Re: [mailop] Musings on Mail Service Operators

2022-02-03 Thread Jaroslaw Rafa via mailop 
Dnia  3.02.2022 o godz. 11:59:42 Andrew C Aitchison via mailop pisze:
> 
> Having said that, my understanding is that deliverability is also an
> issue in Facebook. If some of my posts are not shown to some of my friends,
> without them telling Facebook that they did not want to see those messages,
> that is a deliverability fail, but since I don't get a failure message
> I wont know to complain about the system.

Indeed, this is a well known issue on Facebook and other social media
platforms. It even has got its own name: "shadow ban". If you are "shadow
banned", then you can post your messages, but others won't see that you
posted them, unless they specifically check your profile.

Some even say that "shadow ban" is not a bug, but a "hidden feature" of
Facebook etc. algorithms that is used more and more often. Many people
complain about Facebook cutting down visibility of their posts and
suggesting use of paid promotion options to increase it.

It is a very similar situation to what for example I experience with Gmail,
with my messages being constantly sent to Spam folder of Gmail recipients (I
don't experience this with any other receiving system, eg. Outlook or
Yahoo, only with Gmail), so the recipients don't see them unless I inform
them via other means that I have sent them a message (or they look into Spam
folder by themselves, which we all know people don't do). It is like I am
"shadow banned" on Google.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Musings on Mail Service Operators

2022-02-03 Thread G. Miliotis via mailop 


On 3/2/22 13:59, Andrew C Aitchison via mailop wrote:

To me any system that aims to replace email must be based on pushing
messages and have a distributed nature.
This means that deliverability issues are an inherent risk, in a way
that pulling messages from a central/unified service can avoid. 



Sounds like the fediverse. OStatus (diaspora) and ActivityPub (mastodon) 
being the relevant protocols.


Activitypub is a promising protocol built to do what you describe, 
albeit aimed at social networking. The problem with that is that they 
stumbled onto the difficulties email is facing, too: spamming, 
spoofing,  access control and tendency to centralize. They're now trying 
to get groups implemented but there is no formal protocol oversight so 
it's the wild wild west. The initial protocol design has some flaws that 
don't help, either.


Seems like there are unavoidable issues in the task itself, not the 
technology or governance used to implement the task.


IMHO if someone wanted to decentralize messaging the "email way" but be 
a more modern alternative, it would be via an improved ActivityPub-like  
protocol.


--GM

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Walled gardens

2022-02-03 Thread Mickey Chandler via mailop 
On Wed, Feb 2, 2022 at 5:50 PM yuv via mailop  wrote:

>
> > Not law, documentation. RFC5321 describes the state of SMTP, as of
> > 2008, sorta. How it was working best then, to the degree that the
> > editor and authors could reach consensus. The changes from 2821 to
> > 5321 are clarifications, consolidations, and updates reflecting the
> > evolution of implementations of SMTP in the interim.
>
> Documentation with consequences = law.
>

I think that's kind of the point. The only thing that you get for following
the RFCs is consistency and interoperability. When you step outside of
them, you lose consistency and MAY lose interoperability. If enough people
do so, then the RFC process allows for the process to begin anew with a new
consensus sought. This makes them far more akin to Newton "documenting
gravity" than "a ring of fire."

If you do not agree with how things currently interoperate, the goal needs
to be defining how particulars need to change rather than waving your hands
and saying "The walled garden of RFCs is more hell inside than outside."
This is something that you may assert, but you have neither laid a
foundation nor provided any actual evidence that "Where there is an
alternative, participants are leaving in droves". And, even if they are, so
what?

"The Internet" is built on a series of protocols, each defined by one or
more RFCs. "The Internet" is no more "email" than the World Wide Web (or
USENET or GOPHER for those of us with a shade more seasoning) are "the
Internet." Each protocol has a realm in which it is the best alternative of
the protocols available for selection. And that protocol's RFCs tell an
operator how they may use the protocol in a useful manner where cooperation
and interoperability are required for communication, whether at the Data
Link layer (where machines transmit data) or at the Application layer
(where you find email or web pages). That this is true neither elevates one
protocol above the others nor relegates one protocol to a lesser status.

So, leaving aside the philosophy, what is your endgame here? To get rid of
authentication? To promote the use of open relays (like we had in
mid-1990s)? The cessation of spam filtering?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Musings on Mail Service Operators

2022-02-03 Thread Atro Tossavainen via mailop 
> Email - as we know it - should have been dead years ago.  But instead we
> keep adding band-aid after band-aid after band-aid to the system.

It's not that people haven't tried. And not all of them have been
wholly unequipped to do so, either. You are of course aware of Professor
Dan J. Bernstein's Internet Mail 2000, for example.

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Musings on Mail Service Operators

2022-02-03 Thread Andrew C Aitchison via mailop 

On Wed, 2 Feb 2022, Scott Mutter via mailop wrote:


A lot of the issues stem from the way IT managers, and maybe technology
managers in general bathe in arrogance.  "There's no such thing as a good
idea, unless it is *my* idea."  It's easier to get blood out of a stone
than for someone in IT to admit that someone else's approach to something
has merit.

Email - as we know it - should have been dead years ago.  But instead we
keep adding band-aid after band-aid after band-aid to the system.

Why is it impossible to take a look at what Instant Messaging protocols,
SMTP, SMS do that make them successful and then blend those together into a
new "email-like" system?

I'm not going to pretend to know what the ultimate solution might be.  One
of the major issues with email is the address spoofing that goes on.  Maybe
a spoofed address doesn't authenticate with SPF or DKIM... but that only
works if EVERYONE else uses SPF and DKIM... that's the bandaid.  Instant
messaging and SMS can't as easily be spoofed, they may be fake but senders
have to register on the platform in some way (be it a Facebook account,
Twitter account, phone number, etc).  Would more need to be done to lock
this down?  Absolutely.  But it's at least A obstacle that potential
abusers have to overcome.  Email doesn't have that.


Similar to what Jaroslaw described in Poland, here in the UK caller ID
spoofing is a significant fraud problem, not sure whether this is SMS
or just voice.  There is talk of a technical fix but it will take a
few years to roll it out ...

---
To me any system that aims to replace email must be based on pushing
messages and have a distributed nature.
This means that deliverability issues are an inherent risk, in a way
that pulling messages from a central/unified service can avoid.

Having said that, my understanding is that deliverability is also an
issue in Facebook. If some of my posts are not shown to some of my friends,
without them telling Facebook that they did not want to see those messages,
that is a deliverability fail, but since I don't get a failure message
I wont know to complain about the system.

---

Maybe things like these don't need to be allowed?


Unlike you, I prefer mailing lists to fora/forums.
There may be features of email that can be dropped,
but which ones can we drop without reducing the take-up
and stopping the new system from reaching critical mass ?

---

I just think it's time we stop worrying about how we're going to carry
email over into the 2030s, 2040s, 2050s and on.  And instead start looking
at how we can create an email replacement from the ground up.  Too many
people invested in email, you say?  Email was around before SMS, before
Facebook, before whatever other communication medium kids are using these
days.
Yet those platforms don't seem to have an issue in getting people to
use them.  Why couldn't a properly reimagined email replacement do the same
thing?


SMS piggy-backed on the back of mobile voice.  The others are all
centralised services; I suspect that it is harder for a distributed
system to build market share, yet being distributed is one of email's
distinguishing features.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Musings on Mail Service Operators

2022-02-03 Thread Jaroslaw Rafa via mailop 
Dnia  2.02.2022 o godz. 21:31:04 Scott Mutter via mailop pisze:
> Instant
> messaging and SMS can't as easily be spoofed, they may be fake but senders
> have to register on the platform in some way

Here in Poland we are now right in the middle of a real-life "experiment"
that will probably show how telecoms, and people in general, will cope with
phone number spoofing.

Since months there is an ongoing activity of scammers who call random people
spoofing real bank phone numbers, trying to trick them into installing
remote access software on their devices that will the scammers give access
to their bank account.

There is also a massive wave of spoofed SMS posing as messages from delivery
companies, electricity providers etc. informing about some payment being due
and with a link leading to fake payment gateways set up to intercept bank
account credentials.

Just recently something new has appeared: someone calls politicians,
celebrities and other publicly known persons, using spoofed phone numbers of
public institutions or other politicians, celebrities etc., insulting them,
issuing death threats, or "informing" them (posing as eg. a policeman) that
someone of their family has died, etc.

We will see where this will lead to...
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone heard of this network? Looks like a spear phishing operation?

2022-02-03 Thread Gustavas Davidavičius via mailop 
Thanks a lot for bringing this up! The range appears to have been hijacked.
We have checked and it seems this subnet has been continued to be illegally 
used past service termination. We have taken all necessary actions to handle it 
and take the network down.

We will work on strengthening our controls and monitoring to avoid such 
situations in the future.
If you ever notice any abuse happening within our IP space, please don’t 
hesitate to drop an e-mail to abuse-t...@ipxo.com



--

Gustavas Davidavicius

Abuse Prevention Team Lead @IPXO

ipxo.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mail is the worst thing except for all of the others, was Musings on Mail Service Operators

2022-02-03 Thread John Levine via mailop 
It appears that Scott Mutter via mailop  said:
>Email - as we know it - should have been dead years ago.  But instead we
>keep adding band-aid after band-aid after band-aid to the system.
>
>Why is it impossible to take a look at what Instant Messaging protocols,
>SMTP, SMS do that make them successful and then blend those together into a
>new "email-like" system?

People have been making this exact argument for at least 30 years.  Mail is
awful, mail is obsolete, we should use something better.  Then we keep using
mail.

Internet e-mail combines an unusual set of characteristics:

* Anyone can write to anyone else without prearrangement

* Open spec with many implentations that interoperate

* No central control point (other than I suppose ICANN but they don't control 
much)

* Store-and-forward so sender and recipient don't have to be online at the same 
time

* You can send large or small messages

* You can send attached files of many kinds

I think that if you try and find a replacement for mail that can do all of the 
key
things that mail can do, you will end up with something a whole lot like what we
have now.

There are a bunch of what I call Well Known Bad Ideas.  For example, some 
people imagine
they can fix the spam problem by requiring an introduction before someone can 
send you
mail, but the introduction problem is if anything harder than the spam problem. 
 Or if
your system has only one implementation, or one place to switch messages 
(that's Signal)
some things become easier, but it doesn't scale, or you run into political 
problems when
the people who control the bottleneck have policies that some users don't like.

If you can come up with somethng better than mail, great, but I'm not holding 
my breath.

R's,
John




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Musings on Mail Service Operators

2022-02-03 Thread Mike via mailop 
On 2/2/2022 10:31 PM, Scott Mutter via mailop wrote:
> A lot of the issues stem from the way IT managers, and maybe technology
> managers in general bathe in arrogance.  "There's no such thing as a
> good idea, unless it is *my* idea."  It's easier to get blood out of a
> stone than for someone in IT to admit that someone else's approach to
> something has merit.
> 
> Email - as we know it - should have been dead years ago.  
> [snip]


But it's not dead.

Maybe there's a reason for that.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone heard of this network? Looks like a spear phishing operation?

2022-02-03 Thread Atro Tossavainen via mailop 
> RIPE says it's IPXO Limited, at a mail drop in suburban London, a phone
> number in Lithuania, and a tech contact at an address in Paris with
> no hint that he works there.  Sounds totally legit to me.

IPXO Ltd (London) is Heficed (Lithuania). According to their home page,
they are a "Fully Automated IP Address Lease & Monetization Marketplace".

Gustavas is here because I pinged their CEO Vincentas Grinius whom I
have met several times at M3AAWG, which means there's a chance John L
might have, too. Now we may think whatever we do about their business,
but at least the guys are here, owning up, and having a chat with us.

Cheers
-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, http://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone heard of this network? Looks like a spear phishing operation?

2022-02-03 Thread Michael Peddemors via mailop 

As someone else already pointed out..

Your 'rwhois' could use updating.

Currently it suggest ab...@heficed.com, but there is no abuse contact 
field in the standard fields.


'Within' your IP Space, could you be clearer on your IP space?

And the phone number is in Lithunia.  Transparency is key if you wish 
others to reach out to your abuse teams.


% Abuse contact for '141.11.29.0 - 141.11.29.255' is 'ab...@heficed.com'

inetnum:141.11.29.0 - 141.11.29.255
netname:IPXO_141_11_29
org:ORG-IL687-RIPE
country:EU
admin-c:SP13611-RIPE
tech-c: SP13611-RIPE
abuse-c:HA4233-RIPE
status: SUB-ALLOCATED PA
mnt-by: IPXO-MNT
mnt-by: technicolor
created:2021-07-08T12:16:19Z
last-modified:  2021-10-04T12:59:17Z
source: RIPE

organisation:   ORG-IL687-RIPE
org-name:   IPXO LIMITED
org-type:   LIR
address:Ground Floor, 4 Victoria Square, St Albans, Hertfordshire
address:AL1 3TF
address:Londom
address:UNITED KINGDOM
country:GB
phone:  +370 699 08833
admin-c:NOC834
tech-c: NOC834
abuse-c:IPXO834
mnt-ref:IPXO-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: IPXO-MNT
created:2021-04-28T09:11:24Z
last-modified:  2021-08-18T08:33:09Z
source: RIPE # Filtered

person: Sebastien Plasset
address:8-10 Rue du Renard
address:75004 Paris, France
phone:  +33 1 41 86 50 00
nic-hdl:SP13611-RIPE
mnt-by: Technicolor
created:2013-12-23T13:09:08Z
last-modified:  2020-09-30T14:25:50Z
source: RIPE


On 2022-02-03 8:17 a.m., Gustavas Davidavičius via mailop wrote:

Thanks a lot for bringing this up! The range appears to have been hijacked.
We have checked and it seems this subnet has been continued to be 
illegally used past service termination. We have taken all necessary 
actions to handle it and take the network down.


We will work on strengthening our controls and monitoring to avoid such 
situations in the future.
If you ever notice any abuse happening within our IP space, please don’t 
hesitate to drop an e-mail to abuse-t...@ipxo.com 



--

Gustavas Davidavicius

Abuse Prevention Team Lead @IPXO

ipxo.com


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Getting 'Access Denied' on Microsoft supportrequestform

2022-02-03 Thread Axel Rau via mailop 

Hi all,

My new mailinglist server is blocked by Microsoft (S3150).
I have a SNDS account and my IP range has status 'normal'.

Sumitting a support request here
https://support.microsoft.com/supportrequestform
results in:
- - -
Access Denied
You don't have permission to access 
"http://support.microsoft.com/supportrequestform/8ad563e3-288e-2a61-8122-...; 
on this server.

Reference #18.89a02417.1643930344
- - -

Please advise.
Thanks Axel
--
PGP-Key: CDE74120  ☀  computing @ chaos claudius


OpenPGP_signature
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop