Re: [mailop] TLS inbound to comcast.net

[Suresh Ramasubramanian via mailop]

Yeah Benny – if you’re running 16 year old code and certificates that you’re 
still on TLS v1 or 1.1,  it is time to upgrade, asap.  What you have is not 
much better or worse than sending it en clair anyway.

From: mailop  on behalf of Serhii via mailop 

Date: Tuesday, 21 May 2024 at 6:39 PM
To: mailop@mailop.org 
Subject: Re: [mailop] TLS inbound to comcast.net
https://datatracker.ietf.org/doc/rfc8996/

>This document formally deprecates Transport Layer Security (TLS)
>versions 1.0 (RFC 2246) and 1.1 (RFC 4346).  Accordingly, those
>documents have been moved to Historic status.  These versions lack
>support for current and recommended cryptographic algorithms and
>mechanisms, and various government and industry profiles of
>applications using TLS now mandate avoiding these old TLS versions.
>TLS version 1.2 became the recommended version for IETF protocols in
>2008 (subsequently being obsoleted by TLS version 1.3 in 2018),
>providing sufficient time to transition away from older versions.
>**Removing support for older versions from implementations reduces the
>attack surface, reduces opportunity for misconfiguration, and
>streamlines library and product maintenance.**

On 5/21/24 00:33, Benny Pedersen via mailop wrote:
> Brotman, Alex via mailop skrev den 2024-05-20 15:09:
>> Hey folks,
>>
>> Over the next few weeks, we're going to be disabling TLSv1/v1.1 inbound to 
>> our platform.  Most senders are already using TLSv1.2/v1.3, so I don't think 
>> this will be an issue.  However, keep in mind that if you're not already 
>> using those newer versions, you'll now revert to clear-text. Around the same 
>> time, we'll also begin negatively impacting reputation for clear-text 
>> senders (those without TLSv1.2/v1.3).  It won't be a huge impact, but many 
>> senders are extremely cautious in these areas.  If you have questions, 
>> please let me know.
>
> i say disabling tls versions is plain stupid to make plain text a bigger 
> problem, simply don't make that kind of security
>
> if comcast.net have found a bug in openssl, please make a ticket for this, so 
> it will be fixed in openssl
>
> i don't like your wording on "hey something"
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

--
Send unsolicited bulk mail to carl...@at.encryp.ch
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Google Mail rejects forwarded email despite `~all` in SPF

[Suresh Ramasubramanian via mailop]

Why is that, when 90% ++ of the transactions are between a limited set of 
providers, and even after that, within the long tail, there will be a similar 
bell curve so that most of your regular recipients that use ARC will eventually 
trust you?

Beyond that, converting authentication into “trust” should not in any case 
scale.

From: mailop  on behalf of Grant Taylor via mailop 

Date: Tuesday, 23 April 2024 at 9:35 AM
To: mailop@mailop.org 
Subject: Re: [mailop] Google Mail rejects forwarded email despite `~all` in SPF
On 4/22/24 09:16, Matus UHLAR - fantomas via mailop wrote:
> I'm afraid this is very long term solution - the recipient needs to
> trust your ARC signatures.

IMHO the "the recipient needs to trust your ARC signature" is ARC's
Achilles' heel.

I have not seen any way to get around this -- what I call -- priming
problem.



--
Grant. . . .
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Debt Collection Client Email Servers

[Suresh Ramasubramanian via mailop]

No email provider is going to investigate whether a spam complaint is “false” 
or “true”

If the percentage of spam complaints, bounces etc gets high enough, good luck 
to your email campaign

--srs

From: mailop  on behalf of Michael Irvine via mailop 

Sent: Monday, March 25, 2024 7:47:54 AM
To: Michael Peddemors ; mailop@mailop.org 

Subject: Re: [mailop] Debt Collection Client Email Servers

Thank you. I will be opening a ticket with them to have it change. Biggest 
issue we have is that the number of false spam complaints due to the nature of 
the industry.  Hard to keep the domain as good without talking directly to the 
postmasters.




Thanks,



Michael Irvine



 Original message 
From: Michael Peddemors via mailop 
Date: 3/22/24 17:09 (GMT-06:00)
To: mailop@mailop.org
Subject: Re: [mailop] Debt Collection Client Email Servers

CAUTION: This email originated from outside of the organization. Do not click 
any links or open attachments unless you recognize the sender and know the 
content is safe.



If they are 'dedicated', doesn't matter if they are coming from
SendGrid, the PTR should reflect your clients domain.

host 149.72.234.90
90.234.72.149.in-addr.arpa domain name pointer
wrqvzxrx.outbound-mail.sendgrid.net.

And given the amount of abuse of SendGrid servers, anything you can do
to differentiate from their generic naming conventions will help you.


On 2024-03-22 12:07, Michael Irvine via mailop wrote:
> Hello postmasters,
>
> One of our clients has been sending a debt collection campaign using
> email as the last resort of communication. These emails are more
> transactional and use a campaign mailing system to give some analytics.
>
> Context:
>
> We have 2 standard emails that go our daily. These emails describe the
> debt and how they can help.
>
> IP Addresses:
>
> 149.72.234.90
>
> 149.72.238.176
>
> 168.245.18.103
>
> NOTE: IPs are dedicated from SendGrid
>
> Subject line:
>
> Unifin is here to help with your [DEBTDESCRIPTION1] account.
>
> NOTE: [DEBTDESCRIPTION1] is the name of the debt company.
>
>  From Addresses are:
>
> olivia.ander...@unifinrs.com 
>
> emily.thomp...@unifinrs.com 
>
> Reply-to email is:
>
> myacco...@unifininc.com 
>
> Please reach out to me directly if there is additional information needed.
>
> Thank you,
>
> Michael Irvine | Great Computer Solutions
>
> m...@greatsys.com
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Love how people use SPF records.. Just for a chuckle..

[Suresh Ramasubramanian via mailop]

This looks more like they’ve been testing several providers and ended up with a 
large spf record that they might want to consider trimming.

--srs

From: mailop  on behalf of Michael Peddemors via 
mailop 
Sent: Tuesday, March 12, 2024 4:24:03 AM
To: mailop@mailop.org 
Subject: [mailop] Love how people use SPF records.. Just for a chuckle..

host -t TXT save.ca

save.ca descriptive text "v=spf1 ip4:70.33.236.0/25  mx a
include:sendgrid.net include:thestar.ca include:thestar.com
include:spf.google.com include:spf.protection.outlook.com
include:spf.yahoo.com include:spf.aol.com include:amazonses.com -all"

... so.. basically hard block everything except 1/2 the internet..

I assume someone that likes spamming set THAT one up.. there is a good
reason that SPF have a maximum DNS amount of queries..

#   69.39.224.72   2   serviciodeestudios.bbva.com
#   69.39.224.73   2
materialsresearchinstitute.northwestern.edu
#   69.39.224.75   3   serviciodeestudios.bbva.com
#   69.39.224.77   2   email.save.ca
#   69.39.224.78   2   libetwitt.liberation.fr
#   69.39.224.79   1   producteursdici.intermarche.com
69.39.224.72/29

No need to comment more of course..



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Another very strange microsoft originated email??

[Suresh Ramasubramanian via mailop]

Free trial account on Microsoft 365 being relayed through Microsoft 365 
outbounds by a Hetzner IP

--srs

From: mailop  on behalf of Michael Peddemors via 
mailop 
Sent: Thursday, December 7, 2023 5:38:33 AM
To: mailop@mailop.org 
Subject: [mailop] Another very strange microsoft originated email??

Take a look at the headers for this one..
Appears to come from an sender IP on Hetzner, but related to Microsoft??

Some headers snipped for brevity, but something sure appears rotten in
denmark..  love the boundary.. Any takers on explained how this is being
allowed or performed?

Return-Path: 
Received: from mail-psaapc01on2064.outbound.protection.outlook.com (HELO
APC01-PSA-obe.outbound.protection.outlook.com) (40.107.255.64)

...

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 49.13.172.216)
  smtp.mailfrom=cdklu.onmicrosoft.com; dkim=none (message not signed)
  header.d=none;dmarc=none action=none header.from=cdklu.onmicrosoft.com;
From: Autozone Department 
Subject: Celebrating Autozone anniversary with an DEWALT 200 Piece
Mechanics Tool Set
In-Reply: 
Content-Type: multipart/alternative; charset="UTF-8";boundary="FakOj.oyfbwp"




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Apple/icloud blocking - Message rejected due to local policy

[Suresh Ramasubramanian via mailop]

Ok we will check


--srs

From: mailop  on behalf of Scott Mutter via mailop 

Sent: Thursday, September 21, 2023 10:23:15 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy

Message sent again - today, 2023-09-21 11:51AM CDT.

Subject of the message is - 209.236.124.55 IP Blacklisted

I sent the message to icloudad...@apple.com<mailto:icloudad...@apple.com> and 
CC'd s...@apple.com<mailto:s...@apple.com>

On Thu, Sep 21, 2023 at 9:46 AM Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:

Can you resend your message to postmaster with a recent sample of the logs? Bcc 
me at s...@apple.com<mailto:s...@apple.com> so I can follow up with the team.



From: mailop mailto:mailop-boun...@mailop.org>> on 
behalf of Scott Mutter via mailop mailto:mailop@mailop.org>>
Date: Thursday, 21 September 2023 at 8:00 PM
To: mailop@mailop.org<mailto:mailop@mailop.org> 
mailto:mailop@mailop.org>>
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy

How long should I have to wait for a response?



I haven't heard anything back and icloud is still rejecting the message due to 
local policy.



On Tue, Sep 19, 2023 at 9:07 AM Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:

I will have the team check and reply to you



From: Scott Mutter 
mailto:mailopl...@amssupport.info>>
Date: Tuesday, 19 September 2023 at 6:28 PM
To: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy

I wrote icloudad...@apple.com<mailto:icloudad...@apple.com> on August 26, 2023.



Message was from 
postmas...@thoroughbred.wznoc.com<mailto:postmas...@thoroughbred.wznoc.com>



Subject of the message was - 209.236.124.55 IP Blacklisted



Just tried resending a message from this server, same error message:



 554 5.7.1 [HM08] Message rejected due to local policy. Please visit 
https://support.apple.com/en-us/HT204137







On Tue, Sep 19, 2023 at 2:08 AM Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:

Hi



What address did you email icloudadmin from?

I don’t see any current blocks on your IP



--srs



From: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Sent: Tuesday, September 19, 2023 10:33:52 AM
To: Scott Mutter 
mailto:mailopl...@amssupport.info>>; 
mailop@mailop.org<mailto:mailop@mailop.org> 
mailto:mailop@mailop.org>>
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy



I’ll have someone look at your email and reply if they haven’t yet



--srs



From: mailop mailto:mailop-boun...@mailop.org>> on 
behalf of Scott Mutter via mailop mailto:mailop@mailop.org>>
Sent: Tuesday, September 19, 2023 9:11:02 AM
To: mailop@mailop.org<mailto:mailop@mailop.org> 
mailto:mailop@mailop.org>>
Subject: [mailop] Apple/icloud blocking - Message rejected due to local policy



Anybody from Apple/iCloud able to provide any insight as to why messages from 
209.236.124.55 are being blocked with - Message rejected due to local policy 
messages?



I previously sent a message to 
icloudad...@apple.com<mailto:icloudad...@apple.com> but got no response.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Apple/icloud blocking - Message rejected due to local policy

[Suresh Ramasubramanian via mailop]

Can you resend your message to postmaster with a recent sample of the logs? Bcc 
me at s...@apple.com<mailto:s...@apple.com> so I can follow up with the team.

From: mailop  on behalf of Scott Mutter via mailop 

Date: Thursday, 21 September 2023 at 8:00 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy
How long should I have to wait for a response?

I haven't heard anything back and icloud is still rejecting the message due to 
local policy.

On Tue, Sep 19, 2023 at 9:07 AM Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:
I will have the team check and reply to you

From: Scott Mutter 
mailto:mailopl...@amssupport.info>>
Date: Tuesday, 19 September 2023 at 6:28 PM
To: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy
I wrote icloudad...@apple.com<mailto:icloudad...@apple.com> on August 26, 2023.

Message was from 
postmas...@thoroughbred.wznoc.com<mailto:postmas...@thoroughbred.wznoc.com>

Subject of the message was - 209.236.124.55 IP Blacklisted

Just tried resending a message from this server, same error message:

 554 5.7.1 [HM08] Message rejected due to local policy. Please visit 
https://support.apple.com/en-us/HT204137



On Tue, Sep 19, 2023 at 2:08 AM Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:
Hi

What address did you email icloudadmin from?
I don’t see any current blocks on your IP

--srs
________
From: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Sent: Tuesday, September 19, 2023 10:33:52 AM
To: Scott Mutter 
mailto:mailopl...@amssupport.info>>; 
mailop@mailop.org<mailto:mailop@mailop.org> 
mailto:mailop@mailop.org>>
Subject: Re: [mailop] Apple/icloud blocking - Message rejected due to local 
policy

I’ll have someone look at your email and reply if they haven’t yet

--srs

From: mailop mailto:mailop-boun...@mailop.org>> on 
behalf of Scott Mutter via mailop mailto:mailop@mailop.org>>
Sent: Tuesday, September 19, 2023 9:11:02 AM
To: mailop@mailop.org<mailto:mailop@mailop.org> 
mailto:mailop@mailop.org>>
Subject: [mailop] Apple/icloud blocking - Message rejected due to local policy

Anybody from Apple/iCloud able to provide any insight as to why messages from 
209.236.124.55 are being blocked with - Message rejected due to local policy 
messages?

I previously sent a message to 
icloudad...@apple.com<mailto:icloudad...@apple.com> but got no response.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Apple/icloud blocking - Message rejected due to local policy

[Suresh Ramasubramanian via mailop]

I’ll have someone look at your email and reply if they haven’t yet

--srs

From: mailop  on behalf of Scott Mutter via mailop 

Sent: Tuesday, September 19, 2023 9:11:02 AM
To: mailop@mailop.org 
Subject: [mailop] Apple/icloud blocking - Message rejected due to local policy

Anybody from Apple/iCloud able to provide any insight as to why messages from 
209.236.124.55 are being blocked with - Message rejected due to local policy 
messages?

I previously sent a message to 
icloudad...@apple.com but got no response.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] CS02 errors from Apple on Japanese emails only

[Suresh Ramasubramanian via mailop]

Hi. Please feel free to forward me any ticket responses you got from the 
postmaster team, glad to take a look

--srs

From: mailop  on behalf of Christine Borgia via 
mailop 
Sent: Wednesday, August 9, 2023 7:57:06 PM
To: mailop@mailop.org 
Subject: [mailop] CS02 errors from Apple on Japanese emails only

If anyone here is from Apple, I'd love to chitty chat with you about CS02 
errors we see only for our Japanese customers. The postmaster provides 
inconsistent responses, mostly regarding authentication as a solution. All of 
our mail is fully authenticated. I'd be interested in passing along some 
information to someone at Apple for you to use or not use as you please.

Best,
Christine

--
Christine Borgia
Email Deliverability Manager
[Shopify]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?

[Suresh Ramasubramanian via mailop]

Never mind – or ? and think of what happens to those poor domains that are 
saddled with a +all SPF record.

From: mailop  on behalf of Neil Jenkins via mailop 

Date: Friday, 26 May 2023 at 9:16 AM
To: Mailop Group 
Subject: Re: [mailop] Microsoft Office365 not rejecting emails when instructed 
so by SPF recored?
On Fri, 26 May 2023, at 11:10, Scott Mutter via mailop wrote:
So basically SPF is worthless.

It's not worthless at all. It's a valuable signal to assign reputation as part 
of an overall filtering solution, and useful as part of DMARC. It's just the 
-all/?all etc. bit on the end that proved worthless.

Cheers,
Neil.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm so done with you

[Suresh Ramasubramanian via mailop]

That is a balance every cloud hosting provider will have to strike internally.

--srs

From: mailop  on behalf of Jarland Donnell via 
mailop 
Sent: Saturday, April 8, 2023 10:38:07 AM
To: mailop@mailop.org 
Subject: Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm so done 
with you

I mean if the goal is to try not to appear hostile to customers, rate
limiting a port is as bad or worse than blocking it. At least with
blocking you know right away, but rate limiting it could create much
more time in troubleshooting for an admin that missed the
announcement/notification/policy about it. And there are obviously
plenty of perfectly fine reasons to burst a port that doesn't even
bother anyone but yourself.

On 2023-04-07 23:29, Suresh Ramasubramanian via mailop wrote:
> Why would you need to blanket block port 25 outbound when you could
> rate limit and/or dynamically block it?
>
> Yes - abusers would then go and get a few hundred thousand accounts
> and send maybe 10 emails per vps or droplet or whatever the abused
> provider calls it.
>
> And this is just smtp based abuse - doesn’t count for example :
>
> Farmed account signup bots
>
> Bots that will spam through other webmail, social media etc providers
> from your IP space
>
> Assorted other nastiness
>
> Controlling bad signups becomes essential - and deciding if you want
> to keep and retain the sort of customers that trigger blocks.
>
> The last several types might end up with a nullroute being applied in
> extreme cases, as you can appreciate
>
> --srs
> -
>
> From: mailop  on behalf of Jarland Donnell
> via mailop 
> Sent: Saturday, April 8, 2023 9:47:23 AM
> To: mailop@mailop.org 
> Subject: Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm
> so done with you
>
> To be clear they have an amazing abuse team, easily the first people I
>
> would hit up if I were hiring in that area. Just top notch admins.
>
> Blocking SMTP by default makes sense, but settling on the best way to
> handle opening it (automated? manual review?) is a discussion that is
> very easy to get stuck in. I don't know where they're at on that
> discussion by now, but when I left it was something I would have
> referred to as "on the table." That to say most of the stakeholders
> would entertain the discussion.
>
> There's likely an attached fear that appearing even remotely hostile
> to
> customers could quickly drive them to a competitor in a pretty
> competitive market. You have to think that as much as people like you
> and I would appreciate them doing it, their customers would likely
> only
> be speaking up about it to say the opposite. You might decrease abuse
> complaints but you might also decrease NPS scores, and the people
> sending abuse complaints are usually not your customers (so pleasing
> them doesn't = $). You might think that reducing IP blacklisting could
>
> reduce customer complaints and bad NPS scores. I don't think reality
> actually plays out that way because Gmail doesn't use external
> blacklists (that I'm aware of), and Microsoft will unblock individual
> IPs upon request (sometimes after some back and forth), and that
> accounts for almost all of what people want anyway. And even that
> would
> only matter to customers that run mail servers anyway.
>
> On 2023-04-07 22:02, Neil Anuskiewicz via mailop wrote:
>>> On Apr 4, 2023, at 12:42 PM, Jarland Donnell via mailop
>>>  wrote:
>>>
>>> I feel like I've told this story before on the list, but I can't
>
>>> recall. It always feels worth telling.
>>>
>>> When I worked at DigitalOcean I took what felt like a year (may
> have
>>> been less) and I focused more energy than any one person probably
> ever
>>> has at any cloud provider on tackling spammers based on abuse
>>> complaints and recognition of patterns recognized from
> investigating
>>> abuse complaints. I had Python scripts running through the customer
>
>>> database at one point looking for key indicators and would mass
> shut
>>> down accounts either before they started to spam, or not very long
>>> after. No false positives. I would shut down a ton of accounts
> every
>>> day to zero complaints, because they were all exactly what I knew
> they
>>> were and they knew what they were doing. I had video meetings with
>>> several frequent complainers who would come at us from social media
>
>>> angles to inform them of how their complaints were informing my
> work,
>>> and what I was doing to try to reduce their complaints.
>>>
>>> Despite all of that, I d

Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm so done with you

[Suresh Ramasubramanian via mailop]

Why would you need to blanket block port 25 outbound when you could rate limit 
and/or dynamically block it?

Yes - abusers would then go and get a few hundred thousand accounts and send 
maybe 10 emails per vps or droplet or whatever the abused provider calls it.

And this is just smtp based abuse - doesn’t count for example :

Farmed account signup bots

Bots that will spam through other webmail, social media etc providers from your 
IP space

Assorted other nastiness

Controlling bad signups becomes essential - and deciding if you want to keep 
and retain the sort of customers that trigger blocks.

The last several types might end up with a nullroute being applied in extreme 
cases, as you can appreciate


--srs

From: mailop  on behalf of Jarland Donnell via 
mailop 
Sent: Saturday, April 8, 2023 9:47:23 AM
To: mailop@mailop.org 
Subject: Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm so done 
with you

To be clear they have an amazing abuse team, easily the first people I
would hit up if I were hiring in that area. Just top notch admins.

Blocking SMTP by default makes sense, but settling on the best way to
handle opening it (automated? manual review?) is a discussion that is
very easy to get stuck in. I don't know where they're at on that
discussion by now, but when I left it was something I would have
referred to as "on the table." That to say most of the stakeholders
would entertain the discussion.

There's likely an attached fear that appearing even remotely hostile to
customers could quickly drive them to a competitor in a pretty
competitive market. You have to think that as much as people like you
and I would appreciate them doing it, their customers would likely only
be speaking up about it to say the opposite. You might decrease abuse
complaints but you might also decrease NPS scores, and the people
sending abuse complaints are usually not your customers (so pleasing
them doesn't = $). You might think that reducing IP blacklisting could
reduce customer complaints and bad NPS scores. I don't think reality
actually plays out that way because Gmail doesn't use external
blacklists (that I'm aware of), and Microsoft will unblock individual
IPs upon request (sometimes after some back and forth), and that
accounts for almost all of what people want anyway. And even that would
only matter to customers that run mail servers anyway.


On 2023-04-07 22:02, Neil Anuskiewicz via mailop wrote:
>> On Apr 4, 2023, at 12:42 PM, Jarland Donnell via mailop
>>  wrote:
>>
>> I feel like I've told this story before on the list, but I can't
>> recall. It always feels worth telling.
>>
>> When I worked at DigitalOcean I took what felt like a year (may have
>> been less) and I focused more energy than any one person probably ever
>> has at any cloud provider on tackling spammers based on abuse
>> complaints and recognition of patterns recognized from investigating
>> abuse complaints. I had Python scripts running through the customer
>> database at one point looking for key indicators and would mass shut
>> down accounts either before they started to spam, or not very long
>> after. No false positives. I would shut down a ton of accounts every
>> day to zero complaints, because they were all exactly what I knew they
>> were and they knew what they were doing. I had video meetings with
>> several frequent complainers who would come at us from social media
>> angles to inform them of how their complaints were informing my work,
>> and what I was doing to try to reduce their complaints.
>>
>> Despite all of that, I don't think I ever succeeded in even reducing
>> the complaints. The only way to tackle this successfully at a cloud
>> provider, in my opinion, is to block SMTP traffic and only unblock it
>> under certain conditions. There will never be enough humans as
>> dedicated and capable as I was, without raising prices to the point
>> that it drives customers and spammers to the clouds that aren't
>> spending that kind of money on abuse handling, to make a difference.
>>
>> Just my 2c.
>
> Jarland, I see your point. And with that much abuse it doesn’t seem
> unreasonable to block SMTP traffic by default. Perhaps there’d be a
> process of getting it turned on but with some vetting. Anyway, now I
> kind of understand why so much is coming out of DO. They are trying to
> bail out a class 5 rapids with a bucket. I wonder why they don’t look
> at SMTP? This massive, expensive yet inadequate system doesn’t seem
> likely to be in DO’s interest. Where’s the benefit to DO to do things
> this way? Just curious.
>
> Neil
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org

Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: [EXT] - Re: New member, trying to bring our mail server inline.

[Suresh Ramasubramanian via mailop]

As far as I see you can configure dkim if this is the Sophos email appliance

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/GlobalSettings/EmailDomains/DkimKeys/

--srs

From: Salvatore Jr Walter P 
Sent: Sunday, March 5, 2023 6:51:59 AM
To: Suresh Ramasubramanian ; 'Josh Daynard' 

Cc: mailop@mailop.org ; Alessandro Vesely 
Subject: Re: [EXT] - Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: New 
member, trying to bring our mail server inline.

Unfortunetly that is not possible with the sophos box as it's the gateway, so 
it's the first place incoming hits and the last place outgoing hits and there 
is no way to change that. We are looking at replacing it as it is really not a 
good system so this may be something I can use to push for another vendor.


___
Walter P Salvatore Jr
Systems Administrator
Information Technology
City of Warwick
(401) 921-9663
https://www.warwickri.gov
walter.p.salvat...@warwickri.gov




From: Suresh Ramasubramanian 
Sent: Saturday, March 4, 2023 7:51 PM
To: Salvatore Jr Walter P; 'Josh Daynard'
Cc: mailop@mailop.org; Alessandro Vesely
Subject: [EXT] - Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: New member, 
trying to bring our mail server inline.

As a rule you need to finish your antivirus / antispam etc BEFORE you sign the 
message, especially where this scanning is done by a separate appliance with 
its own mailserver that inserts headers.

--srs

From: mailop  on behalf of Salvatore Jr Walter P via 
mailop 
Sent: Sunday, March 5, 2023 5:21 AM
To: 'Josh Daynard' 
Cc: mailop@mailop.org ; Alessandro Vesely 
Subject: Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: New member, trying to 
bring our mail server inline.

Something just accored to me, we have a sophos email appliance. All incoming 
and outgoing email go through that box and it scans everything. Do you think 
that may be modifying the headers before it leaves our network?

From: Josh Daynard 
Sent: Saturday, March 4, 2023 6:37 PM
To: Salvatore Jr Walter P 
Cc: Alessandro Vesely ; mailop@mailop.org
Subject: [EXT] - Re: [mailop] [EXT] - Re: [EXT] - Re: New member, trying to 
bring our mail server inline.


On Mar 4, 2023, at 3:11 PM, Salvatore Jr Walter P via mailop 
mailto:mailop@mailop.org>> wrote:
Sorry, but I have no idea what any of that means?

what is a z tag?

I was curious as well and managed to find a decent resource here:

[What-are-DKIM-Tags_.jpg]

What are DKIM Tags?<https://easydmarc.com/blog/what-are-dkim-tags/>
easydmarc.com<https://easydmarc.com/blog/what-are-dkim-tags/>



Bottom line is that the verification error you’re seeing (“signature 
verification failed”) is an indication that one of the header fields being used 
to generate the DKIM signature (listed in the h= tag potion of the signature) 
is being altered *after* the signature has been generated but before the 
message is relayed to the destination domain.

Looks like z tags can be used in the DKIM signature for debugging purposes … 
you can copy the original header values that were present during signing into 
this tag and then when signature verification fails, you can compare those 
values to what was actually received to see what was altered (assuming whatever 
altered the header(s) won’t touch the z= tag in your DKIM sig!).

We had this problem early on due to some header fix-ups happening by the MTA 
post DKIM signing.  You need to be sure that DKIM Signing is basically the last 
thing that happens before a message is relayed or at least that none of the 
header fields used to generate the sig are altered!

You would get a different error if the public key couldn’t be retrieved or if 
the body of the message was altered (body hash mismatch).

- Josh


___
Walter P Salvatore Jr
Systems Administrator
Information Technology
City of Warwick
(401) 921-9663
https://www.warwickri.gov
walter.p.salvat...@warwickri.gov<mailto:walter.p.salvat...@warwickri.gov>




From: Alessandro Vesely mailto:ves...@tana.it>>
Sent: Saturday, March 4, 2023 7:12 AM
To: Salvatore Jr Walter P; 'mailop@mailop.org'
Subject: [EXT] - Re: [mailop] [EXT] - Re: New member, trying to bring our mail 
server inline.

On Fri 03/Mar/2023 21:39:46 +0100 Salvatore Jr Walter P via mailop wrote:

Thanks Mark. I sent an email as suggested and it came back as a fail for DKIM.

“I see you've included a DKIM signature. I've retrieved the public key from
1._domainkey.warwickri.gov

The signature failed validation. The Auth Result is fail.”


A failing signature should mean a header change.  That's also what I get from
your posts on mailop, signature verification failed (otherwise would 've been
body hash mismatch).  Can you turn on z= tags?  Otherwise try carefully
comparing the signed fields, from: subject: to: date:, message-id: and the
signatur

Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: New member, trying to bring our mail server inline.

[Suresh Ramasubramanian via mailop]

As a rule you need to finish your antivirus / antispam etc BEFORE you sign the 
message, especially where this scanning is done by a separate appliance with 
its own mailserver that inserts headers.

--srs

From: mailop  on behalf of Salvatore Jr Walter P via 
mailop 
Sent: Sunday, March 5, 2023 5:21 AM
To: 'Josh Daynard' 
Cc: mailop@mailop.org ; Alessandro Vesely 
Subject: Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: New member, trying to 
bring our mail server inline.

Something just accored to me, we have a sophos email appliance. All incoming 
and outgoing email go through that box and it scans everything. Do you think 
that may be modifying the headers before it leaves our network?

From: Josh Daynard 
Sent: Saturday, March 4, 2023 6:37 PM
To: Salvatore Jr Walter P 
Cc: Alessandro Vesely ; mailop@mailop.org
Subject: [EXT] - Re: [mailop] [EXT] - Re: [EXT] - Re: New member, trying to 
bring our mail server inline.


On Mar 4, 2023, at 3:11 PM, Salvatore Jr Walter P via mailop 
mailto:mailop@mailop.org>> wrote:
Sorry, but I have no idea what any of that means?

what is a z tag?

I was curious as well and managed to find a decent resource here:

[What-are-DKIM-Tags_.jpg]
What are DKIM Tags?
easydmarc.com

Bottom line is that the verification error you’re seeing (“signature 
verification failed”) is an indication that one of the header fields being used 
to generate the DKIM signature (listed in the h= tag potion of the signature) 
is being altered *after* the signature has been generated but before the 
message is relayed to the destination domain.

Looks like z tags can be used in the DKIM signature for debugging purposes … 
you can copy the original header values that were present during signing into 
this tag and then when signature verification fails, you can compare those 
values to what was actually received to see what was altered (assuming whatever 
altered the header(s) won’t touch the z= tag in your DKIM sig!).

We had this problem early on due to some header fix-ups happening by the MTA 
post DKIM signing.  You need to be sure that DKIM Signing is basically the last 
thing that happens before a message is relayed or at least that none of the 
header fields used to generate the sig are altered!

You would get a different error if the public key couldn’t be retrieved or if 
the body of the message was altered (body hash mismatch).

- Josh


___
Walter P Salvatore Jr
Systems Administrator
Information Technology
City of Warwick
(401) 921-9663
https://www.warwickri.gov
walter.p.salvat...@warwickri.gov




From: Alessandro Vesely mailto:ves...@tana.it>>
Sent: Saturday, March 4, 2023 7:12 AM
To: Salvatore Jr Walter P; 'mailop@mailop.org'
Subject: [EXT] - Re: [mailop] [EXT] - Re: New member, trying to bring our mail 
server inline.

On Fri 03/Mar/2023 21:39:46 +0100 Salvatore Jr Walter P via mailop wrote:

Thanks Mark. I sent an email as suggested and it came back as a fail for DKIM.

“I see you've included a DKIM signature. I've retrieved the public key from
1._domainkey.warwickri.gov

The signature failed validation. The Auth Result is fail.”


A failing signature should mean a header change.  That's also what I get from
your posts on mailop, signature verification failed (otherwise would 've been
body hash mismatch).  Can you turn on z= tags?  Otherwise try carefully
comparing the signed fields, from: subject: to: date:, message-id: and the
signature itself.

Check that no other filters alter those fields after signing.  Can you sign
messages off-line?  Do Bcc: copies verify? (Use any off-line dkim verifier.)


Good luck
Ale
--






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Student trying to attend M3AAWG

[Suresh Ramasubramanian via mailop]

You can contact M3AAWG and request a pass

--srs

From: mailop  on behalf of Alex Liu via mailop 

Sent: Saturday, February 18, 2023 8:30:57 AM
To: mailop@mailop.org 
Subject: [mailop] Student trying to attend M3AAWG

Hi Everyone,

My name is Alex and I’m a student at UCSD. I recently found out about M3AAWG. 
It’s agenda is very really related to what I’ve been doing (my 
research:https://alexliu0809.github.io/publications/#/). However, it seems like 
registration is not open to students who are not part of a member company. Is 
there still a way to register for it (e.g., through an invitation)? Any help 
would be appreciated. Thanks!
--
Regards,
Enze "Alex" Liu
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu
University of California, San Diego
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Cyren

[Suresh Ramasubramanian via mailop]

It has shut down and laid off all its employees

I don’t know what poor soul is still using them to filter spam but it won’t 
work any longer

--srs

From: mailop  on behalf of Benoit Panizzon via 
mailop 
Sent: Monday, February 13, 2023 2:13:30 PM
To: Carsten Schiefner via mailop 
Subject: Re: [mailop] Cyren

Hi All

I have started seeing a lot of emails sent via one Swiss ISP flagged as
spam by the SpamAssassin CTASD, which according to Google, is Cyren's
anti spam service.

Have they started flagging all emails as spam to tell their customer to
stop using their service?

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Try to understand *.onmicrosoft.com

[Suresh Ramasubramanian via mailop]

That is an office 365 free trial account. There is some massive abuse of these 
going on over a period of time. However there is also a ton of legitimate 
traffic.

--srs

From: mailop  on behalf of MRob via mailop 

Sent: Wednesday, November 9, 2022 5:17:09 AM
To: mailop@mailop.org 
Subject: [mailop] Try to understand *.onmicrosoft.com

Is envelope sender user@.onmicrosoft.com normal in non-spam
mail? Is it how all microsoft mail comes through? Or is it usually spam
from badly configured domain? Should  part *always* match
sender domain in FROM header?

On the other hand, if mail come from microsoft server *not* through
"onmicrosoft.com" is that negative sign?

Thank you.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Apple contact for strange email

[Suresh Ramasubramanian via mailop]

These hosts deliver newsletters and marketing content that Apple sends to email 
addresses that are Apple IDs.

I will let the team in question know to fix their PTR for these hosts – thanks 
for the heads up

--srs

From: mailop  on behalf of Alexander Huynh via 
mailop 
Date: Tuesday, 18 October 2022 at 11:54 AM
To: mailop@mailop.org 
Subject: [mailop] Apple contact for strange email
Hello,

I've been seeing a few mail connection attempts from Apple's IP space,
which I've been rejecting due to mismatched A /  and PTR records
(see sample log at the end, times UTC).

Is there anyone at Apple who can contact me off list?

Thanks,
--
Alex

 Oct 10 11:39:35 H=[17.240.49.64]:18357 rejected connection in "connect" 
ACL: host lookup failed (17.240.49.64 does not match any IP address for 
mr52p01nt-msbadger008105.ise.apple.com)
 Oct 11 11:33:50 H=[17.240.49.39]:35629 rejected connection in "connect" 
ACL: host lookup failed (17.240.49.39 does not match any IP address for 
mr45p01nt-msbadger005101.ise.apple.com)
 Oct 12 11:42:46 H=[17.240.49.58]:55433 rejected connection in "connect" 
ACL: host lookup failed (17.240.49.58 does not match any IP address for 
mr52p01nt-msbadger007106.ise.apple.com)
 Oct 13 11:27:15 H=[17.240.6.32]:25397 rejected connection in "connect" 
ACL: host lookup failed (17.240.6.32 does not match any IP address for 
st57p01nt-msbadger004101.ise.apple.com)
 Oct 15 12:35:44 H=[17.240.49.48]:37100 rejected connection in "connect" 
ACL: host lookup failed (17.240.49.48 does not match any IP address for 
mr52p01nt-msbadger006103.ise.apple.com)
 Oct 17 11:36:12 H=[17.240.49.33]:12835 rejected connection in "connect" 
ACL: host lookup failed (17.240.49.33 does not match any IP address for 
mr45p01nt-msbadger004102.ise.apple.com)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Proofpoint Mail Blocking

[Suresh Ramasubramanian via mailop]

You can reach out to the iCloud postmaster team if you face any FP blocks 
related to this or any other filter used on iCloud mail.   
https://support.apple.com/en-us/HT204137

--srs

From: mailop  on behalf of Henrik Pang via mailop 

Date: Wednesday, 14 September 2022 at 4:36 PM
To: Christopher Hawker 
Cc: mailop@mailop.org 
Subject: Re: [mailop] Proofpoint Mail Blocking
I was seeing iCloud uses proofpoint as the RBL which blocks a lot of normal IPs.

On Wed, Sep 14, 2022 at 3:51 PM Christopher Hawker via mailop 
mailto:mailop@mailop.org>> wrote:
Hello all,

If anyone from Proofpoint is on-list, could they please reach out to me 
off-list (chris at thesysadmin dot dev) regarding issues with mail flow through 
their network?

Thanks,
Christopher Hawker
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Removing a block from Spamhaus PBL

[Suresh Ramasubramanian via mailop]

You can contact them and say the netblock has changed hands - and changed PTR 
as well hopefully

--srs

From: mailop  on behalf of Simplelists - Andy 
Beverley via mailop 
Sent: Wednesday, September 7, 2022 7:05:46 PM
To: mailop@mailop.org 
Subject: [mailop] Removing a block from Spamhaus PBL

Hi,

Can someone point me in the direction of how to remove a whole IP block
from the Spamhaus PBL please?

We have just taken on a new /24 and it is currently listed in PBL
(presumably because it was previously unused). The removal form states
"Removal of IP addresses within this range from the PBL is not allowed
by the netblock owner's policy", but as we're the netblock owner I'm not
sure how we remove that? Or is this referring to something upstream?

Thanks,

Andy
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Trouble sending to sympatico.ca

[Suresh Ramasubramanian via mailop]

Why is it deferred when you get a 554?

Probably a spam block on your IP or domain name with that generic an error

--srs

From: mailop  on behalf of John Gateley via mailop 

Sent: Sunday, July 31, 2022 7:06:31 PM
To: mailop@mailop.org 
Subject: [mailop] Trouble sending to sympatico.ca

Hello,

I just got a bounce from sympatico.ca that I don't understand:


Jul 31 04:20:41 giraffe postfix/qmgr[2366]: 841B53C6CD:
from=, size=7809, nrcpt=1 (queue active)
Jul 31 04:20:41 giraffe postfix/smtp[526159]: 841B53C6CD:
to=, relay=mx.sympatico.ca[209.71.212.24]:25,
delay=433213, delays=433213/0.02/0.15/0, dsn=4.0.0, status=de
ferred (host mx.sympatico.ca[209.71.212.24] refused to talk to me: 554
Access Denied)
Jul 31 04:20:41 giraffe postfix/qmgr[2366]: 841B53C6CD:
from=, status=expired, returned to sender

It had been in the queue for a week or so, and finally bounced.

I don't see any details in the error message.

I have a very small mail server (just my wife and I) but it is
configured with reverse DNS, SPF, DKIM and DMARC. I can send to the big
players without bouncing or ending in the spam folder.


Any ideas? Thanks!


John

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Did Google become stricter about RFC 5322?

[Suresh Ramasubramanian via mailop]

The thing about dkim is that you’re supposed to sign mail AFTER adding 
corporate disclaimers, fixing missing headers and what not.

Go ahead and fix whatever missing header you can - it’s all good

--srs

From: mailop  on behalf of Robert L Mathews via 
mailop 
Sent: Tuesday, July 19, 2022 4:40:59 AM
To: mailop@mailop.org 
Subject: Re: [mailop] Did Google become stricter about RFC 5322?

On 7/13/22 12:31 AM, Philip Paeps via mailop wrote:
> In the past couple of days, I'm seeing an uptick in rejects from Gmail
> as follows:
>
> >Our system has detected that this message is not RFC 5322 compliant.

Similar to this, some our customers complained that messages sent to
Gmail have been bouncing since June 15 with:

550-5.7.1 [ip_redacted] Messages missing a valid messageId header are not
550 5.7.1 accepted.

The messages indeed do not have a "Message-ID" header; they're being
sent from the Windows 10 built-in "Mail" app.

I'm a little surprised that the Windows Mail app doesn't include a
Message-ID, but
 says it's
only a SHOULD, not a MUST.

Anyone else seeing the same thing? Now I'm in the position of having to
either start adding missing Message-ID headers, which people online
recommend against because it potentially breaks DKIM, or telling people
  Windows Mail no longer works to send to Gmail. Neither is ideal.

--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Question for Google -- how am I able to be added to google groups without opting in?

[Suresh Ramasubramanian via mailop]

Spammers in the middle east and Pakistan seem to love doing this.  I finally 
set my google settings to “don’t add me to any google group without my 
requesting to join it” and that solved the issue, at least from the POV of my 
not receiving it.  They’re running riot all over googlegroups and have been for 
years now.

--srs

From: mailop  on behalf of Dan Mahoney via mailop 

Date: Saturday, 2 July 2022 at 11:00 AM
To: mailop 
Subject: Re: [mailop] Question for Google -- how am I able to be added to 
google groups without opting in?
One more comment on this.

I got added to:

Hi d...@prime.gushi.org,
asaccessories...@gmail.com added you to the Insights group.
Google Groups allows you to create and participate in online forums and 
email-based groups with a rich community experience. You can also use your 
Group to share documents, pictures, calendars, invitations, and other 
resources. Learn more.

If you do not wish to be a member of this group you can send an email to 
insights89+unsubscr...@googlegroups.com or follow this unsubscribe link. If you 
believe this group may contain spam, you can also report the group for abuse. 
For additional information see our help center.

I followed the abuse link, clicked the “Spam” button and got a black pop-up 
that said, simply “Failed to report group as abuse”, before disappearing a 
second later.  I did it a second time so I could screenshot it.

This is broken.

-Dan

> On Jun 16, 2022, at 11:57 PM, Cyril - ImprovMX via mailop  
> wrote:
>
> That's a really great question and I've also experienced a ton of spam 
> comming from Google Groups I never opted in.
>
> I followed the recommendation of Brandon Long, and at my great surprise, I 
> was in 0 groups! (despite receiving spammy emails).
>
> Just yesterday I got one (attached here as EML), saying it came from Google 
> Group, with a link to Google group that leads to an error, and an unsubscribe 
> link (and email) that never works!
>
> Maybe they are faking the fact that they come from Google Groups: Looking at 
> the Received headers seems to indicate it was sent from an IPv6 address 
> toward Google, that then redirect to Outlook () to finally land in my own 
> GMail address.
>
> I don't know if this is specific to my situation but it seems closely related 
> to what this thread is about. Hopefully, sharing an EML will bring some light 
> on the issue.
>
> Best,
> Cyril
>
> Le jeu. 16 juin 2022 à 17:59, Dan Mahoney via mailop  a 
> écrit :
> All,
>
> I'm getting regular spam from google groups.  (This week, it's in Arabic).  
> Since it's google groups, any abuse reports would just be devnulled.
>
> Sender: -2040---_...@googlegroups.com
> List-Archive:  Dkim-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 25GFIHZg049346
> X-Spam-Asn: AS15169 2607:f8b0::/32
> Dmarc-Filter: OpenDMARC Filter v1.4.1 prime.gushi.org 25GFIHZg049346
> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on quark.gushi.org
> Authentication-Results: prime.gushi.org; dmarc=pass (p=none dis=none) 
> header.from=gmail.com
> Authentication-Results: prime.gushi.org; spf=pass 
> smtp.mailfrom=-2040---__--+bncbdo7v2elqijrbletvwkqmgqehrat...@googlegroups.com
> Authentication-Results: prime.gushi.org; dkim=pass (2048-bit key; 
> unprotected) header.d=googlegroups.com header.i=@googlegroups.com 
> header.b=f2HCls9/; dkim=pass (2048-bit key; unprotected) header.d=gmail.com 
> header.i=@gmail.com header.b=LDfTQwoh
>
> Can someone please explain to me how/why a google group manager is able to 
> just add any email address and send to it?  Considering all the 
> authentication they're requiring, this seems like a gaping hole in any kind 
> of security.
>
> Can someone also explain to me why a group name like -2040---___-- isn't 
> immediately flagged as hella suspicious?
>
> Specifically, the email address they're sending to is: freebsd *at* 
> gushi.org, which I only use for mailing lists and bug trackers related to 
> that project.  That project does not use google groups.  It's been harvested 
> by a few other spammers, and sold a couple times, and at some point I'll move 
> it to a year-based alias.
>
> -Dan
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
> <_ _box Routines offertes pour l'achat d'une box_ 
> _.eml>___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Interesting question from a team member, MX chaining, list-manage.com

[Suresh Ramasubramanian via mailop]

Just as a catchall to get any bounces coming in?  Mailchimp is where their 
abuse and other mailboxes are located.

--srs

From: mailop  on behalf of Michael Peddemors via 
mailop 
Date: Thursday, 30 June 2022 at 2:05 PM
To: mailop@mailop.org 
Subject: [mailop] Interesting question from a team member, MX chaining, 
list-manage.com
I know this doesn't look professional, but the question from the team
member does this contravene any rules or best practices.

list-manage.com

This domain does not have any A records.
It has a single MX record pointed at:

   mail.admin.mailchimp.com

That hostname exists, but it doesn't have an A RECORD.

It in turn has just a single MX Record.

   inbound-mx1.mailchimpapp.net

Kind of a strange MX delegation.. I assume to avoid CNAME's

But it does seem very strange.  Comments anyone? I didn't have an answer
for him..

-- Michael --

Have a great long weekend all.. Was going to write a matching long
'state' of the union (activity) but it is too sunny out.. short form is..

* Sendgrid Really bad this week again
* Mailgun having similar situation?
* More PREFIX BROKERS MNT IP space coming out, same bad guys as usual,
Serverion et al.  Some complimentary activity from Russion hosters.
* OVH Still handing out IP ranges to show shoe spammers
* Short Bot Traffic run beginning of week, but quieted quickly
* Gmail, Gmail Gmail..
* Increase in random compromises on VPS providers, OVH, DreamHost,
StratoServer
* Increase in Japanese based spammers..




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Announces Tenant Trusted ARC Seal

[Suresh Ramasubramanian via mailop]

Mailing lists adapted to spf long back, what hasn’t is the good old .forward 
and its more modern cousins that ask you to set a forward in email preferences 
on various webmail sites.

From: mailop  on behalf of Laura Atkins via mailop 

Date: Monday, 20 June 2022 at 4:46 AM
To: Dave Crocker 
Cc: mailop@mailop.org 
Subject: Re: [mailop] Microsoft Announces Tenant Trusted ARC Seal

I have heard, and in the past made, the “SPF breaks mailing lists” but I 
stopped saying it because it’s not true in the vast majority of cases. For 
instance, the 5321.from on this list is 
boun...@mailop.org. Looking at other lists in my 
mailbox it’s similar. Mailing lists rewrite the 5321.from and thus does not 
break SPF.

It does break DMARC, but that’s another discussion.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spoofed Message Passing DMARC

[Suresh Ramasubramanian via mailop]

The usual –

X-OriginatorOrg: 
PatriciaFuchs59.onmicrosoft.com

Farmed free trial accounts on office 365 being abused by affiliate spammers, 
generally with replayed dkim headers.  Pretty high volume, ongoing for quite 
some time.

From: mailop  on behalf of Justin Mitchell via 
mailop 
Date: Tuesday, 7 June 2022 at 6:12 PM
To: mailop@mailop.org 
Subject: [mailop] Spoofed Message Passing DMARC
I recently have an influx of spam coming from spoofed domains passing 
authentication.

Below are the headers from a message that used 
accountprotection.microsoft.com to send 
spam. This is concerning because that is conveyed as being a safe address 
according to Microsoft:

https://support.microsoft.com/en-us/account-billing/can-i-trust-email-from-the-microsoft-account-team-685fd302-f52f-1a9f-cc13-065dec46fe25

This isn't the only address. Disney.com, .gov addresses and others are having 
their domains spoofed to send malicious messages. First time I am seeing this 
so I wanted to report it.



Delivered-To: x...@gmail.com

Received: by 2002:a05:7022:492:b0:40:c081:a74d with SMTP id z18csp1623471dlz;

Fri, 3 Jun 2022 08:59:54 -0700 (PDT)

X-Google-Smtp-Source: 
ABdhPJzRsMzt7KeIIL0kiMZpp3H8PQ5jic87gPVqSBKMoTCsiL7PVY5Vw9Vlsi6rM/5qDIR28r29

X-Received: by 2002:aa7:c744:0:b0:42d:f68f:13de with SMTP id 
c4-20020aa7c74400b0042df68f13demr11463809eds.294.1654271993943;

Fri, 03 Jun 2022 08:59:53 -0700 (PDT)

ARC-Seal: i=2; a=rsa-sha256; t=1654271993; cv=pass;

d=google.com; s=arc-20160816;

b=GKBTLXHNJQ8CQb+vplPg1bSX07FjV2fs13fCljihiy1+M9/q7ruQ/tbmn2ykC47FD1

 IlHPNl7NBtUqFApcsX+TMxCFoj18neYI51l07vihlPo114BReFV4Rs2aSkdX2HnQxQS9

 eMZA+RAPrOPLTrWbfbpB5McvlOSmarUJxdz4QGOvRnqRz6/XycZBTIZJVtJY40s+jdUM

 4LEiy7yDMPmy98XnwIvybH4/zH4Gkx+j8ZddD4yh+gCWjRnhI/a6acYPLfceCJi/5LWu

 i77VxZS2C2fas4dDTWEH+PngphiJAKKRvTVkCcqYrTeX8VeimSn54zc6mJTA4dXnyuTm

 g8rQ==

ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; 
d=google.com; s=arc-20160816;

h=message-id:subject:list-unsubscribe:references:from:cc:to:sender

 :mime-version:date;

bh=o74cJXSzLeUY7ig186F4++dxderEsoEn0+mZ3CFdwUg=;

b=cgJ566wuI8DUcfxViARWxpnop8wMlFbWR1EK+ONCR4uIpbe/auz7ygPvUnZf+foY6k

 N8Jr9AajBr+BrGmQGADc45cGjkrCQR5VmhbekGccxTV63TLEpznd82SNIDsVqEMJDUL9

 skmW0BIv2H45f6GDH5gEwuA+/h8AWsrzUxl+KkLppiCL2UGhbMYhQdQMhciSLoLxXWs0

 qujgy9uqJyUYzI/mkGA46vZoHoMF+ZyFdjc19YsVHRLF3VcAdKx2YIpV09nIASSKSk9u

 HrxjAV8kOnGoNw5mPfXlnMl9n99Riqs8+RnE9IKcAOPPJgvSvbpdWc85Dnzh2Vf4v8LH

 0mhQ==

ARC-Authentication-Results: i=2; mx.google.com;

   arc=pass (i=1);

   spf=pass (google.com: domain of 
esjrrlo...@accountprotection.microsoft.com
 designates 2a01:111:f400:fe0e::31c as permitted sender) 
smtp.mailfrom=esjrrlo...@accountprotection.microsoft.com;

   dmarc=pass (p=REJECT sp=REJECT dis=NONE) 
header.from=accountprotection.microsoft.com

Return-Path: 
mailto:esjrrlo...@accountprotection.microsoft.com>>

Received: from 
EUR04-VI1-obe.outbound.protection.outlook.com
 
(mail-vi1eur04hn031c.outbound.protection.outlook.com.
 [2a01:111:f400:fe0e::31c])

by mx.google.com with ESMTPS id 
o15-20020a170906974f00b00705973ded91si8499889ejy.453.2022.06.03.08.59.53

for mailto:x...@gmail.com>>

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Fri, 03 Jun 2022 08:59:53 -0700 (PDT)

Received-SPF: pass (google.com: domain of 
esjrrlo...@accountprotection.microsoft.com
 designates 2a01:111:f400:fe0e::31c as permitted sender) 
client-ip=2a01:111:f400:fe0e::31c;

Authentication-Results: mx.google.com;

   arc=pass (i=1);

   spf=pass (google.com: domain of 
esjrrlo...@accountprotection.microsoft.com
 designates 2a01:111:f400:fe0e::31c as permitted sender) 
smtp.mailfrom=esjrrlo...@accountprotection.microsoft.com;

   dmarc=pass (p=REJECT sp=REJECT dis=NONE) 
header.from=accountprotection.microsoft.com

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; 
d=microsoft.com; cv=none; 

Re: [mailop] Help with identifying invalid email domains

[Suresh Ramasubramanian via mailop]

Publicsuffix.org is a wonderful resource for the tlds

But then the question of what a valid domain takes some interesting turns.

Validate the mx and it is a parking domain whose mail traffic probably feeds a 
set of spamtraps?

Or one of those trashmail type places that let you create an address that is 
valid for a bare 15 minutes?

Or where the mx points to local host, a cname, or is broken in some other 
manner?

--srs

From: mailop  on behalf of Luis E. Muñoz via mailop 

Sent: Thursday, May 26, 2022 8:04:48 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Help with identifying invalid email domains

On 26 May 2022, at 6:18, Ken O'Driscoll via mailop wrote:

> People should be validating email input fields as a matter of course.

And then, do it correctly. One of my pet peeves is finding out forms that still 
think that there is no such thing as a .click email address. Tends to work 
better for TLDs 4 characters or less in length.

Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else seeing increase in iCloud rejections?

[Suresh Ramasubramanian via mailop]

They’re prompter than that usually. You should get a reply soon.


--srs

From: mailop  on behalf of Jarland Donnell via 
mailop 
Sent: Sunday, May 1, 2022 4:28:25 AM
To: mailop@mailop.org 
Subject: Re: [mailop] Anyone else seeing increase in iCloud rejections?

Of course. Could be days before I hear back so I'd like to be able to
report in the meantime if this is specific to us. Blocking a whole ESP
is emergency level, but I can't even reroute these to deliver out of
network.

On 2022-04-30 17:53, Suresh Ramasubramanian wrote:
> I hope you followed that url and emailed, asking why this block
> occurred?
>
> --srs
> -
>
> From: mailop  on behalf of Jarland Donnell
> via mailop 
> Sent: Sunday, May 1, 2022 3:40:44 AM
> To: mailop@mailop.org 
> Subject: [mailop] Anyone else seeing increase in iCloud rejections?
>
> Even changing IP space, all emails our customers send to iCloud are
> currently returning:
>
> 454 5.7.1 [CS01] Message rejected due to local policy. Please visit
> https://support.apple.com/en-us/HT204137
>
> Is anyone else seeing an increase in this? I'm trying to figure out if
>
> this is a failure at iCloud or if they've content blocked one of our
> headers.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else seeing increase in iCloud rejections?

[Suresh Ramasubramanian via mailop]

I hope you followed that url and emailed, asking why this block occurred?

--srs

From: mailop  on behalf of Jarland Donnell via 
mailop 
Sent: Sunday, May 1, 2022 3:40:44 AM
To: mailop@mailop.org 
Subject: [mailop] Anyone else seeing increase in iCloud rejections?

Even changing IP space, all emails our customers send to iCloud are
currently returning:

454 5.7.1 [CS01] Message rejected due to local policy. Please visit
https://support.apple.com/en-us/HT204137

Is anyone else seeing an increase in this? I'm trying to figure out if
this is a failure at iCloud or if they've content blocked one of our
headers.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Traffic patterns related to Russian-Ukranian conflict

[Suresh Ramasubramanian via mailop]

How would you correlate it to Russia?

--srs

From: mailop  on behalf of Luis E. Muñoz via mailop 

Sent: Thursday, March 31, 2022 7:41:37 PM
To: mailop 
Cc: Luis E. Muñoz 
Subject: Re: [mailop] [E] Traffic patterns related to Russian-Ukranian conflict

On 30 Mar 2022, at 11:03, Marcel Becker via mailop wrote:

> On Wed, Mar 30, 2022 at 7:29 AM Luis E. Muñoz via mailop 
> wrote:
>
>>
>> I am looking at some data showing substantial email traffic increase (2x
>> baseline) along with a visible change in the spam filtering statistics,
>> centered at or near 2022-02-28. Are you guys aware of any publicly
>> available source that would be discussing a similar observation?
>>
>
> Why do you think both of these (increase and spam filter changes) happened
> at all?

I meant, the results of the spam filters not the filters themselves, just in 
case I miscommunicated before.

I know about the increase because this was directly measured. We saw an 
unexpected increase in traffic, accompanied with a change in the otherwise 
uniform score results from the anti-spam filters.

However it would seem not everyone was seeing the same, so perhaps this is a 
different phenomenon?

Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Who runs emailowl.com / dnsowl.com?

[Suresh Ramasubramanian via mailop]

Namesilo it is 
https://www.namesilo.com/Support/Troubleshooting-Custom-Name-Servers

--srs

From: mailop  on behalf of Benoît Panizzon via 
mailop 
Sent: Sunday, November 14, 2021 7:00:11 PM
To: mailop@mailop.org 
Subject: [mailop] Who runs emailowl.com / dnsowl.com?

Hi List

We have an Email / DNS issue with a Domain whose DNS are hosted
(according to whois) @ dnsowl.com but the zone not being present there
thus request rejected because recursion is disallowed.

dnsowl.com has SOA record ns1.dnsowl.com. hostmaster.dnsowl.com.
1636895957 7200 1800 1209600 600

=> hostmas...@dnsowl.com

   - Transcript of session follows -
... while talking to m1.emailowl.com.:
>>> DATA
<<< 554 5.7.1 : Relay access denied

Both domains have no website.
Whois is behind an anonymizing proxy.
IP points to Cloudflare or Digitalocean so no point of trying to open a
case with them.

Google search hints to Namesilo and Netlify.com. Would that be right?

--
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] google at spamhaus

[Suresh Ramasubramanian via mailop]

It is an xbl listing and that usually catches bot spam traffic. So unless some 
botnet found a way to abuse farmed or infected gmail accounts .. probably an FP

I’d totally get the point (but not appreciate it despite the spam levels) if it 
were an SBL


--srs

From: mailop  on behalf of Michael Peddemors via 
mailop 
Sent: Tuesday, August 31, 2021 8:09:50 PM
To: mailop@mailop.org 
Subject: Re: [mailop] google at spamhaus

Yes, it is unfortunate.. especially given the amount of money they
promised to spend on security.  And while we do have to recognize the
sheer size and scope of Gmail, we should also have higher expectations
from them given their size.

While 'filtering' does work at the receiving MTA, there is not reason
for this to leave Google's networks.  IF everyone can make filters to
stop it, so can Google.

And yes, unfortunately, about 80% of the email that reaches the filters
and gets put into spam folders does appear to be from Gmail.

If this was an intentional listing by SpamHaus, I applaud them doing a
'shot over the bow'.. There should no longer be a 'too big to block' get
out of jail free card.

Even our threat mitigation teams are now working on Gmail specific
rulesets, and more 'rejection' instead of 'filtering' especially with
the obvious bad junk.. but they aren't very far from where other RBL's
will start joining policies and actions that demand accountability.



On 2021-08-31 4:36 a.m., Laura Atkins via mailop wrote:
> Google is a huge source of spam, particularly B2B spam. There’s an
> entire industry built of companies selling plugins and other services
> that allow you to spam through your G Suite account. Yes, Google blocks
> outbound (for 24 hours) if one user sends more than 1000(?) messages a
> day. But the businesses just run multiple G Suite accounts. In “good”
> news, a lot of this mail is thrown away or dropped on the floor by
> filters, but companies tell me that it’s hugely profitable, so much so
> that they’d rather buy another set of domains / G suite account than
> give up the spam.
>
> laura
>
>
>
>> On 31 Aug 2021, at 11:04, Tim Bray via mailop > > wrote:
>>
>> Hi all,
>>
>> I noticed that a google IPv6 address was recently listed in spamhaus XBL.
>>
>> 2607:f8b0:4864:20::82c at  2021-08-30 19:27:45 UTC
>>
>> I just thought this a bit unusual and worth a mention.  Probably the
>> first time I've seen spamhaus block a genuine sender (to me)
>>



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Outlook for Mac email autofill

[Suresh Ramasubramanian via mailop]

Do you have something that auto replies to spam?

--srs

From: mailop  on behalf of John Lightfoot via mailop 

Sent: Friday, May 21, 2021 3:49:22 AM
To: mailop@mailop.org 
Subject: [mailop] Outlook for Mac email autofill


I don’t know if this is a bug or a feature, but when I start typing in the To: 
column in Outlook, I often get extremely spammy autofill choices, e.g. if I 
type “zu” in the To: field, autofill suggest Pornhub 
zun...@zunzzp.zunzzp.medknizhkanova.ru
 and zuma hamson mrhamsonzum...@gmail.com.



I’m using the Microsoft Outlook for Mac, Version 16.50 (21061903).  I’ve 
noticed this behavior for a while.  Is there a way to prevent this?



Thanks,

John



John Lightfoot
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Reg. delivery issues at Yahoo ISP

[Suresh Ramasubramanian via mailop]

You might want to look at any other customers from the same or nearby IP ranges 
that aren’t sending transactional email?

--srs

From: mailop  on behalf of Vaibhav via mailop 

Sent: Wednesday, May 12, 2021 10:02:52 PM
To: mailop 
Subject: [mailop] Reg. delivery issues at Yahoo ISP

Hi Everyone,

Has anyone observed delivery issues with Yahoo ?

Recently in the past one week we observed below delivery issues at Yahoo ISP.

1 ) TSS04 delivery issue. ( Known for some time now ) - With dedicated delivery 
IPs , Newly onboarded customers , Customer sending triggered / transactional 
volume. We do the same issue with different mail streams.

2 ) Inbox delivery issue : - Email is getting filtered as spam where in history 
we didn't observe any such deviation.  Lots of triggered / transactional emails 
are getting filtered as spam where we don't see any throttling on dedicated IP 
space.

Does anyone have any inputs ? How do we address this issue? as we are not 
getting the right inputs for the Yahoo Postmaster team.

--Vaibhav
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What does "Abaca" mean?

[Suresh Ramasubramanian via mailop]

A spam filtering startup founded by Steve Kirsch

--srs

From: mailop  on behalf of Russell Clemings via 
mailop 
Sent: Monday, April 26, 2021 6:20:59 AM
To: mailop 
Subject: [mailop] What does "Abaca" mean?

Here's a question that I don't think has been asked here before:

What does it mean when you get a reply "451 Message temporarily deferred - 
Abaca" on Yahoo/Verizon/AOL?

I see this from time to time but I can't find any references to "Abaca" in the 
list archives.

Right now I've got a message in my queue that's been failing for four days with 
that reply. It looks legit; it's a U.S. State Department travel advisory. The 
only thing odd is that the message is being forwarded via an alias on my 
server. It does look as if state.gov has a "reject" DMARC. 
But if that's the problem, why doesn't the reply just so say and reject it 
outright instead of temp failing with this "Abaca" reference? And how does 
"temporarily deferred" translate to four days in any case?


--
===
Russell Clemings
mailto:russ...@clemings.com>>
===
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Reg. Virginmedia SMC Policy Violation bounce error

[Suresh Ramasubramanian via mailop]

You might want to see which of your clients are causing this behaviour

--srs

From: mailop  on behalf of Vaibhav via mailop 

Sent: Thursday, March 18, 2021 7:03:52 AM
To: mailop 
Subject: [mailop] Reg. Virginmedia SMC Policy Violation bounce error

Hi,

We're an ESP sending emails on behalf of clients who are receiving the 
following bounce error from virgin media domains 
(blueyonder.co.uk, ntlworld.com, 
virginmedia.com) across multiple different domains and 
IPs:

SMTP Error : 421 4.2.0 MXIN618 Temporary SMC Policy Violation detected, retry 
later 
;id=MVLFlm4kdboSoMVLGlk2I5;sid=MVLFlm4kdboSo;mta=mx1.tb;dt=2021-03-17T13:32:03+01:00

We have tried "sending later", as suggested in the error but no emails are 
being allowed through. Would someone please be able to help me with the cause 
of this error, and how we may resolve it moving forwards? I can't find any 
information on it online nor action I can take for it to be removed

--Vaibhav
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Good Hosting Suggestions?

[Suresh Ramasubramanian via mailop]

I agree that Linode is proactive and want to do the right thing. Cheap self 
provisioned hosting attracts a lot of abuse though and they have their work cut 
out for them

--srs

From: mailop  on behalf of Allen Kitchen 
(zoominternet) via mailop 
Sent: Saturday, February 20, 2021 5:49:44 AM
To: Bob Proulx 
Cc: mailop@mailop.org 
Subject: Re: [mailop] Good Hosting Suggestions?

I’ll weigh in briefly on this as well ..

I’d prefer NOT to open / look at an attachment in this role unless I had a 
pre-existing valid relationship with the sender. I’d much more appreciate 
header info sent as pure plain body text .. and it doesn’t seem to me to be a 
high hurdle as much as a matter of hygiene.

Blessings..

..Allen

> On Feb 19, 2021, at 16:29, Bob Proulx via mailop  wrote:
>
> Simon Arlott via mailop wrote:
>> Nope, not a "good" provider:
>>
>>> On 14/02/2021 10:32, Linode Abuse wrote:
>>> Hi there,
>>>
>>> Thank you for sending this email to us. So that we can verify this
>>> complaint, would you be able to send over the header information in the
>>> email in a response that isn't an attachment?
>>>
>>> Regards,
>>> Linode Support Team
>>
>> I'm not jumping through everyone's hoops to report abuse.
>
> That seems hardly like jumping through a lot of hoops.  It seems like
> some technical problem with their ticket system that does not handle
> attachments.  In which case they might say exactly that as their
> problem.
>
> But sending in headers inline not an attachment if requested does not
> seem like jumping through hoops to me.  And also they are seeming to
> be interested in the report.  I think that is a good thing.
>
> Bob
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] When RBLs go bad

[Suresh Ramasubramanian via mailop]

A better question would be who here is actually using it on their servers.

--srs

From: mailop  on behalf of André Peters via mailop 

Sent: Sunday, February 14, 2021 12:12:00 PM
To: mailop@mailop.org 
Subject: [mailop] When RBLs go bad

Hi,

Have you guys already read this? 
https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

I have seen the discussion and found it fits. Will you remove UCL from your 
servers?

André
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..

[Suresh Ramasubramanian via mailop]

I did talk to an individual some years back – yes, at a bar, believe it or not 
– who sincerely believed that the “junk” folder was a place where he could 
archive all his email that he wanted to keep but didn’t want to clutter his 
inbox.

From: mailop  on behalf of Zack Aab via mailop 

Date: Saturday, 6 February 2021 at 4:58 AM
To: mailop@mailop.org 
Subject: Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to 
stop outbound spam..
Although I'm not terribly qualified to comment on Gmail's policies or design 
decisions, I thought I'd throw in an anecdote about the "Report Spam" user 
experience:
A random guy I talked to in a bar (it was a work trip, he asked why I was in 
town, etc) told me that he used the "Report Phishing" function in Gmail as a 
(his words) "Super Spam Report" for when he was particularly annoyed at a 
marketing email or sender.
I think he is an example that even with clear and simple labels like "Report 
Phishing" vs "Report Spam," if the user can't _see_ what happens when they 
click a button, they're going to decide for themselves what that button 
does...or something like that... :-)

Zack Aab

On Fri, Feb 5, 2021 at 5:24 PM Marcel Becker via mailop 
mailto:mailop@mailop.org>> wrote:
On Fri, Feb 5, 2021 at 12:58 Jay Hennigan via mailop 
mailto:mailop@mailop.org>> wrote:
Simply changing "Junk" to "Report as
spam" would help a lot.

Unfortunately no, it would not.

- Marcel

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Firefox Relay

[Suresh Ramasubramanian via mailop]

Apple uses privaterelay.appleid.com for such emails.

https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_js/communicating_using_the_private_email_relay_service

Spam handling is considerably minimised by the fact that only the app’s owners 
can communicate with their users over the user’s private relay address, nobody 
else can.

--srs

From: mailop  on behalf of Brandon Long via mailop 

Date: Wednesday, 6 January 2021 at 3:30 AM
To: Andrew C Aitchison 
Cc: mailop 
Subject: Re: [mailop] Firefox Relay
Isn't this just Firefox's copy of Apple's "sign-in with Apple" feature?  
https://support.apple.com/en-us/HT210425

I haven't looked closely at Apple's, they may be leveraging their existing 
domains which already have decent reputation to not worry
about the relay issue.

Whether providers can handle properly dinging relays is of course a known 
issue.  And this will partially depend on how good the SES
spam handling is, with the same caveat of all relays that lack spam feedback.

Brandon

On Fri, Dec 18, 2020 at 4:03 AM Andrew C Aitchison via mailop 
mailto:mailop@mailop.org>> wrote:

I note a new service: Firefox Relay
https://relay.firefox.com/

As you browse, the Relay icon will appear in form fields where
sites ask for your email address. Select it to generate a new,
random address that ends in @relay.firefox.com. 
Relay will forward
messages to the primary email address associated with your account.

I guess we need to prepare for forwarded emails to our users via a new
intermediate.

I guess that some email services will either fail to, or chose not to,
accept these messages.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact for spamhaus listing DBL311598

[Suresh Ramasubramanian via mailop]

Did you try to reach out to Spamhaus using their documented process? You will 
get an answer from them, though you may or may not like it.

--srs

From: mailop  on behalf of Lyle Lamb via mailop 

Sent: Tuesday, December 29, 2020 4:36:47 AM
To: mailop@mailop.org 
Subject: [mailop] Contact for spamhaus listing DBL311598


Hello there,
Is  there someone on list here with spamhaus that can connect with me off list 
please? This is in regards to DBL311598.
Thank you,
Lyle Lamb



[https://files.infusionsoft.com/signature-photos/email-sig-profile-file-1548778752229.jpeg]
Lyle Lamb

Keap Postmaster
postmas...@infusionsoft.com
Linkedin

"Every man dies, not every man really lives." - William Wallace

[https://assets.infusionsoft.com/image/upload/v1548756375/keap/keap-pages/signature-generator/logo.png]
HQ 1-866-800-0004
[Infusionsoft Facebook] [Infusionsoft 
Twitter]   [Infusionsoft Linkedin] 





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] diagnosing me.com and mac.com rejections

[Suresh Ramasubramanian via mailop]

If you have included the full error message and a copy of the bounce (or MTA 
logs) showing the reject, along with your IP space / hostnames etc, that should 
be enough for the team to check this for you.

regards
--srs

From: Geoff Mulligan 
Date: Saturday, 28 November 2020 at 5:54 AM
To: Suresh Ramasubramanian , "mailop@mailop.org" 

Subject: Re: [mailop] diagnosing me.com and mac.com rejections

thank you.  I did check and follow the link and I have reached out to apple.

We'll see.

I just wish that their rejection message had some better error indication.


On 11/27/20 5:09 PM, Suresh Ramasubramanian wrote:
The last section “contact us” in this page has instructions on how to reach out 
to Apple to resolve such blocks. If you’re a sender / esp please follow the 
best practices listed on that page before you reach out

https://support.apple.com/en-asia/HT204137

-srs

--srs

From: mailop <mailto:mailop-boun...@mailop.org> on 
behalf of Geoff Mulligan via mailop 
<mailto:mailop@mailop.org>
Sent: Saturday, November 28, 2020 4:26:43 AM
To: mailop@mailop.org<mailto:mailop@mailop.org> 
<mailto:mailop@mailop.org>
Subject: [mailop] diagnosing me.com and mac.com rejections

Is there anyone that has experience diagnosing issues when sending to
mac.com/me.com/icloud.com?

I have been sending to apple for ages without a problem.  Some time in
past month (maybe two) I started getting rejections?

Nothing in the message seems to help diagnose the issue.  It just says
rejected due to local policy?

Thanks,
Geoff

___
mailop mailing list
mailop@mailop.org<mailto:mailop@mailop.org>
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] diagnosing me.com and mac.com rejections

[Suresh Ramasubramanian via mailop]

The last section “contact us” in this page has instructions on how to reach out 
to Apple to resolve such blocks. If you’re a sender / esp please follow the 
best practices listed on that page before you reach out

https://support.apple.com/en-asia/HT204137

-srs

--srs

From: mailop  on behalf of Geoff Mulligan via mailop 

Sent: Saturday, November 28, 2020 4:26:43 AM
To: mailop@mailop.org 
Subject: [mailop] diagnosing me.com and mac.com rejections

Is there anyone that has experience diagnosing issues when sending to
mac.com/me.com/icloud.com?

I have been sending to apple for ages without a problem.  Some time in
past month (maybe two) I started getting rejections?

Nothing in the message seems to help diagnose the issue.  It just says
rejected due to local policy?

Thanks,
Geoff

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] JSON mail server logs ?

[Suresh Ramasubramanian via mailop]

Been around for at least 4 years now.

https://blog.cadena-it.com/monitor-backup/exim-logstash-elasticsearch-kibana/

On 20/11/20, 3:44 PM, "mailop on behalf of Peter N. M. Hansteen via mailop" 
 wrote:

On Fri, Nov 20, 2020 at 08:01:36AM +, Andrew C Aitchison via mailop 
wrote:
> 
> The has been a request for Exim to have the ability to save the
> server mainlog in json format 'to make it easier to "consume" it'
> https://bugs.exim.org/show_bug.cgi?id=2610
> 
> The developers would like to use a "standard" schema;
> does anyone use or know of a JSON schema for mail servers logs ?

I would suggest looking at what happens in elasticsearch-land for this.

The more useful approach in my opinion is to not mess with the log format
at the source -- operators there will likely have scriptery to extract 
useful
data from the existing format -- but rather parse at ingest to your 
logstash/
elastic/whatever-that-does-JSON

I would not be terribly surprised to find that somebody has already found a 
way
to ingest exim logs into elastic.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] JSON mail server logs ?

[Suresh Ramasubramanian via mailop]

I've seen stuff like this that converts postfix logs into json and exports them 
to elasticsearch

https://nxlog.co/documentation/nxlog-user-guide/postfix.html

On 20/11/20, 1:46 PM, "mailop on behalf of Andrew C Aitchison via mailop" 
 wrote:


The has been a request for Exim to have the ability to save the
server mainlog in json format 'to make it easier to "consume" it'
 https://bugs.exim.org/show_bug.cgi?id=2610

The developers would like to use a "standard" schema;
does anyone use or know of a JSON schema for mail servers logs ?

Thanks,

-- 
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SSL Cert and Reputation Question

[Suresh Ramasubramanian via mailop]

As a threat intel and anti spam person please thank your customer for the new 
idea, it sounds eminently workable

--srs

From: mailop  on behalf of Tonya Gordon via mailop 

Sent: Friday, November 13, 2020 8:01:00 PM
To: mailop@mailop.org 
Subject: [mailop] SSL Cert and Reputation Question

Good morning! Does anyone have any insight into the following question we 
received  from a customer?

“If we're using a wildcard SSL cert across multiple sending/bounce/tracking 
domain configurations, will ISPs then associate those configs together and 
thereby begin to cross-pollinate their email reputations similar to how they 
would if, say, we shared a single bounce domain across multiple sending 
domains?”

Thanks!
Tonya
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Maximum message size

[Suresh Ramasubramanian via mailop]

“be conservative in what yoyu send and generous in what you accept” has its 
uses when you separate your inbound and outbound mtas. Discuss.

From: mailop  on behalf of Sidsel Jensen via mailop 

Reply to: Sidsel Jensen 
Date: Saturday, 24 October 2020 at 5:50 PM
To: mailop 
Subject: Re: [mailop] Maximum message size

On 23 Oct 2020, at 20.08, Michael Peddemors via mailop 
mailto:mailop@mailop.org>> wrote:

By default we still distribute with a 10MG maximum size, but frankly almost all 
of our customers has bumped it to the maximum we recommend, which is 20MG.  
(the odd one even went to 30, but we don't recommend that)

Too bad this isnt' escalated to a recommended standard.

How about we use this as a chance to discuss this with other groups such as 
M3AAWG and IETF, to try to come up with a written consensus for others to 
follow.. (I think gmail still has the 25MG max size, but someone can correct me 
on that)

Hi Michael

Looks like nobody answered you on that point regarding discussion of and 
finding some sort of consensus on the size limits on mails.
I for one, think it sounds like a good idea for a discussion point in M3AAWG 
and/or IETF. *thumbs up*

The result for us, is that we have fx. specific error msgs for customers adding 
attachments which are above the limits for fx. what Hotmail and Microsoft 
accepts.

Result: "550 5.7.1 Message size 95566050b too big for delivery to 
hotmail.com (31457280b max)" (in 00:00:00.005)
Result: "550 5.7.1 Message size 32635093b too big for delivery to 
live.nl (31457280b max)" (in 00:00:00.002)
Result: "550 5.7.1 Message size 41809588b too big for delivery to 
live.se (31457280b max)" (in 00:00:00.002)

- right now it’s a manual task to maintain and review these once in a while.
(Aka a pet - not cattle…) Sounds like others have a similar problem.

I believe our limit right now is 100MB.

Kind Regards,
Sidsel Jensen
Team manager Mail & Abuse, Systems Engineer @ One.com


On 2020-10-23 10:48 a.m., Evert Mouw via mailop wrote:

On 10/23/20 7:23 PM, Adam Moffett via mailop wrote:

I'm at 200MB maximum message size and have someone requesting we increase that 
limit.

Is there any current consensus on what it should be?
Current default max. message size for Postfix configurations:
message_size_limit (default: 1024) / The maximal size in bytes of a 
message, including envelope information.
http://www.postfix.org/postconf.5.html
Also Microsoft Exchange 2019 has a default limit of 10 MB.
https://docs.microsoft.com/en-us/exchange/mail-flow/message-size-limits?view=exchserver-2019
Increase the limit all you want but don't expect other parties to accept or 
deliver large messages. I would not increase, but DEcrease the limit in your 
case. Learn the user to use other file transfer methods, or if you like 
Thunderbird, check this:
https://support.mozilla.org/en-US/kb/filelink-large-attachments
Regards, Evert
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop









___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Maximum message size

[Suresh Ramasubramanian via mailop]

Most if not all places ask that you use a file sharing solution - google drive, 
box etc for large files.

--srs

From: mailop  on behalf of Adam Moffett via mailop 

Sent: Friday, October 23, 2020 11:17:00 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Maximum message size

Yes, it was set to 200MB years ago by request of an engineer sending CAD files.
Now I have someone else who wants it larger.

Meanwhile I have found in Google searching that GMail allows 25MB and I believe 
O365 is 150MB max.

My initial impulse was to say no to this request because I'm aware of the DOS 
possibilities with large email sizes, but I thought I'd ask the community to 
see if I'm behind the times on what we think is too large.



-- Original Message --
From: "Suresh Ramasubramanian" mailto:ops.li...@gmail.com>>
To: "Adam Moffett" mailto:a...@plexicomm.net>>; 
"mailop@mailop.org<mailto:mailop@mailop.org>" 
mailto:mailop@mailop.org>>
Sent: 10/23/2020 1:39:06 PM
Subject: Re: [mailop] Maximum message size

How many providers are going to accept 200 mb emails if you enable this and 
someone then tries to send one out?

--srs

From: mailop mailto:mailop-boun...@mailop.org>> on 
behalf of Adam Moffett via mailop mailto:mailop@mailop.org>>
Sent: Friday, October 23, 2020 10:53:51 PM
To: mailop@mailop.org<mailto:mailop@mailop.org> 
mailto:mailop@mailop.org>>
Subject: [mailop] Maximum message size

I'm at 200MB maximum message size and have someone requesting we increase that 
limit.

Is there any current consensus on what it should be?


-- Adam Moffett, Network Engineer
Plexicomm - Internet Solutions | www.plexicomm.net
Office: 1.866.759.4678 x104

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Maximum message size

[Suresh Ramasubramanian via mailop]

Some of the largest emails I’m seeing over the years are random spams with huge 
amounts of hashbuster text, that figure out that many spam filters will skip 
scanning overly large emails.  Most regular users these days appear to know 
about and use file sharing services.

--srs

From: mailop  on behalf of Michael Peddemors via 
mailop 
Sent: Friday, October 23, 2020 11:38:53 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Maximum message size

By default we still distribute with a 10MG maximum size, but frankly
almost all of our customers has bumped it to the maximum we recommend,
which is 20MG.  (the odd one even went to 30, but we don't recommend that)

Too bad this isnt' escalated to a recommended standard.

How about we use this as a chance to discuss this with other groups such
as M3AAWG and IETF, to try to come up with a written consensus for
others to follow.. (I think gmail still has the 25MG max size, but
someone can correct me on that)

On 2020-10-23 10:48 a.m., Evert Mouw via mailop wrote:
> On 10/23/20 7:23 PM, Adam Moffett via mailop wrote:
>> I'm at 200MB maximum message size and have someone requesting we
>> increase that limit.
>>
>> Is there any current consensus on what it should be?
>>
>
> Current default max. message size for Postfix configurations:
>
> message_size_limit (default: 1024) / The maximal size in bytes of a
> message, including envelope information.
>
> http://www.postfix.org/postconf.5.html
>
> Also Microsoft Exchange 2019 has a default limit of 10 MB.
>
> https://docs.microsoft.com/en-us/exchange/mail-flow/message-size-limits?view=exchserver-2019
>
> Increase the limit all you want but don't expect other parties to accept
> or deliver large messages. I would not increase, but DEcrease the limit
> in your case. Learn the user to use other file transfer methods, or if
> you like Thunderbird, check this:
>
> https://support.mozilla.org/en-US/kb/filelink-large-attachments
>
> Regards, Evert
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Maximum message size

[Suresh Ramasubramanian via mailop]

How many providers are going to accept 200 mb emails if you enable this and 
someone then tries to send one out?

--srs

From: mailop  on behalf of Adam Moffett via mailop 

Sent: Friday, October 23, 2020 10:53:51 PM
To: mailop@mailop.org 
Subject: [mailop] Maximum message size

I'm at 200MB maximum message size and have someone requesting we increase that 
limit.

Is there any current consensus on what it should be?


-- Adam Moffett, Network Engineer
Plexicomm - Internet Solutions | www.plexicomm.net
Office: 1.866.759.4678 x104

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Adapter form IBM Notes to something more standard?

[Suresh Ramasubramanian via mailop]

Your administrator will need to enable these.

On 23/09/20, 1:43 PM, "mailop on behalf of Daniele Nicolodi via mailop" 
 wrote:

Thanks Suresh.

I am just an user in this case. Is the IMAP/SMTP support something that
needs to be enabled on the Domino server, or is it always available?

Thank you.

Cheers,
Dan


On 23/09/2020 03:53, Suresh Ramasubramanian via mailop wrote:
> If you're asking about just IMAP / SMTP over SSL both these are supported 
by Domino
> 
> So if your users don't want to use the Notes client, that's just fine for 
most things (for example if their notes ID file needs to be renewed they can't 
do that with Thunderbird or Outlook).
> 
> --srs
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Adapter form IBM Notes to something more standard?

[Suresh Ramasubramanian via mailop]

If you're asking about just IMAP / SMTP over SSL both these are supported by 
Domino

So if your users don't want to use the Notes client, that's just fine for most 
things (for example if their notes ID file needs to be renewed they can't do 
that with Thunderbird or Outlook).

--srs

On 23/09/20, 3:11 AM, "mailop on behalf of Daniele Nicolodi via mailop" 
 wrote:

Hello,

sorry for the loosely connected topic, but I don't know a better place
where to ask. Is there a way or a third party tool that allows to
somehow interoperate with an IBM Notes server, similarly to what Davmail
http://davmail.sourceforge.net/ does for Exchange?

Thank you.

Cheers,
Dan

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] firebasestorage.googleapis.com any legitimate uses?

[Suresh Ramasubramanian via mailop]

Also page.link which seems to be a firebase hosted / google owned shortener

Sample hxxps://fv01zz75.page.link/amTC redirecting to 
hxxp://dach-sovet.ru/opros?utm=2

On 27/08/20, 6:22 PM, "mailop on behalf of micah anderson via mailop" 
 wrote:


Hi,

Benoit Panizzon via mailop  writes:

> In the last couple of days we face an increasing amount of phishing
> sites hosted @ firebasestorage.googleapis.com targeting our customers.

We have been hit by the same, although strangely it has not been
happening so much recently.

> Now I start to wonder, is this URI also being used in legitimate
> emails, or is it uniquely used in phishing emails and similar?

Unfortunately, it is used by legitimate emails. We had to be careful not
to block the false positives.

We reported quite actively the compromised domains, and at one point I
thought we had a inside contact who would help with this, but radio
silence.

-- 
micah

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] spearphishing

[Suresh Ramasubramanian via mailop]

Perfora is the mail platform for 1&1 - probably the largest webhost in Europe

They appear to provide outbound mail relays for their hosted servers instead of 
allowing all of them to send directly over smtp

--srs

From: mailop  on behalf of Eric Henson via mailop 

Sent: Monday, August 10, 2020 11:41:26 PM
To: mailop@mailop.org 
Subject: [mailop] spearphishing


Slightly sanitized headers: https://pastebin.com/w2JJj8TJ



Email pretends to be a Microsoft voicemail, with an attachment that uses 
javascript to open a URLEncoded page.



Image of page for the more cautious: https://imgur.com/WOpva4Q



broken hyperlink for the more adventurous:

ttps://objectstorage.us-sanjose-1.oraclecloud.com/n/axcdfbfimho2/b/bucket-dreamland20200806-0427/o/index.html#u...@example.com



You can edit the email address at the end to be whatever you like.



Microsoft has started putting the emails in the “Junk” folder, but Barracuda 
just lets them right on through. I’m opening a case with Barracuda as to why 
they can’t catch this, but I’m open to suggestions on other activities I can do.



I’ve seen about a dozen of these, targeting 3 finance-related employees. All 
are routed through perfora.net, which apparently has an open relay? Anyone know 
anything about that domain? I’m putting in a rule to block anything that has 
perfora.net in the header.









Eric Henson

Windows Server Team Manager

PFSweb, Inc.

m: 972.948.3424

www.pfsweb.com


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Suresh Ramasubramanian via mailop]

Hotmail webmail has been displaying logos for a very long time now, for some 
selected large senders.  They are the ones most likely to have data on attempts 
to bypass such logo displays.

--srs

From: Dave Crocker 
Sent: Sunday, July 26, 2020 3:19:05 AM
To: Suresh Ramasubramanian 
Cc: mailop@mailop.org 
Subject: Re: [mailop] BIMI pilot @ Google

On 7/25/2020 2:32 PM, Suresh Ramasubramanian via mailop wrote:
> Oh, all I’m saying is that presenting the logo without a proper check or
> after being fooled into a proper check would be a problem.  And there’d
> be some creative ways (css? logo included at random other places in the
> friendly from? etc) spammers would look at mimicking such a logo


spammers explore any avenue they can find that looks at all promising.
but just because they do something does not mean it is effective.

So, yes, I fully expect them to spoof -- where that means what the word
'spoof' actually means -- logos.  Whether it it will have an effect on
end-user deception is a different matter.

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Suresh Ramasubramanian via mailop]

Oh, all I’m saying is that presenting the logo without a proper check or after 
being fooled into a proper check would be a problem.  And there’d be some 
creative ways (css? logo included at random other places in the friendly from? 
etc) spammers would look at mimicking such a logo

--srs

From: mailop  on behalf of Dave Crocker via mailop 

Sent: Saturday, July 25, 2020 11:32:46 PM
To: mailop@mailop.org 
Subject: Re: [mailop] BIMI pilot @ Google

On 7/22/2020 3:45 PM, Marcel Becker via mailop wrote:
> However the majority of our users prefer meaningful avatars and brand
> logos in their email experience as it helps them identify email senders
> and it helps with them with triaging.


As others have noted, BIMI is a logo-display service, not a security
service.

To make this point a bit stronger:  BIMI provides no incremental
security-related capabilities, such as anti-phishing.

Claims that presenting logos to users aids in anti-phishing efforts are
counter-factual.  There's no data supporting the view that it's helpful
and substantial history that it isn't.

To the extent anyone disagrees with this assessment, it would be quite
helpful to see the data.

d/

--
Dave Crocker
Brandenburg InternetWorking
bbiw.net


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BIMI pilot @ Google

[Suresh Ramasubramanian via mailop]

You’re confusing authentication with reputation

A spam domain that signs itself is just emitting signed spam

On the other hand if your bank sends you authenticated mail that your server 
verifies you’re sure it is from their server and not from a hacked machine 
emitting bank phish

--srs

From: mailop  on behalf of Christian de Larrinaga 
via mailop 
Sent: Saturday, July 25, 2020 2:22:30 PM
To: mailop@mailop.org 
Subject: Re: [mailop] BIMI pilot @ Google

I am aware of DKIM and DMARC and SPF. You wil note this email address
which I self host uses all three. As  do all domains I run for email.

My question is is it useful?

- given so many lists even one dedicated to email management give "red"
unsigned flags

- that I get a ton of spam '/ phishing and such all beautifully signed
by DKIM even with DMARC etc. which not only get through that filtering
but also zen.spamhaus... etc

- given most email domains which  do use DKIM don't use strict and in
most cases for good reasons.

It may help  and that may be good enough for those tools. But clearly it
isn't a "solution". More a sticky plaster applied to do the job of a
tourniquet

C

On 24/07/2020 17:10, Robert L Mathews via mailop wrote:
> On 7/24/20 2:51 AM, Christian de Larrinaga via mailop wrote:
>
>> All emails on this list are showing with red DKIM signed boxes
> That's because this list alters the message From header and body without
> re-signing it. (If the list re-signed outgoing Mailman messages with a
> "mailop.org" DKIM signature, it would work.)
>
>
>> Is this useful?
> Sure: It's saying you got a message claiming to be from
> mailop@mailop.org that isn't signed by mailop.org, which is exactly what
> it's supposed to do.
>
> Whether one decides to trust something less based on that is a different
> matter. For example, I care about the DKIM verifier result for messages
> claiming to be from my bank, but I don't worry about it for list messages.
>
> That said, if every MUA showed DKIM results, I suspect there would be a
> lot more DKIM signing just based on the naive complaints it would
> generate. Few people cared about making sure their non-financial website
> used SSL until every browser started claiming it was "not secure".
>

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] anti-abuse policy in RIPE

[Suresh Ramasubramanian via mailop]

Is there any point to it Jordi?  The “we are not the internet police” crowd 
will make the same loud noises again and the initiative will be scuttled yet 
again.  Why is continuing to bang one’s head against intransigence a good idea?

From: mailop 
Date: Thursday, 2 April 2020 at 6:53 PM
To: mailop@mailop.org 
Subject: [mailop] anti-abuse policy in RIPE
(it will be good if someone not using DMARC can forward again this email back 
to the list, otherwise, many subscribers will not be able to see it - thanks!)

Hi all,

I'm new in the list (just a couple of days ago), but I think this is an 
important topic for this list ... so here is it.

I'm involved in a policy proposal in RIPE, for dealing with abuse:
https://www.ripe.net/participate/policies/proposals/2019-04

I've already been able to get this policy reaching consensus in APNIC (already 
implemented) and LACNIC (being implemented). Also have it in AFRINIC, ARIN and 
RIPE.

In the case of ARIN there is something similar, not optimal, but my proposal 
was not accepted. I will retry at some point.

In RIPE there is a split view on the policy, so didn't reached consensus yet. 
I'm right now about to get a new version published.

I think it is very relevant for this group to get involved in the list that 
will be discussing this new policy, in case you're not there already. So 
please, register and get ready for the discussion!

The policy will be discussed in anti-abuse WG:
https://www.ripe.net/participate/ripe/wg/anti-abuse

Link to the APNIC proposal:
https://www.apnic.net/community/policy/proposals/prop-125

Link to the LACNIC one:
https://politicas.lacnic.net/politicas/detail/id/LAC-2018-5/language/en

Thanks!

Regards,
Jordi
@jordipalet






**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spam from no-re...@sharepointonline.com via outbound.protection.outlook.com

[Suresh Ramasubramanian via mailop]

The solution is rather more complex but yes, what you describe might be a 
useful start.  Free accounts, hacked accounts, accounts bought using stolen 
cards .. so many vectors.  And then yet more vectors in just how you can abuse 
a service that can be coaxed into sending out mail with some customizations to 
various people.

Corporate job sites with “send this job posting to a friend, with a personal 
note”
Online calendars, documents, shared photos […]
Web forms

Not at all a new sort of abuse, Matt Wright’s formmail was pretty heavily 
abused even two decades ++ back.  But it has grown a lot more sophisticated and 
harder to lock down.

--srs

From: mailop 
Date: Sunday, 22 March 2020 at 2:16 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Spam from no-re...@sharepointonline.com via 
outbound.protection.outlook.com
Am 22.03.20 um 08:37 schrieb Suresh Ramasubramanian via mailop:
This is abuse of free trial accounts of office 365, and the document sharing 
that sharepoint allows.   Create a document with porn spam text and share it, 
with a porn spam spiel, with a big list of spam recipients.

That is the reply-to and not the originator of the email, I am not sure where 
you got originator from.

--srs


Ah thanks, that helps to understand! I'm not a Microsoft user, so I'm not 
really up to date on what kinds of products and services they offer.

The From: header and envelope sender address 
"no-re...@sharepointonline.com"<mailto:no-re...@sharepointonline.com> is just a 
mechanism to prevent automated replies and rejects from getting anywhere, so it 
can't be considered the originator.

I suspect that the Reply-To is somehow the "originator" because it's possibly 
the mail address associated with the account that is being used to spam, but 
that is just a guess as I don't know how Microsoft constructs the header 
contents for this kind of spam. If the assumption is true, one way Microsoft 
could suppress this kind of spam would be to refuse free trial registrations 
with such addresses or to restrict the sharepoint functionality for these 
accounts.

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] B2B Spam Filtering - Help

[Suresh Ramasubramanian via mailop]

All 3 are the same outfit – mail.com – currently operated by GMX

From: mailop 
Date: Wednesday, 18 March 2020 at 7:41 PM
To: mailop@mailop.org 
Subject: [mailop] B2B Spam Filtering - Help
Hi all,

A client of mine has been consistently seeing spam folder placement at several 
B2B ISPs, specifically: mail.com, post.com, USA.com. Does anyone have any 
direct contacts I can have to review an IP? We seem to be performing very well 
otherwise. Any help?

Thanks!

Anna


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Point of contact with mail.mil / reputation score issues

[Suresh Ramasubramanian via mailop]

Having dealt with such a thing before your only way to go is to have the 
military entity within DoD your client interacts with use their internal 
processes to report a false positive block.  Then hurry up and wait, as the old 
soldiers advice goes.


--srs


From: mailop  on behalf of Mark Keymer via mailop 

Sent: Thursday, January 16, 2020 2:05 AM
To: mailop@mailop.org
Subject: [mailop] Point of contact with mail.mil / reputation score issues

Hi,

I have a customer that is starting to get blocked by DoD Enterprise Mail
Gateway, due to reputation score. My clients primary customer is the
DoD. Looking for help to look into why there are reputation issues and
hopefully a resolution to getting mail flowing to the DoD again.

Feel free to reply directly if you can help.

Sincerely,

--
Mark Keymer


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Can someone write me a prescription for a sane MTA? I'm allergic to Postfix.

[Suresh Ramasubramanian via mailop]

I can recommend sendmail. Or Lotus Domino.

Either will work as an mta but more importantly they’ll cure you of your 
postfix allergy asap.

That said I use Exim too, try it by all means - it is quite nice plus you don’t 
need to switch to Debian for it or use Debians rather idiosyncratic multifile 
config either


--srs


From: mailop  on behalf of Brielle via mailop 

Sent: Friday, December 6, 2019 5:30 AM
To: mailop@mailop.org
Subject: Re: [mailop] Can someone write me a prescription for a sane MTA? I'm 
allergic to Postfix.

I use Exim, and have been for a lng time. The multi-file config
package in Debian is quite nice and makes it easy to configure and
customize.


On 12/5/2019 4:36 PM, Large Hadron Collider via mailop wrote:
> The subject says it all.
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Blank emails to office 365

[Suresh Ramasubramanian via mailop]

Headers and a sample body would be great (not hotmail or Microsoft here)

--srs


From: mailop  on behalf of Tim Bray via mailop 

Sent: Tuesday, November 26, 2019 3:40 PM
To: mailop@mailop.org
Subject: [mailop] Blank emails to office 365

Hi,

Weird problem.

We have a system that sends order updates to our customers. Plain text
emails.  Not changed for years. Same system, same customers.

We suddenly have a problem  for some where customers receive the email,
but it looks blank.  The problem has only occurred with people using
office365.

MX always  *.protection.outlook.com.

Maybe the email is just a bit too plain for modern email system?


Any ideas?

Tim


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] delivery problems from mimecast.com

[Suresh Ramasubramanian via mailop]

Ask Nat Borenstein, he runs Mimecast :). That said there are plenty of free CAs 
available that should work for you.

—srs

From: mailop  on behalf of Claus Assmann via mailop 

Sent: Wednesday, November 20, 2019 2:55 PM
To: mailop@mailop.org
Subject: [mailop] delivery problems from mimecast.com

Maybe someone can tell me how to avoid delivery problems from mimecst.com.
Here's what I noticed so far:

If my server offers STARTTLS mimecast aborts the handshake with a protocol error

Info about cipher and cert offered by mimecast as client:
cipher=ECDHE-RSA-AES256-GCM-SHA384,
cert_subject=/C=GB/L=London/O=Mimecast+20Services+20Limited/OU=Technical+20Operations/CN=*.mimecast.com,
cert_issuer=/C=US/O=DigiCert+20Inc/CN=DigiCert+20Global+20CA+20G2,
and then:
description=error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate 
unknown, file=s3_pkt.c, line=1498, text=SSL alert number 46

seemingly because it does not like my (self-signed) cert.

If I turn off STARTTLS, mail delivery used to be ok, e.g.:

Received: from us-smtp-delivery-171.mimecast.com 
(us-smtp-delivery-171.mimecast.com. [216.205.24.171])
by kiel.esmtp.org (MeTA1-1.1.Alpha13.1) with ESMTP
id S419800; Thu, 7 Nov 2019 20:22:07 +0100
Received: from NAM05-CO1-obe.outbound.protection.outlook.com
(mail-co1nam05lp2052.outbound.protection.outlook.com [104.47.48.52]) (Using
TLS) by relay.mimecast.com with ESMTP id
us-mta-191-n-oFfjTNO3eIMfTTPpry7g-1; Thu, 07 Nov 2019 14:22:02 -0500

but almost immediately thereafter all sessions failed: mimecast did
not start any transaction and I do not know why -- maybe they require
STARTTLS now?

Unfortunately it isn't easy for me to get an "official" cert, and
that should not be a requirement anyway.

So how do I get mails from mimecast?

TIA,

Claus Assmann

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Junk filtering as a tool for unfair competition

[Suresh Ramasubramanian via mailop]

On 24/10/19, 11:43 AM, "mailop on behalf of Thomas Walter via mailop" 
 wrote:

>Users can not be trusted to categorize emails.

Not one user no.  Neither can a single voter be trusted with the decision of 
who gets to rule a country.

Yes sometimes the aggregate of all the voters - or all the users at a provider 
- might get it wrong, and you then end up with [insert politiican's name here] 
or [university alerts getting misfiled] 

That's still better than some omniscient postmaster deciding what's spam and 
what's legit.

--srs 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any t-online.de admins here?

[Suresh Ramasubramanian]

Giving your users IMAP might be an interesting idea.

 

From: mailop  on behalf of Eike Armbrust 

Date: Friday, 25 January 2019 at 4:19 PM
To: "mailop@mailop.org" 
Subject: [mailop] Any t-online.de admins here?

 

Hello everyone! 

 

For the third time in the last three months one of our mail servers was 
blacklisted by T-Online. In all cases the reason for being blacklisted was that 
users had an automated forwarding to T-Online and one(!) uncaught spam email 
got forwarded.

 

 

 

Eike Armbrust
Rechenzentrum

Ostfalia Hochschule für angewandte Wissenschaften
— Hochschule Braunschweig/Wolfenbüttel 
Rechenzentrum
Salzdahlumer Straße 46/48
38302 Wolfenbüttel

Tel.:   +49 5331 939 19410
Fax:   +49 5331 939 19004
E-Mail:   eike.armbr...@ostfalia.de
Internet: www.ostfalia.de/rz

___ mailop mailing list 
mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any iCloud admins on this list?

[Suresh Ramasubramanian]

Please follow this process - https://support.apple.com/en-us/HT204137

--srs


From: mailop  on behalf of Scott Southard via mailop 

Sent: Wednesday, January 16, 2019 1:57 AM
To: mailop@mailop.org
Subject: [mailop] Any iCloud admins on this list?

Hey everyone,
We're seeing some consistent bounces coming from iCloud domains across our IPs 
and not 100% sure why. If there are any admins on this list, I'd be eternally 
grateful if you could email me off the list.

Thanks!

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail - Anybody out there from Gmail, willing to assist with strange reputation issue

[Suresh Ramasubramanian]

Is it hard to remove them from your service for non compliance with your terms 
of use policy as well?

On 03/09/18, 5:44 PM, "mailop on behalf of Jan Schapmans" 
 wrote:

- customer is doing some bad practices and it's hard to make them change :-)





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Orange.fr and Wanadoo.fr Hardbounces

[Suresh Ramasubramanian]

For a 1990s throwback, here is the website for xmailserver

http://www.xmailserver.org/

On 05/07/18, 4:56 PM, "mailop on behalf of Benoit Panizzon" 
 wrote:

Hi Erme

I've seen similar problems with ISP using, as I recall, something
sounding like 'xmailserver' as SMTP Server.

That Server has a very serious bug, instead of rejecting invalid
recipients during the 'rcpt to' handshake, it does this after 'data'
has been initiated by issuing a human readable message telling what
recipient was invalid.

This of course breaks all mailing lists or newsletter tools which send
emails to as many recipients as possible to lower resource consumption.

If one destination address becomes invalid, this leads to mass
unsubscription of valid email addresses on tools like mailman.

So Maybe France Telecom switched to such a mailserver?

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from Yahoo ?

[Suresh Ramasubramanian]

Observe what issue?  Looks like a block that is still in place so you need to 
reach out to Yahoo.

 

From: mailop  on behalf of Vaibhav 

Date: Thursday, 10 May 2018 at 10:24 AM
To: 
Subject: [mailop] Anyone from Yahoo ?

 

Hi Everyone,

Anyone from Yahoo over here ? We are facing blocking at Yahoo for one of our 
Banking domain where we tried to reach out yahoo postmaster team. As per 
postmaster they have resolve the issue but we are still unable to delivery 
email. 

We are getting below SMTP error code. We tried to send mails with HTML , Plain 
text, Blank emails without content still the issue persist. 

554 Message not allowed - [PH01] Email not accepted for policy reasons. Please 
visit https://help.yahoo.com/kb/postmaster/SLN5067.html [120]

Looks like false positive over here. Anyone observe the same issue ?

--Vaibhav

 

___ mailop mailing list 
mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Icloud Dmarc policy rejection

[Suresh Ramasubramanian]

Headers and delivery logs would be great. Please reach out at 
icloudad...@apple.com

https://support.apple.com/en-us/HT204137

—srs


From: mailop  on behalf of Andy Onofrei via mailop 

Sent: Tuesday, April 24, 2018 3:26:48 PM
To: mailop@mailop.org
Subject: [mailop] Icloud Dmarc policy rejection

Hi Guys,

We have an issue with one of our clients which are sending to Icloud. They have 
a p=rejection policy and all his emails to Icloud is getting bounce because of 
dmarc policy.
I have personally tested and Dmarc is passing when sending from our servers.
We are signing the dkim with the client sending domain ( the same as the from 
address) , however we use our returnpath in order to collect bounces.

Anyone has encountered the same issue with icloud ?

Thx
Andrei Onofrei
Microsoft Dynamics 365
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] question regarding support for international characters

[Suresh Ramasubramanian]

The subject is fine. Email addresses have a very limited character set 
possible. Received headers had better stay pure ASCII.  Would that work?


From: mailop  on behalf of Annalivia Ford 

Sent: Monday, April 9, 2018 3:52:14 PM
To: mailop@mailop.org
Subject: [mailop] question regarding support for international characters

Hello folks

I've been tasked with finding out what the general consensus is on the support 
in email headers for International characters such as  UTF-8 Charcacters and 
including things like accented characters like é and å and can also include 
Asian and Cyrillic characters.

I know there's an RFC from 2012, but my Product Dev people are interested in 
knowing how wide-spread the actual adoption is.

If anyone would be willing to share, it would be greatly appreciated.


Regards,

Annalivia Ford
Email Services Manager, EMEA
[IBM Cognitive Engagement | Watson Marketing | Watson Commerce | Watson 
Marketing] 
[IBM Watson]
Phone: +31 (0)6 53 32 34 44
eMail: annalivi...@nl.ibm.com




Tenzij hierboven anders aangegeven: / Unless stated otherwise above:
IBM Nederland B.V.
Gevestigd te Amsterdam
Inschrijving Handelsregister Amsterdam Nr. 33054214
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [OUTLOOK] Michael, Can you jump on shutting down this Fake Apple Sender right away

[Suresh Ramasubramanian]

Thanks, much appreciated 









On Thu, Mar 1, 2018 at 5:16 PM -0800, "Michael Peddemors" 
<mich...@linuxmagic.com> wrote:










Sorry, very busy day with other hats on today..

from your Apple ID account page at 
https://appleid.apple.com/

But I think someone snipped that URL already..

On 18-03-01 02:09 PM, Suresh Ramasubramanian wrote:
> Got a phish URL for me? Thanks.  Not sure I saw the previous email to this one
> 
> --srs
> 
> On 01/03/18, 2:04 PM, "mailop on behalf of Michael Rathbun"  wrote:
> 
>  On Thu, 1 Mar 2018 11:00:07 -0800, Michael Peddemors 
>  wrote:
>  
>  >From: Apple 
>  
>  >Typical Phishing/Fraud..
>  >
>  >Surprised that one got out..
>  
>  It's been a few years since I had an office a few doors down from Michael
>  Wise's, but our battle against fraudulent signups for onmicrosoft 
> accounts
>  reminded me of what we went through when I was doing Policy Enforcement 
> for
>  one of the major dialup providers in Dallas, back in the days of All You 
> Can
>  Eat For Twenty Dollars.  Credit card database, caller ID database, 
> monitored
>  probations, exit filtering, real-time SMTP transaction monitoring...
>  
>  If there is a resource, it will be exploited.
>  
>  mdr
>  --
>  "Honest folk do not wear masks when they enter a bank."
> -- Unspiek, Baron Bodissey
>  
>  
>  ___
>  mailop mailing list
>  mailop@mailop.org
>  https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>  
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 



-- 
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [OUTLOOK] Michael, Can you jump on shutting down this Fake Apple Sender right away

[Suresh Ramasubramanian]

Got a phish URL for me? Thanks.  Not sure I saw the previous email to this one

--srs

On 01/03/18, 2:04 PM, "mailop on behalf of Michael Rathbun" 
 wrote:

On Thu, 1 Mar 2018 11:00:07 -0800, Michael Peddemors 

wrote:

>From: Apple 

>Typical Phishing/Fraud..
>
>Surprised that one got out..

It's been a few years since I had an office a few doors down from Michael
Wise's, but our battle against fraudulent signups for onmicrosoft accounts
reminded me of what we went through when I was doing Policy Enforcement for
one of the major dialup providers in Dallas, back in the days of All You Can
Eat For Twenty Dollars.  Credit card database, caller ID database, monitored
probations, exit filtering, real-time SMTP transaction monitoring...

If there is a resource, it will be exploited.

mdr
-- 
"Honest folk do not wear masks when they enter a bank."
   -- Unspiek, Baron Bodissey


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GSuites looking too closely at first-hop Received: headers?

[Suresh Ramasubramanian]

Out here there’s just apricot apnic meetings and sanog.



_
From: Philip Paeps <phi...@trouble.is>
Sent: Tuesday, February 27, 2018 4:56 AM
Subject: Re: [mailop] GSuites looking too closely at first-hop Received: 
headers?
To: mailop <mailop@mailop.org>


On 2018-02-27 18:18:49 (+0545), Suresh Ramasubramanian wrote:
> That is the apricot conference AS and netblock - used only for the 
> apricot conference and not random IP space provided by a local ISP in 
> Kathmandu where you currently are.
> Quite clean but it won’t get used at all between conferences.

I wasn't aware APRICOT space went unused between events.  In the RIPE 
NCC region, the address space temporarily allocated to conferences gets 
allocated to several events annually and develops quite an interesting 
aroma as a consequence. :)

Thanks for correcting me.

But still ... GSuites wasn't happy with the APRICOT network space in the 
first Received: hop.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GSuites looking too closely at first-hop Received: headers?

[Suresh Ramasubramanian]

That is the apricot conference AS and netblock - used only for 
the apricot conference and not random IP space provided by a local ISP in 
Kathmandu where you currently are.
Quite clean but it won’t get used at all between conferences.









On Mon, Feb 26, 2018 at 10:48 PM -0800, "Philip Paeps"  
wrote:



















I'm at a conference this week, sending email from very untrustworthy IP space.  
Of course I'm relaying through my usual servers.



Sending mail to a GSuites mailing list (or do they call them "groups"?) gets 
250 accepted but does not actually arrive on the list.  I don't get a copy (I'm 
subscribed to the list) and other subscribers confirm out of band that they 
don't see my email either (they looked in their spam folders too).



I did a couple of experiments.



A message with the first Received: header as follows does not arrive on a 
GSuites-hosted mailing list (despite being 250 accepted):

Received: from twoflower.trouble.is (254.158.dhcp.conference.apricot.net 
[220.247.158.254])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
(Authenticated sender: philip)
by rincewind.trouble.is (Postfix) with ESMTPSA id 3zr7nV5QjfzttZ
for ; Tue, 27 Feb 2018 06:19:10 + (UTC)




An identical message with the first Received like this does arrive:

Received: from twoflower.trouble.is (localhost [127.0.0.1])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
(Authenticated sender: philip)
by rincewind.trouble.is (Postfix) with ESMTPSA id 3zr7xw1W8xztth
for ; Tue, 27 Feb 2018 06:26:28 + (UTC)




The intermediate relays (between my laptop - twoflower.trouble.is) and the 
Google machine reporting 250 are identical.  IPv4 or IPv6 makes no difference.  
Content and other headers also substantially identical (modulo timestamps, 
queue ids and Message-ID).  Domain does SPF and DKIM (but not DMARC).



Simply rewriting the mumble-mumble-dhcp-mumble and the dodgy origin address 
with localhost gets the email delivered.



Note that as far as I can tell this is only true for GSuites (and I've only 
tried one list).  Mail to GMail seems to be working fine.



Of course relays do get compromised from time to time, so peeking at the first 
hop is not a completely crazy thing for GSuites to do.  But silently dropping 
the email after accepting feels a little disproportionate.  Perhaps a 451 would 
be more appropriate?



I have no way of knowing if GSuites is actually looking too closely at my 
first-hop Received: headers but that's the only theory I can come up with for 
my emails not arriving on that GSuites list.



Has anyone else seen this?  Brandon, can you comment if this is something to 
beware of?



Thanks.



Philip



-- 

Philip Paeps

Senior Reality Engineer

Ministry of Information









___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

[Suresh Ramasubramanian]

Does this code by Steve Freegard just use curl or does it follow javascript 
redirects?(haven't checked yet)

For curl all you need is curl -sIL and look for the Location: tagged lines

But that won't follow anything that depends on javascript instead of http 
redirects to reach the final destination.

--srs

On 21/02/18, 12:50 PM, "mailop on behalf of Daniele Duca" 
 wrote:

On 21/02/2018 06:40, Philip Paeps wrote:

>
> I wonder if anyone has written comprehensive SpamAssassin rules to 
> score shortened URLs?
>
> It occurs to me that a milter to expand the shortened URLs would also 
> be very useful.
If you use SA take a look at https://github.com/smfreegard/DecodeShortURLs

It follows shorteners and, when the final URL is reached, it's domain is 
added to the list of domains to be checked against dnsbls

Useful for shorteners, however lately I noticed that a lot of spam 
campaigns instead of using shorteners use a vast amount of hacked 
websites that only redirects you to the final url.

Regards
Daniele Duca

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Postmaster contact for 1&1

[Suresh Ramasubramanian]

His users might want to receive mail from 1&1 users, and 1&1 outbounds being on 
spamhaus stops this from happening?

In cases like this, it is up to 1&1 to work out the block, rather than 
expecting operators to put in place a whitelist.

--srs

On 14/02/18, 3:17 PM, "mailop on behalf of Stefan Haunß" 
 wrote:

Scott,

if you could describe your problem a bit more detailed you might get
helped. why do you care of outbound IPs listed on spamhaus? are you a
1and1 customer?

Cheers,
Stefan


On 02/14/2018 06:13 AM, - - wrote:
> Y'all have your outbound listed on spamhaus and I'm taking a lot of heat
> for deliverability issues from your space. Please contact me or request
> spamhaus removal for your outbounds. Your courteous support staff hung
> up on me when I tried to explain that the AUP code I had would not make
> sense to your deliverabilty team. 
> 
> Thanks in advance. 
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Earthlink Unblock Requests

[Suresh Ramasubramanian]

+1 to Al.  Also I thought the fun old days of obscure dnsbls run by cranks was 
long gone, I’m happy (!) to see that nothing much has changed.

--srs

> On 18-Oct-2017, at 6:39 AM, Al Iverson  wrote:
> 
> This is uncalled for. Casey is a very nice person who has worked in
> the email industry for years, and many of us know him from his days at
> Return Path.
> 
> Regards,
> Al Iverson

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Help with a header.

[Suresh Ramasubramanian]

Way way coincidental that an old nanae regulars email is in the headers and 

> The biggest clue for me was the gap in time stamps, as if something was 
> periodically polling the original Gmail mailbox.

#NotAllClients

Especially not procmail feeding to a random spam reporting perl script which is 
what I suspect this is.

--srs

> On 29-Sep-2017, at 10:31 PM, Brandon Long via mailop  
> wrote:
> 
> Most clients which support 'bounce' add resent headers.
> 
> This looks like dkim replay.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Help with a header.

[Suresh Ramasubramanian]

Mutt / pine call it a bounce - it just adds your own headers on top of the 
original email’s and redirects it to a new address.

So the original recipient was strredwolf and he redirected it that way 

--srs

> On 29-Sep-2017, at 9:05 AM, Grant Taylor <gtay...@tnetconsulting.net> wrote:
> 
>> On Sep 28, 2017, at 8:25 PM, Suresh Ramasubramanian <ops.li...@gmail.com> 
>> wrote:
>> Bounce feature in pine / elm / mutt
> 
> Wouldn't a bounce to back to the original sender?
> 
> Or are you suggesting that the message is being redirected using similar 
> technology?
> 
>> The strredwolf guy is an antispammer who used to be regular on nanae so old 
>> fashioned enough to still use this
> 
> IMHO there's nothing wrong with old fashioned.
> 
> 
> 
> -- 
> Grant. . . .
> unix || die

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Help with a header.

[Suresh Ramasubramanian]

Bounce feature in pine / elm / mutt

The strredwolf guy is an antispammer who used to be regular on nanae so old 
fashioned enough to still use this 

--srs

> On 29-Sep-2017, at 5:28 AM, Grant Taylor via mailop  wrote:
> 
>> On 09/28/2017 04:38 PM, Luke Martinez via mailop wrote:
>> I'm a little confused as to what is going on here.
> 
> This is probably one of the weirder message traces I've seen.
> 
>> The message gets delivered to a tagged gmail address, and then it somehow 
>> ends up getting forwarded from a hetzner IP 
>> (2a01:4f8:151:4061:ed1d:9de7:f8b0:95c8) using a bogus Return-Path (7eb.ckc) 
>> to some other gmail address (strredw...@gmail.com 
>> ).
> 
> I replied directly with more details.
> 
> TL;DR:  It looks like something running on tocs-devices.loveatomic.com 
> (2a01:4f8:151:4061:ed1d:9de7:f8b0:95c8) received the message from the 
> original Gmail mailbox, med.abattouy+f...@gmail.com, and then forwarded the 
> message to the second Gmail mailbox, strredw...@gmail.com.
> 
>> Maybe its late and I'm missing something, but I can't put together a 
>> reasonable story from this header. Would appreciate any insights.
> 
> The biggest clue for me was the gap in time stamps, as if something was 
> periodically polling the original Gmail mailbox.
> 
>> Received: from tocs-devices.loveatomic.com (tocs-devices.loveatomic.com. 
>> [2a01:4f8:151:4061:ed1d:9de7:f8b0:95c8])
>>by mx.google.com with ESMTP id 68si2589689wmh.87.2017.09.16.05.09.30
>>for ;
>>Sat, 16 Sep 2017 05:09:30 -0700 (PDT)
> 
> I'd be curious to know what you find out.
> 
> 
> 
> -- 
> Grant. . . .
> unix || die
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Reg. Gmail Postmaster IP issue

[Suresh Ramasubramanian]

Or you have a new customer, or a new list, that has issues.  Considered that 
possibility?

 

From: mailop  on behalf of Vaibhav 

Date: Monday, 11 September 2017 at 1:22 PM
To: 
Subject: [mailop] Reg. Gmail Postmaster IP issue

 

I have observed that Gmail Postmaster showing all IP in BAD state for 9th Sept 
report. Does anyone observed the same ?

Seems like issue from Gmail Postmaster end. 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] myapple.com MX points to 127.0.0.6

[Suresh Ramasubramanian]

Ack from Apple.  

Peer - Please follow up offlist, I emailed you from my work address.

--srs

On 03-Sep-2017, at 7:19 PM, Aaron Richton  wrote:

>> On Sun, 3 Sep 2017, Peer Heinlein wrote:
>> 
>> Somebody here from Apple?
>> 
>> They're sending mails from @myapple.com which has MX-Records pointing to
> 
> If the @mac.com / iCloud teams are the same as @myapple.com (or perhaps they 
> have a referral?), you can try icloudad...@apple.com.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Suresh Ramasubramanian]

I’m afraid it is much like driving these days.  Or maybe manufacturing cars.

Back in the day any old inventor could tinker in his backyard and come up with 
something that had four wheels and an engine.   And driving it didn’t really 
need too much of a license.

These days, you get a much stricter driving test and still run the risk of 
accidents much more than in the old days when the only other traffic on the 
road was maybe a horse and buggy, (the way even a well-managed personal server 
still gets hacked) and actually manufacturing a car is much more complex and 
then needs to navigate a maze of regulatory approvals.

The internet of today isn’t what it was even 15 years back.  If only because 
malicious people are quite good at abusing the very same protocols that we use.


From: mailop  on behalf of Vittorio Bertola 

Date: Tuesday, 18 July 2017 at 6:46 PM
To: "mailop@mailop.org" , Tim Starr 
Subject: Re: [mailop] btinternet.com blacklist

The Internet is what it is exactly because anyone is allowed to connect a 
server to it and start doing what he wants, as long as he speaks the common 
protocols. But this is going away, and you are increasingly being told that if 
you want to stay online you should better stop doing things on your own and 
start using a Gmail account as well.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Suresh Ramasubramanian]

Back during the old nanae and spam-l days in the 90s and 2000s, whenever this 
came up, and it did a lot even with filters a lot less hair trigger than what 
we have today, the usual analogy wasn't people partying next door, it was 
usually compared to renting an apartment in a high crime area so cabbies and 
pizza delivery people wouldn't go there after dark, or most any time for that 
matter:

Yes all analogies suck in one way or the other

--srs

> On 10-Jul-2017, at 3:41 PM, Dom Latter  wrote:
> 
> It's like I move into a house and find that I am banned from having
> visitors because somebody once held a noisy party in the house next
> door.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Pharma Content to Microsoft

[Suresh Ramasubramanian]

You could email him directly you know ..

--srs

> On 24-Jun-2017, at 7:44 AM, Chris Truitt  wrote:
> 
> Hi Michael,
> 
> My name is ChrisTruitt. I handle deliverability for MNG Direct. The company 
> sends pharma content that is approved by a number of major pharma companies. 
> Content is sent strictly to health care practitioners. Things like clinical 
> trials and cancer treatment options are sent regularly to oncologists.
> 
> Over the last couple of months our open rates have dropped significantly. One 
> one of our IPs I spent two weeks sending to a core engaged group. We saw 
> better  opens but we never got out of the red in SNDS.
> 
> I'm told that there may be a way for us to make a distinction with Microsoft 
> as a legitimate sender of health and pharma content to separate ourselves 
> from illegitimate content. Our sending IPs are 168.245.17.146 and 
> 167.89.127.10.
> 
> Any guidance you can provide will be greatly appreciated.
> 
> Best regards,
> Chris Truitt
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What are "printing ASCII characters" RFC 850/2822 (was: Re: Lotus Notes and "250 2.6.0 Bad message, but will be delivered anyway"))

[Suresh Ramasubramanian]

Eh? I've not seen that, somehow

The typical notes message id is something like this - this is from an ancient 
version but the format hasn't changed 
Message-ID: 

--srs

> On 09-Jun-2017, at 7:52 PM, Benoit Panizzon  wrote:
> 
> The problem is that apparently lotus notes uses the § character in the
> Message-ID and amavis complains about it being an unencoded 8-bit
> character.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] So, about this iOS10 unsubscribe feature...

[Suresh Ramasubramanian]

Something that reproduces this issue would be great.  Saves us all playing the 
guessing game.

--srs

> On 24-May-2017, at 10:06 AM, Bill Cole 
>  wrote:
> 
> That is not a reasonable expectation.
> 
> 
> Or rather, it's a reasonable 90% expectation and maybe even 99% but there is 
> no assurance that a URL which is valid for a GET request will behave in the 
> same way in response to a POST request.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Zoho hat/reputation check

[Suresh Ramasubramanian]

They're mostly hosted email and ab...@zoho.com works.

--srs

> On 21-Apr-2017, at 9:16 PM, Steve Ratzlaff  wrote:
> 
> I'm not familiar at all with their abuse handling or history.  I don't recall 
> seeing them discussed, or having seen issues ourselves. Do they have similar 
> issues to other freemail providers?

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Suresh Ramasubramanian]

I have a hotmail account that I opened in 2000 

And yes, I do see the childish style of argument that you mention.

--srs

> On 27-Mar-2017, at 2:28 AM, John Levine  wrote:
> 
> But I can't help noticing that people keep trying to change the topic.
> Once again, nobody* has a problem with privacy protection for the
> small minority of domains registered by natural persons.  The problem
> is that the pro-crime crowd keep demanding that all the rest be
> anonymous or effectively anonymous, too.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Suresh Ramasubramanian]

Namecheap is in a minority as far as private registrations routing to the 
customer are concerned.

--srs

> On 26-Mar-2017, at 7:14 AM, Eric Tykwinski  wrote:
> 
> f there’s a private registration service not forwarding notices, than bring 
> them up and name and shame.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Suresh Ramasubramanian]

Oh, you were responding to a comment about some registrars (actually a single 
Chinese outfit that seems to get a resellership at  multiple tiny registrars) 
scraping Whois to convince domain name holders to switch their service right?

--srs

> On 26-Mar-2017, at 6:08 AM, Doug Barton  wrote:
> 
> FYI, you removed the attribution of the statement you're replying to
> here. That's generally considered rude in e-mail list circles.
> 
> On 03/25/2017 05:02 PM, Al Iverson wrote:
>>> And to John's objection to privacy for companies in another
>>> message, your outlook is unrealistic. It's often very important to
>>> secure names in advance for a project that hasn't been publicly
>>> announced (because once it's announced the speculators will swoop
>>> in). Not being able to mask ownership information for these
>>> domains, prior to the announcement, would be a serious business
>>> risk, and serve to stifle innovation around domain names.
>> 
>> Not seeing it.
> 
> Because your vision is too narrow. :)
> 
>> Company names in the US are public record with the state that
>> they're registered.
>> 
>> Want to trademark that business name in the US? That becomes part of
>> the public record, too.
> 
> You seem to be assuming that the only domains a company might want to 
> register refer to the name of their own company. That's not even close to 
> being accurate.
> 
> Companies register new domains for special projects, new ad campaigns, etc. 
> etc. There are all kinds of reasons companies register new domains, and may 
> want to temporarily hide the fact that their company is associated with it, 
> until that property or campaign becomes public knowledge.
> 
> But let's take your example of a new business. In today's economy your 
> on-line identity is a critical part of your company. It would be incredibly 
> foolish for a new company to go very far down the road of naming itself 
> without being certain that the right domain names associated with that name 
> are under their control. So there is likely not even a legal entity which 
> already exists at the time of the registration to effect the registration in 
> the first place.
> 
>> Companies often speculatively register domains, even speculatively
>> submit trademark applications today and most of them seem to do just
>> fine without having to eliminate or restrict WHOIS.
> 
> "There are more things in heaven and earth, Horatio ..."
> 
>> Don't want it registered to the main company? Register it to one of
>> your other LLCs.
> 
> As you so cleverly pointed out, those records are public, too.
> 
>> If you're a company registered in a US state, the company name,
>> registered agent, and incorporation info are public record. If you
>> are a company registering a domain name on the internet, I think
>> that registration information for that domain name should be at least
>> as public.
> 
> The fact that you think that is interesting, but not terribly relevant. All 
> you've stated is an opinion of what you think SHOULD happen. I've pointed out 
> numerous reasons why companies don't always want to do this now, and won't do 
> it in the future. If you want anyone to take your argument seriously you have 
> to show what harm will come from private registration.
> 
> If you prevent registrars from offering private registration services you'll 
> simply pave the way for people to offer their own registration agency 
> services to hold the registrations on behalf of those who don't want their 
> information public. So you'll push the problem outside the scope of ICANN 
> oversight, and then you're done. You cannot prevent people from contracting 
> with each other to provide/consume these services, and you cannot require 
> people that do to submit to ICANN oversight.
> 
> The answer is simple ... keep these services at the registrars, and exercise 
> reasonable restrictions on how they are provided. Those who need privacy can 
> have it, and those that need to contact the real registrant can do so with a 
> minimum of fuss.
> 
> Doug
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Suresh Ramasubramanian]

And maybe figure out which registrar it is that is trying to steal their 
customers and using whatever process ICANN has to stop them.

--srs

> On 26-Mar-2017, at 2:00 AM, Doug Barton  wrote:
> 
> A lot? Probably? But that's part of being a domain holder. IMO the registrars 
> should be doing a better job of educating the users.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Suresh Ramasubramanian]

The maawg abuse metrics, various studies on malware (and just how many domains 
malware use etc) might give you some numbers.

Add a lot more that target closed messaging platforms (skype/ fb / WhatsApp etc)

The volumes are staggeringly high as absolute numbers.  As Neil says, they're 
enough to keep threat intel analysts spending several hours a day doing nothing 
but identifying thousands of new domains after seeing just two or three in a 
particular phish or malware campaign.   

Search by registrant, search by IP, then identify related domains exhibiting 
the same behaviour and find a fresh set of registrants and IPs with their very 
own bunch of domains .. a never ending rathole.

There may be more domains registered by various domainers and parked for search 
monetisation / resale and such but they don't even count.  Among domains that 
are "in use" - seen by other mail, messaging, access etc systems - malicious 
domains far outnumber legitimate ones.

Spamhaus has data, surbl has data - but some registrars choose not to believe 
it. The more fool them. 

--srs

> On 25-Mar-2017, at 7:06 PM, Michael Orlitzky  wrote:
> 
> For the other perspective, what sort of abuse is stopped? How much does it 
> cost? How many scams, threats, etc. are avoided as a result, and how do those 
> numbers compare to the ones for the "privacy" side? Can someone list the ways 
> that the WHOIS data is used for good?

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Curious: Strange NDRs from gmail.

[Suresh Ramasubramanian]

The mailserver that originated the email that reached a destination and was 
bounced

 

https://tools.ietf.org/html/rfc6533

 

(and before that RFC 3464)

 

2.3.5 Remote-MTA field

 

   The value associated with the Remote-MTA DSN field is a printable

   ASCII representation of the name of the "remote" MTA that reported

   delivery status to the "reporting" MTA.

 

  remote-mta-field = "Remote-MTA" ":" mta-name-type ";" mta-name

 

   NOTE: The Remote-MTA field preserves the "while talking to"

   information that was provided in some pre-existing nondelivery

   reports.

 

   This field is optional.  It MUST NOT be included if no remote MTA was

   involved in the attempted delivery of the message to that recipient.

 

From: mailop  on behalf of Luke Martinez via mailop 

Reply-To: Luke Martinez 
Date: Thursday, 23 February 2017 at 1:14 PM
To: mailop 
Subject: Re: [mailop] Curious: Strange NDRs from gmail.

 

Super helpful. Thanks.

 

This may be a stupid question, but can you help me understand what "Remote-MTA" 
means in this context? I'm a little confused as to how that works. 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Offtopic: How does an taiwanese IRT work / ppt.cc URL shortening

[Suresh Ramasubramanian]

CHTD / Chunghwa Telecom is the Taiwanese phone company, fwiw. “We’re the phone 
company, we don’t have to care” applies particularly here – but they do respond 
if you can write to them in Chinese, and remain polite.

On 30/01/17, 1:03 AM, "mailop on behalf of John Levine" 
 wrote:

If you can write in Chinese, even Google Translate style Chinese,
that's slightly more likely to get an answer.  Hinet is a large ISP
and while not totally evil, is also not particularly responsive.





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft Blacklisting IPs

[Suresh Ramasubramanian]

Here's my guess - do you isolate forwarding traffic to its own cluster, or do 
you route it all through your usual outbounds?

If forwarded spam is getting mixed in with your regular mail stream let us say 
that hair trigger blocking won't be all that much of a surprise 

--srs

> On 17-Nov-2016, at 1:46 PM, Hetzner Blacklist Support  
> wrote:
> 
> Hello,
> 
> We're currently having some major issues with our IPs being blacklisted
> by Microsoft. I'm signed up for the SNDS and a huge amount of our IPs
> are "blocked due to user complaints or other evidence of spamming".
> 
> It's fairly easy to have the IPs delisted by filling out the "Sender
> Information for Outlook.com Delivery" form that Microsoft provides.
> However, that only allows up to a /24 to be delisted at a time, which
> means it is going to take a very long time to delist all of our ranges.
> 
> Also, that doesn't actually address the underlying issue. Obviously spam
> isn't being sent from all of those IPs, but there has to be some reason
> Microsoft is listing them all.
> 
> Is this something anybody here has experienced? Better yet, is there
> somebody from Microsoft who could have a quick look at this and give me
> some insight into the underlying issue? I've been attempting to contact
> Microsoft for a while now and only ever get canned responses (if at all).
> 
> Any tips or help would be greatly appreciated, thanks.
> 
> Kind regards
> 
> Bastiaan van den Berg
> 
> Hetzner Online GmbH
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Breathe....

[Suresh Ramasubramanian]

Could old disagreements that lasted since the nanae days please, please stay 
buried? Thanks 

--srs

> On 16-Sep-2016, at 7:16 PM, Al Iverson  wrote:
> 
> +1 to what Franck said.
> 
> --
> Al Iverson
> www.aliverson.com
> (312)725-0130
> 
> 
> On Thu, Sep 15, 2016 at 8:12 PM, Franck Martin via mailop
>  wrote:
>> I do not want to talk for the moderator/list owner but we have
>> representatives from all the different types of mail systems, small, big and
>> huge, that are engaged on this list.
>> 
>> Please be careful when you approach a problem you are facing, stick to the
>> facts, avoid adversarial language.
>> 
>> I think we want to keep everyone engaged. I know some issues are
>> frustrating...
>> 
>> Thanks
>> 
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamhaus and Spamcop Blacklisting

[Suresh Ramasubramanian]

Just removing the 25 spamtraps you identified?  Not a very useful way to go.

 

Read this.  https://www.spamhaus.org/faq/section/Marketing%20FAQs

 

Your customer will have to comply with them or similar best practices such as 
the M3AAWG Sender BCP if their email is going to get anywhere at all – even at 
ISPs that don’t use Spamhaus.

 

 

From: Rupesh Gohil <rupeshgo...@gmail.com>
Date: Tuesday, 13 September 2016 at 6:53 PM
To: Suresh Ramasubramanian <ops.li...@gmail.com>
Cc: <mailop@mailop.org>
Subject: Re: [mailop] Spamhaus and Spamcop Blacklisting

 

Yes email marketer having those IPs. Is it really hard to come out from Drop? - 
Email Marketer has 20 to 25 Spamtraps and these spamtraps has been removed now. 

 

Yes these is something we have in our mind to write them what actions we have 
taken to stop bad data and spamtraps.

 

Any suggestions or thoughts on this?

 

Many thanks,

 

 

On Tue, Sep 13, 2016 at 2:17 PM, Suresh Ramasubramanian <ops.li...@gmail.com> 
wrote:

They seem to host an email marketer that is causing detects on CSS, SBL and 
then Spamcop.   And god help us, also Spamhaus DROP.  Which is not the easiest 
list to get into.

 

What are you going to tell them, that the marketer is legitimate and 
advertising for legitimate companies?

 

Or that they follow best practices in email marketing / have implemented best 
practices?

 

 

From: Rupesh Gohil <rupeshgo...@gmail.com>
Date: Tuesday, 13 September 2016 at 6:34 PM
To: Suresh Ramasubramanian <ops.li...@gmail.com>
Cc: <mailop@mailop.org>
Subject: Re: [mailop] Spamhaus and Spamcop Blacklisting

 

Hi Suresh,

 

These are the IPs - 103.60.218.0/24- I am about to write detail explanation to 
them regarding issues and how we have dealt with them. 

 

Previously it was under CSS listing - As of now no CSS but still these IPs are 
in SBL.

 

Looking forward to hear from you.  

 

Many thanks,

Rupesh

 

On Tue, Sep 13, 2016 at 12:07 PM, Suresh Ramasubramanian <ops.li...@gmail.com> 
wrote:

Fixing whatever problem actually caused the listing first might be an 
interesting thing to do, before you open a ticket seeking a response.   And 
which IP is this?

 

From: mailop <mailop-boun...@mailop.org> on behalf of Rupesh Gohil 
<rupeshgo...@gmail.com>
Date: Tuesday, 13 September 2016 at 4:26 PM
To: <mailop@mailop.org>
Subject: [mailop] Spamhaus and Spamcop Blacklisting

 

What is the process of Spamhaus and Spamcop delisting?

 

I have gone thorough both website with my accounts and ticket also created for 
delisting, It's now more than 10 days now with no feedback. 

 

Is that any contact number to call Spamhaus and Spamcop team to explain whole 
situation?

 

Just wondering if they have dedicated numbers?



 

-- 

Rupesh Gohil



 

-- 

Rupesh Gohil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop