's somewhat of a head-scratcher.

Let's lay out the scenario.

  *   The following DNS answers are returned when queried (pseudocode):
 *   domain.com IN TXT "v=spf1 -all"
 *   test.domain.com IN TXT  - NXDOMAIN
 *   _dmarc.test.domain.com IN TXT - NXDOMAIN
 *   _dmarc.domain.com IN TXT - NXDOMAIN

  *   An email is sent with the RFC5321.mailfrom and RFC5322.from 
"t...@test.domain.com".
  *   The email is not signed with DKIM.
  *   The HELO FQDN has an SPF record with the corresponding MTA's IP in it.

This claim stated that (and I'm quoting verbatim here), "I forced many ESPs to 
start failing SPF for any subdomain of a domain that has no explicit SPF, and 
fails SPF at the primary domain level (Context note: when v=spf1 -all exists at 
the primary domain)".

Has anyone observed or heard of this SPF treewalk-esque evaluation logic being 
used by Receivers when an empty SPF fail policy is used at the organizational 
domain, but the subdomain used for SPF evaluation doesn't exist?



- Mark Alley


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone From Microsoft That Can Give Some Guidance?

[Michael Wise via mailop]

Are you sure it’s Office365 and not “Consumer” Outlook/Hotmail accounts.

Because the systems are not the same, and have different escalation procedures.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Michael E. Weisel via 
mailop
Sent: Monday, April 29, 2024 12:04 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Anyone From Microsoft That Can Give Some Guidance?

Hi fellow Mailopers, I hope you are all doing well.  We have a client of ours 
that works with the 107 Historically Black Colleges on a yearly project that 
awards grants for campus improvement projects.  The email list is small, around 
700 subscribers in total.  For the most part the emails are making it through 
however many of the schools rely on Office 365 for their email and some of the 
schools are having issues getting their mail to the inbox.  It’s a dedicated IP 
address and domain, and its setup for SPF/DKIM/DMARC etc. and they only send to 
this 100% opt-in list.  If there’s anyone on the list that may be able to help 
me out to?  It’s a great opportunity for these schools and some have missed out 
because they didn’t receive the communications and deadline information.  I’m 
happy to give more information on the client if someone could direct message me.

Thanks in advance and have a great day everyone,

Michael

Michael E. Weisel
CTO / Deliverability Lead
Gold Lasso
(301) 990-9857 Corporate
(240) 813-0174 Direct Dial

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] It's almost getting funny out there now..

[Michael Wise via mailop]

103.143.76.89 is not a Microsoft IP.
At all.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Michael Peddemors via 
mailop
Sent: Tuesday, February 6, 2024 1:52 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] It's almost getting funny out there now..

For the record, looking at the 'too big to block' stats, and definitely
the o365 spam is leading the pack..

IPs that are temporarily rate limited because of too many invalid
recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs)

Of course, not 100% relative, as their retry algorithms can be vastly
different.. but the point is, it is getting to crazy levels.

And so much obvious stuff..

But just sharing one of the latest.. (Caution, headers can be forged)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.143.76.89)

host 103.143.76.89
89.76.143.103.in-addr.arpa domain name pointer unpggl.onmicrosoft.com

But of course the IP is on OBHost LLC

X-EL-THREAT: NO
X-EL-SUSPECT: NO
X-Vade-Score: 0
X-Vade-State: 0
X-MS-Exchange-SenderADCheck: 2
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
X-Forefront-Antispam-Report-Untrusted: .. :NSPM; ..
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=b86cf7d6-acf7-4a9b-8515-21b3b6e45fa1;Ip=[103.143.76.89];Helo=[bishopstown-cs.ie]

All of these spam protections can't help at o365 outbound, but yet
simple email filters can inbound?

Just a once a month rant, when billion dollar companies are not
responsible for the threats leaving their networks..





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com/ @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca/
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] OT re Munging was Re: Extortion spam from OVH-hosted *.sbs domains

[Michael Wise via mailop]

Or just put a “ “ before each of the dots …

  mx .h .orku .sbs

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Kevin A. McGrail via 
mailop
Sent: Wednesday, January 31, 2024 9:44 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] OT re Munging was Re: Extortion spam from 
OVH-hosted *.sbs domains


Hi MailOp,

I thought I would send a note that emails about this topic with OVH and SBS 
domains have sometimes been going into spam because some emails mention URIs 
that are on blocklists.

At the Apache SpamAssassin project we typical discuss things with [] brackets 
or the word munge to avoid this issue.For example, mx.h.orku[.]sbs 
mx.h.orkumunge.sbs with the bolding added for extra emphasis.  This might help 
when people are discussing threat data.

Regards,
KAM
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] outlook.com 421 try again later S77719

[Michael Wise via mailop]

I have no idea, and try not to make public facing statements, sorry.

Aloha,
Michael.
—
“Your Spam Specimen Has Been Processed,”

From: mailop  on behalf of Johann Klasek via mailop 

Sent: Wednesday, October 11, 2023 11:50:16 AM
To: Michael Wise via mailop 
Subject: Re: [mailop] [EXTERNAL] outlook.com 421 try again later S77719

Hi Michael!

On Wed, Oct 11, 2023 at 06:07:13PM +, Michael Wise via mailop wrote:
>
> That's volume throttling, not IP blocking.
> Did you recently bring a new block online, or ... someone sending out an 
> abnormally large volume of mail?
> If it's going out thru shared IPs, that could also be part of the problem, 
> but this is just speculation.

What about

Deferred:  451 4.7.500 Server busy. Please try again later from [x.x.x.x].  
(S77719) [VI1EUR05FT)

This suddently occured from 11 or 12 o'clock (+0200) until around 19
o'clock (+0200). The backlogs in our queues are now gone.

On our site we could rule out any increase in traffice or "new" ip
addresses.

A lot of our customer blamed us for not delivering e-mail
properly and they are surly eager to know what happend to the "hosting
provider" of their communication partners.

Is there any (more less official) statement regarding this? Maybe you
have an explanation for us ...

Thanks a lot in advance.

Johann

___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailop=05%7C01%7Cmichael.wise%40microsoft.com%7C9adc2bd23ba14343613808dbca8cfe4b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638326479157826411%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=ZWwGrDHBHVvv3%2FwdYqX%2BmQ5F7vf24o4xgUpQ5T48iX4%3D=0<https://list.mailop.org/listinfo/mailop>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] outlook.com 421 try again later S77719

[Michael Wise via mailop]

That's volume throttling, not IP blocking.
Did you recently bring a new block online, or ... someone sending out an 
abnormally large volume of mail?
If it's going out thru shared IPs, that could also be part of the problem, but 
this is just speculation.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Andreas via mailop
Sent: Wednesday, October 11, 2023 2:13 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] outlook.com 421 try again later S77719


Hello all,

since a few hours we have problems with sending to Microsoft. We get hundreds 
of messages like in the subject with the reference to S77719. Also colleagues 
from other companies in germany are seeing the same in their logs. All mails 
that are blocked here are from Microsoft customers, but they are redirected 
through our servers.

Trying to unblock the IP e.g. via https://sender.office.com/ shows that the IPs 
are not blocked.

Anybody have any idea?

Thanks a lot
Andreas
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Outlook/o365 having DNS Troubles?

[Michael Wise via mailop]

It's Azure, not EOP.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Michael Peddemors via 
mailop
Sent: Tuesday, July 11, 2023 11:02 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Outlook/o365 having DNS Troubles?



Jul 11 08:20:04 be msd[1974542]: CONN: 52.96.233.45 -> 587 GeoIP = [US]

PTR = NXDOMAIN OS = Windows NT kernel

Jul 11 08:20:04 be msd[1974542]: EHLO command received, args:

SJ1PR84MB3115.NAMPRD84.PROD.OUTLOOK.COM



The fingerprint looks funky too.. trying to see if this is an actual

cloud outlook, or a forgery..



Sure be nice if Microsoft properly SWIP'ed those segments of it's IP

space dedicate to o365, instead of making people guess if this is an

Azure abuse or not..



I am sure not ALL of this range is cloud outlook..



NetRange:   52.96.0.0 - 52.115.255.255

CIDR:   52.112.0.0/14, 52.96.0.0/12

NetName:MSFT

NetHandle:  NET-52-96-0-0-1

Parent: NET52 (NET-52-0-0-0-0)

NetType:Direct Allocation

OriginAS:

Organization:   Microsoft Corporation (MSFT)

RegDate:2015-11-24

Updated:2021-12-14

Ref:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Frdap.arin.net%2Fregistry%2Fip%2F52.96.0.0=05%7C01%7Cmichael.wise%40microsoft.com%7C2fa34f7a30104521059708db823a4ccb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638246959179279554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=I6Lp9OAdVButkiCmbiiYSVGflJHUPMprFjqPgYpsdF8%3D=0







OrgName:Microsoft Corporation







--

"Catch the Magic of Linux..."



Michael Peddemors, President/CEO LinuxMagic Inc.

Visit us at 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linuxmagic.com%2F=05%7C01%7Cmichael.wise%40microsoft.com%7C2fa34f7a30104521059708db823a4ccb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638246959179279554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=7CWmf5Z9jncaoCdzcVbgHjNmz%2BYYsdfzrg9%2B87c0xYQ%3D=0
 @linuxmagic

A Wizard IT Company - For More Info 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wizard.ca%2F=05%7C01%7Cmichael.wise%40microsoft.com%7C2fa34f7a30104521059708db823a4ccb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638246959179279554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=2Cbd%2FhpTSZs8misRymb%2BAkWzyKBXsLpC0DIMdOL81RQ%3D=0

"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.



604-682-0300 Beautiful British Columbia, Canada



This email and any electronic data contained are confidential and intended

solely for the use of the individual or entity to which they are addressed.

Please note that any views or opinions presented in this email are solely

those of the author and are not intended to represent those of the company.

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailop=05%7C01%7Cmichael.wise%40microsoft.com%7C2fa34f7a30104521059708db823a4ccb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638246959179279554%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=lZ4qY5O2DVrwHhafzEnB7MM8MhbE9E1Yfu6mjHYsAJU%3D=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Strange mail delivery from microsoft

[Michael Wise via mailop]

If you're using GreyListing, know that a given email will not be coming from 
the same IP address twice.

The outgoing IP address is randomized for ... reasons.



This is the same for both our Enterprise as well as Consumer offerings.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Benny Pedersen via mailop
Sent: Sunday, June 18, 2023 11:06 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Strange mail delivery from microsoft



Klaus Ethgen via mailop skrev den 2023-06-18 18:53:

> I have tighten my firewall a bit and seen many attacks from Microsoft

> (40.92.0.0/16). They contact once from a IP and then never again. If I

> greylist them, the will try to deliver from a different address which

> gets greylisted again and so on.



use greylist /32 for ipv4, and /64 for ipv6, with microsoft there is no

ipv6 senders



maybe change greylist time to one single hour aswell, so urls is listed

at accept time



> Could you please tell me how to handle that broken mail delivery? It

> triggers all, my mailserver attack filter as well as greylisting.



change greylist to /32 for ipv4, i cant think of a better way to help

microsoft servers :)



> Unfortunately I have some contacts on hotmail. Otherwise I would not

> care about.



not news for me



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailop=05%7C01%7Cmichael.wise%40microsoft.com%7C376b1a41f51d4eb788c308db70270b0b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638227085351365846%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=wERsfUyDMpMUUp2hBUv3MTcb2ekXd9xj5RK8ZGsBeJo%3D=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Contact at Outlook?

[Michael Wise via mailop]

... From time to time.



If it can't be handled with the IP delisting form, it's going to be very 
difficult for an external party to get a hold of someone in an org that handles 
billions of emails a day. And I'm not someone who can do anything about such 
issues as a general rule.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Atro Tossavainen via 
mailop
Sent: Wednesday, November 23, 2022 2:26 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Contact at Outlook?



On Wed, Nov 23, 2022 at 04:01:30PM -0600, Jarland Donnell via mailop wrote:

> Assuming that doesn't pan out, can you file an abuse complaint with

> their DNS provider? Sure can't hurt anything.



Oddly enough Microsoft's DNS provider is... Microsoft.



Microsoft has an employee participating on this list.



--

Atro Tossavainen, Founder, Partner

Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)

Tallinn, Estonia

tel. +372-5883-4269, 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.koliloks.eu%2F=05%7C01%7Cmichael.wise%40microsoft.com%7Ce442a6128d304d9ca76608dacda21d77%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638048393561432126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=NavAOkbpSq%2Bqcep76wupKJ7Gtuyqd6yy%2FSaXvZ83KLU%3D=0

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailop=05%7C01%7Cmichael.wise%40microsoft.com%7Ce442a6128d304d9ca76608dacda21d77%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638048393561432126%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C=XfwF75usbYTbV76pWopiM6jXxuPaGiw2KNxp3zm5NNA%3D=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

[Michael Wise via mailop]

This .. is what I wanted to see.
Did it really go to you, or did it stop off somewhere else first?

  To: zachery Rose 

It does appear that it went direct, so my initial theory is off I guess.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Zach Rose via mailop
Sent: Friday, November 18, 2022 11:38 AM
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

Yeah, that's my theory at the moment, very likely that the call is coming from 
inside the house, but they didn't find the person who made the call before it 
was made.


Delivered-To: REDACTED
Received: by 2002:a05:640c:1b81:b0:190:7afb:ee7a with SMTP id r1csp516216eiw;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
X-Google-Smtp-Source: 
AA0mqf6dcoQaNhG4JYaaq7jvwEAJxfF8XCQ2Zy1qPt4mGssaSyPzrvU0HsohJxkBvLOIjhuKLb6N
X-Received: by 2002:a65:67d1:0:b0:476:87ad:9d78 with SMTP id 
b17-20020a6567d100b0047687ad9d78mr6785903pgs.169.1668781412334;
Fri, 18 Nov 2022 06:23:32 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1668781412; cv=none;

d=google.com;
 s=arc-20160816;
b=U4pbrfCYSxjulk8kCNLer1j7TfaCaowzf2yDYMqeQMVmG4g/JvAXzf0m4serzWoqTi
 OBEY9TrwfM2j3yQssfS8OMOnWmBP+pO7KYBmg67sBb57BdZlx/+txIylik9rNKuyXsEh
 O5+LN63Y1RqiSPLK44tgV3uHSeYS5n+qE0gJHgS1lojzvH/tEkxESiQHix+K7sWYnBUt
 EXjoD4UKa4x1WGOsOPsb64AYM/AMs2TImhoZCqg+tT2Otsn1/Hz34iMozy9tR0yBB15q
 +Eq4bNx9gjV8EpetyAjAQF7XHwWknzhig/MtiVy76GwNuCpUxd8yW+Bw3/fwTtBL6zl6
 QFYQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; 
d=google.com;
 s=arc-20160816;
h=amq-delivery-message-id:mime-version:from:to:subject
 :pp-correlation-id:message-id:date:content-transfer-encoding
 :dkim-signature;
bh=+ooJ/KHJ7NcHSktaVA2Efxv2wUuyyzgRC9OcH8lTKPI=;
b=PbkHny3v4CR7wqQUcdh8f9PRFBMO+7dUlCVLzG9d8uDG0Uc+4jNqlkRB5chwPq1AUw
 QG3rN1n+lpU1t/MEz0fnZ2k1Rwzrr0j/2L0fHhhX0eJ8UheOHbcVNDSF1hjDfwPayN43
 ggWon6WA5mEYJ6jTPt5ODvSC0shj5SrQBq2C57tCG4WOjWGK63UhilfiZS/GgpoyzgvG
 UItaCRQKijOkG9k8bNub0rZ77LEdRoCK6RaEe6mhKmTv0doesmgdyhlb8+1e8V8Uvy7T
 tqhqfvqUyzVOgL5HmUZIjNl/XkNXA966EGTLfDqf1DWDsf0LRjpZpJiJViixPJ63UMKA
 /azQ==
ARC-Authentication-Results: i=1; 
mx.google.com;
   dkim=pass 
header.i=@paypal.com
 header.s=pp-dkim1 header.b=i5V5Jd8P;
   spf=pass 
(google.com:
 domain of serv...@paypal.com designates 
66.211.170.89 as permitted sender) 
smtp.mailfrom=serv...@paypal.com;
   dmarc=pass (p=REJECT sp=REJECT dis=NONE) 

Re: [mailop] Looks like I am getting blocked by msn.com only.

[Michael Wise via mailop]

You need to fill out the form in my .sig file.
This is a Consumer issue, not an Office365 issue.

Why folks redact the IP addresses for such issues in this forum I don't 
understand.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Ryan Prihoda via mailop
Sent: Thursday, November 17, 2022 1:26 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Looks like I am getting blocked by msn.com only.

Hey all,


I received this rejection going to an msn account is there any way to resolve 
this?



host msn-com.olc.protection.outlook.com [104.47.18.97]  SMTP error from remote 
mail server after pipelined sending data block:  550 5.7.1 Unfortunately, 
messages from [xxx.xxx.xxx.xxx] weren't sent. Please contact your Internet 
service provider since part of their network is on our block list (S3140). You 
can also refer your provider to 
http://mail.live.com/mail/troubleshooting.aspx#errors. 
[AM6EUR05FT038.eop-eur05.prod.protection.outlook.com]



Thanks in advance,



  *   R. Prihoda


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Really good paypal phishing email this morning

[Michael Wise via mailop]

Please share the headers; pictures are not forensic evidence.
We've seen similar things, want to see if it's the same issue.

Hint: it may have really come from PayPal.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Zach Rose via mailop
Sent: Friday, November 18, 2022 7:10 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Really good paypal phishing email this morning

https://www.screencast.com/t/dNPpByTSjrq

I rarely use paypal, if ever, and haven't shopped with Walmart in over a 
decade, but I can see how this would fool a lot of people. Passed 
DKIM/SPF/DMARC, and the code of the email itself referenced their own static 
file CDN, so this feels like a scam account internally rather than a spoofed 
email.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone have any contacts at Intuit?

[Michael Wise via mailop]

A small (abuse) matter appears to have arisen.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Multi-Party Delivery Issues to Microsoft

[Michael Wise via mailop]

To discuss? No.

Recipient needs to open a bug with Customer Support.



But please keep in mind that voicemail to email gateways are a common 
smokescreen for phish and malware.

It's become somewhat of a nuisance.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Rob Heilman via mailop
Sent: Monday, March 21, 2022 1:59 PM
To: Mailop List 
Subject: [EXTERNAL] [mailop] Multi-Party Delivery Issues to Microsoft



Is Michael or anyone else on the list from Microsoft available to discuss a 
delivery issue we are having to Microsoft hosted domains?  The short, short 
version is that users on Microsoft/Outlook/O365 services are not getting legit 
messages from Voicemail-to-Email mail flows.  The messages are accepted by MS, 
but the users are having issues finding them with varying symptoms: Junk 
Folder, Quarantine, unable to find at all, etc.



Thanks,

Rob Heilman





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7C390e57d6a1aa4583523308da0b7e855d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637834935296733614%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000sdata=kovNICGTh%2BFdDtKmsMchzL%2Buww1R4rxl3dEz3kje1s4%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] expected bounces from Russia?

[Michael Wise via mailop]

I would think if the sending user was unaware of the issue, the sooner they got 
the bounces the better?
Suppression might not be doing anyone any favors … unless it turns into a 
mailbomb.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Autumn Tyr-Salvia via 
mailop
Sent: Thursday, March 10, 2022 12:23 PM
To: Mailop 
Subject: [EXTERNAL] [mailop] expected bounces from Russia?

Hello,

Given world events at the moment, there are reports that Russia is going to 
"disconnect from the internet" - but I don't know what exactly that means in 
terms of our direct interactions online. If we are sending emails to Russian 
mailbox providers - what types of bounces or errors should we look for? We 
would normally suppress bounces in certain categories, and I am uncertain if 
expected bounces should be suppressed or how we should handle this from an 
operational perspective.

Happy to hear thoughts from the group.


Thanks,

Autumn Tyr-Salvia
autumn.tyrsalvia@klaviyo
tyrsalvia@gmail
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft banned sender (Linode hosted IPs)

[Michael Wise via mailop]

Pretty sure that file is long gone.
And pretty sure that IP is now quite unblocked.

If not, let us know the full message you're seeing now.

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Michael Rathbun via mailop
Sent: Thursday, March 3, 2022 8:21 AM
To: Andy Smith 
Cc: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Microsoft banned sender (Linode hosted IPs)

On Tue, 1 Mar 2022 20:12:13 +, Andy Smith via mailop 
wrote:

>Following the link leads to a delist form but this comes back as
>"139.162.167.107 is not listed" and then says to get the Microsoft
>tenant to open a ticket. I've asked my recipient to do that and they
>said they would today, but I haven't heard back with a ticket number
>yet.

This is eight-year-old data, but we would regularly find that an address or
block of addresses, in a problem escalated to us from India, was present in
the "Banned Sender List", a flat text file which was invisible to support
people world-wide.  During my time at Exchange Online as a spam analyst, I
recall using vi as root on the Linux box that handled that manually-maintained
list.

I had thought they would have disposed of that, by now.

mdr
-- 
  Doctrine, when it lets its hair down,
   can trample, without fear,
   even the most innocent of truths.
-- Frederico Garcia Lorca

___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cf5ae35c9ad244d38caf708d9fd334ed9%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637819219103949719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=hguQT6X9IfIC5ffUOD1wBBB9%2Fbn1qwMoiGOgcfpUTW8%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: sharepointonline.com MX record is broken

[Michael Wise via mailop]

It does now, yes. 

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Wednesday, February 16, 2022 6:10 PM
To: mailop@mailop.org
Cc: graeme+mai...@graemef.net
Subject: [EXTERNAL] Re: [mailop] sharepointonline.com MX record is broken



It appears that Graeme Fowler via mailop 
mailto:graeme+mai...@graemef.net>> said:

>Hello people with a line into Microsoft…

>

>Starting just before 7pm UTC Feb 15th, we started seeing rejections for emails 
>coming from sharepointonline.com:

>

>2022-02-15 18:58:19 [26060]

>  H=mail-am6eur05on2111.outbound.protection.outlook.com 
> (EUR05-AM6-obe.outbound.protection.outlook.com) [40.107.22.111]

>  F=mailto:no-re...@sharepointonline.com>> 
> rejected RCPT <_redacted_>: SENDVRF1: Cannot verify sending domain or address

>

>As of right now, the MX record does not resolve:

>

>$ dig @8.8.8.8 +short sharepointonline.com mx

>0 sharepointonline-com.mail.protection.outlook.com.



It works fine for me:



$ host sharepointonline.com

sharepointonline.com has address 65.55.93.60

sharepointonline.com mail is handled by 0 sponaeop.mail.protection.outlook.com.



$ host sponaeop.mail.protection.outlook.com.

sponaeop.mail.protection.outlook.com has address 104.47.55.110

sponaeop.mail.protection.outlook.com has address 104.47.58.110



R's,

John

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7C5d23297589f240ef6ab908d9f1bc0b61%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637806612250677668%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=PtgpLOlsaL7i97FmE959qOIRNPe%2BxFzc6Tzn0Dg2Edk%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Office 365 Assistance

[Michael Wise via mailop]

If, as you say, they are Office365 customers, they could always open a ticket 
with Customer Support ….
What are the sending IPs?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Michael E. Weisel via 
mailop
Sent: Tuesday, February 1, 2022 8:06 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Office 365 Assistance

Hi everyone, I hope you are all well and staying healthy and safe.  We’ve been 
working with The Home Depot on their Retool Your School Program 
(https://retoolyourschool.com/) for more than ten years now.  Over the past 
year and especially the last few months, we are having a hard time getting 
their emails to the intended recipients with a lot of their messages going to 
junk.  All the messages are going to HBCU’s (Historically Black College and 
Universities) and a lot of them are using Microsoft Office 365.  We’ve begun to 
ask the colleges to mark their IP, domain, and email address as safe senders 
but it’s hard to reach everyone personally.  The messages are not bouncing 
back, just ending up in Junk for a large majority of subscribers.  This is a 
100% opt-in program, and the list size is under 700 subscribers.  They send out 
once to twice a week from December through May.  All the colleges are competing 
for more than $500,000 in campus improvement prizes and many schools can’t 
participate because they aren’t receiving the emails. They have a dedicated IP 
address and custom DNS.  It’s setup with SPF, DK, DKIM, DMARC, SNDS, JMRP, and 
a “List Unsubscribe” in the header.  I’ve filled out the forms for Office 365 
support and the IP isn’t blocked.  I also filled out the Microsoft support form 
and the IP is also not blocked there or any indication through SNDS that there 
are any issues.  If anyone on list may be able to help, the program would be 
greatly appreciative.



Thanks,

Michael

Michael E. Weisel
CTO / Deliverability Lead
Gold Lasso
(301) 990-9857 Corporate
(240) 813-0174 Direct Dial

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: blocked by microsoft -- support procedure?

[Michael Wise via mailop]

Step 0: Read the error message in the NDR.



THEN...



If it's Office365 (aka, "Enterprise"), and you're not currently an Office365 
customer ... create a trial account (one mailbox, nothing special), send the 
email to that account, and when it bounces, open a support case. Also, if the 
error message told you to email delist@, and support tells you to use the 
portal ... that's not going to work, as the two lists are managed by separate 
processes.



Otherwise, if it's HotMail, Outlook.com, Live.com, etc... go to the Support 
link and request a delist.

This is required because last time I looked, the Consumer side of the house had 
several hundred million active accounts.

The link, in case it's not already committed to memory for some:



  https://go.microsoft.com/fwlink/?LinkID=614866



The first email you get back will be from a robot and give you the SRX #.

The second email will give you an automated response which may, or may not, be 
to your liking.



If the latter, *REPLY* to that email and make your case, as you will be 
speaking to a human, but it may take them a while to actually get to your case, 
but you should hear something within 24 hours. Also please understand that 
while you *ARE* talking to a human, they are required by policy to respond in 
boilerplate with minimal tweaking.

I hope this makes some of the foundational issues more clear.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Hetzner Blacklist via 
mailop
Sent: Monday, January 17, 2022 8:00 AM
To: mailop@mailop.org; Mark G Thomas 
Subject: [EXTERNAL] Re: [mailop] blocked by microsoft -- support procedure?



Am 11.01.2022 um 20:04 schrieb Mark G Thomas via mailop:

> I'm not generally involved in our support issues, but a coworker at

> my work (Linode) reached out to me about what looks to be a new problem

> involving hosting customers being blocked by by Microsoft.

It's nice to see another representative of a webhoster brave enough to

post on here, welcome :)



I've been dealing with blacklist issues at Hetzner for the past 6 years,

and I've posted on here multiple times with my experiences. My first

post was actually about Microsoft. If you check the archives you'll find

some posts over the past few months with general information on

Microsoft and blacklists, but I can repeat some of that here that nobody

has mentioned yet.



Since your issue is with Microsoft, it would be good to figure out which

of their blacklists your IPs are on. The error you posted is for the

Office365 blacklist, while the error one of your clients posted is for

the Outlook blacklist. Those are two separate blacklists with separate

processes for getting IPs delisted.



If you're mostly dealing with Office365 then I can only wish you all the

best. We've had very few issues with this blacklist, which I'm thankful

for since there doesn't appear to be much that can be done, other than

emailing delist@.



As for Outlook, delisting IPs is done through a form, and it works most

of the time, though often you will need to escalate the ticket. If you

haven't already done so, make sure you sign up your network in the

Microsoft SNDS. That will show you all of the IPs currently on the

Outlook blacklist. It also shows you (daily) all the IPs that sent over

100 emails to Microsoft accounts, including how many emails, the

complaint rate, and trap hits. Incredibly useful (and free!) information.



Some additional information on the Microsoft blacklists and services

they provide can be found in our docs:

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.hetzner.com%2Frobot%2Fdedicated-server%2Ftroubleshooting%2Fmicrosoft-blacklist%2Fdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cac376a9b5558452d969608d9d9d50a90%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637780331323426905%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000sdata=etg408dI%2FOFR4%2BhMVaQvcWvHJA3rMAi7zLGrEO8YybI%3Dreserved=0



As for the general issue with blacklistings, depending on how

constrained you are by management (trust me, I get it), there are a

number of things you can look into.



For example, Spamhaus has a list of IPs on their public SBL, some of

which go back a year:

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.spamhaus.org%2Fsbl%2Flistings%2Flinode.comdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cac376a9b5558452d969608d9d9d50a90%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637780331323426905%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000sdata=EfCpGRZ81rlE%2BeEf60Ev8A5s4%2FHEkkMdv0%2B1%2B6unW4s%3Dreserved=0



If you haven't already done so, you can sign up for their PBL account,

and that way you can 

Re: [mailop] [EXTERNAL] Re: Microsoft/Lindo - junked,not blocked

[Michael Wise via mailop]

That won't work for this kind of a block.

There are two kinds ... ones where you can go to the page mentioned in the 
error response, and others that must be handled manually by sending a request 
to delist@, also mentioned in the error response.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Alex Irimia via mailop
Sent: Monday, January 17, 2022 11:32 AM
To: John Gateley 
Cc: Hetzner Blacklist via mailop 
Subject: [EXTERNAL] Re: [mailop] Microsoft/Lindo - junked,not blocked

Hi John,

The error message you've referenced is related to Office365 domains, not 
Outlook.
You should be able to unblock your IP on this form: 
https://sender.office.com/

On Mon, Jan 17, 2022 at 7:56 PM John Gateley via mailop 
mailto:mailop@mailop.org>> wrote:
Hello,

Thanks to a helpful message from Hetzner, I signed up for Microsoft SNDS.

According to SNDS my IP address is not blocked, but is "Junked due to user 
complaints or other evidence of spamming"

I still get

550 5.7.511

Access denied, banned sender[50.116.29.164]


every time I send to a Microsoft Outlook address.
I forward the bounce, as instructed, get the "we will respond in 24 hours" 
response, but then nothing.

My server is very small, just my wife and I, and we do not spam ever. The 
"junked" is due to someone else in a close by IP address.

I don't have enough information to open a ticket, I think. Any suggestions for 
a next step?

Thanks!

John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


--
Regards,
Alex Irimia

[cid:image001.png@01D79A9F.36D07E30]
Postmastery
Email Infrastructure, Analytics, DMARC and Deliverability
Amsterdam, NL/Paris, FR
T: +31 20 261 0438
M: +40 757 192 953
SKYPE: alex-irimia
PS: If you are happy with our service, a review on 
Trustpilot
 would be greatly appreciated.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft/Lindo - junked,not blocked

[Michael Wise via mailop]

We check IP ranges.

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Hans-Martin Mosner via 
mailop
Sent: Monday, January 17, 2022 11:08 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Microsoft/Lindo - junked,not blocked

Am 18.01.22 um 07:52 schrieb Camille - Clean Mailbox via mailop:
> Maybe your IP is not blocked (as they told you in form result) but what about 
> any IP range that includes your IP? If 
> it's an IP range ban, your IP is not explicitly blocked so form won't find it 
> in the list.

Not checking IP ranges would be incredibly stupid yet totally in character for 
MS.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cff2f3dce330a479c470f08d9da51acb1%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637780866629227480%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=0YrdyDj17nM4Apu7Avlltx18FwEpFheivfW8YRanHOc%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Microsoft IP Filtering - sort of full details

[Michael Wise via mailop]

LiNode IP.
Responses are ... delayed.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of John Gateley via mailop
Sent: Wednesday, January 12, 2022 5:39 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Microsoft IP Filtering - sort of full details

Hello,

As promised yesterday, I am posting the full details of Microsoft blocking my 
mail server.
This time, however, my forwarded message was just ignored - no bounce, but no
followup email with a "click to remove". The details are below:

I sent an email from my mailserver (mx.oustrencats.com) from email address 
@JohnGateley.com to @luriellp.com

I instantly received a bounce message. The gist is here, but I will attached 
the full (redacted) bounce message (bounce.txt)



: host

luriellp-com.mail.protection.outlook.com[104.47.57.138] said: 550 5.7.511

Access denied, banned sender[50.116.29.164]. To request removal from this

list please forward this message to 
del...@messaging.microsoft.com. For

more information please go to


http://go.microsoft.com/fwlink/?LinkId=526653.
 AS(1410)

[DM6NAM11FT045.eop-nam11.prod.protection.outlook.com] (in reply to RCPT TO

command)


As requested, I forwarded the message on.
Minor issue: forwarding created a message with two attachments, I had to delete 
these attachments before sending in order to get the proper response from 
Microsoft.

I received the standard reply a little while later, with a ticket ID (available 
on request, I probably shouldn't post that publically).

At this point, after 2-4 hours I usually get a "click to delist" email. I did 
not today, nothing at all. And it has been close to 12 hours now.

I will try again tomorrow with a different from and to address to see if I can 
get more info. But just dropping my delist request in the bitbucket shouldn't 
happen.

Thanks

John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Looking for a hotmail/outlook contact

[Michael Wise via mailop]

The only real contact ... is the web form.
After the automated response telling you they refuse to mitigate it, reply to 
that email and you will be talking to a human.

https://go.microsoft.com/fwlink/?LinkID=614866

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Liam Fisher via mailop
Sent: Wednesday, January 12, 2022 1:31 PM
To: Graeme Fowler ; mailop 
Subject: [EXTERNAL] Re: [mailop] Looking for a hotmail/outlook contact

Ok 
 
I have three servers:
smarth-prod1.sys.elnk.net has address 24.41.67.41
smarth-prod2.sys.elnk.net has address 24.41.67.42
smarth-prod3.sys.elnk.net has address 24.41.67.43
 
That we use for customer forwards.  Detected spam filtered out.

All three were severely rate limited/blocked over the holiday, and delist took 
forever to
get back to us and we managed to get .41 and .42  delisted.

.43 sends the same traffic as the other two and they are refusing to delist it.

They are closing the ticket after every request.  No dialog, no questions 
answered.
 
I have a lot of mutual customer complaints.
 
 
 
-Original Message-
From: Graeme Fowler 
Sent: Jan 12, 2022 3:50 PM
To: mailop 
Subject: Re: [mailop] Looking for a hotmail/outlook contact
 
Liam
 
On 12 Jan 2022, at 20:29, Liam Fisher via mailop wrote:
> Looking for a hotmail/outlook contact
 
Background detail is required here. Your name is all we have; an explanation of 
the issue you need to make contact about (IP addresses, domains etc) is needed.
 
Graeme
(not an MS employee)
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ca175440256b54ea999f708d9d6156172%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637776209609401802%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=V6HHP8F5x%2Bhosn56qsi9kelEz5JPrh1QmUVYt2Yef4s%3Dreserved=0

 
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ca175440256b54ea999f708d9d6156172%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637776209609401802%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=V6HHP8F5x%2Bhosn56qsi9kelEz5JPrh1QmUVYt2Yef4s%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] blocked by microsoft -- support procedure?

[Michael Wise via mailop]

delist@ is very much monitored, but December saw an incredible increase in 
abusive traffic thru our system, and responses ... have been delayed.

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Mark G Thomas via mailop
Sent: Tuesday, January 11, 2022 11:05 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] blocked by microsoft -- support procedure?

Hi,

I'm not generally involved in our support issues, but a coworker at 
my work (Linode) reached out to me about what looks to be a new problem 
involving hosting customers being blocked by by Microsoft. We have 
150-200 new support tickets about this, starting on December 21, 2021. 
Our support goes back and forth with the customers and tries to help, 
typically 4 responses, but up to 48, per ticket, and both support and 
customers are growing increasingly frustrated.

Customers and our support team have been reaching out to 
del...@messaging.microsoft.com, but are concluding this is non-monitored.

Linode doesn't provide any e-mail services for the customers, so all 
these involve different customer-allocated IPs and different hosting 
customers. While the ones I'm spot checking, looking at these tickets, 
have DNS, SPF, and other mechanisms set up appropriately, of course 
the situation varies. At least some of these customers and/or our support 
has confirmed their Linode IPs are not listed on any public DNSBLS they 
can find.

Linode has by default blocked all outbound SMTP for all accounts starting 
November 2019, until customers have met certain criteria. I have not
become aware of any recent large or not-promptly addressed spamming 
problems, nor seen recent mention of spammers from Linode IP space on 
here or other e-mail hosting related lists since I started here in 
January, 2020.

I saw the December thread on this list from a listmember who is (or was?) 
Linode hosted, and ran into this MS blocking Linode trouble.

Here's an example from one ticket, however I'm more looking for whether 
there is anything I can do to facilitate improving this overall, then 
starting trying to intervene about (many!) specific tickets and IPs. I 
would be happy to help with more details off-list, if so requested. I 
also could relay suggestions or procedural instructions to our support 
group.

   redac...@enlogic.gr: host 
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
   said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To request
   removal from this list please forward this message to
   del...@messaging.microsoft.com. For more information please go to
   
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D526653data=04%7C01%7Cmichael.wise%40microsoft.com%7Ca82a254b023a4115a34008d9d535d45a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637775249461291307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=sHOWRtvXx4r7mxHncg%2B89uyHlClKZB0eZqweJfxCYXQ%3Dreserved=0.
 AS(1410)
   [DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT TO 
command)

Mark

-- 
Mark G. Thomas , KC3DRE
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ca82a254b023a4115a34008d9d535d45a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637775249461291307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=SsSPkf%2F8xy69ZiMqFwURADwYtzuCDTELJvyvTByfKS4%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: blocked by microsoft

[Michael Wise via mailop]

Not found in the mailbox of the address I provided, and yes, I checked in the 
Junk/Spam folder.



Was the IP 139.162.149.67 perchance?

Found that in the headers of this post.

I have removed it from the list of blocked IPs.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?



-Original Message-
From: mailop  On Behalf Of Mary via mailop
Sent: Thursday, January 6, 2022 10:56 PM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: blocked by microsoft





I'm sorry this issue is taking longer than expected.



I've already sent an email (twice), maybe they went to the spam folder?







On Thu, 6 Jan 2022 21:58:49 +0000 Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:



> I suggested a gmail account privately, but nothing has shown up yet.

> The delist@ account should not block traffic.

>

> Even better yet ... mention the IP in question in this thread?

>

> Aloha,

> Michael.

> --

> Michael J Wise

> Microsoft Corporation| Spam Analysis

> "Your Spam Specimen Has Been Processed."

> Open a ticket for Hotmail ?

>

> -Original Message-

> From: mailop mailto:mailop-boun...@mailop.org>> On 
> Behalf Of Graeme Fowler via mailop

> Sent: Thursday, January 6, 2022 10:05 AM

> To: mailop mailto:mailop@mailop.org>>

> Subject: [EXTERNAL] Re: [mailop] blocked by microsoft

>

> On 5 Jan 2022, at 18:42, Jay Hennigan via mailop 
> mailto:mailop@mailop.org>> wrote:

> > If the only way to send email to Microsoft or its customers is to use a 
> > Microsoft product, they've won.

>

> But that's not the case here, is it? In extremis, perhaps, but sending to a 
> specific provider from a network they've blocked is always going to be a 
> challenge.

>

> It could just as easily have been a suggestion to use Gmail, or ProtonMail, 
> or... well, y'know.

>

> Graeme

> ___

> mailop mailing list

> mailop@mailop.org<mailto:mailop@mailop.org>

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ce1d2c2fb98ce4d6a81c008d9d1ab1819%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637771355078299352%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=a%2BQodDEDnKFh4gUvFImCOySpGN3WNX3VC4ED67oaBdA%3Dreserved=0

> ___

> mailop mailing list

> mailop@mailop.org<mailto:mailop@mailop.org>

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ce1d2c2fb98ce4d6a81c008d9d1ab1819%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637771355078299352%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=a%2BQodDEDnKFh4gUvFImCOySpGN3WNX3VC4ED67oaBdA%3Dreserved=0

___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ce1d2c2fb98ce4d6a81c008d9d1ab1819%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637771355078299352%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=a%2BQodDEDnKFh4gUvFImCOySpGN3WNX3VC4ED67oaBdA%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: blocked by microsoft

[Michael Wise via mailop]

I suggested a gmail account privately, but nothing has shown up yet.
The delist@ account should not block traffic.

Even better yet ... mention the IP in question in this thread?

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Graeme Fowler via mailop
Sent: Thursday, January 6, 2022 10:05 AM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] blocked by microsoft

On 5 Jan 2022, at 18:42, Jay Hennigan via mailop  wrote:
> If the only way to send email to Microsoft or its customers is to use a 
> Microsoft product, they've won.

But that's not the case here, is it? In extremis, perhaps, but sending to a 
specific provider from a network they've blocked is always going to be a 
challenge.

It could just as easily have been a suggestion to use Gmail, or ProtonMail, 
or... well, y'know.

Graeme
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cbecee89ce2f4428613cd08d9d1405193%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637770896495871682%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=qYgKXtE6SgH5p91JvMRXlaAl18ypPy3KVts348Abc9M%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: protection.outlook.com refusing to accept mail with misleading temp error message

[Michael Wise via mailop]

Depends on the invoice.

I've seen examples that strain credibility past the breaking point.



You're always encouraged to submit legit traffic as an FP.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Stefano Bagnara via mailop
Sent: Tuesday, June 1, 2021 2:13 PM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] protection.outlook.com refusing to accept mail 
with misleading temp error message



On Tue, 1 Jun 2021 at 21:39, John Levine via mailop 
mailto:mailop@mailop.org>> wrote:

> No, it's to deliver the mail that the users want. One point that bulk

> mailers often miss is that, while the recipients at large providers do

> not object to getting the bulk mail, they also do not really want it.



I received Microsoft Office 365 invoices in the Junk folder of my

untrained/verbatim Office 365 inbox, because of SmartScreen.

No one likes invoices, i guess...



--

Stefano Bagnara

Apache James/jDKIM/jSPF

VOXmail/Mosaico.io/VoidLabs

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cd362a774d8f94791db0c08d9262ae92f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637582788020904345%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=X2dGcbIIoaHHlcXRNX0fgCHa58GRcLLcf5j4wzml6pM%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: protection.outlook.com refusing to accept mail with misleading temp error message

[Michael Wise via mailop]

Office365 Trial Accounts are easily created.

But I was primarily suggesting a test against the infra to see if the mail was 
bounced or accepted.

If accepted, it WOULD be delivered either to the INBOX or Junk.

And if bounced, that should also highlight why.



Our internal DNSBLs are not queriable via DNS.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?



-Original Message-
From: mailop  On Behalf Of Florian Effenberger via 
mailop
Sent: Wednesday, June 2, 2021 1:36 PM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: protection.outlook.com refusing to accept 
mail with misleading temp error message



Hi Michael,



Am 2021-06-02 21:09, schrieb Michael Wise via mailop:

> Sending from that IP is ... how one usually tests that it's working.



what IMHO would be much better to check newly assigned IPs is, if

there's a way to query via DNS, or a web form. That way the issue can be

solved and clarified in advance, and not only when problems occur. Not

everyone has an account at hand to test it upfront.



Florian

___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cd2b743d92a604b83c58b08d926066b02%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637582631281183084%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=0sNDtESk94BWWxZArXhdbpVcO3cQY6sDPmf5JLe%2BfbM%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: protection.outlook.com refusing to accept mail with misleading temp error message

[Michael Wise via mailop]

Sending from that IP is ... how one usually tests that it's working.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Florian Effenberger via 
mailop
Sent: Wednesday, June 2, 2021 2:05 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] protection.outlook.com refusing to accept mail 
with misleading temp error message



Hello,



I'm rather new to this list, so I hope it's okay to jump in directly in

this discussion and share some thoughts. :-)



I just recently faced a very similar problem with one of the new IPs I

got assigned. Likely, the IP was in use by someone else previously or

there are spammy neighbours (not surprising when it's a big provider

with some customer turnaround). I got all deblocking done in the various

blocklists, the status was clean everywhere, including SNDS, but still,

Microsoft 365 mailboxes (*.protection.outlook.com) blocked it.



It seems there are various independent blocklists - one set is covering

consumer Outlook/Live/Hotmail, the other set is covering Microsoft 365.

SNDS seems to only query the former one, and the Outlook.com web form

only unblocks on these domains, so neither of that helps for Microsoft

365 mailboxes.



For Microsoft 365, there seem to be various levels of blocking.

Sometimes, you can unblock yourself at sender.office.com, but I hit the

infamous "Write to delist@" message. I managed to create a ticket there,

they asked for some details, but then radio silence, all follow-up mails

ignored, for over a month now. Various ways of contacting them went

without any outcome, and I sense that on their end there is also some

confusion as to the existing blocklists - I got repeatedly told the IP

is not listed (which is what sender.office.com told me too), or to use

the Outlook.com form, that obviously didn't help for my problem at hand.



In the end, via way one of the communication channels I tried, I somehow

managed to get a supporter who was really engaged and managed to helped

me out, but I must admit that the whole process was not straightforward

and took me a month in the end. At least when people provide full

contact data/imprint and proof that the IP was freshly assigned, some

feedback would be good to not be left in the dark.



Problematic is also that there is no actual way to test if your new IP

is blocked before using it, apart from sending to an actual e-mail

address hosted there.



Hope to help,

Florian

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Caaa84036aa5246e9315d08d925a6c75f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637582220516827563%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=AR%2Fv6AaDxruCfBaBRJ4zhXtyxxeFEZ4oOP5eAVyaU7E%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: protection.outlook.com refusing to accept mail with misleading temp error message

[Michael Wise via mailop]

That would shut down email as a viable communications mechanism almost 
immediately.

Aloha,
Michael.

-Original Message-
From: mailop  On Behalf Of yuv via mailop
Sent: Tuesday, June 1, 2021 9:10 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] protection.outlook.com refusing to accept mail 
with misleading temp error message

On Tue, 2021-06-01 at 23:55 -0400, John Levine via mailop wrote:
> > All what recipients AND mailers want is a reliable email service,
> > 
> You really REALLY do not want your mail provider to deliver every
> message.

Agree.  What I do want (but probably not even Santa can give me) is to
make ISPs liable for every bit that emanates from their network the
same way a land owner is liable for the pollution emanating from their
land, and to block out completely countries that do not enforce such
stringent standard.


> Spammers really do ruin everything.

Slackers do too, and our governments have been giving too much slack to
the industry who lobbied so successfully for a hands-off approach to
encourage innovation.  That industry is no longer in its infancy and
self-regulation has failed.
 
--
Yuval Levy, JD, MBA, CFA
Ontario-licensed lawyer
https :// moneylaw.ca
Tel: 519.488.1783 (does not receive MMS)
Tel: 1.844.234.5389
Fax: 1.888.900.5709
2201-323 Colborne Street
London, ON N6B 3N8

___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7C1a2110dca19e4385640808d9257cb183%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637582039768468313%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=VRk%2F%2F%2BJVPij%2B6OzZA5ayJtkQh1FtI%2BCEPu6SzvHtBpE%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: protection.outlook.com refusing to accept mail with misleading temp error message

[Michael Wise via mailop]

That should not be happening currently in Consumer mail (Outlook, Hotmail, et 
al).

Aloha,
Michael.

-Original Message-
From: mailop  On Behalf Of Jay Hennigan via mailop
Sent: Tuesday, June 1, 2021 9:04 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] protection.outlook.com refusing to accept mail 
with misleading temp error message

On 6/1/21 20:55, John Levine via mailop wrote:

> You really REALLY do not want your mail provider to deliver every message.
> At large mail systems, typically 90% or more of the incoming mail is spam.
> Without aggressive filtering, e-mail would be unusable.

Agreed 100%. Another thing that you really REALLY do not want is for 
your mail provider to silently discard messages. Either block at IP 
level and don't accept them at all, reject them, deliver them to the 
inbox, or deliver them to the spam folder.

-- 
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cde3ae17f2ada421890ab08d9257bc3e9%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637582035772300430%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=MKlaR%2B8X6HoZGLCBEPlIvaT0xCTYLI16BwZuSG2EUA0%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Registered @ Microsoft JMRP - blacklisted without feedback received

[Michael Wise via mailop]

S3150 is throttling.

Open a ticket and ask for a more realistic hourly/daily throttle limit.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?



-Original Message-
From: mailop  On Behalf Of Stefano Bagnara via mailop
Sent: Tuesday, May 11, 2021 11:01 AM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Registered @ Microsoft JMRP - blacklisted 
without feedback received



On Tue, 11 May 2021 at 19:31, Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:

> JMRP doesn't send every email reported as spam to the sender.

> Last I heard, it was 1 in 1,000 or some such.

> This is to prevent listwashing, as should be obvious.



But what about SNDS "Complaint rate" and "Trap hits"? Are they about

all of the reports you collect or about the 1/1000 you send via JMRP?



In my case there was nothing at all in SNDS  (green , complaint <0.1%,

no trap hits for every day in the SNDS history), but still I got that

S3150. I've been mitigated when I opened the ticket but I have no clue

what was the issue so I can't fix anything.



If you have abuses that you don't want to shared (and I understand the

listwashing issue) I would expect you to put the counters in SNDS

anyway: am I wrong?



--

Stefano Bagnara

Apache James/jDKIM/jSPF

VOXmail/Mosaico.io/VoidLabs

___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7C380d948bcf28401a262808d914e82301%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637563809528469513%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=k2BMPZTUhOVPDTgf84OIaiMgDhpe%2BM7qtkaNLD084fY%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Registered @ Microsoft JMRP - blacklisted without feedback received

[Michael Wise via mailop]

JMRP doesn't send every email reported as spam to the sender.
Last I heard, it was 1 in 1,000 or some such.
This is to prevent listwashing, as should be obvious.

And just ONE mail sent to the wrong address ... well ... that can get a whole 
lot of IPs blocked if it looks suspicious in the eyes of the investigator.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of André Peters via mailop
Sent: Tuesday, May 11, 2021 5:38 AM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] Registered @ Microsoft JMRP - blacklisted 
without feedback received

IMO it's a totally useless system.

We have had ASNs blocked without a single complaint prior to it. Not a single 
one.

Once every 2-3 month we get a complaint and contact the complaining person. Out 
of ~10 times it was only ONCE a mail, that the rcpt did not want to receive.

If you want to receive mail, don't register with MS. I cannot say this often 
enough.

To add a small hint: Try to send ~the same mail volume and don't cause peaks. 
Do not send to too many recipients in one session.

Funny enough we receive a lot of spam from MS at the moment...

-- Originalnachricht --
Von: "Laura Atkins via mailop" mailto:mailop@mailop.org>>
An: "mailop" mailto:mailop@mailop.org>>
Gesendet: 11.05.2021 14:25:11
Betreff: Re: [mailop] Registered @ Microsoft JMRP - blacklisted without 
feedback received

Given you are the service provider, the best place to look is in your abuse 
queue. Look for complaints about mail from that IP (and surrounding IPs) going 
back for a while. Typically, the consumer ISPs will put mail in the bulk folder 
for a while before escalating to a block. When the mail is going to bulk you 
will not see complaints as users cannot send FBL messages related to mail in 
the bulk folder. This means low complaint rates immediately before a block Do 
Not Mean that the mail is fine. In fact, it often means that the mail is 
already identified as spam. You need to go back further, to before MS was 
putting the messages in the bulk folder, in order to see complaints about it.

Going back over time will give you some information about what customer and 
what mail streams were causing problems. That should give you some insight into 
which customers you need to address to get the block lifted.

The other place to look is your outbound logs. What are your customers doing 
and what types of mail are they sending? Did any customer have an unexpected 
spike in volume? This can often indicate a system may have been compromised and 
being used to send spam / malware. Sometimes it just means someone got the idea 
that sending 'cold outreach mail' was a good idea.

Those are the two places I'd start my investigation in your situation.

laura




On 11 May 2021, at 12:54, Benoit Panizzon via mailop 
mailto:mailop@mailop.org>> wrote:

Dear List

One of our main smtp outbound ip addresses is blocked by microsoft.

host 
outlook-com.olc.protection.outlook.com[104.47.10.33]
 said: 550 5.7.1
Unfortunately, messages from [157.161.12.84] weren't sent. Please
contact
your Internet service provider since part of their network is on our
block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com]
 (in reply to MAIL
FROM command)

I checked our JMRP entries. This IP is listed as one of our
mailservers. The complaint rate is < 0.1% but it had 2 'trap' hits and
is in status red.

Our abuse desk email address is registered for the ARF feedback loop
for the ip range in question.

We usually get a lot of feedback loop emails, mostly false positives 

Re: [mailop] [EXTERNAL] Re: How stale is too stale for contacts?

[Michael Wise via mailop]

If it's older than 3 - 6 months at the outside, one is just begging for trouble.

And it will probably indulge the sender from an unexpected direction.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Grant Taylor via mailop
Sent: Tuesday, May 4, 2021 12:03 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] How stale is too stale for contacts?



On 5/4/21 12:42 PM, Andrew C Aitchison via mailop wrote:

> Are they offering you money or hoping you will give them some ?



Neither.  It was a 'Hey!  We (finally) published something!' notification.



They seem to be a start up security research company.  They hadn't done

/anything/ public that I'm aware of.  The message in question was their

first / initial use of the mailing list.



> I had shares in a company that took the official receiver

> 14 years to wind up* and I got a cheque at the end of it !

> There were some interim payments but IIRC there would have

> been gaps of over 2 years with no news.

>

> In that case I would have been very unhappy if they had thrown out

> the list as "stale".



I feel like "is an investor / has shares in the company" is a

significantly different association / relationship than a "sing up if

you want to learn more when we publish something" (with an implicit Any

Time Now™).



> Oh, and annual events that were cancelled last year because of COVID

> ought to have told you, but if you weren't told the 2020 date

> because there wasn't one, the announcement this year could be two years

> after the previous message.



Agreed.  But that's decidedly not the case with this example.







--

Grant. . . .

unix || die


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Outlook & filtered messages yesterday

[Michael Wise via mailop]

Bug or Feature, hard to say.
There's nowhere near enough detail here to even begin to make a guess.

Seriously, your first step should be top open a ticket:

  https://go.microsoft.com/fwlink/?LinkID=614866

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: Pascal HOARAU 
Sent: Friday, April 30, 2021 4:44 AM
To: mailop@mailop.org
Cc: Michael Wise 
Subject: [EXTERNAL] Outlook & filtered messages yesterday

You don't often get email from 
pas...@halogen-consulting.com. Learn why 
this is important
Hello,

Several of my (French) customers were suddenly impacted by a high level of 
filtering yesterday (cf outlook.com SNDS + inbox placement on seedlist)
Do you know if outlook.com was impacted by a bug ?

Regards,
Pascal
Deliverability consultant

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Consumer Email Deliverability Issue

[Michael Wise via mailop]

Keep replying, and explain why you can't enroll in SNDS, and ask them to ... 
"Escalate".
That's all I can suggest, sorry.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Robert Schoneman via 
mailop
Sent: Thursday, April 29, 2021 5:27 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Microsoft Consumer Email Deliverability Issue

We're having issues sending order confirmations from our event ticketing system 
to users of Microsoft's consumer email services (Outlook, Hotmail, Live, MSN). 
The order confirmations are being sent to Junk. Some details are below this 
paragraph. I've communicated with Microsoft's "Outlook.com Deliverability 
Support Team" and while they were very responsive, unfortunately we hit a 
roadblock. They wanted us to enroll in JMRP and SNDS. Microsoft's JMRP system 
requires enrollment in SNDS. However, to enroll in SNDS requires verifying 
ownership of the sending IP's. We don't own them. Our event ticketing system 
vendor who does hasn't been helpful. We own the sending domain.


  *   SPF, DKIM, DMARC are all good and show as "pass" in the email headers of 
messages sent to junk.
  *   Sending IP's have the correct PTR records.
  *   Looking at the headers of a message sent to Junk, I see that our PCL = 2, 
SCL = 0 and BCL = 0.
  *   MS confirmed our sending IP's  and domain aren't the issue: "We were 
unable to identify anything on our side that would prevent your mail from 
reaching Outlook.com customers."
  *   MS did however determine that "messages are being filtered (i.e. sent to 
the Junk folder) based on the recommendations of the SmartScreen Filter."
  *   Email messages from the same sending domain and IP's, using the same 
address, which are other than order confirmations (reports, for example) 
deliver to my Outlook.com email address' Inbox without issue.
  *   The offending emails have
 *   No attachments
 *   One image stored on the same domain the message is sent from
 *   No links
 *   No card info
 *   A name and email address matching the recipient
  *   All emails are sent from a valid address and all NDRs/bounces are 
resolved.
  *   No marketing or bulk mail is sent from the domain.
  *   The same emails sent to Google, AOL, Yahoo deliver without issue.

I'm out of ideas here and would welcome any help on or off list.  Our concern 
is if we can't deliver an order confirmation to our customers who use these 
email services, we'll also have issues delivering their electronic tickets.

Robert Schoneman | Director of IT
Blumenthal Performing Arts

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Anyone from Outlook domain here.

[Michael Wise via mailop]

When you say, “Outlook” … you mean the FreeMail service, yes?
Auto-forwarded from your domain …
How good is your spam blocking?

Because unless it’s excellent, that’s your problem, right there.
Nobody here is going to be able to help you, including me. 

The first thing you need to do, however, is open a ticket.
But be prepared for disappointment if your IP strongly resembles every other IP 
sending 90% spam.

  https://go.microsoft.com/fwlink/?LinkID=614866

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of vsai--- via mailop
Sent: Thursday, April 29, 2021 2:13 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Anyone from Outlook domain here.

Outlook is blocking mails that are auto-forwarded from my domain.

They is happening repeatedly. Anyone from Outlook domain here who can help me.

Regards,
Stanley V



Choose to be safer online.
Opt-in to Cyber Safety with NortonLifeLock.
Plans starting as low as $6.95 per month.*
NetZero.com/NortonLifeLock
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: [INFORMATION] What's happening in the world of spam/email abuse update

[Michael Wise via mailop]

Look at the next thing after the first / to get the Google tenant ID.

Typically that first subdirectory is common to a whole lot of this spam.



Some examples...



dsgdfdf

signaturesatori

svg02

bioun

assi98sd8a

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Michael Peddemors via 
mailop
Sent: Tuesday, April 27, 2021 9:12 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] [INFORMATION] What's happening in the world of 
spam/email abuse update



On 2021-04-27 8:31 a.m., Rob McEwen via mailop wrote:

> On 4/27/2021 11:00 AM, Michael Peddemors via mailop wrote:

>> New Google Groups style spam outbreak..

>

>

> Many of them (or all of them?) are doing the following:

>

> (1) sent from legit Google mail servers

>

> (2) the spammer's "payload URL" in the body of the message - is content

> is hosted at *storage[.]googleapis[.]com* servers

>

> (3) Those links are staying "live" for many days (possibly weeks/months?)

>

> This combination (1 & 2) makes them difficult to block - especially for

> small and medium sized hosters who don't have as much expertise and

> resources to deal with this. Not to make excuses for such organizations'

> lack of abilities or resources/time - but they shouldn't be forced to

> expend such resources on dealing with "friendly fire" from google's

> network. If Google were a small startup doing this right now, their IPs

> and domains would all get onto anti-spam lists, they'd be put out of

> business, and we'd "call it a day"! And then I also can't help but

> wonder - how many of those smaller email hosters just lost business

> email hosting customers this month to Google G-Suite - due to the

> customers' frustration over these SAME spams getting to the inbox? See

> the problem here?

>

> Also, this storage[.]googleapis[.]com spam has been happening for a long

> time - but they were sent from the spammers' own IP space (or other

> irrelevant IP space) - now they suddenly figured out a way to get these

> spams to be sent from Google MTAs.

>

> --

> Rob McEwen, invaluement





Yes, while in general it has been happening for a while (for a period we

even started blocking all Google Groups mail as a shot over their bow,

however we went back to 'filtering' it as likely spam, there were legit

users affected) this looks to be a new way to send Google list spam, and

not the traditional groups spamming methods we have seen over the last year.







--

"Catch the Magic of Linux..."



Michael Peddemors, President/CEO LinuxMagic Inc.

Visit us at 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linuxmagic.com%2Fdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cd73512d103d64c1fa08408d909978ce5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637551368794581187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=qoUsog3MBf3RyExxJdC2QnLnXBKsAcFVyeko5omcs%2Bk%3Dreserved=0
 @linuxmagic

A Wizard IT Company - For More Info 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wizard.ca%2Fdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cd73512d103d64c1fa08408d909978ce5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637551368794581187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Fugr7qba4Om6u%2BQCXy0paHuBaXBKbCrfXK1Bs4zGcMI%3Dreserved=0

"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.



604-682-0300 Beautiful British Columbia, Canada



This email and any electronic data contained are confidential and intended

solely for the use of the individual or entity to which they are addressed.

Please note that any views or opinions presented in this email are solely

those of the author and are not intended to represent those of the company.

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cd73512d103d64c1fa08408d909978ce5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637551368794581187%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=Q%2BCt5NULvDzIYfcg5FhpGvx04ksmTIXM06kT6V43mv0%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft Abuse contact info?

[Michael Wise via mailop]

Or … you could send me a sample. 

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Peter Nicolai Mathias 
Hansteen via mailop
Sent: Thursday, March 4, 2021 1:21 PM
To: eric-l...@truenet.com
Cc: mailop 
Subject: [EXTERNAL] Re: [mailop] Microsoft Abuse contact info?




4. mar. 2021 kl. 22:01 skrev Eric Tykwinski via mailop 
mailto:mailop@mailop.org>>:

Looking for abuse contact information for Microsoft Office 365..
A common customer of ours had a phishing attempt made from what looks like 
another Office365 client with a domain spelling.

The best I can offer is based on an episode a couple of years ago[1]: If it 
looks to be from an Office365 customer, send your complaint with any background 
material to j...@office365.microsoft.com. 
It likely does not hurt to put abuse@ other Microsoft-attached domains that 
appear to be involved on Cc:.

There are indications that at least a significant subset of messages sent there 
eventually reach a human.

All the best,
Peter N. M. Hansteen

[1] 
https://bsdly.blogspot.com/2018/02/a-life-lesson-in-mishandling-smtp.html


—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/
 
http://www.bsdly.net/
 
http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible solutions alternatives?

[Michael Wise via mailop]

Hmm.



" That does put a damper on our relationship."
-- Dread Pirate Wesley



Unsure if that is an issue or by design.

I've always been a tad unenthusiastic about IPv6 for inter-org mail myself.

I know Office365 supports it.

Will ask around.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Jay Hennigan via mailop
Sent: Thursday, February 25, 2021 4:20 PM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible 
solutions alternatives?



On 2/25/21 15:49, Alan Hodgson via mailop wrote:



> Does Microsoft even accept mail over IPV6?



Not for hotmail.com or outlook.com domains, apparently.







jay$ dig +short hotmail.com -t mx

2 hotmail-com.olc.protection.outlook.com.



jay$ dig +short hotmail-com.olc.protection.outlook.com -t 

jay$







jay$ dig +short outlook.com -t mx

5 outlook-com.olc.protection.outlook.com.



jay$ dig +short outlook-com.olc.protection.outlook.com -t 

jay$





--

Jay Hennigan - j...@west.net

Network Engineering - CCIE #7880

503 897-8550 - WB6RDV

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cf6f475a871f74598757c08d8d9ed9218%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637498961801824467%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=npEI8XJ1lgzpO9QbqMDuN4JZFvFw2W0NoLzFaBIpF0E%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible solutions alternatives?

[Michael Wise via mailop]

Yes, but it must be authenticated with SPF, DKIM, and DMARC, last I heard.
Otherwise ... not happening.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: mailop  On Behalf Of Alan Hodgson via mailop
Sent: Thursday, February 25, 2021 3:49 PM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible 
solutions alternatives?

On Thu, 2021-02-25 at 23:15 +, Andrew C Aitchison via mailop wrote:

On Thu, 25 Feb 2021, Michael Wise via mailop wrote:




<https://go.microsoft.com/fwlink/?LinkID=614866>

https://go.microsoft.com/fwlink/?LinkID=614866






Hmm. No indication of how to specify IPv6 addresses.



Do people think 256 addresses total is reasonable for IPv 6 ?



Does Microsoft even accept mail over IPV6?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible solutions alternatives?

[Michael Wise via mailop]

If you're doing IPv6 addresses ... are you using SPF, DKIM *AND* DMARC?
Because if not, or if the DKIM doesn't verify, that's the issue.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: Andrew C Aitchison  
Sent: Thursday, February 25, 2021 3:16 PM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible 
solutions alternatives?

On Thu, 25 Feb 2021, Michael Wise via mailop wrote:

>https://go.microsoft.com/fwlink/?LinkID=614866

Hmm. No indication of how to specify IPv6 addresses.

Do people think 256 addresses total is reasonable for IPv 6 ?

-- 
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Hotmail and block on OVH: possible solutions alternatives?

[Michael Wise via mailop]

What She Said.

  https://go.microsoft.com/fwlink/?LinkID=614866

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Laura Atkins via mailop
Sent: Thursday, February 25, 2021 12:58 AM
To: Ignacio García 
Cc: mailop 
Subject: [EXTERNAL] Re: [mailop] Hotmail and block on OVH: possible solutions 
alternatives?




On 25 Feb 2021, at 08:41, Ignacio García via mailop 
mailto:mailop@mailop.org>> wrote:

Hi there


We are a small ISP for small and medium companies only. We have several email 
servers hosted at OVH/SoYouStart. Although some OVH IP segments are not of the 
likes of Microsoft, some of my servers have been running for so long without 
any incidents that their IPs have had a normal reputation at Microsoft for 
years. Now we've set up some more, but even our failover IPs are completely 
blocked by Hotmail servers. We of course have added those IPs to the SNDS 
monitoring program, no email has been sent since we rented those servers more 
than 2 months except for this week, after set up and internal initial beta 
testing.


>From your experience, how long may it take to MS to allow communications from 
>those IPs? Is there anything else we can do to to help solve this situation?

Have you opened a ticket for mitigation for those IPs?

laura

--
Having an Email Crisis?  We can help! 800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: 
https://wordtothewise.com/blog






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] SNDS trap message period accuracy

[Michael Wise via mailop]

I’d make sure to validate all assumptions, preferably with ONE message from ONE 
dedicated IP for the test, and make sure that everything does in fact line up 
the way you want it to. I don’t really know anything about that particular 
system, but … I’d want to make sure, as you do, that everything the report 
tells you is what actually happened.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Fernando MM via mailop
Sent: Wednesday, February 24, 2021 4:54 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] SNDS trap message period accuracy

Hi,

I'm trying to use the "Trap message period" information that is provided by 
SNDS in order to detect and remove users that might be sending spam. The IPs 
are dynamically assigned and some of them are assigned to multiple users at the 
same day.

The issue that I'm experiencing is that, although the documentation says that 
this info is accurate to the minute, sometimes it fails because no users were 
using that IP at that minute.

If I increase the search time range to 5 minutes, it usually works but 
sometimes I also find out that 2+ customers were assigned within that time 
range.

I already checked everything that I could think of on our side: our IP 
assignment logs are correct/reliable, server's times are accurate, logs time 
zone is the same as SNDS etc.

Does anyone have any experience with this? How accurate is the information 
provided in SNDS?

We do check other factors but I'm worried that we could end up cancelling an 
user's account that isn't doing anything wrong based on unreliable data.

Best regards,

Fernando Marcelo
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..

[Michael Wise via mailop]

We should, "Name and Shame"...

Maybe not here, but.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Chris via mailop
Sent: Tuesday, February 9, 2021 1:48 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] [E] Re: Some Days I think that Gmail isn't 
even trying to stop outbound spam..



On 2021-02-08 21:09, Dave Warren via mailop wrote:

\

> You could always turn on + addressing on M365...

>

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients-in-exchange-online%2Fplus-addressing-in-exchange-onlinedata=04%7C01%7Cmichael.wise%40microsoft.com%7C5f74fabf414d4239fdfd08d8cd44c948%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637485042623041470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=G9C2stz9qho3vIhDN9fEnSzf%2BBkHiEcmG5k40mOcEzI%3Dreserved=0

>

>

> Admittedly it is fairly new, and opt-in for reasons described on the

> link above, but it should be straightforward for a client moving in from

> another that supported plus addressing.



The convention has existed almost as long as there's been sendmail, and

is available in postfix too.  This is handy to direct incoming email

into different boxes, and makes it possible to narrow down who leaked

your email address.



Indeed: I use it for my subscription to mailop as you can see.



UNFORTUNATELY, many web sites outright refuse to accept "+" as a valid

character in an email LHS, despite the fact that the RFC's permit it.



In fact, I've run into occasions where the "new user" function permits

it, but logging in and/or password change *don't*.  Worse was one that

entirely disabled it long after I've been using it successfully, routinely.



Sometimes significant ones with paid subscriptions/services.  Pain in

the ass they are.



It's useful, but be aware that some sites screw it up.  Some relatively

major ones.

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7C5f74fabf414d4239fdfd08d8cd44c948%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637485042623041470%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zAseu%2F%2BY2FAyY4TyB2ZH5cHQW%2FxzyJqUbrFPG0GJ6kU%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] +addressing ... any reason to NOT use it?

[Michael Wise via mailop]

It seems I missed the announcement, but ...

  Plus Addressing in Exchange Online | Microsoft 
Docs

So ... Achievement Unlocked!
It's now supported in Office365 as well as, "HotMail"!
Is there anyone else who does NOT support it at this point?
Are there any major senders who don't like a "+" in the username of an email 
address?
And if so, why?

Valuable tool, to say the least.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: [FEEDBACK] Azure Spammer Activity

[Michael Wise via mailop]

No Comment.

Except, yes, CERT is where I'd send those reports.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Andreas Schamanek via 
mailop
Sent: Thursday, January 14, 2021 2:50 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] [FEEDBACK] Azure Spammer Activity


On Thu, 14 Jan 2021, at 20:22, Michael Wise via mailop wrote:

> On Tue, 8 Dec 2020, at 23:43, Hans-Martin Mosner wrote:
>> Today we got a response to our abuse reports requesting that we 
>> report these to j...@office365.microsoft.com
> Why would you have thought reporting an Azure item to the Office365 
> abuse SAMPLE input queue would have any affect at all on Azure 
> issues?

@Michael: Maybe he trusts your colleagues more than you do?

BTW, in reply to reports sent to ab...@microsoft.com I received 
several replies from cdo...@microsoft.com (the last one yesterday) 
telling me to report directly to c...@microsoft.com though this 
address is not listed in the respective whois records, like for 
52.149.219.36.

-- 
-- Andreas

  :-)

___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cbae0ae85abae40ae7cd008d8b8e01724%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637462619890917546%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=zfkc7pYHDyq5CnQBnz6EKhdsEaAU%2F8xtwvtWpcYHWOY%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: [FEEDBACK] Azure Spammer Activity

[Michael Wise via mailop]

Why would you have thought reporting an Azure item to the Office365 abuse 
SAMPLE input queue would have any affect at all on Azure issues?

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Hans-Martin Mosner via 
mailop
Sent: Tuesday, December 8, 2020 11:43 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] [FEEDBACK] Azure Spammer Activity

Yesterday and the day before we received such a massive wave from them that I 
had to temporarily block several Microsoft
IPv4 ranges...

Today we got a response to our abuse reports requesting that we report these to 
j...@office365.microsoft.com - I
would've thought that within one corporation, forwarding of abuse tickets 
should work somehow.

The spam mails had a header line of "List-Id: OAUTH WG " which 
may either be completely fake or an
indication of a mailing list hack.

Cheers,
Hans-Martin


___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Cd994848d9dec45f08eba08d89c169496%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637430968084735719%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=%2FehlXLhUgNzAjoOlvrSjEJ%2BUx9EWjNXdrhPrejS9sEk%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Blocked from hotmail/live/outlook but ticket response says not blocked

[Michael Wise via mailop]

Can you please share at the very least, the IP in question and the full error 
message?

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Seth Mattinen via mailop
Sent: Wednesday, January 6, 2021 4:33 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Blocked from hotmail/live/outlook but ticket 
response says not blocked

Being blocked (apparently delayed after a customer compromise back on 
the 28th) from Microsoft properties. Submitted ticket, got response 
saying IP is not blocked. Checked logs, nope still seeing 550's. SNDS 
says "All of the specified IPs have normal status." Submitted ticket again.

Now what? Why am I being told not blocked when I'm clearly getting an 
SMTP 550 response when sending to hotmail/live/outlook?

~Seth
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7C6a673b9003404022c49908d8b2a4227b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637455765317767578%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000sdata=0%2Boe4kmVq0fgJox3ueOYyP9Upk3pgWtLfvhdHLS26Qc%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: IP based reporting for Yahoo feedback loop gone?

[Michael Wise via mailop]

Yeah, Elizabeth Zwicky said it was quite dead.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Laura Atkins via mailop
Sent: Tuesday, December 29, 2020 7:43 AM
To: Mark E. Jeftovic via mailop 
Subject: [EXTERNAL] Re: [mailop] IP based reporting for Yahoo feedback loop 
gone?




On 28 Dec 2020, at 18:03, Scott Mutter via mailop 
mailto:mailop@mailop.org>> wrote:

There was once an IP based one?

There was, primarily for hosting type companies.

I don't think it survived the VMG merger.

laura


I only ever knew of the DKIM one.  Which never made a lot of sense to me - 
since with shared hosting there can be multiple domains sending mail from an 
IP.  To configure DKIM and the DKIM feedback loop for every domain wasn't 
practical.



On Mon, Dec 28, 2020 at 11:29 AM Seth Mattinen via mailop 
mailto:mailop@mailop.org>> wrote:
On 12/28/20 9:28 AM, Marco Guillen Barrionuevo wrote:
> There you go
> Yahoo! Help - Submit a Form
> >
>

It asks for DKIM stuff; I need IP based.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

--
Having an Email Crisis?  We can help! 800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: 
https://wordtothewise.com/blog






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: scam prevention

[Michael Wise via mailop]

SPF checks IPs against the From: domain … which may fail for good reasons or 
bad, and in both ways.
If the criteria is too lax, bad actors can take advantage.

DKIM can also fail, since Bad Actors love to set up their domains with valid 
DKIM info.

DMARC puts it all together.

But ultimately, with the flagrant abuse of what we call the, “Friendly From” … 
ripping it out entirely does have a certain appeal, especially as it’s almost 
impossible on devices such as smartphones, to get at that actual information 
for validation in the first place.

The phone number metaphor is a better fit.
I set up this phone number in my contacts as belonging to my friend, “Joe 
Smith”, and presupposing the number isn’t forged, they get to ring my phone, 
and I know who it is just by looking at the caller-ID.

Friendly From is a False Friend.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Scott Mutter via mailop
Sent: Tuesday, December 8, 2020 9:27 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] scam prevention

Good idea or not, that's a debate.

But if it did happen - be ready for the chorus of... "But it used to show the 
person's name, why did it change?  Can you change it back?"

People don't respond well to change.  Even if it's for the betterment of 
humankind, that's not really comprehensible.

On Tue, Dec 8, 2020 at 6:13 AM Tim Bray via mailop 
mailto:mailop@mailop.org>> wrote:
Hi,

I'm wondering if it might be a good idea to strip all sender names from
emails coming into our corporate email system.   To avoid a false name
being used by a scammer.

So rewrite a header like

`From: Bob Smith mailto:b...@example.org>>` to  `From: 
b...@example.org`

Because the domain part is checked by SPF and DKIM.  The but name (Bob
Smith) is not.

Background:

Some people at work fell for a scam email  where the From line was

From: =?UTF-8?Q?Darren_Smith=C2=A0?= 
mailto:mablecri...@gmail.com>>

That's a  Darren_Smith with a non breaking space on the end.
mablecri...@gmail.com is the real scammer address.

Darren Smith  (not his real name) is the Managing director of their
employer.  And they just trusted the name, and didn't check the
domain.   To the more experienced members of staff it was so blatantly a
scam they just deleted it.  To the junior members, they rushed to the
shops for amazon and google vouchers thinking they were on a special
mission for the big boss. £1300 lost, some maybe recovered.

If I stripped the name, they would have seen 
mablecri...@gmail.com and
hopefully noticed sooner.

Thoughts or ideas?


--
Tim Bray
Huddersfield, GB

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] AT Silently discarding messages?

[Michael Wise via mailop]

We’ve actually stopped that some months back for the most part, unless the 
Office365 tenant has explicitly chosen that as an option.
There may be very, very rare exceptions.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Scott Mutter via mailop
Sent: Wednesday, October 28, 2020 12:51 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] AT Silently discarding messages?

Has AT taken a page out of Microsoft's handbook and started silently 
discarding messages even after their mail server has accepted them?

I've got a user that claims he's not getting our messages.  I checked our 
outbound logs and the messages are showing as being accepted by AT's mail 
servers - 144.160.235.144 - but the user is claiming they don't have the 
message.

C="250 2.0.0 09SJYi67108691 Message accepted for delivery"

They say they have checked their spam folder as well.

I know Microsoft is famous for pulling this stunt.  I guess everybody's wanting 
a piece of this pie?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Problems receiving email from a few domains.

[Michael Wise via mailop]

Who does the filtering for the customer's domain?
And if it's Office365, what is their domain name?
Also, if Office365, the best place for you to take this up is with the 
Office365 Customer Support folks; ask them to open a ticket?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Larry Struckmeyer via 
mailop
Sent: Thursday, October 15, 2020 10:30 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Problems receiving email from a few domains.

Hello,

This is my first post to this group and I hope I'm in the right place.  The 
issue does involve e-mail so it sounds right.  Any ideas on this would be 
greatly appreciated.

My customer, the business owner, complains that some of his VIP correspondents 
cannot send email to either himself or his office manager.

Here is what I know so far:
There are at least 6 unsuccessful senders, all in different sending domains.
There do not appear to be any blacklist issues with any of these domains.
These are all very small businesses.  Pharmacy, Insurance Agent, except for one 
DOD sender.
The sending domains appear to be hosted by such as Rack Space, Go Daddy, and 
probably others.
I have added the IPs for Google and Rack Space to the Exchange accepted list.  
There is  no IP accepted list in Untangle.
I have turned off all filters native to Exchange.
I have added the sender to the Untangle approved list by name@domain and 
*@domain.
I have only seen an NDR from one sending org.
That NDR said their sending server could not contact our server, timed out, but 
listed the correct MX record.
There is no evidence in either the firewall or Exchange of any attempt by the 
senders mail server to connect.
MXtoolbox reports a delay warning of 5.9 to 6.008 seconds for SMTP Transaction 
Time and SMTP Banner Check not matching.
Testconnectivity.microsoft.com inbound SMTP does not find anything..

Any ideas?

Thanks,

Larry Struckmeyer

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: How to find all the /16s for DigitalOcean?

[Michael Wise via mailop]

Ooo... I ❤ it!

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?



-Original Message-
From: Atro Tossavainen 
Sent: Friday, October 9, 2020 12:27 AM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] How to find all the /16s for DigitalOcean?



On Fri, Oct 09, 2020 at 03:39:46AM +0000, Michael Wise via mailop wrote:

>

> I tried doing a WHOIS lookup, but it just referred me here, which doesn't 
> have it:

>

>   
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.as14061.net%2Fdata=04%7C01%7CMichael.Wise%40microsoft.com%7C1967ad433450474749b808d86c24ae87%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637378252707989849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=hPgi4e0vWhnEeg6QsQsspWKGbBweb8B1bljHzcn%2BvT8%3Dreserved=0

>

> So far, I've got:

>

> 157.230/16

> 159.89.16

> 159.203/16

> 161.35/16

> 165.227/16

>

> What lack I yet?



$ ip-by-asn as14061 | cidradd

5.101.96.0/20

...





ip-by-asn ==



#!/bin/sh



whois -h whois.radb.net -- "-i origin $1" | grep -Eo "([0-9.]+){4}/[0-9]+"



cidradd ==



#!/usr/bin/perl



use Net::CIDR;



my @cidr_list;



while (<>) {

  @cidr_list=Net::CIDR::cidradd($_,@cidr_list);

}



foreach (@cidr_list) { print $_ . "\n" };



>

> Aloha,

> Michael.

> --

> Michael J Wise

> Microsoft Corporation| Spam Analysis

> "Your Spam Specimen Has Been Processed."

> Open a ticket for 
> Hotmail<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866data=04%7C01%7CMichael.Wise%40microsoft.com%7C1967ad433450474749b808d86c24ae87%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637378252707989849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=lNa01BoW2LJcK1Hm731ymf6RbcGUv3o9WTfaUxw1IOY%3Dreserved=0>
>  ?

>



> ___

> mailop mailing list

> mailop@mailop.org<mailto:mailop@mailop.org>

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7CMichael.Wise%40microsoft.com%7C1967ad433450474749b808d86c24ae87%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637378252707989849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=em15UZkaDY0vG2%2BRPXS%2BLp5fhSxCoIzpmGjaVdoI%2B3Y%3Dreserved=0





--

Atro Tossavainen, Chairman of the Board

Infinite Mho Oy, Helsinki, Finland

tel. +358-44-5000 600, 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.infinitemho.fi%2Fdata=04%7C01%7CMichael.Wise%40microsoft.com%7C1967ad433450474749b808d86c24ae87%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637378252707989849%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=t%2BPrJxXTnskF94FfrblmOkT%2Ffmcmixiy02k1XprHrXc%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Trying to get all the /16s for DigitalOcean ...

[Michael Wise via mailop]

I tried doing a WHOIS lookup, but it just referred me here, which doesn't have 
it:

  https://www.as14061.net

So far, I've got:

157.230/16
159.89.16
159.203/16
161.35/16
165.227/16

What lack I yet?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] How to find all the /16s for DigitalOcean?

[Michael Wise via mailop]

I tried doing a WHOIS lookup, but it just referred me here, which doesn't have 
it:

  https://www.as14061.net

So far, I've got:

157.230/16
159.89.16
159.203/16
161.35/16
165.227/16

What lack I yet?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Just trying to see if I can still post.

[Michael Wise via mailop]

Seems to be working now.
I was curious about how to get a list of the CIDR ranges for DigitalOcean, 
AS14061
The WHOIS command didn't do it for me, and neither did going to the website 
they suggest.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: mailop  On Behalf Of Michael Wise via mailop
Sent: Thursday, October 8, 2020 8:47 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Just trying to see if I can still post.


I had a question about a certain owner of IP address blocks in the /16 range, 
and wanted to find out how to get a list of their blocks, but for some reason 
the post wouldn't go out. Maybe this will.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for 
Hotmail<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866=02%7C01%7Cmichael.wise%40microsoft.com%7C5894d78791a642e8f9f908d86c0680fd%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637378123072987976=q6T0J6NSYWdEE2uWATpP%2Bxr%2BIWuB3RWOW9Bk5oUSzXo%3D=0>
 ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Just trying to see if I can still post.

[Michael Wise via mailop]

Huh.
Maybe some issues with outgoing connections to mailop for some reason?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: mailop  On Behalf Of Michael Wise via mailop
Sent: Thursday, October 8, 2020 8:47 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Just trying to see if I can still post.


I had a question about a certain owner of IP address blocks in the /16 range, 
and wanted to find out how to get a list of their blocks, but for some reason 
the post wouldn't go out. Maybe this will.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for 
Hotmail<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866=02%7C01%7Cmichael.wise%40microsoft.com%7C5894d78791a642e8f9f908d86c0680fd%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637378123072987976=q6T0J6NSYWdEE2uWATpP%2Bxr%2BIWuB3RWOW9Bk5oUSzXo%3D=0>
 ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Trying to find the CIDR ranges for DigitalOcean

[Michael Wise via mailop]

I tried doing a WHOIS lookup, but it just referred me here, which doesn't have 
it:

  https://www.as14061.net

So far, I've got:

157.230/16
159.89.16
159.203/16
161.35/16
165.227/16

What lack I yet?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Just trying to see if I can still post.

[Michael Wise via mailop]

I had a question about a certain owner of IP address blocks in the /16 range, 
and wanted to find out how to get a list of their blocks, but for some reason 
the post wouldn't go out. Maybe this will.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Revisiting: outlook_hexstr...@outlook.com email addresses

[Michael Wise via mailop]

Looks like!

Thanks!

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Doug Brenner via mailop
Sent: Tuesday, October 6, 2020 6:02 AM
To: Benoit Panizzon ; mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Revisiting: outlook_hexstr...@outlook.com 
email addresses



Might it be this issue?



https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.microsoft.com%2Fen-ie%2Foffice%2Foutlook-com-email-account-appears-as-outlook-long-series-of-letters-and-numbers-outlook-com-in-outlook-for-windows-90ed7938-7f21-4cb5-a69d-a3b79ea4eafddata=02%7C01%7Cmichael.wise%40microsoft.com%7Cfa5cee03c1114085d32d08d86a1bbf72%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637376014704066509sdata=zTCv%2BpnMwNlk875wnjObRjjIZaVEW78Dn3OcAXtYg5I%3Dreserved=0

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fmsoffice%2Fforum%2Fmsoffice_outlook-mso_other-mso_2016%2Foutlook-upgrade-and-outlookletters-and%2Fc6d9437e-f1d1-474f-8c98-7db612cd7154data=02%7C01%7Cmichael.wise%40microsoft.com%7Cfa5cee03c1114085d32d08d86a1bbf72%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637376014704066509sdata=cl9PC7uLQ%2FRUevlLh%2F5DJtMO3kFXXPnEV7xer4upFQA%3Dreserved=0



On Tue, Oct 6, 2020 at 7:37 AM Benoit Panizzon via mailop

mailto:mailop@mailop.org>> wrote:

>

> Hi List

>

> I already mentioned this issue some time ago, and now I am seeing this

> more often again.

>

> Sometimes the From: Header and evelope-from from Outlook.com customers

> do NOT contain their email address but a strange hex string.

>

> This is an authentic email from one of our customers.

>

> So I wanted to check once more, if anyone else sees this issue and

> might know the cause.

>

> Example:

>

> Subject:Festnetz-Telefon Verbindungen

> X-MS-Traffictypediagnostic: VI1EUR04HT146:

> X-MS-Has-Attach:

> X-MS-Exchange-Transport-Forked: True

> Content-Language:   de-CH

> X-MS-Exchange-Organization-SCL: 0

> X-MS-Tnef-Correlator:

> X-MS-Exchange-Crosstenant-ID:   84df9e7f-e9f6-40af-b435-

>

> From:   " X" 
> mailto:outlook_3dddb25f0278f...@outlook.com>>

[...snip...]

___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cfa5cee03c1114085d32d08d86a1bbf72%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637376014704066509sdata=Qg8HKpwmaU8Zj6k8AQIyhZrz3hDsBU9J%2BZNGlrfccAM%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] JMRP FBL reception stopped on Thursday evening

[Michael Wise via mailop]

YEIII !!! ❤

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: mailop  On Behalf Of David Landers via mailop
Sent: Tuesday, September 22, 2020 1:46 PM
To: mailop 
Subject: Re: [mailop] [EXTERNAL] JMRP FBL reception stopped on Thursday evening

We are receiving the FBL reports again as of approximately four hours ago.

On Tue, Sep 22, 2020 at 4:39 PM Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:

Is the issue still persisting, or has normal functionality been restored?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for 
Hotmail<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866=02%7C01%7Cmichael.wise%40microsoft.com%7C13007663807145a459a408d85f392c6c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637364047096786110=MQ%2Fa3KvOf%2B3LAuTllGAFix2b0px25cHoWhG1EdDZUnU%3D=0>
 ?

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Bressier Simon via mailop
Sent: Monday, September 21, 2020 2:44 AM
To: mailop mailto:mailop@mailop.org>>
Subject: [EXTERNAL] [mailop] JMRP FBL reception stopped on Thursday evening

Hey folks,

On Sendinblue's side, we are not receiving any FBL complaints from our JMRP 
programs since Thursday evening, Is that already a known issue?

Are you guys also seeing that issue on your side ? It has been confirmed also 
by another ESP I've talked to, so I guess it is global here ?

[cid:image001.png@01D690ED.2939EFC0]

Best,

Simon

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7C13007663807145a459a408d85f392c6c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637364047096796106=fe%2F8BKu8ALa2XcZyWKClJ0P8mzZmG5oA0LPtVjjAgpk%3D=0>


--
David Landers
Deliverability Operations Specialist | GROUPON
dland...@groupon.com<mailto:dland...@groupon.com>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] JMRP FBL reception stopped on Thursday evening

[Michael Wise via mailop]



Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: Tara Natanson 
Sent: Tuesday, September 22, 2020 1:57 PM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] JMRP FBL reception stopped on Thursday evening

Looks like we started receiving FBL complaints again just after 1pm Eastern US 
time.

Thank you for poking someone Michael!

Tara

On Tue, Sep 22, 2020 at 4:54 PM Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:

Is the issue still persisting, or has normal functionality been restored?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for 
Hotmail<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866=02%7C01%7CMichael.Wise%40microsoft.com%7C5222581dff0a4f30702208d85f3a1fc0%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637364051126747157=0AjqwnYs%2BFftDrJQSDbfYJOuFI4H%2F45UpO2N5d455yo%3D=0>
 ?

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Bressier Simon via mailop
Sent: Monday, September 21, 2020 2:44 AM
To: mailop mailto:mailop@mailop.org>>
Subject: [EXTERNAL] [mailop] JMRP FBL reception stopped on Thursday evening

Hey folks,

On Sendinblue's side, we are not receiving any FBL complaints from our JMRP 
programs since Thursday evening, Is that already a known issue?

Are you guys also seeing that issue on your side ? It has been confirmed also 
by another ESP I've talked to, so I guess it is global here ?

[cid:image001.png@01D690EA.413C0D90]

Best,

Simon

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7CMichael.Wise%40microsoft.com%7C5222581dff0a4f30702208d85f3a1fc0%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637364051126757153=O9cCFRaldIfv2T4qgFLIRIQeDCZuvw0zGk7P6%2B3pqug%3D=0>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] JMRP FBL reception stopped on Thursday evening

[Michael Wise via mailop]

Is the issue still persisting, or has normal functionality been restored?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Bressier Simon via mailop
Sent: Monday, September 21, 2020 2:44 AM
To: mailop 
Subject: [EXTERNAL] [mailop] JMRP FBL reception stopped on Thursday evening

Hey folks,

On Sendinblue's side, we are not receiving any FBL complaints from our JMRP 
programs since Thursday evening, Is that already a known issue?

Are you guys also seeing that issue on your side ? It has been confirmed also 
by another ESP I've talked to, so I guess it is global here ?

[cid:image001.png@01D690E5.56F20360]

Best,

Simon

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Spam using bit.ly link shorteners, this time via Outlook

[Michael Wise via mailop]

The ROI of engineering work for most FreeMail service providers these days is 
pretty much negative, even when factoring in, “Good Will”. It’s become too much 
of a commodity, and primarily an Ad Platform. But even that … isn’t a license 
to print money it seems. Even if one factors in, “Premium Accounts”.



And honestly, unless the sender has been added to the recipient’s address book 
(aka, “SafeSendered”) these days, from just about any FreeMail provider, the 
traffic should at best be delivered to Junk. The, “Introduction Problem” has 
been solved, at least for the most part, by the FaceBook model, but there is 
obviously still room for improvement. The days of, “Junk Anything From Unknown” 
are well and truly upon us.



This is just my personal opinion, as if I had no interest in this particular 
issue.



This is what I do for my personal Outlook.com account:

Go to the “Gear”, down to, “View all Outlook Settings”

Mail > Junk email > …



[cid:image001.png@01D68C35.7C973D10]

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Jason Grant via mailop
Sent: Wednesday, September 16, 2020 6:38 AM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] Spam using bit.ly link shorteners, this time 
via Outlook



On 16 Sep 2020, at 1:00, Hans-Martin Mosner via mailop wrote:



> Does anyone else see these? I've reported a bunch to Microsoft, don't

> know whether they'll just terminate those accounts

> (if at all) or fix the account creation process.



I don’t think it’s the latter. Where I work we periodically get

waves of the sextortion email (“I’m a hacker and I’ve recorded

you”), and over the past year or so many are coming from random

outlook.com addresses. Somebody definitely has automated account

creation. For what we get, the signal-to-crap ratio on that domain is

low.



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cd731b415a6114981410808d85a46748f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637358605946811941sdata=hMlinE%2FIhfjXKAw3tZwhS25foEorxY5cJ%2F5tCXkYWWQ%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Anybody seeing a huge spike of (S3140) errors from Hotmail/Outlook started on Sep 7th

[Michael Wise via mailop]

You’re going to have to file a ticket, and they’re really the only folks who 
can assist.
But that s typically an indication that there’s something going weird on your 
network.

And trying to obfuscate it with IP.AD.DR.ES doesn’t help in figuring out what’s 
going on.
Just saying,.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Rauf Guliyev via mailop
Sent: Wednesday, September 9, 2020 2:59 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Anybody seeing a huge spike of (S3140) errors from 
Hotmail/Outlook started on Sep 7th

Hello there,

We are seeing a huge spike in "550 5.7.1 Unfortunately, messages from 
[IP.AD.DR.ES]
 weren't sent. Please contact your Internet service provider since part of 
their network is on our block list (S3140)" errors while sending to 
Hotmail/Outlook. It started on Sep 7th and is affecting only one datacenter,  
the rest is sending the same emails just fine.  The SNDS shows the affected IPs 
as green. Filed a ticket (SR1508383241) but curious to see if it's widespread.

Thanks in advance,
Rauf

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] What's Microsoft's S3150 block list and where do I go to request removal?

[Michael Wise via mailop]

... people still DO that? Sorry.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Dan Malm via mailop
Sent: Wednesday, September 9, 2020 2:25 AM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] What's Microsoft's S3150 block list and where 
do I go to request removal?



On 2020-09-09 10:53, Laura Atkins via mailop wrote:

> “This” was a link to Open a ticket for Hotmail...

>



Referring to "links" using background color works quite poorly when your

recipients read their mail in text/plain... :)



--

BR/Mvh. Dan Malm, Systems Engineer, One.com
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] What's Microsoft's S3150 block list and where do I go to request removal?

[Michael Wise via mailop]

You’ve pretty much already got the idea.

The recipient should safe-sender the sending address of the probes, and that 
should solve the issue.

Failing that … this.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Andy Smith via mailop
Sent: Tuesday, September 8, 2020 3:15 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] What's Microsoft's S3150 block list and where do I 
go to request removal?



Hi,



We have a customer who's been receiving Icinga (basically Nagios)

alerts every few hours for the last few days to their hotmail

address. The customer could/should have either addressed the

situation or halted the alerts, but they didn't and that's their

choice.



In the third day of this we've started getting this NDR:



  [removed]@hotmail.com

host hotmail-com.olc.protection.outlook.com [104.47.55.161]

SMTP error from remote mail server after pipelined MAIL 
FROM:mailto:nag...@mon0.bitfolk.com>> SIZE=2107:

550 5.7.1 Unfortunately, messages from [85.119.80.238] weren't sent. Please 
contact your Internet service

provider since part of their network is on our block list (S3150). You can also 
refer your provider to

https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.live.com%2Fmail%2Ftroubleshooting.aspx%23errorsdata=02%7C01%7Cmichael.wise%40microsoft.com%7C4ec77d8ffb164584593508d854455d6f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637352004190536265sdata=brcK1FXZH4fOCHPHfskmoWVDYEL1iUXHK1trMdhBfaE%3Dreserved=0.
 [BN8NAM12FT030.eop-nam12.prod.protection.outlook.com]



So, what's "S3150"? — it isn't mentioned at all on

https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.live.com%2Fmail%2Ftroubleshooting.aspx%23errorsdata=02%7C01%7Cmichael.wise%40microsoft.com%7C4ec77d8ffb164584593508d854455d6f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637352004190536265sdata=brcK1FXZH4fOCHPHfskmoWVDYEL1iUXHK1trMdhBfaE%3Dreserved=0
 — and where

should I be going to request delist?



I realise I need to sort out SPF for that envelope sender.



All of the mails will have been almost identical so I can see why

something might have been triggered, however they were requested by

the recipient.



Cheers,

Andy



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C4ec77d8ffb164584593508d854455d6f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637352004190536265sdata=FVQPQeo8MTfEZfsvUKZW4Smt0gajIfJ%2FEdYDrzxze7s%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Seeing a 255.255.255.255 ip in received header from Microsoft

[Michael Wise via mailop]

That means it was local. Pay it no mind, unless you like blocking all traffic 
that was entered via the UX.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Kevin A. McGrail via 
mailop
Sent: Wednesday, September 2, 2020 6:57 PM
To: mailop 
Subject: [EXTERNAL] [mailop] Seeing a 255.255.255.255 ip in received header 
from Microsoft

Howdy Mailopers,


Anyone seen a received header like this before with the from on quad
255's from an email from hotmail?

Received: from 255.255.255.255 (255.255.255.255) by
MN2PR10CA0026.namprd10.prod.outlook.com (2603:10b6:208:120::39) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.20 via
Frontend Transport; Tue, 1 Sep 2020 12:39:43 +

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C066800e10e9a4c2f36cc08d84fad7523%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637346953714609361sdata=YOIuWJmxyhUUt5coinVqgiVVkcC2v45KVGdl0efClK8%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] SNDS Request Access Problem

[Michael Wise via mailop]

You’re going to have to chat with your upstream provider about that, otherwise 
anyone I could point in your direction is going to say pretty much the same 
thing: Go thru the support funnel.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Thiago Rodrigo F. 
Rodrigues via mailop
Sent: Wednesday, August 26, 2020 1:46 PM
To: mailop 
Subject: [EXTERNAL] [mailop] SNDS Request Access Problem

Hello Mailop.

I`m trying to register an IP range in SNDS but the request access page is not 
giving me the correct whois email for validation.

SNDS are parsing emails from the comment section of the whois for the CERT.br 
ranges. Anyone had a similar issue recently ?

Someone from MS could ping me off-list ?

Regards.

--
[http://allftp.allin.com.br/marketing/assinatura/logo-allin.png]

Thiago Rodrigues
Coordenador de Qualidade
+55 011 3544 0513 | 3544 0562
Email: trodrig...@allin.com.br
Skype: @thiago.rfr
[allin-facebook]
 [allin-instagram] 

  [allin-linkedin] 

  [allin-youtube] 

 
[http://www.linkedin.com/img/webpromo/btn_profile_bluetxt_80x15_pt_BR.png?locale=]
 



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Deutsche Telekom rejects connections because of missing "provider identification"

[Michael Wise via mailop]

Shared infrastructure places ... like Office365 for instance, might find that 
problematic.

Also, some senders prefer for security reason, either "Privacy" or fear of 
DDOS, to hide behind the Infrastructure of Others.

Senders like Law Offices, certain corporations and such like.



Now if there's some other way to do that, I'm sure we'd be all ears.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Michael Peddemors via 
mailop
Sent: Wednesday, August 26, 2020 12:30 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Deutsche Telekom rejects connections because 
of missing "provider identification"



More and more companies are requiring transparency.



mail.mydomain.com



There SHOULD be a URL associated with the domain ('mydomain.com') in the

PTR.. And that URL should reflect the organization that is responsible

for activity related to that domain.. I will have to dig up that M3AAWG

Nest Practices document, but it is also enshrined in many Anti-Spam

legislation recommendations as well..



I remember years back when involved in the Canadian task force, that was

also a recommendation..



On 2020-08-26 12:06 p.m., ml+mailop--- via mailop wrote:

>> But it was enough to have the imprint visible for them just for the

>

> Sorry for a stupid question: What is "the imprint"?

> Does that mean you have to operate a web server with an "Impressum"

> (I guess that's the German word?) if you want to send mail?

>

> ___

> mailop mailing list

> mailop@mailop.org

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C1c723cea10ef4a28a09608d849f6d93c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637340671844813013sdata=Llv4T4rZkVyK3nnz29a4AJAR2i8bGimBBw78BjRIBOo%3Dreserved=0

>







--

"Catch the Magic of Linux..."



Michael Peddemors, President/CEO LinuxMagic Inc.

Visit us at 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linuxmagic.com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C1c723cea10ef4a28a09608d849f6d93c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637340671844813013sdata=CHRKscMDKvUEJTQdzO5%2BQS5632UyqQp%2B%2Bu0WGV0vCbw%3Dreserved=0
 @linuxmagic

A Wizard IT Company - For More Info 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wizard.ca%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C1c723cea10ef4a28a09608d849f6d93c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637340671844813013sdata=AgUPZIlX8wA06CDAXsyKoOJMpfpD5IQr2hdfVY4gqVA%3Dreserved=0

"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.



604-682-0300 Beautiful British Columbia, Canada



This email and any electronic data contained are confidential and intended

solely for the use of the individual or entity to which they are addressed.

Please note that any views or opinions presented in this email are solely

those of the author and are not intended to represent those of the company.



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C1c723cea10ef4a28a09608d849f6d93c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637340671844813013sdata=Llv4T4rZkVyK3nnz29a4AJAR2i8bGimBBw78BjRIBOo%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

[Michael Wise via mailop]

Before they abuse a web API, I'd strongly suspect that they would abuse port 25.

But yes, it would be an interesting hypothesis to validate



And this isn’t just, “Spam”; it’s far more intensive, and can only best be 
appreciated from the POV of the recipient.

They’re not just using you to send traffic to them.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?



-Original Message-
From: mailop  On Behalf Of Philip Paeps via mailop
Sent: Wednesday, August 19, 2020 6:44 PM
To: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of 
service



On 2020-08-20 05:17:09 (+0800), Michael Wise via mailop wrote:

> BotNet?

> Were they listed in the SpamHaus XBL as being compromised?



The problem is that the subscriptions come in through the Mailman web 
interface, not through email.



Arguably, this is a variant of the old "send an email greeting card"

spam.



I don't know of anyone who checks the XBL (or other blocklists) on the web 
server.  Or if that would even be effective.  Does the XBL list botnets that 
abuse web services that lead to email being sent too?  This may actually be an 
interesting hack to perpetrate. :)





Philip



--

Philip Paeps

Senior Reality Engineer

Alternative Enterprises



___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C7bf743281ef049eb0e9508d844ab3956%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637334849539682100sdata=lhJ5Eu%2Bh5n9vMsBG1GnoxuchwBmgtKbdRT9k7lTlEj4%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

[Michael Wise via mailop]

BotNet?

Were they listed in the SpamHaus XBL as being compromised?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Marlen Caemmerer via 
mailop
Sent: Wednesday, August 19, 2020 4:00 AM
To: Andy Smith via mailop 
Subject: [EXTERNAL] Re: [mailop] Mailman confirmation email denial of service



Hello,



seeing this here, too.

But I did only receive a small number of requests (about 100 in the last day).

Every IP I find in the logs connects only once to try to subscribe.

The IP addresses are registered for 5 different providers in the US.

Thanks for the UserAgent workaround.



Cheers

 nosy







--

  *  Marlen Caemmerer

*Richard-Sorge-Str. 82

monoro   *  10249 Berlin

*

  *  Tel: 0179/733 90 72

 USt-ID: DE 252684276





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C39569caf6672470099c608d8442f9799%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637334318497826108sdata=qDQpcLc0ObMiL2Z9uA0Z60Qz78fh0fKwtaL4rbKBGyc%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service

[Michael Wise via mailop]

You might want to generate a hash of the "Subscribers' Addresses" and if you 
see more than say, 5? In a 1 minute period, block all subsequent attempts.



https://www.spamhaus.org/news/article/734/subscription-bombing-coi-captcha-and-the-next-generation-of-mail-bombs
  (2016-09-16 20:31:07 UTC)

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Andy Smith via mailop
Sent: Wednesday, August 19, 2020 5:06 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Mailman confirmation email denial of service



Hi,



On Wed, Aug 19, 2020 at 07:53:43PM +0800, Philip Paeps via mailop wrote:

> On 2020-08-19 18:24:30 (+0800), Andreas Schamanek via mailop wrote:

> >BTW, Mailman mm_cfg.py option `SUBSCRIBE_FORM_SECRET` apparently

> >mitigates the DoS, too.

>

> We've also had some success in the past with raising

> SUBSCRIBE_FORM_MIN_TIME.



Thanks both for these settings that I had overlooked.



Cheers,

Andy



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C87a8023760e64b439d5608d84438c00f%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637334357836546128sdata=7QGn3OQW71YIO3zrs7ANRL6bAMtaeZN1NgLJq0r7smk%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Delisting request from sendgrid customer about ip used in recent phishing campaign.

[Michael Wise via mailop]

Only 100%?

Pity.



One could wish such enlightenment was more common, though. ☹

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Michael Rathbun via mailop
Sent: Friday, August 14, 2020 9:25 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Delisting request from sendgrid customer about 
ip used in recent phishing campaign.



On Fri, 14 Aug 2020 10:40:40 -0500, Mickey Chandler via mailop 
mailto:mailop@mailop.org>> wrote:



>And yet ESPs, like many other businesses, can sometimes look at abuse

>desk operations as a cost center, not as a core functionality. It's way

>easier to justify paying for new salespeople who will bring in several

>times their annual salary in new business per quarter than it is a team

>of dedicated professionals who spend all day terminating paying

>customers.



My favourite Policy Enforcement gig was at ALGX before the money people did a 
forced buyout.  Executive management hired me to get the network out of the 
blocklist sewer, and eventually when the Mahoganites (EVPs) on the fourth floor 
raised some sand about my team terminating $15K/month customers, the 'C'

level directive came down that caused a new clause in the sales commission 
policy to go into effect:  If your customer is terminated for AUP violations 
within the first six months of their tenure on our network, 100% of your 
commission on the sale will be clawed back.



After a while my team spent as much time assisting sales in vetting new 
customers as they did whacking bad ones.



mdr

--

   "There will be more spam."

  -- Paul Vixie





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cad81ddfecfd84e36751d08d8406f3c38%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637330193785447811sdata=v1wHlbHa%2F5kiJDgorMsGWhcP2LZR231MxBIWIwFDwvY%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft contact for misclassified spam issue?

[Michael Wise via mailop]

That won’t help with Office365.
Recipient should reach out to their Microsoft Customer Support rep and raise an 
FP issue.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Matt Vernhout via mailop
Sent: Friday, August 7, 2020 8:04 PM
To: John Gateley 
Cc: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Microsoft contact for misclassified spam issue?

Start here:
https://sendersupport.olc.protection.outlook.com/pm/policies.aspx

It has the rules and a link to get help from the support team.
~
Matt


On Aug 7, 2020, at 11:40, John Gateley via mailop 
mailto:mailop@mailop.org>> wrote:
Hi y'all,

I am using a user auth SaaS, and one of the actions it performs is sending 
"Reset your password" emails.
These emails have links inside for users to reset their passwords.

Delivery to most places is working (Google etc.) but Microsoft Office 365 users 
are consistently getting their emails in the junk folder.

I have tried everything I can think of... is there a contact at Microsoft here 
that could give me a hand?

Thank you

John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Need help with Microsoft S3150 and Yahoo TSS09 on recently transferred /24

[Michael Wise via mailop]

To the best of my knowledge, S3150 is not Office365 affecting.
The IP didn’t show up on any blocks for the Office365 side of the house when I 
checked.
So I’m unsure of your point?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: Chris Woods 
Sent: Saturday, August 1, 2020 2:36 AM
To: Michael Wise 
Cc: mailop 
Subject: Re: [mailop] [EXTERNAL] Need help with Microsoft S3150 and Yahoo TSS09 
on recently transferred /24


On Sat, 1 Aug 2020, 03:02 Michael Wise via mailop, 
mailto:mailop@mailop.org>> wrote:

Let’s just say that it is quite typical that, “FreeMail” mail providers such as 
HotMail and … others … are typically not classical Profit Centers.
Some try and fund their services with ads.
Some … try and run it for the, “Good Will” (in the Financial Sense).
Few charge for a standard mailbox.
But to think that such an enterprise would hire thousands, if not tens of 
thousands, of folks to provide the necessary levels of technical support …
Not happening.

I agree completely about not subsidising premium support for free users. But 
for EO/365 customers, issues like automated misclassification of incoming 
business email, or messages in conversations being autojunked from users' 
mailboxes, those are business affecting.

If ML algorithms are what's affecting delivery to paid customers, shouldn't the 
support process reflect their priority as paid tenants?

Trying to encourage a large organisation to raise deliverability problems with 
their MS support can be frustrating. It can be hard to contact an 
organisation's mailadmin, particularly if they outsource IT and email support. 
If you rely on a user in an org to escalate your delivery issues to their IT 
department, they can sometimes hit a wall when their own support misunderstands 
or can't triage the enquiry.

I've spent days finding contacts in businesses who can help with org-wide 365 
delivery issues. Even then, it only seems to fix the problem for that tenant. 
In my experience, when problems occur the current mitigation/review process 
isn't adequate, but I don't think adding thousands of human agents is realistic 
either.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft contact - JMRP issue

[Michael Wise via mailop]

I'm really not in a position to assist with JMRP issues.

You pretty much have to go thru the web-based resources.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Bressier Simon via mailop
Sent: Monday, August 3, 2020 8:30 AM
To: Al Iverson 
Cc: mailop 
Subject: [EXTERNAL] Re: [mailop] Microsoft contact - JMRP issue



Hey,



Yes the issue here is not the registration itself on JMRP for the /18, it will 
be exploded indeed in /24. But the range is still partly enrolled on few JMRP 
programs from the previous owner(s), and we can't enroll the range on our own 
JMRP if that IPs are still on theirs.

I've contacted the guys from that other companies... but dunno if I can expect 
some help from them yet, or if that contact addresses are even still in use.



That's why it would be more efficient via a MS folk :)





Le lun. 3 août 2020 à 17:12, Al Iverson 
mailto:aiver...@wombatmail.com>> a écrit :

>

> If you want to learn from my past fumbling -- I register everything

> with SNDS and JMRP as /24 (or smaller), nothing bigger. Once upon a

> time I found that sometimes it seemed to treat a submission as though

> it were only a /24 even though it was a larger range (/18 or /20).

> That may/may not still be an issue, I have no idea, since long ago I

> decided to treat every range as if it were /24 or smaller. Which means

> you'd be entering it as 64 /24s instead of one /18, if I did my math

> correctly. Fun? No. Does it work? Yes...I've not had any sort of issue

> with JMRP for a long time.

>

> (Well, I've had two unrelated issues with JMRP periodically, not

> related to this. One is, sometimes when we give a client access to

> SNDS data, they try to modify the JRMP settings for a range. We warn

> clients that we monitor for this and revoke access of anybody caught

> doing this. Two, Proofpoint seemed to be eating new SNDS access

> verification requests, but only for a new range in RIPE. Never figured

> out why only those ranges were affected, but we were able to whitelist

> around it.)

>

> You might have a hard time finding somebody at MS who can actually

> assist with an SNDS/JMRP issue. Good luck!

>

> BTW, treating all your ranges as /24 makes doing IP allocation math

> and feeding ranges to other services more simple, too. I now do it for

> all ISP FBLs and registrations (CSA, WP.pl,. JMRP, Return Path

> multi-FBL, etc.) and it means I no longer have to think about CIDR in

> sizes other than /24 (and I don't have to worry about somebody else

> being able to do the math, either).

>

> Cheers,

> Al Iverson

>

> On Mon, Aug 3, 2020 at 5:38 AM Bressier Simon via mailop

> mailto:mailop@mailop.org>> wrote:

> >

> > Hey Michael or any other MS folk,

> >

> > Could you please contact me off list for some help on a JMRP program for a 
> > /18 registration?

> >

> > Thank you very much in advance,

> >

> > Simon, Head of Deliverability at Sendinblue

> > ___

> > mailop mailing list

> > mailop@mailop.org

> > https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fch

> > illi.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=0

> > 2%7C01%7Cmichael.wise%40microsoft.com%7C169cabe96aad409ec02c08d837c2

> > ae88%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637320656581702539

> > sdata=RKBx6s0r07%2BJztHpdLzjGRh2zDxCUIZJXNFb7FIstN0%3Drese

> > rved=0

>

>

>

> --

> Al Iverson // Wombatmail // Chicago

> Song a day!

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.

> wombatmail.com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C16

> 9cabe96aad409ec02c08d837c2ae88%7C72f988bf86f141af91ab2d7cd011db47%7C0%

> 7C0%7C637320656581702539sdata=7HR86sAYlQymUp1UssW3mlRS%2BINFD4q%2

> FJMC9HPeV4ig%3Dreserved=0 Deliverability!

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspam

> resource.com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C169c

> abe96aad409ec02c08d837c2ae88%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C

> 0%7C637320656581702539sdata=0jxNIfjEIKFAU9iQEYOo1PlTxwFmcJdzSwrj9

> yarKOg%3Dreserved=0 And DNS Tools too!

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxnnd

> .com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C169cabe96aad

> 409ec02c08d837c2ae88%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C6373

> 20656581702539sdata=QChDNUwAmiuDHYBEhx0d5FWB964wKjNgjd1wmHqN4j0%3

> Dreserved=0



___

mailop mailing list

mailop@mailop.org

Re: [mailop] [EXTERNAL] Need help with Microsoft S3150 and Yahoo TSS09 on recently transferred /24

[Michael Wise via mailop]

Let’s just say that it is quite typical that, “FreeMail” mail providers such as 
HotMail and … others … are typically not classical Profit Centers.

Some try and fund their services with ads.
Some … try and run it for the, “Good Will” (in the Financial Sense).
Few charge for a standard mailbox.

But to think that such an enterprise would hire thousands, if not tens of 
thousands, of folks to provide the necessary levels of technical support …

Not happening.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: Chris Woods 
Sent: Friday, July 31, 2020 6:34 PM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Need help with Microsoft S3150 and Yahoo TSS09 
on recently transferred /24

On Fri, 31 Jul 2020 at 23:39, Lili Crowley 
mailto:lili.crow...@verizonmedia.com>> wrote:
Chris-

I'm from Yahoo/AOL/VMG.

I just helped him and help lots of people who contact me from mailop so perhaps 
adjust your commentary accordingly.

Thanks.

Lili

Noted, and apologies. Frankly it was brainfade on my part to suggest that and I 
was wrong to say it. Long stressful day, making generalisations, frustration 
from experiences with other providers, not excuses though!

We've obviously all seen you and colleagues engaging and investigating issues 
on the list, credit to you. I appreciate your efforts, same to you Marcel.

NB that I said I'd never personally noticed any deliverability problems for any 
of my customers sending to Yahoo/Verizon/AOL, top marks. Whatever approach you 
take regarding weighting or filtering has always apparently worked well for me, 
even through several recent customer mail IP and hosting provider changes. I'm 
very happy about that.


My small fish experience is that if you can talk to someone from a big provider 
they're often only able to discuss in generalities and can't address specific 
problems. I understand that can be due to the nature of their role, employer 
limitations or because they're only here in an individual capacity.

I wrote a few frustrated paragraphs about the state (lack) of support for lower 
volume operators delivering in to EO/365 and GSuite but it's veering OT and 
we've all heard it before! Still status quo in that regard. (down down, deeper 
and down)

Of course Lili and Marcel and all other ops on the list who offer proactive 
support, it's great to see you care. When we're allowed in bars again, I'll 
gladly buy you various drinks as thanks for you sensibly running your services 
and offering support to the community. It's a continued pain that some other 
providers are not contactable at a human level, nor willing or able to 
investigate issues outside of a decision tree.

And apologies again for opening mouth before engaging brain, yours humble 
pie-edly...


On Sat, 1 Aug 2020 at 01:33, Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:

 Normally, for Office365, we'd suggest beginning your journey here:

  
https://sender.office.com/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsender.office.com%2F=02%7C01%7CMichael.Wise%40microsoft.com%7C41ee776c906a470514d108d835bafae5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637318424475553705=lvTqDhIQ445wuP0HH4OUVhQYgyxAvBHPlNpBQZyCVB4%3D=0>

And for "HotMail", we would suggest going ... here.

What to do in that case can be found by searching the archives of this ML. 

You will *NEVER* get anything aside from automated responses from Sender 
Support because … that is the way the Lawyers have stipulated it.

And aside from pointing out the above noted two resources, there is very little 
else you will get from posting to this mailing list because … *I* don’t scale.

Aloha Michael :-) I appreciate you contribute where you can, but as you say, 
there's not much else you can do. I empathise, I'd be equally frustrated by the 
limitations. Even if you are able to quietly backchannel some problems back to 
teams, you can't possibly be expected to scale to triage WW support. But it's 
nuts that there's no viable alternative.

I'm amazed that the world's largest provider of hosted enterprise mail 
apparently doesn't feel the need to scale deliverability support or respond 
usefully to technical queries. I question the benefit of the lawyers to MS or 
the community. ;-)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Need help with Microsoft S3150 and Yahoo TSS09 on recently transferred /24

[Michael Wise via mailop]

Normally, for Office365, we'd suggest beginning your journey here:



  https://sender.office.com/



And for "HotMail", we would suggest going ... here.

What to do in that case can be found by searching the archives of this ML. 



You will *NEVER* get anything aside from automated responses from Sender 
Support because … that is the way the Lawyers have stipulated it.

And aside from pointing out the above noted two resources, there is very little 
else you will get from posting to this mailing list because … *I* don’t scale.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Simon Arlott via mailop
Sent: Friday, July 31, 2020 1:35 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Need help with Microsoft S3150 and Yahoo TSS09 on 
recently transferred /24



Could someone from Microsoft and Yahoo help me resolve this issue with 
209.16.157.42?



550 5.7.1 Unfortunately, messages from [209.16.157.42] weren't sent.

Please contact your Internet service provider since part of their network is on 
our block list (S3150). You can also refer your provider to 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.live.com%2Fmail%2Ftroubleshooting.aspx%23errorsdata=02%7C01%7Cmichael.wise%40microsoft.com%7C09344a3750284e03be1808d83591db9b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637318247859112616sdata=5dTKbLnSRf7vujLZQSOTz0ohToFGoVbiQCAZuHjsxik%3Dreserved=0.

[AM5EUR02FT039.eop-EUR02.prod.protection.outlook.com]



553 5.7.2 [TSS09] All messages from 209.16.157.42 will be permanently deferred; 
Retrying will NOT succeed. See

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.yahoo.com%2Fkb%2Fpostmaster%2FSLN3436.htmldata=02%7C01%7Cmichael.wise%40microsoft.com%7C09344a3750284e03be1808d83591db9b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637318247859112616sdata=ux9EGh9d8J3yCxImn3O312XcWWXnuoY2gfaj3Nd%2FpAU%3Dreserved=0





The /24 network that the server is located in was purchased and moved from ARIN 
to RIPE on 2020-06-30 [1]. (Our new ISP was unable to supply more than 1 IPv4 
address.)



The network hasn't been routed since 209.16.128.0/18 was advertised until 
2017-12 by the original legacy IP holder [2].



None of the IPs are on any DNS lists, so I can only assume there's some kind of 
"newly announced" restriction or "route origin changed" check that is 
preventing it from being allowed to send any email.





Microsoft was previously returning 4xx for 47 hours and then either 
disappearing the email or delivering it to Spam but now just returns 5xx. Yahoo 
has always returned 5xx. Google are accepting messages.



The advice in the URLs in the error messages are meaningless because I have no 
"outgoing emails" to review if they're never accepted. This domain has 
SPF/DKIM/DMARC configured and the network is registered with SNDS/JMRP.



I don't get anything but automated or template responses from Microsoft or 
Yahoo support.





I have 5 users in total (including myself) and don't operate any mailing lists. 
This issue is frustrating when emails to Sky/AOL/Hotmail/etc. all bounce.











1. Aside from the creation date in RIPE WHOIS, here's the RIPE list of

IPv4 transfers for proof that this was transferred (and when):



https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww-static.ripe.net%2Fdynamic%2Ftable-of-transfers%2Finter-rir%2Fincoming-ipv4.jsondata=02%7C01%7Cmichael.wise%40microsoft.com%7C09344a3750284e03be1808d83591db9b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637318247859112616sdata=i0QkOcFiWyAtpdwpXZZCT5HpB6Xci5a0d4N6%2FTYxm%2Bw%3Dreserved=0



{"transferred_blocks":"209.16.157.0/24", "date":"30/06/2020", 
"transferType":"POLICY", "from_rir":"ARIN", "to_organisation":"Edinburgh 
Hacklab Ltd"}



2. 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fstat.ripe.net%2F209.16.157.0%252F24%23tabId%3Droutingdata=02%7C01%7Cmichael.wise%40microsoft.com%7C09344a3750284e03be1808d83591db9b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637318247859112616sdata=0ESCRUmRA5ZKsJCT3STJiYit8IsEfI%2FzCUxHAVZgFDU%3Dreserved=0



--

Simon Arlott



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C09344a3750284e03be1808d83591db9b%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637318247859122563sdata=qQOEVobZuB3ap1Z1Q9fWaZaMIzOA2laxQwTm4aHW4iI%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Correct way to report SPF issue to Microsoft

[Michael Wise via mailop]

And the IP address would be ...?

As noted elsewhere, opening a ticket with "Hotmail" will accomplish nothing.

“Hotmail” and Office365 are entirely different services.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Paul Thornton via mailop
Sent: Monday, July 27, 2020 12:52 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Correct way to report SPF issue to Microsoft



Hi folks,



I have just had a frustrating exchange of E-mails with some automaton at 
Microsoft whilst trying to explain the following.



I have a domain hosted on 365 where in addition to reading mails in Outlook 365 
online, we forward one incoming address externally.  The domain hosted on 365 
has the standard recommended MS SPF record - include:spf.protection.outlook.com 
-all.



Occasionally (maybe 1 in 100 E-mails), the forward bounces, and the reason is 
that it comes from a Microsoft IP address not listed in the included 
spf.protection.outlook.com record - so the 3rd party external MXers we are 
sending to correctly bounce based on the SPF hard failure.



I can, of course, fix this for our domain by tweaking our SPF record - but it 
seems that this is something that probably needs correcting at the MS end.



I opened a ticket using the usual deliverability issues form but hilariously, 
it tells me that the IP address I have specified does not qualify for 
mitigation.  That IP is the source IP I Microsoft that I mentioned as an 
example.  Despite replying several times, and attempting to determine if I am 
talking to a human or not (conclusion, I am not), I've not really made any 
progress.



What's the correct method to report things like this?  Is this something 
Michael can forward internally to a real human who can resolve it (ticket 
reference is SRX1505698696ID)?



Thanks,



Paul.





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C2c6d1bde65f648c7929b08d83202335d%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637314332326325556sdata=4G0T%2BJq6I2V14H0j4CkuVg%2BdXHAymV1qiRu3OVFs%2F%2BI%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft giving Server Busy errors for M365

[Michael Wise via mailop]

The IP is being throttled… for what exactly, I can’t say.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Faisal Misle via mailop
Sent: Friday, July 24, 2020 1:51 PM
To: Kevin A. McGrail ; mailop 
Subject: [EXTERNAL] Re: [mailop] Microsoft giving Server Busy errors for M365

We usually route them through our TAM and our Premier team when I worked at 
Rackspace.

Don’t think there’s a place for ISPs

Best,
Faisal

PGP Key: 
C8FD029B


On Fri, Jul 24, 2020 at 3:37 PM, Kevin A. McGrail via mailop 
mailto:mailop@mailop.org>> wrote:
Microsoft's anti-spam seems to be misfiring again but for once it is on
the m365 paid customer.  Seeing deferred messages like dsn=4.0.0,
stat=Deferred: 451 4.7.500 Server busy. Please try again later from
[38.124.232.13]. (S77714)
[CO1NAM04FT003.eop-NAM04.prod.protection.outlook.com]

Anyone know how to open a ticket about this?  Working for m365
customer(s) to open support tickets but is there a place for ISPs to let
Microsoft know they have an issue?

Regards,

KAM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Outbound from M365 to relay off our SMTP with SMTPAUTH

[Michael Wise via mailop]

Have you tried talking with your Microsoft Technical Account Manager (TAM) ?
Personally, I have no idea.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Kevin A. McGrail via 
mailop
Sent: Saturday, July 18, 2020 10:33 AM
To: mailop 
Subject: [EXTERNAL] [mailop] Outbound from M365 to relay off our SMTP with 
SMTPAUTH


Hi All,

I've got a long outstanding Anyone out there know what I'm missing in trying to 
have M365 relay all outgoing mail through our on-premise SMTP servers?

I've opened support tickets but they went to evolveip.net with no response.

Here's what I used to do:

  - Admin | Exchange -> Mail Flow | Connectors -> create new connector
  - from 365 to partner
  - use when email sent to these domains
  - list domain names
  - route email through smart hosts
  - set to smtp.pccc.com

Has that setting been moved?  Does it not work with SMTP AUTH anymore?

Happy to share more info.

Regards,

KAM
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Post-processing Journal-Mails coming from O365, forwardedMail

[Michael Wise via mailop]

Just keep in mind, Journaling is PRE-FILTERED mail.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Faisal Misle via mailop
Sent: Tuesday, July 7, 2020 6:36 AM
To: Stefan Bauer ; mailop 
Subject: [EXTERNAL] Re: [mailop] Post-processing Journal-Mails coming from 
O365, forwardedMail

Have you tried journal rules?

https://docs.microsoft.com/en-us/exchange/security-and-compliance/journaling/configure-journaling

Best,
Faisal Misle
MCSA: Office 365

PGP Key: 
C8FD029B


On Tue, Jul 7, 2020 at 6:20 AM, Stefan Bauer via mailop 
mailto:mailop@mailop.org>> wrote:

Hi,

there is a feature in O365 that forwards mails (in/out/both..) to an 
archive-mailbox for long-term archiving.

We grab this mails via pop. However our available mail-readers (Thunderbird, 
Kopano) show the original mail as attachment.

This makes it very hard for handling/searching/reading of these mails.

Are there any tools available to just have the attachment that is the real and 
original mail?

example-mail can be found here:

https://nopaste.linux-dev.org/?1321451

I tried ripmime, but that removes relevant header-parts.

Thank you.

Stefan


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Post-processing Journal-Mails coming from O365, forwardedMail

[Michael Wise via mailop]

That sample has NOTHING about what we thought about the sample.
It’s all pre-filter, pre-verdict, pre … just about everything.

It’s useless from a diagnostic POV.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Stefan Bauer via mailop
Sent: Thursday, July 9, 2020 10:49 PM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] Post-processing Journal-Mails coming from 
O365, forwardedMail


I did in my first mail.



https://nopaste.linux-dev.org/?1321451



Stefan




-Ursprüngliche Nachricht-
Von: Luis E. Muñoz via mailop mailto:mailop@mailop.org>>
Gesendet: Freitag 10 Juli 2020 02:49
An: mailop mailto:mailop@mailop.org>>
Betreff: Re: [mailop] Post-processing Journal-Mails coming from O365, 
forwardedMail


On 8 Jul 2020, at 22:36, Stefan Bauer via mailop wrote:

> there is a feature in O365 that forwards mails (in/out/both..) to an
> archive-mailbox for long-term archiving.
>
> We grab this mails via pop. However our available mail-readers
> (Thunderbird, Kopano) show the original mail as attachment.
>
> This is the „envelope wrapper“ format. It contains the _final_
> recipient(s) of the email (eg after aliasing, distribution list
> expansion etc), and contains the original email - headers and body -
> unchanged. The advantage is that the archiving process does not need
> to do any of the logic Exchange does (no further LDAP lookups etc).

Can someone donate a test message through pastebin? I would like to take
a look at one directly.

Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Post-processing Journal-Mails coming from O365, forwardedMail

[Michael Wise via mailop]

Journal-Mails ...

Look for the X-Forefront-Antispam-Report header.

If it's NOT present, or does not have the tokens of SFV:SPM or SFV:NSPM, you've 
configured it wrong.



Just something I've heard.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Jaroslaw Rafa via mailop
Sent: Thursday, July 9, 2020 2:26 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Post-processing Journal-Mails coming from 
O365, forwardedMail



Dnia  9.07.2020 o godz. 11:22:21 Jaroslaw Rafa pisze:

> Dnia  9.07.2020 o godz. 05:36:41 Stefan Bauer via mailop pisze:

> >

> > Are there any tools available to just have the attachment that is

> > the real and original mail?

>

> Try looking at "munpack":

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinu

> x.die.net%2Fman%2F1%2Fmunpackdata=02%7C01%7Cmichael.wise%40micros

> oft.com%7C4900a46c56184a66097d08d823ea9eb5%7C72f988bf86f141af91ab2d7cd

> 011db47%7C0%7C0%7C637298837886048501sdata=WEkEZ9AMZSRb5RCmRVXEpL0

> Gyh9q1x4GgG3FoK70UG0%3Dreserved=0

> or "mu extract":

> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmanpa

> ges.ubuntu.com%2Fmanpages%2Ffocal%2Fman1%2Fmu-extract.1.htmldata=

> 02%7C01%7Cmichael.wise%40microsoft.com%7C4900a46c56184a66097d08d823ea9

> eb5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637298837886048501

> p;sdata=2%2BHnBmyAMCH3PspoYOcQ0mr1IK%2F%2FCcVgkxBpaYf1JsE%3Dreser

> ved=0



There's even more...

ripmime: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flinux.die.net%2Fman%2F1%2Fripmimedata=02%7C01%7Cmichael.wise%40microsoft.com%7C4900a46c56184a66097d08d823ea9eb5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637298837886048501sdata=rUM2BoKV5zz5gZNHzAeUKQSth9JfkI7GwQBqN7d%2BuO4%3Dreserved=0

metamail: 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.netadmintools.com%2Fhtml%2F1metamail.man.htmldata=02%7C01%7Cmichael.wise%40microsoft.com%7C4900a46c56184a66097d08d823ea9eb5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637298837886048501sdata=ZSvKFXtmxI0LORHIEap38rYzikZNBBbnWeMVXSg%2BNg4%3Dreserved=0



You can try which one suits you best.

--

Regards,

   Jaroslaw Rafa

   r...@rafa.eu.org

--

"In a million years, when kids go to school, they're gonna know: once there was 
a Hushpuppy, and she lived with her daddy in the Bathtub."



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C4900a46c56184a66097d08d823ea9eb5%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637298837886048501sdata=MOGYS1Y8miZPgPhIxNtHrdBYij6D2qTVZOlSr3I70OM%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft Block list (S3150)

[Michael Wise via mailop]

A *VERY* strong economic argument.



Issues with the sender.office.com website have been escalated, but as of yet 
I’m unaware of a response, and other duties are demanding my attention at the 
moment. I’ll update when I can.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Michael Rathbun via mailop
Sent: Monday, June 29, 2020 12:19 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Microsoft Block list (S3150)



On Mon, 29 Jun 2020 19:39:39 +0200, Hans-Martin Mosner via mailop 
mailto:mailop@mailop.org>> wrote:



>I would draw the line where someone identifies himself properly and

>brings a plausible explanation of events - "we only acquired the IP

>range recently" can be checked and is pretty plausible. If someone contacts us 
>about rejected mail they can be pretty sure that I read their message and look 
>into the matter.



Your task now is to persuade the manager-fo-the-moment that they should fund 
the creation and operation of a group of people who would read and respond. Be 
sure to make a strong economic argument.



>Mail operators who refuse to accept mail from peer mail operators (not

>anonymous spammers) may find themselves in the same boat pretty

>quickly, as they depend on getting their mail delivered to others as

>well. I've been on the verge of rejecting mail from the Microsoft mail 
>infrastructure with pretty scathing error messages due to their apparent 
>inactivity in getting a fix on hacked accounts more than once.



If you could locate someone in the structure who could be cajoled into caring 
whether you accept Microsoft's mail, and taking effective action in the matter, 
I personally would be interested in learning that person's identity.

Certainly while I was there I failed at this.



You might want also to consider the meaning of the word "peer" in the context 
of the Redmond campus.



>It wouldn't hurt them, I know, and when I correctly remember the way

>Microsoft-created mail software mutilates and hides error messages my message 
>would probably not even reach their customers.



It's a target-rich environment.



mdr

--

   Those who can make you believe absurdities

   can make you commit atrocities.

-- Voltaire





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C95fb877904a54623fa6108d81c61f031%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637290554253834035sdata=%2BNO4Ju6%2FcuQPLd5kpEcudTvwcsgF%2FmtKMDT9JLtip%2B4%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Hotmail - New Support Request form not working?

[Michael Wise via mailop]

Making inquiries …

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Scott Mutter via mailop
Sent: Wednesday, June 10, 2020 1:32 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Hotmail - New Support Request form not working?

I know there's a guy that frequents this mailing list from Microsoft.  
Apologies if this isn't really Mailops worthy... but Microsoft is one of those 
great companies that's just really, really, really hard to get a hold of a 
human.

I'm not able to get the support request form at:

https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

to work.  It keeps kicking back:

We're sorry, but something went wrong on our end. Please try again later

Now, I've always had trouble with the captcha on this form - it always takes a 
dozen or so attempts to get the captcha right (is that an O or a 0?  a k or K?  
a  v or a V?).  But I'm thinking the error is different when it kicks it out 
because of captcha.  At any rate, I've tried filling out the captcha a couple 
of dozen times to no avail.

Is there a better way to dispute a Hotmail IP block?  It would also be 
IMMENSELY helpful if they could ever tell me why Hotmail is blocking an IP.  
The same song and dance of: submit form, wait 3 days, be told it doesn't 
qualify for remediation, reply back, wait 3 days, and then finally be told that 
it qualifies for conditional mitigation.

The specific IP in question here is:

191.101.16.96

I've checked everything I know to check - public blacklists, Symantic, 
Proofpoint, Senderbase, Senderscore - all show this IP being fine.  But Hotmail 
is blocking the IP:

550 5.7.1 Unfortunately, messages from [191.101.16.96] weren't sent. Please 
contact your Internet service provider since part of their network is on our 
block list (S3140). You can also refer your provider to 
http://mail.live.com/mail/troubleshooting.aspx#errors.
 
[VE1EUR03FT050.eop-EUR03.prod.protection.outlook.com]


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Attention Michael Wise - need your assistance

[Michael Wise via mailop]

For OLC, aka "Hotmail" issues...

You know the answer to that, Al: No.

Now if something is broken with the process, like no follow-up with the 
automatic mitigation, or if it's an issue with Office365, I can see what I can 
do, but for, "Why can't my IP be unblocked for sending to Hotmail" ... NO.



I get spanked for it.

So no, for those sorts of issues, no, I am not an escalation point.

There is *NO* escalation point outside of the Support Funnel, which if one has 
an SRX# already, one is already in.

I can't handle escalations for a service that has half a billion customers, 
sorry.



Not happening.

Doesn't scale.

There is no secret back door person who can unblock stuff.

And if one attempts to appeal to Senior Leadership … we may just get a request 
to block the petitioner at the edge.

There is no, “Appealing Unto Caesar”.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Al Iverson via mailop
Sent: Friday, June 5, 2020 2:20 PM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] Attention Michael Wise - need your assistance



Hey Michael,



Are you an escalation point for Microsoft issues?



Is Mailop?



On Fri, Jun 5, 2020 at 3:58 PM Rauf Guliyev via mailop 
mailto:mailop@mailop.org>> wrote:

>

> Hey Michael,

>

> I haven't gotten any response from you either (did my emails end up in the 
> Spam folder? ;-) and there is nothing with the cases I have submitted either 
> (SR1500907063 and SR1501411372). I'd appreciate a response.

>

> Thanks,

> Rauf

>

> On Fri, Jun 5, 2020 at 1:42 PM Marc Goldman via mailop 
> mailto:mailop@mailop.org>> wrote:

>>

>> Hi Michael,

>>

>> I sent you an email the other day (that may have been overlooked)

>>

>> Have a case (SRX1502275554ID) that I asked you to check on for me that was 
>> denied mitigation even though we just took over this 1 IP a week ago.

>>

>> You can contact me off list for anything you need.

>>

>> Thanks!

>>

>> Marc Goldman

>>

>> ___

>> mailop mailing list

>> mailop@mailop.org

>> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchi

>> lli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%

>> 7C01%7Cmichael.wise%40microsoft.com%7C6e1b6be42d0e4b6d3cd708d80996a9b

>> 4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637269889983169342

>> ;sdata=U2g2RpeOsMYj2HYPbeiBPe6BNt%2BzQIyafUSHNYLaQHo%3Dreserved=

>> 0

>

> ___

> mailop mailing list

> mailop@mailop.org

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchil

> li.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C

> 01%7Cmichael.wise%40microsoft.com%7C6e1b6be42d0e4b6d3cd708d80996a9b4%7

> C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637269889983169342sda

> ta=U2g2RpeOsMYj2HYPbeiBPe6BNt%2BzQIyafUSHNYLaQHo%3Dreserved=0







--

Al Iverson // Wombatmail // Chicago

Song a day! 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.wombatmail.com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C6e1b6be42d0e4b6d3cd708d80996a9b4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637269889983169342sdata=2G0X5pEAhqgQwHFRlFIwbK0utpnIE89Lt2AV4I0%2Bdzs%3Dreserved=0

Deliverability! 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fspamresource.com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C6e1b6be42d0e4b6d3cd708d80996a9b4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637269889983169342sdata=Iu%2Fpy3uZzW%2F2xTBOsvbCjQtM7QI41Hk7cqLXbYJQ%2Bog%3Dreserved=0

And DNS Tools too! 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fxnnd.com%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7C6e1b6be42d0e4b6d3cd708d80996a9b4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637269889983169342sdata=QamPS5ZXRqFrfzXbwKdYwEhVNZtZ2Y%2FC%2BjzDxG1PNIc%3Dreserved=0



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C6e1b6be42d0e4b6d3cd708d80996a9b4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637269889983169342sdata=U2g2RpeOsMYj2HYPbeiBPe6BNt%2BzQIyafUSHNYLaQHo%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Force double opt in for marketing list companies per email address

[Michael Wise via mailop]

It would need to be a standard... a SINGLE standard.

Like the FTC "Do Not Call" list.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Stuart Henderson via 
mailop
Sent: Tuesday, June 2, 2020 6:52 AM
To: Tim Bray 
Cc: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Force double opt in for marketing list 
companies per email address



On 2020/06/02 14:35, Tim Bray via mailop wrote:

> My question to mailchimp et al:

>

> Is there way I could force my email address to be double opt in?

> Like register with you, confirm my address, and then any of your

> customers who try to add me, I get a `please confirm` email.



This, but without the "have to register" bit ...





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C54fda74ea1874866ddea08d806fcacb1%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637267029595466145sdata=Kvd%2FA%2FFCdoqX4R6I9RPGKjCX%2BF95xY5pBNATC6B4oXg%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Problem delivering to protection.outlook.com

[Michael Wise via mailop]

You need to start here...

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Jay R. Ashworth via mailop
Sent: Wednesday, May 27, 2020 7:26 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Problem delivering to protection.outlook.com



A week or so ago, I discovered after 7 years that my mail server (running 
Zimbra 8) was an open relay.  :-}



I tightened it up after about 4 hours, and checked a couple RBL checkers, 
(MXtoolbox and anti-abuse) and there were only 3 hits for the IP, and I 
requested clearance on them, and got it, and both now show all green...



but when I tried to send someone at hotmail an email today, I got the below 
bounce, which includes an error code, and a link to a page of error codes 
*which does not include that code or anything like it*.



Is there someone on here from outlook.com or the protection subdomain, who can



  a) tell me how I *would* clean that up -- the linked page of error codes

 mentions Spamhaus, but they seem ok with me too, and



  b) clean up either the SMTP error message you're sending out or the table

 you tell people to look it up in?  :-)



Cheers,

-- jr  a





- Forwarded Message -

> From: "Mail Delivery System" 
> mailto:mailer-dae...@franklin.baylink.com>>

> To: "jra" mailto:j...@baylink.com>>

> Sent: Wednesday, May 27, 2020 7:13:30 PM

> Subject: Undelivered Mail Returned to Sender



> This is the mail system at host franklin.baylink.com.

>

> I'm sorry to have to inform you that your message could not be

> delivered to one or more recipients. It's attached below.

>

> For further assistance, please send mail to postmaster.

>

> If you do so, please include this problem report. You can delete your

> own text from the attached returned message.

>

>   The mail system

>

> mailto:astrokit...@hotmail.com>>: host

>hotmail-com.olc.protection.outlook.com[104.47.6.33] said: 550 5.7.1

>Unfortunately, messages from [45.79.209.44] weren't sent. Please contact

>your Internet service provider since part of their network is on our block

>list (S3150). You can also refer your provider to

>
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.live.com%2Fmail%2Ftroubleshooting.aspx%23errorsdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cf506b2a4e15c4523383108d8064f0943%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637266283815471932sdata=eId%2B1hWVQ7msDV6u6rHVrgDSbB5o5Q%2FlKMnb7JO%2F72E%3Dreserved=0.

>[VE1EUR02FT022.eop-EUR02.prod.protection.outlook.com] (in reply to MAIL

> FROM command)



--

Jay R. Ashworth  Baylink   
j...@baylink.com

Designer The Things I Think   RFC 2100

Ashworth & Associates   
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.bcp38.info%2Fdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cf506b2a4e15c4523383108d8064f0943%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637266283815471932sdata=pgZJp2DLH2yD%2BZTO5vOC1Hrw2aNPB8iuWMQLPiUewiw%3Dreserved=0
  2000 Land Rover DII

St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cf506b2a4e15c4523383108d8064f0943%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637266283815471932sdata=Q7sAPe0sQ2TRJLjYBd9Df4uH680vTQLg%2F8Rzvwj9Pdo%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft Outlook "Modern Authentication"?

[Michael Wise via mailop]

The Exchange Protocol, as I understand it, allows nFA, while IMAP does not.

Or that is what I have been told.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Daniele Nicolodi via 
mailop
Sent: Thursday, May 28, 2020 12:35 PM
To: Andrew C Aitchison 
Cc: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Microsoft Outlook "Modern Authentication"?



On 25/05/2020 04:16, Andrew C Aitchison via mailop wrote:

> On Mon, 25 May 2020, Daniele Nicolodi via mailop wrote:

>> Does anyone know what "modern authentication" mean in the context of

>> the

>> Office365 / Microsoft email accounts?

>

> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs

> .microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-onl

> ine%2Fenable-or-disable-modern-authentication-in-exchange-onlined

> ata=02%7C01%7Cmichael.wise%40microsoft.com%7C9b3af7a33498462d07b108d80

> 653de6c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C63726630457816255

> 1sdata=5gg493bZ%2BgrbbNtlVXSzDBYr%2F82RdMZFtRuRjnGpj88%3Dres

> erved=0 suggests that it is based on the Active Directory

> Authentication Library

> (ADAL) and OAuth 2.0.

>

> That page has many links to pages of information on using "modern

> authentication" with Microsoft clients :-)



I read a bit more about this and "modern authentication" means also that the 
IMAP protocol to connect the the mailboxes is disabled.



Does anyone know if there is any alternative to Outlook to access Exchange 
Online mailboxes that require modern authentication?



The IT department of the organization that is pushing thins says that modern 
authentication and disabling IMAP (over SSL) enhance security. I don't see how 
this is the case. Does anyone have an opinion?



Thank you.



Cheers,

Dan



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C9b3af7a33498462d07b108d80653de6c%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637266304578162551sdata=IfXD5VnZW9lOUOLXJnckUqavAL0TbUCZ33EL%2BakjHRA%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Anybody seeing a spike of S844 error from Microsoft

[Michael Wise via mailop]

Replied offline.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Rauf Guliyev via mailop
Sent: Thursday, May 14, 2020 10:26 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Anybody seeing a spike of S844 error from Microsoft

Hello,

We are seeing a spike of S844 errors from Microsoft started on May 12. SNDS 
doesn't show any changes. To add to the puzzle, it is happening  to only one of 
our datacenters / IP network only, the rest is completely normal.

Thanks in advance,
Rauf
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Anyone have any luck delisting from Microsoft's Advanced Threat Protection (ATP)?

[Michael Wise via mailop]

No, because I don’t have access to that particular ticketing system.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: Alex Burch 
Sent: Wednesday, May 13, 2020 10:32 AM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Anyone have any luck delisting from 
Microsoft's Advanced Threat Protection (ATP)?

Hi Michael,

I apologize in advance for beating this dead horse, but we tried going this 
route - we went through paid support in our Office/Microsoft365 account 
(Business Premium) and these tickets have not been resolved. Is there any way 
you could attract some eyeballs to ticket #19907517 ?

Thanks,
Alex

--

[https://d226aj4ao1t61q.cloudfront.net/cy3nisxfd_ac_logo-circle.png]
Alexander Burch
ActiveCampaign / Senior Deliverability Engineer
abu...@activecampaign.com<mailto:abu...@activecampaign.com>
1 North Dearborn St Suite 500, Chicago IL, 60602
[https://d226aj4ao1t61q.cloudfront.net/ys2h3to2m_email-facebook.png]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Factivecampaign=02%7C01%7CMichael.Wise%40microsoft.com%7Cb9b26220160f4e8afa8a08d7f7638130%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637249879053593235=zVcJLWY5hdjDf27HCXM3JwB2o7M3tZIGzE9%2Fl1Apsn8%3D=0>
 [https://d226aj4ao1t61q.cloudfront.net/tc3x0kcsn_email-twitter.png] 
<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.twitter.com%2Factivecampaign=02%7C01%7CMichael.Wise%40microsoft.com%7Cb9b26220160f4e8afa8a08d7f7638130%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637249879053603227=21mGPHVYXktkSQfX%2FIqXRfpp46JG1GihH81%2B%2BnwHOAM%3D=0>
  [https://d226aj4ao1t61q.cloudfront.net/y1t0ztxcr_email-linkedin.png] 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Factivecampaign-inc-=02%7C01%7CMichael.Wise%40microsoft.com%7Cb9b26220160f4e8afa8a08d7f7638130%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637249879053603227=YucWPymRvM3bwcu%2B5vf3U1hKJgTNTYMgQyeOMYrFKlk%3D=0>
  [https://d226aj4ao1t61q.cloudfront.net/j14l6ck9n_email-google.png] 
<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fplus.google.com%2F107063868317743606466=02%7C01%7CMichael.Wise%40microsoft.com%7Cb9b26220160f4e8afa8a08d7f7638130%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637249879053613223=TRPIHgR0DrS2AxQIUxl087PWNcAFTO8476zlqRrhXbg%3D=0>

[https://www.activecampaign.com/sig/?u=aburch]<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.activecampaign.com%2Fsig%2F%3Fu%3Daburch%26c%3D1=02%7C01%7CMichael.Wise%40microsoft.com%7Cb9b26220160f4e8afa8a08d7f7638130%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637249879053613223=Ji043GE7ELxtXSfNR5eBORLbhwlqJyDlyWT1%2BJ9REEk%3D=0>


On Mon, May 11, 2020 at 12:31 PM Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:

Normally a recipient tenant raises an FP ticket, and that gets the ball rolling.
External escalations are rare.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for 
Hotmail<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866__%3B!!JIZ-LZtDGnv5HBqN_A!ZSl_A-jmTQTJDuRJj2jyEdyF7bYyDwi9VnD-OGKl3eS6AgFdvkM_3KaqCZLQSwb-moVd%24=02%7C01%7CMichael.Wise%40microsoft.com%7Cb9b26220160f4e8afa8a08d7f7638130%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637249879053623218=0s7jfymIF7wmNAJlHSq0zLRYh%2BrCrgcKB1R2Q9QkHBc%3D=0>
 ?

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of David Carriger via mailop
Sent: Monday, May 11, 2020 11:21 AM
To: mailop@mailop.org<mailto:mailop@mailop.org>
Subject: [EXTERNAL] [mailop] Anyone have any luck delisting from Microsoft's 
Advanced Threat Protection (ATP)?

Hi everyone,

Has anyone had any success in getting false positives removed from ATP? There 
isn't any public delisting endpoint available, and emails to various Microsoft 
email addresses, as well as open support cases, have not been met with much 
success.

The support case is #19907517, for any interested Microsoft folks who might be 
on here.

Best regards,
David Carriger
ActiveCampaign / Deliverability Engineer
___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!ZSl_A-jmTQTJDuRJj2jyEdyF7bYyDwi9VnD-OGKl3eS6AgFdvkM_3KaqCZLQS4avPXrN$<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.com%2Fv3%2F__https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop__%3B!!JIZ-LZtDGnv5HBqN_A!ZSl_A-jmTQTJDuRJj2jyEdyF7bYyDwi9VnD-OGKl3eS6AgFdvk

Re: [mailop] [EXTERNAL] Anyone have any luck delisting from Microsoft's Advanced Threat Protection (ATP)?

[Michael Wise via mailop]

Normally a recipient tenant raises an FP ticket, and that gets the ball rolling.
External escalations are rare.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of David Carriger via mailop
Sent: Monday, May 11, 2020 11:21 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Anyone have any luck delisting from Microsoft's 
Advanced Threat Protection (ATP)?

Hi everyone,

Has anyone had any success in getting false positives removed from ATP? There 
isn't any public delisting endpoint available, and emails to various Microsoft 
email addresses, as well as open support cases, have not been met with much 
success.

The support case is #19907517, for any interested Microsoft folks who might be 
on here.

Best regards,
David Carriger
ActiveCampaign / Deliverability Engineer
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Outlook Insufficient system resources

[Michael Wise via mailop]

The issue is being investigated…

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of David Malagon via mailop
Sent: Thursday, May 7, 2020 3:30 AM
To: mailop 
Subject: [EXTERNAL] Re: [mailop] Outlook Insufficient system resources

Hello

Here, many errors like this and also missing emails during this and the past 
week, we have detected  that in some 250 OK response messages from Outlook 
messages are missing.

It looks like that there is some issue on Microsoft side, but it lasts for two 
weeks now, from what I see in other posts.

Someone at Microsoft has any advice?

Thanks

Regards

El mar., 5 may. 2020 a las 17:03, Emre Üst via mailop 
(mailto:mailop@mailop.org>>) escribió:
Hello experts ,

Does anyone have connection issues to Outlook mx's after insufficient system 
resources error? Pending mail in the queue is not decreasing depending on smtp 
connection to Outlook .

Error: "452 4.3.1 Insufficient system resources (TSTE) 
[AM6EUR05HT033.eop-eur05.prod.protection.outlook.com]
 
[AM6EUR05FT059.eop-eur05.prod.protection.outlook.com]"
 while connected from 
eg-c-5-030.euromsg.net
 (185.11.212.30) to 
hotmail-com.olc.protection.outlook.com
 (104.47.18.97)

Thank you . Regards

--
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_01.jpg]
Emre ÜST
Deliverability Team Leader

t.   +90 212 343 07 39
f.   +90 212 343 07 42
m. +90 533 157 73 10

email: emre@relateddigital.com
web: 
relateddigital.com
Maslak Mah. Büyükdere Cd. No:249 Sarıyer - İstanbul


[http://clients.euromsg.com/i/euromsg/2016/06/1/2_01.jpg]
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_02.jpg]
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_03.jpg]
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_04.jpg]
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_05.jpg]
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_06.jpg]
[http://clients.euromsg.com/i/euromsg/2016/06/1/2_01.jpg]

Re: [mailop] [EXTERNAL] Re: Hotmail blacklist

[Michael Wise via mailop]

You will need to pursue this with Amazon.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Ryan Smith via mailop
Sent: Thursday, April 23, 2020 9:46 AM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Hotmail blacklist



> My server's IP is on the hotmail blacklist. I can't find any details

> as to why. I only have four users and we don't send any bulk mail.

> Mostly just a small law firm communicating with clients. I'm set up

> with SNDS but I don't see any details there that let me track down the

> source of the blacklisting. I just set up the junk mail reporting. I

> thought I had already done that but I don't remember ever getting any reports.



I am in the exact same boat.  I run two mail servers on AWS strictly for 
transactional email and system messages.  No users have access to send.  I have 
been signed up to SNDS and JMRP for years and have not personally received any 
SPAM complaints.



The SMTP error indicates it's part of a larger blacklist:

"550 5.7.1 Unfortunately, messages from [x.x.x.x] weren't sent. Please contact 
your Internet service provider since part of their network is on our block list 
(S3140). You can also refer your provider to 
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.live.com%2Fmail%2Ftroubleshooting.aspx%23errorsdata=02%7C01%7Cmichael.wise%40microsoft.com%7C15c42daf64b44fed139108d7e7a64ee6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637232573783330021sdata=VSbCrtH26mKZyjW36l6cFTb4idviJp%2Fm%2BZS5ofqecoM%3Dreserved=0.;





I am opening a ticket with AWS.





-rts



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C15c42daf64b44fed139108d7e7a64ee6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637232573783330021sdata=B8MEz58MEUD3c5Obe%2B%2F9%2BOMHUI%2FMFEzb25lmCXOQhZU%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Microsoft reporting insufficent resources errors.

[Michael Wise via mailop]

If you’re seeing 4xx deferrals from our network, best to back off and also stop 
sending new mail until the situation subsides.
I’ve brought this issue to the attention of others, thanks for the heads-up!

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of David Malagon via mailop
Sent: Wednesday, April 8, 2020 1:26 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Microsoft reporting insufficent resources errors.

Hello everybody.

In the last hour we have being receiving lots of different error messages from 
Microsoft servers:

452 4.3.1 Insufficient system resources (TSTE)
452 4.3.1 Insufficient system resources (PendingCommits[Large])

Is there any known issue? Should stop trying messages in this scenario?

Regards

David


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Quick question on Yahoo warning messages...

[Michael Wise via mailop]

Are we allowed a /snerk ? 

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ?

From: Eric Tykwinski 
Sent: Monday, April 6, 2020 6:30 PM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Quick question on Yahoo warning messages...

Everyone disregard that last email.  His email name was listed as "Yahoo 
Warning" on their server.  Probably from not ever typing one in.
I ran over and fixed it in 2 seconds…

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


On Apr 6, 2020, at 9:15 PM, Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:


Can you get a set of full headers of the email as received and little-r it to 
me?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for 
Hotmail<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkID%3D614866=02%7C01%7Cmichael.wise%40microsoft.com%7Cf17c9b2dac6b42dde45408d7da9355b6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637218198648320774=IqUu%2BULIXDvvLLT0nLLd%2B69hsUd%2FRiY6CfyCKBM452U%3D=0>
 ?

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Eric Tykwinski via mailop
Sent: Monday, April 6, 2020 6:03 PM
To: mailop mailto:mailop@mailop.org>>
Subject: [EXTERNAL] [mailop] Quick question on Yahoo warning messages...

My next door neighbor, a doctor, is emailing through his MS Surface.  No clue 
what version, but every time he sends an email through it, it’s set’s a warning 
message on Yahoo.  My guess is that MS is using some app to download and send 
emails like 
Mail.ru<https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmail.ru%2F=02%7C01%7Cmichael.wise%40microsoft.com%7Cf17c9b2dac6b42dde45408d7da9355b6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637218198648330733=ha0AoL8OK15M0T7%2Bic0y9LZOPozmB9%2BHPitOSqHpc7Q%3D=0>
 and others, ie breaking DMARC.  Perhaps someone from Oauth knows what the 
message means?  It doesn’t seem to be causing an issue, but obviously with the 
current situation he’s a bit hesitant, so I’ve told him to use webmail for now.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cf17c9b2dac6b42dde45408d7da9355b6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637218198648330733=tDvNh9K8sXs63trh8QjRzst25PTI82JgVM34yZ96RFo%3D=0>

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop