Re: [mailop] help with running a listserv and DMARC

[Michael Peddemors]

On 15-02-12 10:15 AM, Steve Atkins wrote:

AOL and Yahoo have published policies that they do not allow anyone to use 
email addresses at their domains from anywhere but their mailservers. If you're 
sending mail with aol.com or yahoo.com email addresses in the From: field 
you'll see errors just like the ones you're seeing.

The misuse of DMARC by those two ISPs means that you cannot run a functional 
discussion mailing list if you have any subscribers at any of those domains.


Not just them, but many ISP's adopt that policy as well now.. If SMTP 
AUTH is not used, or the relay client is not set..


MAIL FROM: j...@localdomain.com

553 Please check your email settings for SMTP Authentication or contact 
your ISP for assistance (#5.7.1


And this is rightfully so, if AOL is responsible for the email, no-one 
else should be acting as the MTA for that domain.


That is what 'reply-to' is for..


--
Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] help with running a listserv and DMARC

[Michael Peddemors]

On 15-02-13 02:08 PM, Franck Martin wrote:

DMARC is just the shiny top of the iceberg, that gets people motivated to do 
something.

then you learn more, and then it is just a ploy to add more domain 
authentication to emails (SPF/DKIM/TLS), because there is a benefit to do so 
(get the DMARC reports) and it helps find infrastructure that could behave 
better with DKIM with people motivated to make a change.

then, with this momentum, you shift from IP reputation to domain reputation, 
and check that the domains in envelope from, from header, reply-to, sender,… 
are legit, exists, accept emails and are not on some form of blocklists…

and then also you start to accept less and less malformed emails, because 
Postel did not say to accept anything, but to be lenient when it is not clear 
what you should accept.



And it just keeps adding burdens, and network traffic..
And then spam and phishing get confused, and 'best approach' starts 
tripping over each other..And no one can do it properly..


To be truthful? (sheepish grin) So far, all we use DMARC/DKIM for is as 
part of our spam detector filters.. to identify known patterns that are 
associated with certain spammers .. Eg, always signs with DKIM.. Likes 
using V1.. Never uses DMARC


IP Reputation is still the most powerful tool, with the lowest 
footprint.. The onus should be passed on to the sender.. not the 
receiver.. Sending servers should make sure nothing goes out their MTA 
unless the domain is something they are responsible for..


Mailing Lists should send out using the domain of the sender who 
instigated the mailing, not the mailing list operator..


(I see even banks using 3rd parties to send email out, from a domain 
totally unrelated.. @3rdpartybulkmailer.com is bound to have problems, 
when both good guys and bad guys use the same service)


And I get 'hey, is this really from this company I do business with?' 
all the time...


And then SPF is probably the next lightest.. Any domain that is really 
worried about someone forging their domain should have an SPF record of 
course, and not those sloppy ones that say 'maybe' our mail doesn't come 
from somewhere else..


99% of our spam protection happens directly in the edge SMTP layer, and 
all the other fancy 'anti-phishing' will get relegated to filtering...


For us, we would rather see the companies that are pushing so hard for 
DMARC/DKIM do a little better job on what's leaving their mail servers :)


Still a little hard to put the big guys on reputation lists.. ;)

And of course, the hosting companies are soon going to have to start 
thinking about this, while renting to spammers might be a nice way to 
justify more IP space, or make them a little fast money, soon it won't 
matter how they sign emails.


It is amazing how much damage a single /29 can do in just a few hours, 
across the whole internet.. renting by hour, and allowing them to 
consume as much bandwidth as needed, isn't going to get you any friends 
in the spam protection space..


Enough, now I am just ranting..

PS..

Yeah, your subscribers are probably marking it as spam ;)

(Always surprises me the times someone tries to report an uncaught spam 
accidentally.. for emails they want... or did subscribe to)






--
Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] SpamCop contact.. Please contact me off list.. trying to help out one of our ISP customers

[Michael Peddemors]

They apparently have had trouble with de-listing for a couple of weeks..

Could you contact me off list please?

 
--

Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Anyone dealing with mail originating from protection.outlook.com

[Michael Peddemors]

Noticed interesting errors when it is trying to initiate STARTTLS..

Can someone catch me off line to discuss why we see incomplete sessions 
originating from there?



 
--

Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us athttp://www.linuxmagic.com  @linuxmagic

A Wizard IT Company - For More Infohttp://www.wizard.ca  
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.


604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Can someone from Barracuda reach out to me off line..

[Michael Peddemors]

Seems Barracuda has started to do a lot of queries against some of our 
reputation (RBL) servers..
Thanks for the complement, but it is also doing it in a manner that is 
unusual..


 
--

Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Outlook.com DNS/HELO mismatch / Am I wrong?

[Michael Peddemors]

On 15-07-01 09:12 AM, Alarig Le Lay wrote:

Hi,

According tohttps://tools.ietf.org/html/rfc5321#section-2.3.5  it’s said
that the EHLO must be resolvable and resolve to the A or the  of the
MX but it’s not necessary to be the PTR of the MX.
(It’s what I understand, I could be wrong)


In principal, this sounds fine, but there are many reasons for company's 
to have EHLO using internal addressing schemes, which may not be 
publicly resolvable, and in practice limiting connections based on that 
criteria affects too many legitimate email servers to make it a 'policy' 
rejection IMHO.


We do require that it is a properly formed 'FQDN', and not just a host 
name, (and not localhost.localdomain ;) but to actually require 
resolvable EHLO is still problematic, and should only be used as a 
'scoring' factor, but not an absolute policy.


Often admin's would like to identify 'nodes' in a cluster, if there is a 
problem, and often this is represented in the EHLO (eg 
intident-1-3.ourpublicdomain.com), rather than 
'mail.ourpublicdomain.com' for all nodes.  (rDNS of course is easier to 
have it match the A of the MX, but again in practice many use different 
naming conventions for egress vs ingress, eg mail.ourdomain.com vs 
mx.ourdomain.com)


Differing EHLO/HELO makes debugging and support easier, and we can 
understand the motivation, even though not specifically correct per RFC, 
of sysadmin's to do so, since the EHLO is presented on all connections, 
while additional headers may not be available at the receiving end to 
clearly identify which 'internal node' generated the email. And often 
EHLO is tied into internal naming conventions (eg hostname of the 
server) (and desired by the sysadmin) by default in most MTA 
implementations, unless specific overridden.


There are a couple of places where following the RFC's to the letter 
simply won't work in the real world (as receivers), but we should be 
trying where ever possible as 'senders'.


But in the end, you have to understand when a receiver chooses to not 
accept NON-RFC compliant communications.


And of course, spammers very often have access to be able to present 
their own 'EHLO', but may not have access to rDNS, so many spam 
protection systems will highly weight senders where the EHLO/HELO 
appears to be 'strange'.


IMHO, if the domain portion of the rDNS matches the EHLO domain portion, 
and they are both FQDN's, the 'host' portion of the EHLO is less important.





--
Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

[Michael Peddemors]

On 15-08-02 03:46 PM, John Levine wrote:



require credentials if you're submitting email to local users, but will
require it for relay...


Maybe I'm misreading something, but doesn't that turn it into a MTA port
instead of an MSA port? That would seem to totally defeat the purpose of
using a MSA port at all, no?


Not necessarily.  It's fairly common to allow submission without AUTH
when the mail's coming from a host on the local network.

The main difference between MSA and MTA is whether it cleans up the
message headers and does non-local forwards.  AUTH is just a means to
keep random strangers from using you to relay.

R's,
John


Ouch! Someone needs a refresher :) You should only be allowing relay 
nowadays, if for some reason you have an older device or software on a 
trusted static IP that can't do AUTH..


And usually in that case, it will usually have to be on the older Port 
25 submission.


Port 587 should ALWAYS be using AUTH, full email address, with TLS 
enabled.. Then you have a MUA-MTA connection (submission)


Otherwise you have a big hole that the IoT (Internet of Things) can 
exploit.. remember the fridge that sent out the 75k messages? Allowed to 
relay ;)


And to throw in my two bits, all recent IOS devices seem to behave 
reasonably in that regard, unless there was a previous account setting 
that preferred SSL to TLS (usually then it still doesn't use port 587, 
unless that is the only option) or is someone played with advanced 
settings, or there is a auto discovery mechanism that is set up for that 
server, that isn't configured right.


They may be a little pickier on the certs used in TLS being set up 
correctly, and they aren't always great at choosing the right Trash/Sent 
folders in IMAP, any sometimes try to use the wrong outgoing SMTP 
server, when multiple's are set up..


But it would be interesting to find others take on it.

But it is a good talking op to remind all the email operators out there, 
turn OFF and get rid of open email relaying, will make life a lot better 
for everyone, because let's face it.. your network isn't 'trusted' any 
more.


Oh, when you are done.. lock down port 25 from your dynamic space, not 
only to your own servers, but to the internet as well (egress filtering 
people, you know how much of everyone's bandwidth and resources that 
will cure?)


Have a great long weekend.





--
Catch the Magic of Linux...

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[Michael Peddemors]

That might not be the smartest tactic.. :)

* Do you want to be on their radar? They have deep pockets..

* Email operators and end users have protected rights, they can choose 
to accept/deny based on almost any principle  (eg, We don't accept 
emails from people who's name starts with the letter 'M' on Mondays )


* You have a better chance going after them for their outgoing spam :)
(Have to admit, has been improving a bit lately)

Delayed delivery times can be caused by many things, other than just 
operator/recipient saying no.. And because it does go through later, 
this could be anything from transient network, DNS, infrastructure 
problems..  Or it could simply be a form of rate limiting.


I would suggest you find out more information first, and of course this 
list is a good place to start that conversation.


However, no reports of issues currently at any of the ISP's or Telco's 
we monitor at this time.





On 15-09-03 09:41 AM, Marc Perkel wrote:

I'm thinking about writing Microsoft's legal department a letter
threatening a lawsuit with the hope that their lawyers will get the
attention of their tech staff and do something about this. Very very
frustrating.


On 09/03/15 08:05, Jim Popovitch wrote:

On Thu, Sep 3, 2015 at 10:49 AM, Marc Perkel
<supp...@junkemailfilter.com> wrote:

Hi Brian,

I'm having problem with Microsoft too. It's just plain weird.
Sometimes it
takes 6 hours to deliver an email. And I can't quite understand what is
happening.

I'm in the front end spam filtering business. Email comes to me - I
clean it
- and then forward it on to the recipient's server. That includes many
domains hosted at outlook.com. I'm having this problem with all domains
hosted there and only there.

Who else is seeing this?

I'm seeing it for confirmed-opt-in list subscribers using
hotmail/live/outlook addrs.

And the beauty is I'm getting mailbombed by MS about 1918 addrs:

 From: st...@hotmail.com
 To: postmas...@domainmail.org
 Subject:  complaint about message from 10.162.145.146

-Jim P.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop








--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Gmail and PDF attachments.. Changes in policy?

[Michael Peddemors]

Just had a few reports that Gmail is blocking messages with PDF 
attachments..



74.125.28.26 failed after I sent the message.
Remote host said: 552-5.7.0 This message was blocked because its content
presents a potential
552-5.7.0 security issue. Please visit
552-5.7.0  https://support.google.com/mail/answer/6590 to review our message
552 5.7.0 content and attachment content guidelines. 100si10432244iog.166 -
gsmtp


However, PDF files aren't listed as one of the attachment types they block.

Has there been a change lately?

Content-Type: application/pdf;
name="20150912 accepted offer.pdf"



 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Michael Peddemors]

On 15-09-14 12:16 PM, Michael Wise wrote:

If you see this ...

X-Forefront-Antispam-Report: SFV:SPM
(Specifically, the "SFV:SPM")

That means we thought it was spam, but due to the pipelined nature of our 
service, rather than drop it on the floor as some do, we were compelled to 
deliver it. The traffic came in via a TLS connection from Bharti Airtel Ltd. In 
India. The account has probably already been killed.

Aloha,
Michael.



This of course doesn't address the original question of why allowing 
delivery of messages without the MAIL FROM: that aren't really bounces.. 
(Time to stop pipelining ;)


Thanks for the tip.. But it isn't helping anyone if you keep sending 
obvious spam out of your networks..


You aren't REALLY compelled to deliver it..

Hard to believe that the infrastructure can't reject known spam..


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Reputable place to host my SMTP?

[Michael Peddemors]

On 16-06-07 01:09 PM, Robert Guthrie wrote:

Can someone recommend a VPS host that would have IP addresses that have
a good reputation with Google systems?


Many good ones, and many bad ones...

Main thing is to work with a provider that has a tight sign-up policy, 
some of the ones that allow anyone to auto sign-up for a couple bucks a 
month are bound to get burned by fly by nighters, and have a poor 
reputation.


Ask if they provide 'rwhois' (or SWIP if you get enough IP(s)), so that 
your IP address is clearly labelled as being operated by yourself, that 
is helpful, so if someone in the neighbouring IP(s) is spamming, you 
don't get their reputation.


Personal opinion? The VPS providers charging the higher rates have 
better reputations :)  They can afford to invest in keeping their 
reputation cleaner.


And use one that is demographically suited, choosing a VPS provider in 
another part of the world, is not always the best choice.


And use something like MXToolbox or HetrixTools to check the company out 
before you sign-up.


Spot checking IP(s) across their ranges might give you an idea of how 
likely you will be treated as suspect..


And lastly, monitor outbound activity yourself.. don't wait for 
complaints, the world has largely given up trying to 'report' email to 
abuse channels, while feedback loops are a valuable tool, it is harder 
to clear your reputation than to keep it clean in the first place.


Be honest with yourself, if you can't monitor the outbound activity 
yourself, then maybe you have to pay the extra money to go with a 
provider that will, but make sure it is one that gives you dedicated 
IP(s), clear PTR records and sending practices, and not part of a 
'shared' service.







--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks

[Michael Peddemors]

On 16-06-09 11:26 AM, Franck Martin via mailop wrote:

As people pointed out, an SPF record is easy to set and fast to solve
the issue, DKIM can come later...


Hehehe... 'easy' is a relative word, amazing how many poor SPF records 
are out there, and sometimes it is hard enough to get email operators to 
even have proper PTR records..





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Excluding Message-ID from DKIM Signature

[Michael Peddemors]

On 16-05-27 09:19 AM, Rich Kulawiec wrote:

It's also a bad idea operationally, as it will break things like
loop detection, it will complicate problem diagnosis, and it will
break anti-spam/anti-abuse mechanisms that rely on Message-ID.

---rsk


+1


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] signup form abuse

[Michael Peddemors]

Have been watching this thread for a bit, and do have an opinion.

First of all, I see a lot of talk about 'COI' (Confirmed Opt-In), rather 
than the term 'CDOI' (Confirmed Double Opt-in) and the reason I point it 
out, is that there is a lot of loose definitions of both 'opt-in' and 
'confirmed'.


While it might be more 'attractive' to offer a simple 'click to 
confirm', why are you not using the more standard 'Please Reply To' this 
message if you want to receive these messages?


This would solve the problem being discussed, and ensure that the 
recipient truly wants your message.




On 16-05-26 08:06 AM, Alberto Miscia via mailop wrote:

This opens up for an interesting discussion.
We experienced the very same issue in the past for few customers and
enabling a captcha was the only viable option.
The "bots" (don't really know actually) managed to complete a COI
process with several free accounts.

Ip ranges were different some on CBL some not but blocking a listed IP
in a COI process can be dangerous.
For the very same reason I'd rule out e-hawk and alike.
The vast majority of the addresses were listed on cleantalk.org

The hidden link in the confirmation email (an HTML comment would work
better than a "white-on-white tiny font" from a
deliverabilityperspective) in may opinion is the way to go.
Even if it can be very tricky to implement, we are seriously
considering it to prevent bot clicks across the board.

HTH

Alberto Miscia | MailUp | Head of Deliverability & Compliance


2016-05-26 15:05 GMT+02:00 Vick Khera <vi...@khera.org>:


On Wed, May 25, 2016 at 6:04 PM, Al Iverson <aiver...@spamresource.com>
wrote:


I've heard John Levine propose the "hidden link to catch scanning
robots" solution but I've never heard of an email system implementing



I'm running through my head how that would work, and makes for some very
complicated state transition diagrams to go from "signup requested" to
"confirmed". What if they scan in parallel and the timing works out they
poked them in the opposite order, etc. I see a few new states and many
transitions, and some timeout based events. Not pretty.



it. Similarly, senders have often suggested that spamtrap systems
shouldn't follow links. (Security systems, sure, but don't do that
with spamtrap addresses.) And today I heard it suggested that it would
be wiser to have COI have a second click (probably an HTTP POST-based



What if the confirmation email button itself was a POST form rather than
just a GET to a page? Are scanning systems following POSTs too?




button) on the landing web page, to prevent security systems from
erroneously completing COI confirm steps. All good stuff, but it



I don't think you're going to get much buy-in for requiring so many clicks
to get activated. I know we already lose customer just for requiring COI.
Making the COI be more work for the subscriber will just make people go
elsewhere faster.



doesn't sound as though any of it has been widely broadcasted as a
best practice or requirement.





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
----
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] signup form abuse

[Michael Peddemors]

On 16-05-27 10:08 AM, Michael Wise wrote:


The problem with the, "Please Reply" method is that it can lead to mailbombing 
the target.
We've seen it happen.


Of course, someone could use a forged address when sending the 
'confirmation' email, but how they would get mail bombed I am unsure of.


No-one will reply that they want the email, for a list they didn't 
subscribe to.  And the sending system would normally limit the amount of 
subscription requests to an individual address.



But I agree with you completely on the, "loose definition" issue, and have a 
rather nasty story about that.
Always get the person who asserts their doing it to tell you exactly what that 
term means to them.

" I checked with my manager, and we looked it up, that address DOES Exist!


And we hear a lot of them too :)

Putting your business card in a bowl to win a prize is definitely not 
giving permission to get on a mailing list ;)


But true confirmed double opt-in lists very seldom get complaints, and 
provides a higher ROI..


http://www.isipp.com/documents/The-Case-for-COI.pdf

My personal pet peeve (and yes I mean you ticket master) is when you 
expressly do everything you can (uncheck the box) to declare you don't 
want any marketing, but still get it..


Some ESP's do make a good effort to encourage it, but many still allow 
new customers to bring over their old 'confirmed' lists as an import, 
instead of forcing a new confirmation, which of course is ripe for 
abuse.  The concern is that they will have a large drop in subscribers, 
as people don't re-confirm.. but probably they miss the point, those 
aren't the people you want on your list, as they aren't engaged enough 
to re-confirm.


Most of the world's largest mailing lists, which operate as confirmed 
double opt-in, never get on the complaint radar..


I personally think that ESP's should make an effort to carefully 
separate their confirmed double opt-in mailings, from single opt-in 
mailers..


But, still there is a lot of commercial motivators to maximize delivery 
rates, (including mixing good and bad mailers together, obfuscating the 
sender information etc).. But in the end, whether it is adblocking, 
reputation lists, or even legislative powers, at some point those 
techniques may backfire.. IMHO








--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] MailChimp Contact on list? Might be interested in this.

[Michael Peddemors]

Looks like someone is using a similar name to spam?

Return-Path: <i...@mailchimps.eu>
Received: from mailchimps.eu (HELO mailchimps.eu) (62.76.179.14)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1; d=mailchimps.eu;
 h=Message-ID:Reply-To:From:To:Subject:Date:MIME-Version:Content-Type; 
i=i...@mailchimps.eu;
 bh=UBevDirqSzEW/kh+DxJ+jxZRA5Y=;
 b=Nl5UQ0emRvXHHHqa+JhtcLB4KTXoqk2pxgqjvpGrXRrmJTNfnqjF1pPFvEUXq17ppiKupZ0o5p6Z
   WwtwSpBAwZNgZBzWmerzCM7VokfABeYAwYEPWwfCL0DGQpClxmej3AuCACT4DvJKsy2NyV96s0nu
   ol0AvEDX0LzxJDT0siI=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1; d=mailchimps.eu;
 b=X1rFby4bHuZ5QvjcmtymjK2Hue6gfPpmK117tG9lDEWJy0ttXJ0sDgCeXzu42mn947RNoYBbgRGb
   cNBd+vcUUMzb9HjVTTHWFmdc+E3bkR/iTXk/FKMPqyI8D9/PwpToop4TsYppxnn/xF5zITmbS7+p
   Btq+uLxG/LFQKd3QwB0=;
Message-ID: <42b8f473b6624f0cd0d59c2266f1b...@mailchimps.eu>
Reply-To: "i...@mailchimps.eu" <i...@mailchimps.eu>
From: "i...@mailchimps.eu" <i...@mailchimps.eu>
Subject: Discounts on Adobe up to 80%! Buy NOW!

inetnum:62.76.176.0 - 62.76.191.255
netname:Clodo-Cloud
descr:  IT House, Ltd
org:ORG-IHL2-RIPE
country:RU

 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Failure reporting false positives to ClamAV

[Michael Peddemors]

That rule has triggered more and more false positives of late BTW..

If you would like to disable this check in the future, you can do so by
editing /etc/clamav/clamd.conf and setting the following value to false:

PhishingScanURLs

Once done, you will need to restart clamav:

/etc/init.d/clamav-daemon restart


On 16-02-09 11:58 PM, Ted Cooper wrote:

I recently attempted to report a false positive via their web interface.
I think it's safe to say, they didn't get my report so I thought I'd
include it here and hope they might be reading, along what appears to
have gone wrong. Regrettably, there doesn't seem to be a channel to
report a false positive false positive.
http://www.clamav.net/reports/fp

The domain reported were Paypal related, and used in ESP newsletters
sent to Australian users. They are picked up as
"Heuristics.Phishing.Email.SpoofedDomain" any time they go through - I
can't whitelist as the system rejecting is not local.
   e [dot] paypal [dot] com
   paypal-exchanges [dot] com

Details on their website of these domains is here:
https://www.paypal.com/au/webapps/mpp/email-whitelist

The report was submitted last night, but the failure became apparent
this morning when I received a series of bounce messages from Cisco
relays indicating that my message couldn't be delivered. I'll exclude
further details as it appears to have been a rather large boo boo they
wouldn't want repeated.

Suffice to say, I will not be able to report these domains via the
interface until the system is fixed internally.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DKIM signing domain selection (RFC 5863 section 2.3) question

[Michael Peddemors]

It is a lot simpler to simply use a different originating IP Address, 
based on whether it is marketing vs transactional, I don't believe 
anyone should mix those two...


On 16-02-10 09:45 AM, Doug Brenner wrote:

RFC 5863 section 2.3, "Choosing the Signing Domain Name", discusses
using multiple domains to separate different email streams, e.g.,
marketing vs. transactional.

I'm curious about experiences of doing this when the RFC5822.From
and/or RFC5821.From domain(s) are the parent.

For example, say I send email with header,

   From: m...@example.com

and DKIM sign with d=bulk.example.com.

I know the DKIM RFC says the "signing identity specified by the DKIM
signature is not required to match an address in any particular header
field", however, it's really up the recipients in the end.

Is anyone doing this to separate email streams and create different
DKIM domain reputations?

What "real-world" impact does it have when the header domain and DKIM
domain don't match? (In particular, when the header domain is the
parent as above.)

Is it worth the effort to setup this type of environment instead of
just putting everything under the example.com domain?

I'm sure some sites are dealing with this by changing the From address
to use a matching DKIM domain, but when you're dealing with a
university where everyone wants to use the parent, sub-domains are
likely to happen.

If you can point me to resources or a better discussion list, that's
fine too. Thanks.
--
Doug Brenner, UNIX System Administrator
Information Technology Services, The University of Iowa
+1 319 467 1625 / doug-bren...@uiowa.edu / doug.bren...@gmail.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [ietf-smtp] Mail forwarding to Gmail problem/question

[Michael Peddemors]

On 16-02-03 02:45 PM, John Levine wrote:

Right now, there is no great solution.  One I recommended before was to
block relayed spam, and then have the user's set up pop fetching.  So, the
cleanest mail should arrive quickly, and everything else will be fetched
more slowly.


That's what my users do.  After telling me what a horrible idea it was, they
now like it just fine.

I believe one of your competitors has a hack in which mail with a
header like the one Spamassassin adds is generally delivered to the
spam folder and doesn't count (much) against one's reputation.  That
is certainly subject to gaming, but in my experience getting my
filters and Google's to agree what's spammy, if only to defer to POP
fetch, is pretty hard.

R's,
John


And again, why should we push spam any farther.  You should explain to 
your customers that you don't allow spam to be forwarded any farther, 
and either 'reject it' (not bounce it) before accepting, or create a 
mechanism to 'hold' things you think are spam on your server.


Don't expect Gmail (or anyone else) to accept spammy messages, simply 
because the sender says they want the spam to go to them.





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Email issue with Synacor?

[Michael Peddemors]

On 16-03-16 10:23 AM, Frank Bulk wrote:

We have a few emails stacking up to CableOne (who appears to use Synacor)
customers with "421 4.3.4 allocated resources exceeded".

Anyone else seeing the same?

Frank



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



Frank's email showed up in the spam folder, and was curious why?

This message had headers that showed either his email server, (but maybe 
the nosignal.org server) added lots of spam headers..


X-SPAM-FLAG: Yes

X-SpamDetect: : 8.0 sd=8.0  0.87((!X-Verify-Helo:+OK),
 (X-myrbl:unknown)) [nnot=0, ng=0, nsum=0, nb=0, nw=0, 4.82]
X-Aspam: Words 0.0 -coupon -spent -citizen -subsequently -returned -livery
 -browser -e-mails -purchased


Might be what the other systems are seeing as well?




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo Mail Servers having new issues?

[Michael Peddemors]

On 16-03-28 02:47 PM, Chris Vervais wrote:



On Mar 28, 2016, at 14:32, Michael Peddemors <mich...@linuxmagic.com> wrote:

Noticed that we are seeing cases of Yahoo servers dropping connections with no 
error messages..

 From several locations, not just one..

Anyone know or notice any issues on their end?


I’m not seeing anything amiss with what I’m responsible for having issues 
sending into Yahoo. Our delivery percentage over the last 4 hours is where it 
normally is. When did you start seeing this?

Chris
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



One of our ISP's started reporting this this morning.. just a connection 
dropped after it sent the response the the EHLO..


Tried it from a few other IP(s) manually to the same IP(s), and got the 
same result.


eg..

telnet 98.138.112.33 25
Trying 98.138.112.33...
Connected to 98.138.112.33.
Escape character is '^]'.
220 mta1104.mail.ne1.yahoo.com ESMTP ready
EHLO test.wizard.ca
250-mta1104.mail.ne1.yahoo.com
250-PIPELINING
250-SIZE 41943040
250-8BITMIME
250 STARTTLS
Connection closed by foreign host.

Closed connection within about 5 seconds..



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] looking for a good reference on best practices

[Michael Peddemors]

I can take this off list if you want, and maybe even have a chat with 
you on the phone, as this is a topic I regularly speak on.


(Be warned, I might pitch you a little on our MagicMail platform, if it 
is right for your needs, judging by all your pieces, a product that does 
it all might be a better choice)


But I can be honest about all the players in the space, your needs, and 
what you should consider for your environment.


Just that the list might not be the place for a long winded discussion.

-- Michael --

On 16-03-28 05:35 PM, Miles Fidelman wrote:

Hi Folks,

I'm getting ready to rebuild a rather old mail system.

We support a mix of activities - both commercial and otherwise -
probably the best characterization of our IT operations is that of an
academic department (local users, remote users, basic email, a list
server with a few dozen lists, web server, ...).

The current configuration is fairly vanilla - but pieced together over
time, lots of local knowledge applied, etc.:
- linux (Debian, but might move to a BSD)
- postfix
- amavisd-new, clamAV, spamassassin
- sympa list manager
- procmail for local delivery
- uw imap daemons

It's all getting a little long in the tooth - particularly our antispam
setup - so I've been planning on rebuilding from scratch, and maybe in
the process replacing/augmenting some of the components:
- GUI based admin tools (particularly for filtering rules)
- SIEVE
- a webmail server
- maybe dbmail
- maybe replacing the imap/pop daemons

All my reference books, notes, web links to tutorials, etc. are 5-10
years old.  I'm wondering if anybody can point me to a good CURRENT
reference that summarizes/compares the latest and greatest software,
provides some best practices, etc.

Thanks very much,

Miles Fidelman





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo DMARC changes - Proxying SMTP auth for freemail users

[Michael Peddemors]

On 16-03-24 10:16 AM, Michael Wise wrote:

A question ...

Outside of the spam case, how typical is it for someone to send from one 
Freemail provider with a Reply-To: pointing to *ANOTHER* Freemail provider?

Just wondering.

Aloha,
Michael.



A lot in the spam box :)  It is actually one of our filtering rules to 
watch for this, (fairly low score by itself)..


And even worse, even in the Return-Path.

This is why I chuckle a little at Yahoo's new policy..

(redacted headers from a real spam)

Return-Path: <bensonsere...@gmail.com>
Received: from ns502-vm11.bullet.mail.kks.yahoo.co.jp (HELO 
ns502-vm11.bullet.mail.kks.yahoo.co.jp) (183.79.57.66)

From: Serena Benson <bensonsere...@gmail.com>
Reply-To: Serena Benson <bserena2...@yahoo.ca>

It would be helpful if Yahoo simply prevented anyone from sending out 
their email servers with a @gmail.com return path.




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Google DNS Servers not returning results for Hotmail today?

[Michael Peddemors]

Had several reports of DNS oddities from the Google DNS servers, from 
customers/clients who use them as the default.


Are they in the middle of a move/change?


 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

[Michael Peddemors]

michael@mistress:~$ host 65.55.90.110
110.90.55.65.in-addr.arpa domain name pointer snt004-omc2s35.hotmail.com.
michael@mistress:~$ host 65.55.90.110 8.8.8.8
Using domain server:
Name: 8.8.8.8
Address: 8.8.8.8#53
Aliases:

Host 110.90.55.65.in-addr.arpa not found: 2(SERVFAIL)


On 16-03-07 02:14 PM, Michael Wise wrote:

Hotmail doesn't publish any DNSSEC records.

Neither does Microsoft.com, etc

As for the rDNS, this is from my home server:

$ host 65.55.169.87

87.169.55.65.in-addr.arpa domain name pointer
mail-bl2on0087.outbound.protection.outlook.com.

Aloha,

Michael.

--

Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
Been Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce
Sent: Monday, March 7, 2016 1:56 PM
To: Michael Peddemors <mich...@linuxmagic.com>; mailop <mailop@mailop.org>
Subject: Re: [mailop] Google DNS Servers not returning results for
Hotmail today?

We are seeing similar issues on Office 365 mail.

We are getting SERVFAIL on reverse DNS lookups, both using our resolvers
as well as testing against Google.

It looks DNSSEC related:

https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d
PTR: bad cache hit
(https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=zLpvVVaYnzIbpAu%2fJHl6qPl0e%2fGhRiOBqfY9J1waEoY%3d)

With checks disabled the query works:

dig -x 65.55.169.63 +cd

This looks like something is not right:

https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdnsviz.net%2fd%2f55.65.in-addr.arpa%2fdnssec%2f=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=d3aCKTnyI0a1w6CjpyIfs2S1o49kxgBa1cULgt5ViAM%3d

-Tony

-Original Message-

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael
Peddemors

Sent: Monday, March 7, 2016 4:29 PM

To: mailop <mailop@mailop.org <mailto:mailop@mailop.org>>

Subject: [mailop] Google DNS Servers not returning results for Hotmail
today?

Had several reports of DNS oddities from the Google DNS servers, from

customers/clients who use them as the default.

Are they in the middle of a move/change?

___

mailop mailing list

mailop@mailop.org <mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=TOT%2fu4LSpF0EsgiWOCr5HQAWkkjjWVjhnaTglzYtMTA%3d



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Latest TLD issues..

[Michael Peddemors]

On 16-04-25 01:06 PM, Michelle Sullivan wrote:

Probably not so much a MailOp thing.. but for general info...

Seems the latest TLD to be abused to hell and back is now .science ...

...and no surprises why... http://register.science has:

"Be a .SCIENCE pioneer and be one of the first to register your .SCIENCE
web address for only $0.89"

.. :/



Been seeing that one for months now.. Some hosting providers are worse 
than others for allowing these types of 'customers', and/or not 
monitoring or not caring..


Today's outbreak was from ..

eg.. coks8uue.newfashiongallery.science

NetRange:   209.236.112.0 - 209.236.127.255
CIDR:   209.236.112.0/20
NetName:DFW-DATACENTER

Correct?

Same operator modus operandi..

#104.168.107.4   3   tqqzhod.conceaih.science
#104.168.107.5  21   71peg.conten.science
#104.168.107.7  20   bhq6igf.aguer.science
#104.168.107.9   1   djq70fes.unsui.science
#104.168.107.11  1   91r87i.fansire.science

#162.252.38.10:   wv6zgz.coulenage.science
#162.252.38.11:   yiq7r3tm.comprovid.science
#162.252.38.12:   cpayj6.saikale.science
#162.252.38.13:   ebt5r0.retlance.science
#162.252.38.14:   66oa560w4.purchai.science
#162.252.38.15:   najq57yg.unfortan.science
#162.252.38.16:   9ffdstomy.culances.science
#162.252.38.17:   wrl2fv7.reproted.science

#185.74.67.2  :   mdb2p35av.equic.science
#185.74.67.3  :   kpwv0r4.eyeho.science

#185.107.25.5 5   8m7t29h.nobadise.science
#185.107.25.7 1   e41eoh.graciful.science

#198.52.177.130   :   iyvwz9s2.daymoneymap.science
#198.52.177.131   :   texhhc.repairswarrantyplan.science
#198.52.177.132   :   3fbj931.annuityretirement.science
#198.52.177.133   :   07hcmb35.paintexterior.science
#198.52.177.134   :   y107ta.accessinfoeconomy.science
#198.52.177.135   :   mpb58n.seedgrass.science

#208.51.115.4 :   ee3uv.congoing.science
#208.51.115.50:   sl1qpe.keatoning.science
#208.51.115.51:   xnkv3b2.smallnach.science
#208.51.115.53:   dhmcaxmj.manization.science
#208.51.115.54:   8khxyzum.exercial.science

#216.2.66.12  :   3601nzaav.7hp.science
#216.2.66.13  :   pbarc.9es.science
#216.2.66.14  :   bxkoei1.9t6.science

#216.169.105.198  :   xzbqldb.arroup.science
#216.169.105.200  :   sx6kn.breact.science
#216.169.105.202  :   o3eod5a.elepsu.science
#216.169.105.203  :   glwq82yo.femace.science

But again, it isn't the registrar that should be blamed, unless of 
course the domains are being registered with stolen or forged 
information and credit cards..


It is the companies that let them set up shop that should be complicit..





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Bounces from outbound.protection.outlook.com

[Michael Peddemors]

This has been going on for some time now, there was discussion on this 
list regarding the topic, we ended up putting a policy in our platforms 
just to deal with this issue. "Reject messages from senders forging 
bounce messages".




On 16-04-29 06:25 AM, Benoit Panizzon wrote:

Hi Renaud


I am seeing in my logs some bounces messages (empty sender) from
various outbound.protection.outlook.com servers. All those bounce
messages are directed towards one specific email address which is
probably used as an envelope field in a spam run.

Now my question is: if it comes from outbound servers for outlook.com,
shouldn't the mails also pass through some kind of inbound servers at
outlook.com? If that's the case, how comes that those messages which
surely have a wrong DMARC, SPF and DKIM pass through the incoming
gateways?


We have exactly the same problem. We sometimes observe that some of our
customers get DOSed by large volumes of outbound.protection.outlook.com
bounces.

The 'Attacker' apparently is a botnet (aka many different ip
addresses) that fakes the sender@our-domain and sends very small emails
to various non existing recipients hosted on
outbound.protection.outlook.com servers.

Our domains are protected by SPF.

In the first place, the outlook.com services should not accept emails
to non existent recipients and then send 'late' bounces to the fake
sender, resulting in some kind of amplificator attack.

Secondly if the sender domains is protected by SPF with -all that email
should be rejected my Microsoft right away during SMTP handshake.

None of both is done.

I documented the case and how to reproduce.

I did try to open a trouble ticket with the Microsoft Security. It was
impossible, because we, as an ISP do not use any outlook.com services.
I did try to explain the microsoft security agent for long time, that
his handling of the issue was completely wrong and that it was not a
question what M$ product we use, but he did not want to connect me to
his supervisor as we are no M$ customer and therefore there is no way
to open an abuse/security trouble ticket. WTF!

I contacted ab...@mircosoft.com several times about the issue, without
reply.

I even went so far to notify the Heise Journal security team with the
hint that kind of an mail traffic amplificator attack was possible via
outlook.com, to try to increase the pressure on Microsoft to look into
the issue, but they unfortunately considered this not serious enough.

We cannot block the IP Addresses of the outbound.protection.outlook.com
as this would also affect a lot of legitimate email.

So I have no solution here and don't know how I can make Microsoft take
my reports seriously.

Kind regards

-Benoît Panizzon-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft POP3 Troubles

[Michael Peddemors]

Generally an increase in POP is only related to two things:

* Email Client has short time out's and long query times.

Seems some* email clients will attempt to download messages, but if the 
re-query time comes around, it will terminate the first connection and 
then restart from the beginning.


* Unique identifier related to the message keeps changing.

The email client trusts that the server ID for the message is correct, 
so if it changes, the email client will consider this as new.


This occurs usually when migrating data stores.



On 16-05-05 06:40 AM, Joseph B wrote:

I was reviewing my flow records and I can see in the last 24h we have
started doing a much larger amount of POP3 traffic to Microsoft than
usual. As an example, some of the IP's that are making the POP3
connections are:


Yes, we started seeing these logins from around April 18th.

Some users have gone from 5MB a day of POP traffic to 25GB per day :-\

May  5 17:31:52 server dovecot: pop3-login: Login:
user=<u...@domain.com>, method=PLAIN, rip=40.100.16.125,
lip=45.xx.xx.xx, mpid=294947, session=<7VRKwRMytG4oZBB9>
May  5 17:31:52 server dovecot: pop3(u...@domain.com): Disconnected:
Logged out top=0/0, retr=0/0, del=0/512, size=223773360, bytes=24/12306

May  5 17:32:17 server dovecot: pop3-login: Login:
user=<u...@domain.com>, method=PLAIN, rip=40.100.16.125,
lip=45.xx.xx.xx, mpid=295053, session=
May  5 17:40:34 server dovecot: pop3(u...@domain.com): Disconnected:
Logged out top=2/3772, retr=1024/447566492, del=0/512, size=223773360,
bytes=10074/447591247

Cheers,

Joseph


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michael Peddemors]

On 16-04-19 07:01 AM, Michelle Sullivan wrote:

Any other problems like HELO/EHLO not being FQDN, not matching the host,
not existing etc... I'll usually 4xx or ignore (e.g. ignore for not
matching, 421 for not existing... etc.)

Regards,


Hey, stop telling them all our tricks :)

Yes, we also reject outright any HELO that is just a dotted quad in most 
of our technologies.. And usually mark as Spam anything that doesn't 
present a FQDN in the HELO, or generic localhost.localdomain.


We found that you cannot make a policy that the HELO matches PTR, still 
too many HELO's represent internal naming conventions for the server, 
and do not match the outgoing IP, but it is used as an indicator for 
many of our filtering patterns in conjunction with other indicators.


HELO is easy to forge, the PTR is not, so it is helpful but not 
absolute.  All we ask is that the email administrator at least took the 
time to set up a FQDN for the server host name (which is usually what is 
used for the HELO in most email server implementations by default)



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michael Peddemors]

On 16-04-19 11:53 AM, Michael Wise wrote:

... unless it's coming from your localnet.
Local clients in the IP space "You Own" should get a bit more slack.
IMHO.

Aloha,
Michael.



Yeah, only for MTA->MTA traffic, not MTU->MTA, if that is what you mean..


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Null MX & Preference

[Michael Peddemors]

Wouldn't it be nice if registrars (the one that provide default DNS when 
you purchase) could be encouraged to add that TXT or SPF record as 
default on all new domain purchases?


This would also encourage adoption of it as a whole, would like to 
assume that real email admin's would update the record, vs delete the 
record.


Any one suggest a medium to encourage that amongst registrars?

On 16-07-15 01:31 PM, John Levine wrote:

In article <CAGGEJxZSANdB+SvuSY2WCVH4=6gkfykjkusl49n+i4l8oro...@mail.gmail.com> 
you write:

Doesn't receive emails, sure. Doesn't send emails, I look for the "SPF
lockdown." Lots of places publish this as an SPF record: "v=spf1 -all"


Yes, that's what the RFC suggests.

In answer to the original question, I know that Gmam special cases
MX 0 . to fail the message immediately.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Office365 still having issues?

[Michael Peddemors]

here.

Two example sending servers:

NAM02-SN1-obe.outbound.protection.outlook.com

<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fNAM02-SN1-obe.outbound.protection.outlook.com=01%7c01%7cMichael.Wise%40microsoft.com%7cbffa205e0c56464522ec08d3a51e482b%7c72f988bf86f141af91ab2d7cd011db47%7c1=z3TexfHucJ00OkioMS8ncLQULJ%2fA4I0H%2fL%2b7GoHDWdM%3d>

NAM03-DM3-obe.outbound.protection.outlook.com

<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fNAM03-DM3-obe.outbound.protection.outlook.com=01%7c01%7cMichael.Wise%40microsoft.com%7cbffa205e0c56464522ec08d3a51e482b%7c72f988bf86f141af91ab2d7cd011db47%7c1=NFftlSd2HtO9rIrWxhYZftQ2EglGVaB%2fc4EBG48mz7w%3d>



Anywhere from 30 minutes to 3 hours, but they are getting
here.



Sincerely,



Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300



___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop=01%7c01%7cMichael.Wise%40microsoft.com%7cbffa205e0c56464522ec08d3a51e482b%7c72f988bf86f141af91ab2d7cd011db47%7c1=4fskRUYoo0TyCVi7hyHSQV9ZW28czEuqlCSF6VkjRXs%3d>

-- 

Stay Classy,

Ryan

Postmaster & Director of Deliverability

Groupon

Cell: 815-955-0462

__ __

-- 

Stay Classy,

Ryan

Postmaster & Director of Deliverability

Groupon

Cell: 815-955-0462

__ __

--
Stay Classy,

Ryan
Postmaster & Director of Deliverability
Groupon
Cell: 815-955-0462



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail SRS Problem: low reputation of sending domain

[Michael Peddemors]

There is the class of spammers who seem fine with getting as much mail
as possible in the spam label,
with the assumption that enough folks will check their spam label and
click on the links anyways.  We'd
probably need to have more complicated rules of when to listen to the
X-Spam header, of course.

Is there some other issues with a "deliver to spam"?

My prefered solution is to bring an "inbound gateway" setting to
consumer Gmail, but that's a lot
more complicated.

It's also possible that with ARC, you wouldn't need the SRS and we could
better learn forwarding
on a per-user basis, and so we'd just know it's a gateway.


>So how do I solve that customer need in the best possible way?
>Forwarding without some kind of SRS just does not work with all the SPF
>protected domains out there (our own domains are also SPF protected
>which cut of a lot of spam and phishing emails to our customers).

Maybe things are different in the US, but around here, I don't know
anyone who rejects on SPF failure other than a plain -all for we send
no mail at all.  If you want to do phish detection, sign your mail and
use DMARC and hope your users don't subscribe to many discussion
lists.


Agreed.  I have seen a couple non-US banks with a DMARC p=REJECT policy
and no DKIM signatures,
relying only on SPF.  SRS won't solve that problem, though since it
won't align.

In general, Gmail won't reject based on an SPF failure (except -all),
though it can cause spam rejections
on the margins.  And for Gmail, it's probably better to keep the
envelope sender the same and not use SRS.

Brandon


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

 MESSAGE-
Hash: SHA512

Am Mo den  6. Feb 2017 um 17:50 schrieb John Levine:

In article <20170206143318.wy6afi7dx332c...@ikki.ethgen.ch> you write:

They can try. But in the end it will hit back to them. I recommend just
everyone _not_ to have emails on microsoft. If they don't care about
their customers, that is their problem.


Approximately 400 million Hotmail/Outlook users disagree with you.


Hmm... 300 million spamers and 100 million users? Or is it even worse?

I only know one real person who has an account over there. All others
coming from that network are spam, spam and spam.

Microsoft is one of the biggest spam sending networks out there.

Regards
   Klaus
- --
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen <kl...@ethgen.ch>
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliaxAIACgkQpnwKsYAZ
9qwjqgv/WZCXVJXIYu7bOsgZZPDZ96hoYamyjPH9q6TceYMGg/fb8xe32Nt2hsvI
F9ubsLcnEQf7XwFuyIWC54Q8/D+uPkNCoZtC/0TGNwPZsEUKjbVgx/fsjJTi8LOV
cEqRpzEiX+HwISdFp5go/yzL3eWygA3Y8cMZKlGRJy6OuSNxqYH74jdUtc4jowa5
NGeQ5h7cmmDH7rXTVPAKorDexwuiuGlBGaA323yiw/Ak1Lr75/XpPXaawDl7LnTA
YeyUfaOpiAEFMOVsnW1xtIllbM9H2I8Mo3pQIJ0phUz2TfgKiXkMyvdlWNC+pwhV
6q+Cj3VpQ1TFnw1YuBGN8kzTkIBP1b/UYngBT5F72564xnLM1CfwD4kXzYRwv3AF
/12VWfu2WbhYKq1+Z5bEX/Ud7VQN0rSukccRsBOz668SwwDIsgf0c79dmvp5fsAv
4VSQ6/4KltL+jbdMgC87Zq3PCVZieCHZyaE4+Wm7leW5mEhpjTpRO4deLWvpAWP3
P8g1ZfUF
=Jm8l
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

On 17-02-08 08:30 AM, Michael Peddemors wrote:

Ouch, as much as the Hotmail/Outlook spam might bother because of course
it is harder to sort the good/bad, that is easier to do at source than
at destination..


Oh, speaking of Hotmail..
Still appears that emails coming from cross-tenant still break RFC's..
Duplicate Return Paths..

Return-Path: <devendramishra2...@outlook.com>
Received: from snt004-omc3s33.hotmail.com (HELO 
SNT004-OMC3S33.hotmail.com) (65.55.90.172)



spamdiagnosticmetadata: NSPM 
Content-Type: multipart/alternative;
boundary="_000_BM1PR01MB0737270F24F2EEA103EE2EF0DE400BM1PR01MB0737INDP_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2017 20:31:45.6644
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BO1IND01HT012
Bcc:
Return-Path: devendramishra2...@outlook.com
^^^
(That should be stripped at the original receiving server, if it isn't 
the final destination)


X-OriginalArrivalTime: 06 Feb 2017 20:32:24.0421 (UTC) 
FILETIME=[1FDEF950:01D280B8]




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Deliverability services for non-newsletter services

[Michael Peddemors]

On 17-01-26 02:37 AM, Andy Davidson wrote:

Hi, all

Are there any ‘bulk’ delivery operators who specialise in non-newsletter 
delivery (i.e. eschew those kinds of customer opportunities)?  Specifically to 
do this in order to focus on, and by implication improve deliverability for, 
transactional email notifications ?  (Like ‘order confirmed’, ‘shipping 
information’, ‘contract received’, etc.)

Thanks in advance for any tips,
Andy

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



There are good ones and bad ones..

Best suggestion?

Try to find one that allows you to have customer PTR records, and 
'rwhois' and dedicated IP(s), and a valid sender record reflecting your 
domain.. (eg MAIL FROM)


If all your emails are clearly identified as representing your company, 
you should have less issues in the long run.


Also one that is willing to work on your behalf in case of reputation 
issues.





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Offtopic: How does an taiwanese IRT work / ppt.cc URL shortening

[Michael Peddemors]

Not sure if it will help your situation, but we have been contacted 
before from Hinet from:


r...@hibox.hinet.net

I am sure that they might be able to help, and they speak good english.


On 17-01-29 11:33 AM, John Levine wrote:

remarks:Please note that TWNIC is not an ISP and is not empowered
remarks:to investigate complaints of network abuse.



What? Did I get that right? Their IRT Contact, responsible for abuse
complaints has a comment that they do not investigate abuse complaints?


TWNIC is what it sounds like, the registry for Taiwan.  If you read farther
down the APNIC whois output, it says to look in the TWNIC whois server,
which works:

$ whois -h whois.twnic.net 125.224.0.0

   Netname: HINET-NET
   Netblock: 125.224.0.0/16

   Administrator contact:
  network-...@hinet.net

   Technical contact:
  network-...@hinet.net

If you can write in Chinese, even Google Translate style Chinese,
that's slightly more likely to get an answer.  Hinet is a large ISP
and while not totally evil, is also not particularly responsive.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Gotta Love Banks.. Biggest Targets for Phishing yet..

[Michael Peddemors]

This is the mail system at host emaildlp.security.bns.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

   The mail system

<ab...@scotiabank.com>: host mailrelay.glb.bns[172.22.1.204] said: 550 5.1.1
<ab...@scotiabank.com>... User unknown (in reply to RCPT TO command)


Reporting-MTA: dns; emaildlp.security.bns

Have a great weekend all.. (Love the private TLD)


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

On 17-02-15 08:45 AM, Felix Schwarz via mailop wrote:


Am 15.02.2017 um 17:08 schrieb Laura Atkins:

If Hertzner cared they could sign up for the MS SNDS program and see a list of
all the IPs that were currently blocked.


They do that already (as Hetzner customers can see when registering a Hetzner
IP in SNDS). AFAIK they also monitor IP blacklists for their IP range.

One thing I'm wondering: If deliverability with Hetzner is already bad is
there any chance to deliver anything at all from a OVH/DigitalOcean/AWS ip?
(just to get a sense of how problematic Hetzner is)

Felix


From our observations.. depends..

Both OVH and Hetzner provide 'rwhois/SWIP' for parts of their ranges, 
and those parts are less problematic. The parts with no 'rwhois' are 
problematic.


Digital Ocean/AWS, and for that matter any cloud provider that 'rents' 
IP(s) for short time intervals, will be problematic, especially if they 
don't bother to SWIP/rwhois that you are allocated those IP(s).


And as more operators get into this space (Azure here in North America) 
and many others worldwide..


If you don't have the IP(s) long enough to justify SWIP/rwhois, then 
probably don't want email from you ;)


But it comes down to this, if your hosting provider doesn't bother to 
monitor the outbound activity, they will likely be a bad place for you 
to make a home for legitimate services..




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How many more RBL's do we really need?

[Michael Peddemors]

On 16-08-29 05:40 PM, Michelle Sullivan wrote:


Don't you just hate these threads that can start arguments on what is an
FP and what is not? :P


You know what we could use more of?

https://www.intra2net.com/en/support/antispam/
https://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html

There isn't much like this any more..

Might be something that we can encourage universities, and/or large 
organizations with large email volumes who have the capability to check..


Not saying Google should do this ;)

But for example, tag incoming emails somehow with a hash of which RBL's 
would be triggered, and compare it to their internal spam/ham systems.


Any one else know some hidden gems on the 'net that might not be on the 
search results of real world results that can be shared around?


Of course, the problem really stems from what Michelle alluded to..
While we can probably all agree on 99% of the content, it is that last 
1% that different operators have different opinions on..


The small little WISP in rural Texas might have different opinions on 
what type of email they think their users want, than the large email 
provider in Turkey.. different RBL's can serve different purposes..


(oh, and you should see the Clinton/Trump divide on what is spam and 
what isn't)


We used to do this with some friendly ISP's (course we didn't use direct 
RBL lookups, we created a caching system) in logging mode to identify 
UNIQUE and MULTIPLE RBL hits in the early days, but it really should be 
tied into some form of customer definition as well. (This is junk/not 
junk) but even then, take the case of the large provider who has a 
temporary really bad spam outbreak.. was the RBL who listed them wrong 
when a couple of good messages from the same source where also tagged?


However, I think that data would be useful to help others make informed 
choices on which RBL's they might like to implement.


RBL's are still one of the most efficient and effective way to reject 
the worst/most of the current spam outbreaks. (Followed by other simple 
DNS checks..talking to you 'static.vnpt.vn' and 'broadband.actcorp.in')


But open comparison sources of the accuracy/validity of the data is 
something that would help everyone.  I do suggest it needs to be based 
on demographics though.  Which RBL's are most effective for email 
servers based on continent they operate might be a great start.


(For instance, lists that identified sources of the CUT-WAIL outbreak 
for a while could claim to block 80-90-99% + of all attacks, if you 
happened to be one of those targeted by those attacks, doesn't mean in 
the long term it is the most accurate RBL for others)


And I am sure that Gmail, or Yahoo, or AOL each would have a different 
opinion, based on the attackers who prefer targeting them, on which RBL 
is best (which is probably why they also run their own to some extent or 
another).







--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] A lot of spam/malware from cox.net (68.230.241.0/24)

[Michael Peddemors]

Sounds like the standard bot generated spam, but it has been mentioned 
before, if posting to this list, a complete header is usually best in 
order for list members to comment on.


It would help to see if this is simply an outbreak of compromised email 
accounts (less likely) or some type of allowed relay.. or infrastructure 
change.


Suprised that the c of this bot hasn't been found yet, it has been 
going on a while..


On 16-08-30 10:57 PM, Shane Clay wrote:

We’re seeing huge amounts of spam coming from cox.net (68.230.241.0/24)
over the past few days. Going to our filtering system but also getting
through to Office 365 and Gmail accounts without any issue at all.



They are all the well written, formatted “please remit” type emails with
a Word Doc attached.



Interesting, the example I’ve had sent to me today went directly to my
users @domain.onmicrosoft.com address, so not to the custom domain. The
customer has never actually used the onmicrosoft.com domain for anything.



This is a repeat of what we saw from the same IP range in June. Anyone
at Cox.net that can comment?







Example of what we see:





*From:*Coulson, Nick [mailto:bbulla...@cox.net]
*Sent:* Wednesday, 31 August 2016 1:05 PM
*To:* Real Staff Members Name <abc@hidden.onmicrosoft.com>
*Subject:* Companies Actual Full Legal Name; Ben, Please See and Clear -
NET-30 01V950901



Hello Real Staff Members Name,
Mechanical Engineer

I am writing to inform you that we haven't got deposit of $1662.00 from
Real Companies Name (), which appears *outstanding*.

Since you are our returning customer, we are offering you 3 extra days
to remit the payment. Please refer to the attached paper for payment
requisites.

Cheers,

Coulson, Nick
*Forte School of Music Applecross* | Accounts Team
A.B.N 73 106069311
325-327 Queensberry Street North Melbourne Vic 3051





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from AOL on this list?

[Michael Peddemors]

FYI.. see this again from either the sending server or chilli..

X-SPAM-FLAG: Yes

So that message would be in people's spam folder..

On 16-10-04 09:29 AM, Frank Bulk wrote:

I just started seeing this:
Site aol.com (152.163.0.68) said after data sent: 421 4.2.1 Dragnet 
Timeout
Site aol.com (152.163.0.99) said after data sent: 421 4.2.1 "Service 
unavailable. Please try again later."

Anyone else?

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rok Potocnik via 
mailop
Sent: Tuesday, September 27, 2016 11:43 AM
To: mailop@mailop.org
Subject: Re: [mailop] Anyone from AOL on this list?

On 5. 05. 2016 21:35, Josh Nason wrote:

Hi all -- we have some AOL caching questions and are curious if someone
from there is on this list.

If so, I'd love to hear from you. Thanks!


I'd also appreciate an AOL contact... I have only couple of messages in
the queue, but as I tend to keep mailqueues as tidy as possible I'd like
to verify why did we get black/greylisted...

(host mailin-01.mx.aol.com[152.163.0.68] refused to talk to me: 421
mtaig-aad01.mx.aol.com Service unavailable - try again later)
(host mailin-01.mx.aol.com[64.12.88.131] refused to talk to me: 421
mtaig-mca04.mx.aol.com Service unavailable - try again later)
(host mailin-02.mx.aol.com[152.163.0.99] said: 421 4.2.1 :  (DYN:T1)
https://postmaster.aol.com/error-codes#421dynt1 (in reply to end of DATA
command))
(host mailin-03.mx.aol.com[152.163.0.99] said: 421 4.2.1 :  (DYN:T1)
https://postmaster.aol.com/error-codes#421dynt1 (in reply to end of DATA
command))
(host mailin-03.mx.aol.com[64.12.91.196] refused to talk to me: 421
mtaig-mbb03.mx.aol.com Service unavailable - try again later)
(host mailin-04.mx.aol.com[152.163.0.67] said: 421 4.2.1 :  (DYN:T1)
https://postmaster.aol.com/error-codes#421dynt1 (in reply to end of DATA
command))
(host mailin-04.mx.aol.com[64.12.88.132] refused to talk to me: 421
mtaig-maa04.mx.aol.com Service unavailable - try again later)
(host mailin-04.mx.aol.com[64.12.91.196] refused to talk to me: 421
mtaig-mcc04.mx.aol.com Service unavailable - try again later)







--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] increased spam from "newslettertool2.1und1.de"

[Michael Peddemors]

Yes, definitely on the too big to block, but noticed an overall increase 
in the amount of spam reports the team is seeing related to their 
servers over the last couple of weeks..


On 16-08-29 09:05 AM, Terry Barnum wrote:

Yes, I'm seeing them too.

-Terry


On Aug 29, 2016, at 7:50 AM, Benoit Panizzon <benoit.paniz...@imp.ch> wrote:

Hello

In the last couple of days I have come across more spam emails
originating from: mout.kundenserver.de [212.227.126.133] (whitelisted
as much legitimate emails is sent from that IP) but which contain an
unsubscribe link pointing to newslettertool2.1und1.de

I wonder if OneAndOne created a new tool which is actrively being abused
by spamers. Anyone else seing those emails?

-Benoît Panizzon-
--
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


Terry Barnum
digital OutPost
Carlsbad, CA

http://www.dop.com
800/464-6434



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] RoadRunner Admin's on the list?

[Michael Peddemors]

Please reach out to me offline, spam auditors noticed an increase of 
'locky' style spam leaking out just one part of your email platform, and 
would like more information..


 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo blacklist removal

[Michael Peddemors]

And there is also http://hetrixtools.com/589066.html

They also have a lot of RBL's listed, and a pretty attractive 'free' 
model for monitoring your IP(s).


On 16-11-16 04:02 PM, Eric Henson wrote:

http://www.mxtoolbox.com will check 50+ blacklists.




Eric Henson
Server Team Manager
PFS
p: 972.881.2900  x 3104
m: 972.948.3424
www.pfsweb.com


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of David Sgro, 
Dataspindle
Sent: Wednesday, November 16, 2016 3:53 PM
To: Vick Khera; mailop@mailop.org
Subject: Re: [mailop] Yahoo blacklist removal

Any good place to find a list of specific ones I should check? No 
deliverability problems elsewhere so far.
Did http://multirbl.valli.org/ and several others and totally clean. I found 
out about Proofpoint when emailing a vender.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera
Sent: Wednesday, November 16, 2016 4:37 PM
To: mailop@mailop.org
Subject: Re: [mailop] Yahoo blacklist removal

On Wed, Nov 16, 2016 at 3:53 PM, David Sgro, Dataspindle <d...@dataspindle.com> 
wrote:

- A company called ProofPoint had my block along with several other neighboring 
/20's listed due to a SPAM incident that happened in 2013. Spoke to them. Very 
nice people. They understood and cleared it up right away. Yahoo uses 
ProofPoint to help determine email reputation.


Proofpoint provides reputation to others too, most notably icloud.com.
You probably want to check *every* known reputation source. I'm sure you're 
listed elsewhere if it was that bad.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Amazing when Banks don't use SPF records..

[Michael Peddemors]

There is a large round of TD Bank phishing going around..

Would have liked to report this to their abuse team.. but..

*Delivery has failed to these recipients or groups:*

ab...@td.com <mailto:ab...@td.com>
The e-mail address you entered couldn't be found. Please check the 
recipient's e-mail address and try to resend the message. If the problem 
continues, please contact your helpdesk.



host -t TXT td.com
td.com descriptive text 
"QAZp0qAv8Fqtex+x8eNq13IduQHhP7Y76B4TEOW7A2BtJ+Eh6cjsPT1E3PQtGsWet9xNPHfuFz0XvAYYcm05LQ=="

td.com descriptive text "MS=ms90345429"
td.com descriptive text 
"adobe-idp-site-verification=7450d651-fff2-4ed9-aebd-7af8fd72e3ca"
td.com descriptive text 
"google-site-verification=zr-IIMl9y61ysL3vSRXIh_UdOUr16u6a3IKFtg-AGG4"


host -t SPF td.com
td.com has no SPF record



 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Comcast Postmaster for off-list dialogue

[Michael Peddemors]

Surprised, but I don't seem to have a Comcast contact on file..

Looking for an off-list discussion, regarding some of the listed DUL 
space..


-- Michael --

 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Storing 821 envelope recipients in an 822.Header?

[Michael Peddemors]

On 16-12-07 07:58 AM, Ned Freed wrote:



/me is going to go with Envelope-To, as it's going to be the easiest to
explain to users "this is from the envelope at SMTP delivery time, not the To:
or Cc: or anywhere else".


FWIW, we chose the closely related X-Envelope-To: for this function many years
ago. (At the time best practice was to use X- prefixes on nonstandard headers.)

If we were doing it today we'd use Envelope-To:.

Ned

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



Probably better directed to the IETF, but based on the comments in that 
RFC about deprecating X- headers (which I too do not understand why), it 
looks to specifically point this out to those designing 'new' protocols, 
and it points out that those protocol designers should maintain a list 
of 'extensions'..


However, I think you missing something in that RFC..

5.  Does not override existing specifications that legislate the use
   of "X-" for particular application protocols (e.g., the "x-name"
   token in [RFC5545]); this is a matter for the designers of those
   protocols.

So, X headers are still the way to go it seems for SMTP..

PS, we use ..

X-MagicMail-Original-Destination:

To preserve the original RCPT TO, presented during SMTP mail 
transaction, for later local processing.


Why? so that all headers with the same prefix are easily identifiable 
for removal, if they already exist during the SMTP mail transaction.


eg.. remove all X-MagicMail headers..

Point being, remember that certain headers SHOULD/MAY be 
removed/replaced by the MTA, so when choosing a header for your purpose, 
you should remember that aspect of recording data.





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Storing 821 envelope recipients in an 822.Header?

[Michael Peddemors]

On 16-12-06 06:37 PM, Steve Atkins wrote:

I know there's no standard header for storing the envelope recipients for a 
message (for good reason, especially when it comes to Bccs) but there are times 
when it's useful.

Does anyone know of a system that does that? I'm stashing them in "X-Rcpt-To" 
at the moment, for lack of anything better, but if there's even a marginal ad-hoc 
standard for it I'd like to be consistent.

Cheers,
  Steve


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



Storing all of them isn't really the job of the headers IMHO..

And if you do, you better quickly figure out some MAX_RECIPS ;)

Storing/Preserving the original intended recipient is of course..

And some mail processing systems, the recipient lists 'change' during 
the course of delivery..


And you might like to explain your concept of 'envelope recipients' just 
to be clear...


And it might help if you defined 'why' you want this data stored?





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from BigPond on the list?

[Michael Peddemors]

Want to take a discussion off line with you, regarding your outbound 
filtering system, possibly being borked.. maybe internal routing problem 
through your filtering system..


Received: from nsstlmta29p.bpe.bigpond.com (HELO nsstlmta29p.bpe.bigpond.com) 
(203.38.21.29)

Received: from smtp.telstra.com ([10.10.24.4])
  by nsstlfep29p-svc.bpe.nexus.telstra.com.au with ESMTP
  id 
<20170113155324.yfet22287.nsstlfep29p-svc.bpe.nexus.telstra.com...@smtp.telstra.com>;
  Sat, 14 Jan 2017 02:53:24 +1100
X-RG-Spam: Unknown
X-RG-Size: 2047
X-Junkmail-Premium-Raw: 
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
X-RG-Spam: Unknown
X-RG-Size: 2047
Received: from [10.10.24.4] (10.10.24.4) by smtp.telstra.com (9.0.019.11-1)
id 5820AC3E0924882E; Sat, 14 Jan 2017 02:53:24 +1100
Received: from [146.185.28.58]
by email.telstra.com with HTTP; Sat, 14 Jan 2017 02:53:15 +1100




 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] GoDaddy Email admins' in the house?

[Michael Peddemors]

Noticed that they are using underscores in their hostnames used in the 
HELO/EHLO..


https://www.ietf.org/rfc/rfc1034.txt

p3plsmtp09-04_26.prod.phx3.secureserver.net

Comments from the list?

While a lot of 'loosening' up on domain name(s) encoding has occurred, 
haven't seen anything that has changed to allow underscores in the host 
name portion, which I 'believe' is still restricted to letter-number-hyphen.



 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] RoadRunner Abuse handers lurking on here?

[Michael Peddemors]

Have seen an up-tick of a specific type of spam being reported..
Kind of curious about the delivery method, as the messages contain 
Return-Path headers when they normally shouldn't..



Return-Path: <lean...@sbcglobal.net>
Received: from dnvrco-outbound-snat.email.rr.com (HELO 
dnvrco-oedge-vip.email.rr.com) (107.14.73.232)
by [REDACCTED] with (DHE-RSA-AES256-GCM-SHA384 encrypted) SMTP
(61f32b86-b826-11e6-b20f-ef093237de50); Thu, 01 Dec 2016 16:29:28 -0800
Return-Path: <lean...@sbcglobal.net>

^^ Should not have been set by 'dnvrco-omsmta01'^^^

Received: from [1.49.149.199] ([1.49.149.199:56743] helo=outlook.com)
by dnvrco-omsmta01 (envelope-from <lean...@sbcglobal.net>)
(ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ESMTP
id 49/C7-19237-260C0485; Fri, 02 Dec 2016 00:29:26 +
Message-ID: <0306b0e3e83c07a4787d348216072...@sbcglobal.net>
From: "PHARMACY EXPRESS" <lean...@sbcglobal.net>
To: [REDACCTED]
Subject: Best remedy for xxx life!
Date: Fri, 2 Dec 2016 02:26:26 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="=_NextPart_000_1D4E_01D24C43.7B3582F0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3528.331
X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331
X-RR-Connecting-IP: 107.14.64.6:2525

(Strange p0f results as well, incidentally)

PS...

Found a referral to rwhois.rr.com:4321.

connect: Connection refused

Better fix the 'rwhois' server, or the listing with ARIN..


 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Too funny Amazon Abuse Responses..

[Michael Peddemors]

Our auditors just shared this one ..

After a particularly bad day of spam coming from AWS being reported, a 
careful email was crafted to the abuse desk, with full headers of a 
sampling of the spam, and a list of the IP(s) that were used..


Automated response ..

"Thank you for your abuse report. We were unable to identify the 
customer responsible for the reported activity. Due to the frequency 
with which AWS public IP addresses can change ownership, we will need 
additional information in order to identify the responsible customer(s)."


* Complete, accurate timestamps of the activity including:
- Date
- Time
- Time Zone

* [EMAIL SPAM] Full e-mail header and HTML content of the spam message

For a faster response, please resubmit your report using the form at 
https://aws.amazon.com/forms/report-abuse


I guess they don't read the email(s) before saying they can't identify 
the customer ... and if they can't with full headers, time stamps et al..


*Ouch*

Have a great weekend all..



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google blocked senders list

[Michael Peddemors]

hy not check both?  It seems illogical
to accept a message from an envelope sender address which is in the
list.  Am I wrong in thinking that in the case of spam the From:
address is more variable than the envelope sender?  There will be
cases where we want to block an envelope sender address but unable to
block the (different) From: address because it is used by legitimate
mail.

--
Richard Gilbert
Corporate Information and Computing Services
University of Sheffield, Sheffield, S10 2FN, UK
Phone: +44 114 222 3028 <tel:%2B44%20114%20222%203028>

___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
<https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop>




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
----
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SORBS help

[Michael Peddemors]

On 17-01-05 05:21 PM, John Leslie wrote:

   How to get that information back to the responsible party, as of
today, remains unsolved. But to the casual observer, blocklist
operators don't seem to be trying at all. They don't notify the
blocklisted server at all, in most cases, and if there _is_ any way
to retrieve information about why the listing happened, it's
proprietary.


and what do *YOU* perceive as "punishment"...

   Actually, any blocklisting without the least attempt to report
why the listing happened _looks_like_ "punishment" -- even when the
"punishment" is extremely unlikely to change the misbehavior.


and I will answer why we can/cannot implement such policies/changes...

   Why you _currently_ can't implement them isn't terribly helpful.

   Instead, could you try to say what you would need in order to
implement them?

--
John Leslie <j...@jlc.net>


Probably simply 'money', spammers make a lot more money that RBL 
operators, maybe when various CAN-SPAM organizations fine spammers, 
maybe they can spread the wealth to the RBL operators, and they can 
spend the money to become the 'reporting police'.. but seriously, it 
shouldn't be the job of RBL operators to let network operators know they 
have a problem, the network operators that do spend the money to monitor 
their own networks and email servers usually seldom end up on RBL lists, 
and/or can get off quickly in the case they missed something..


But asking small shops, often who are providing the service for little 
or no reward, to bear the cost of monitoring other peoples networks 
seems unrealistic.


I don't know how often I hear, 'We don't monitor our networks/customers, 
because otherwise we might be deemed responsible for the activity'


But getting off topic now..

But maybe instead of being critical, we should take time to thank those 
people who take the time out to provide that service, an obviously 
thankless job..


I think we all can agree that there are more network operators not doing 
their job (egress spam) than problem RBL operators.


Ps, how quickly should this operator expect to be removed from an RBL..

104.168.151.9 6   if1.perfecthealthadvice.com
104.168.151.107   host-10.thedesiredhealth.net
104.168.151.116   static-11.loveandhealthiness.net
104.168.151.1456   smtp.naturalhealthsaver.net
104.168.151.1548   manicmarketer.com
104.168.151.1753   mxst11.health-galleria.com
104.168.151.1857   manicmarketer.com
104.168.151.1954   abts.thedesiredhealth.net
104.168.151.2045   tgn.loveandhealthiness.net
104.168.151.4345   deadbeatmarketer.com
104.168.151.4449   deadbeatmarketer.com
104.168.151.4647   deadbeatmarketer.com
104.168.151.4749   deadbeatmarketer.com





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED

[Michael Peddemors]

On 17-03-24 02:29 PM, Rob Golding wrote:

Is that referring to the possibility that companies who make their business 
parsing/trawling/storing whois data may not be able to sell the ~150 million 
registrant names/addresses/phone-numbers/emails for their own commercial gain 
on one suggested gated-access methodology ?
So yes, benefitting 150 million people rather than being concerned about the 
financials of ~20 organisations, might be a possible outcome.

Rob


There are other ways to protect that information, however IMHO, it is as 
simple as this.. You want to use/advertise a publicly accessible 
resource, you should expect that the information about it's use should 
be public too.


Securing the data, abuse of the data, are separate things from requiring 
legitimate information, and for that information to be publicly accessible.


Please let's not confuse the issues..

And as for privacy issues, nothing says that you HAVE to own a domain 
name, or operate an IP or range, but if you 'choose' to do so, there are 
some responsibilities that go with it..


(They make me put a license plate on my car, a registration number on my 
boat, I need to wear an orange bracelet at my all inclusive resort, I 
have to get my picture taken to go into the nightclub or to visit the 
US.. all have differing levels of information I have to present)


But if I want to use a public resource, eg get a permit to gather in the 
park, or hold a rally, I have to provide information that will be (and I 
should expect it to be) publicly available.


(And, if it wasn't for all the rampant abuse, maybe this would not be an 
issue, but what about the millions of domains and IP(s) that are being 
abused every day... They need to be held accountable..)


Sorry.. Rant Friday.. Have a good weekend all..


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone Else notice a significant reduction in spam leakage from Gmail over last couple of weeks?

[Michael Peddemors]

Aside from the evil's of forwarding, and the methods that are available 
to do that without running afoul of SPF.. that is an argument for 
another day.  Every modern email client now supports checking multiple 
mailboxes don't they ;)


...

host -t TXT gmail.com
gmail.com descriptive text "v=spf1 redirect=_spf.google.com"

host -t TXT _spf.google.com
_spf.google.com descriptive text "v=spf1 include:_netblocks.google.com 
include:_netblocks2.google.com include:_netblocks3.google.com ~all"


host -t TXT _netblocks.google.com
_netblocks.google.com descriptive text "v=spf1 ip4:64.18.0.0/20 
ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 
ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 
ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 
ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all"


host -t TXT _netblocks2.google.com
_netblocks2.google.com descriptive text "v=spf1 ip6:2001:4860:4000::/36 
ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 
ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all"


host -t TXT _netblocks3.google.com
_netblocks3.google.com descriptive text "v=spf1 ip4:172.217.0.0/19 
ip4:108.177.96.0/19 ~all"


Okay, I admit it is clearer and cleaner that many operators.. but are 
they ALL outgoing mail systems that should have an envelope from of 
@gmail.com?


(I think gmail.com should be separate from google.com, IMHO)

I would expect that most of those IP(s) should be relaying out the 
appropriate gmail servers.. Most of that 74.125.0.0/16 doesn't even have 
PTR records, so I am sure they are not used for sending email..


But yes, the -all would be nicer... ;)

By being able to reject during the SMTP handshake, it would also help 
alert the sending servers admin's to a problem with compromised accounts..


But yeah, might be living in a dream world.. for a little bit yet.

I will take the step in the right direction for today, and tip my hat..




On 17-08-01 04:37 PM, Brandon Long wrote:

Tighter how?
spf_checker_util: output header:   softfail (google.com: domain of
transitioning ptp...@gmail.com does not designate 58.64.196.210 as
permitted sender) client-ip=58.64.196.210;

You want it to just fail?  That would be silly, we expect people to
forward email.

I'll pass on your compliments.

Brandon

On Tue, Aug 1, 2017 at 3:42 PM, Michael Peddemors
<mich...@linuxmagic.com> wrote:

Be interesting to know if they made changes, but no matter what..

"Kudos' and hats off.."

Now if we can only convince them to have tighter SPF records ;)

Return-Path: <ptp...@gmail.com>

Received: from aton.hk (HELO mail.aton.hk) (58.64.196.210)

(Dont' worry, still goes to spam folder but.. would make it easier for
everyone else)

(And if email operators would bite the bullet and force envelopeFrom that
are on their servers.. )

Next one we want to see improvement on... (Oh, don't want to pick on them
Michael)



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Penetration testing phishing emails

[Michael Peddemors]

While some pen testing companies who do that want to make it as 
realistic as possible (phishing emails, eg in the same manner a villain 
would do) it depends on the target employees that they are trying to 
'phish' test..


Normal employees are not sophisticated, and the content alone is enough.

Unless the pen testing company was testing another security company, or 
very tech savvy targets, I would do the following:


* Add a TXT record clearly showing the purpose.
* Use a separate domain/sub-domain
* Have the PTR record from the sending server CLEARLY spell out.
-- PTR pentest.legitimatedomain.com
* Ensure that there is an ab...@phishdomain.com
* Have accurate SWIP/rwhois for the IP in question, with clear COMMENT 
section

* Have the whois record for the phishdomain clearly show legitimacy
* Have an associated website matching the phishdomain.

However, in general the later is probably part of the pen test.  Simply 
going to the site, might actually be the exploit, or it might add to the 
legitimacy.


A tough one.. but I would really suggest that you get a legal disclaimer 
from the target company, with the ability to confirm that the target 
indeed registered the disclaimer.


But of course, the 'obvious' question, is why they are looking to use 
your network ;)  If they are a pen testing company without their own IP 
space, did they just set up shop?


Social Engineering can be used just as easily against you, as the 
targets.. Sounds like something a Kevin Mitnick might invent..




On 17-08-01 02:37 PM, David Harris wrote:

Hi,

We have a potential customer in the business of doing penetration testing, and 
they want to send penetration testing phishing emails authorized by a target 
company to that company's own employees.

If we allowed this in our network, I would require:

(1) Evidence to our satisfaction that this was authorized by the target company

(2) An X- header explaining what they are doing with a link to find more info

(3) Use of a from address at a domain name like 
“whatever-company-name-is-phishing.com” -- which would have a web-page 
explaining what they do

(4) The approval of our upstream's Abuse Desk.

I’m considering also requiring:

(5) Emails must be DKIM signed with a d= of the target company domain name.

For example:

From: f...@whatever-company-name-is-phishing.com
To: emplo...@example.com
DKIM-Signature: … d=example.com ….

Thoughts? Are there best practices for something like this?

Thanks,

David Harris


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone Else notice a significant reduction in spam leakage from Gmail over last couple of weeks?

[Michael Peddemors]

Be interesting to know if they made changes, but no matter what..

"Kudos' and hats off.."

Now if we can only convince them to have tighter SPF records ;)

Return-Path: <ptp...@gmail.com>

Received: from aton.hk (HELO mail.aton.hk) (58.64.196.210)

(Dont' worry, still goes to spam folder but.. would make it easier for everyone 
else)

(And if email operators would bite the bullet and force envelopeFrom that are 
on their servers.. )

Next one we want to see improvement on... (Oh, don't want to pick on them 
Michael)


 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] spam report: ccm167.constantcontact.com [208.75.123.167]

[Michael Peddemors]

hehe.. and it is always funny when marketers send to our spam auditing 
team, or the abuse addresses..


You 'think' that they would have a mechanism to strip abuse@ before 
sending to a culled list..


On 17-08-09 08:36 AM, Bryan Bradsby wrote:

Constant Contact

Why did you send spam to our DNS team attempting to sell your services?

"Save 50% for 2 months"

postmas...@texas.gov,
Bryan Bradsby

512.936.2248
DIR/CTS/NOC-IT


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] [RFC 2822] RFC Header Line Length..

[Michael Peddemors]

2.1.1. Line Length Limits

   There are two limits that this standard places on the number of
   characters in a line. Each line of characters MUST be no more than
   998 characters, and SHOULD be no more than 78 characters, excluding
   the CRLF.

Seeing more and more cases of this not being honoured..
Surprised that there is not more breakage, but noticed that Yahoo's DKIM is now 
one long line, in addition to Microsoft's VERY long header lines..

(1845 chars)

Comments?



 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Any ATT/Prodify admin's on list?

[Michael Peddemors]

Noticed a lot of backscatter and what appears to be open relay traffic, 
as well as the servers not respecting SPF records, and would like to 
discuss this off-line

This is from Prodigy/ATT server(s).

Received: from flpd598.prodigy.net <http://flpd598.prodigy.net> (HELO 
flpd598.prodigy.net <http://flpd598.prodigy.net>) (144.160.152.219)

X-Header-Overseas: Mail.from.Overseas.source.212.227.251.67
X-Originating-IP: [212.227.251.67]
Humidifiers-Handle: 5a11ed6a1f23513a
From: Reminder+Facebook


 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Properly vetting an hosting provider before buying/moving

[Michael Peddemors]

On 17-07-17 11:21 AM, Michael Wise via mailop wrote:


Looks like #1 is mostly Azure.
Bringing this to certain peoples' attention now.
...

Aloha,
Michael.



At the same time, push them to implement an 'rwhois' server for the 
Microsoft IP space ;)  Or at least try to SWIP to what parts of the the 
overall IP space are possibly designated for certain purposes..


NetRange:   23.96.0.0 - 23.103.255.255
CIDR:   23.96.0.0/13
NetName:MSFT
NetHandle:  NET-23-96-0-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType:Direct Assignment
OriginAS:   AS8075
Organization:   Microsoft Corporation (MSFT)
RegDate:2013-06-18
Updated:2013-06-18
Ref:https://whois.arin.net/rest/net/NET-23-96-0-0-1


Out of that range, for instance, 23.97.128.0/17 is allocated for Azure..
Something like that could easily be SWIP'ed, however operating an 
internal 'rwhois' server would make day to day management a little simpler.


My two cents..

(yes, we already know about the published ranges via website)

But, based on our monitoring statistics, I would still say you are a 
long way from being number #1 ;)


I think that (link) is more about issues that haven't been responded to 
or addressed, rather than spam sources..





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Peddemors]

Again, we are getting pretty off-topic.. but for the record..

inetnum:5.9.170.240 - 5.9.170.255
netname:HOS-201823
descr:  HOS-201823
country:DE
admin-c:HOAC1-RIPE
tech-c: HOAC1-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
created:2017-06-23T01:18:48Z
last-modified:  2017-06-23T01:18:48Z
source: RIPE # Filtered

role:   Hetzner Online GmbH - Contact Role
address:Hetzner Online GmbH
address:Industriestrasse 25
address:D-91710 Gunzenhausen
address:Germany

[240-255]
5.9.170.244 (RS)  3 
static.244.170.9.5.clients.your-server.de
   5.9.170.245  (RS)  4 
static.245.170.9.5.clients.your-server.de
   5.9.170.246  (RS)  3 
static.246.170.9.5.clients.your-server.de
   5.9.170.247  (RS)  1 
static.247.170.9.5.clients.your-server.de


We have automated systems that detect outbreaks like these from many 
hosting providers, close to zero day, but yes.. it seems that they are 
giving 'new customers' IP Space that are just snowshoe spammers, or 
general spammers, and it is still happening on an almost daily basis, so 
their methods for 'signing up' new customers does seem to be having it's 
challenges, or they aren't concerned until AFTER the abuse reports roll in.


It would help if they advertised the operator of the delegated IP space 
properly in their 'rwhois/SWIP', but aside from that, it isn't hard for 
them to see sudden large increases in outbound SMTP from new operators 
if they want to. (HOS-201823 doesn't really help anyone)


And egress reporting is available in almost every router out there, eg 
creating alerts when a sudden large amount of traffic on egress to port 
25 is generated.


And of course, no outbound email should be allowed to port 25, from 
certain DNS naming conventions..


Any hosting company which waits for an 'abuse report' before acting, is 
bound to end up with reputation problems..



On 17-07-10 12:41 PM, John Levine wrote:

In article <34c9f2de-c6bf-69af-6570-f17b3f283...@latter.org> you write:

We have been in the Hetzner "neighbourhood" for years.  This is our
fourth server (and hence IP address) there and the first time we have
had this issue. [1]


Honestly, you're lucky.  Hetzner gushes spam, and I've had most of their
IP ranges totally blocked for years.  I report a lot of it (semi-automatic
tools) which has never made any difference I could see.


But it shouldn't matter.  We are not spammers.  It is stupid to block
a range of IP addresses on the behaviour of one.


But it makes a lot of sense to block a range of IP addresses when the
whole range gushes spam.  Whenever I've looked at the logs, the stuff
from Hetzner is like 99% spam.

R's,
John

PS: Unpersuasive argument: "This is inconvenient for me, therefore you should not do 
it."


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] User question about getting off blocklists

[Michael Peddemors]

On 17-07-12 10:10 AM, Scott Bonacker CPA wrote:
What authority is required to make a request for removal from a block 
list? Certainly not a user, but what level in the sending organization?


Personally, the person/organization listed in the 'rwhois' or SWIP for 
that IP Address, is a representation of who is responsible for the 
activity. They own/oeprate the IP(s), they are responsible for the 
activity there on..


A secondary case, is the owner of a domain, where the domain portion of 
PTR of the IP Address of the offending IP Address, as represented by 
'whois', but in cases where the problem is pandemic, it might require 
the person in the first case..


And the email of the person requesting it, should reflect the 
domain/company as well..


'f...@hotmail.com' should not be requesting for a legitimate email 
server, where they should have an account ;)


See a lot of fred55...@somefreemail.com, asking for removal for a known 
compromised server.. hehehe.. yeah right.. sorry if your trojan can't 
send email but...







--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Peddemors]

  1   unassigned.psychz.net
   45.35.107.116(RN)  3   unassigned.psychz.net
   45.35.107.118  2   unassigned.psychz.net
   45.35.107.119  1   unassigned.psychz.net
   45.35.107.120  1   unassigned.psychz.net
   45.35.107.121  4   unassigned.psychz.net
   45.35.107.123  2   unassigned.psychz.net
   45.35.107.125  5   unassigned.psychz.net



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] antispam service recommendations?

[Michael Peddemors]

Spam detection usually comes in via SMTP, not IMAP ;)

What is is the backend MTA? Postfix? SendMail?
Are you looking to offer this for free, or as a value add?

You can also reach me offlist for suggestions..

On 17-07-18 08:50 AM, Mark Jeftovic wrote:


Thanks to all who replied thus far, to answer a few questions:

* our IMAP implementation is dovecot
* approx. 25K mail boxes but they will not all be using this, most won't

And a follow-up question:

* anybody familiar with zerospam.ca ?

Will summarize thread.

- mark


Mark Jeftovic wrote:

Hi, we're looking for recommendations for an antispam service we can
layer in front of our hosted IMAP offering.


We've tried a few services so far and our testing has found serious
deficiencies.

Requirements:

* hosted or virtual appliance
* quarantine with management (auto-purge options)
* prefer content based filtering over RBLs, having serious
false-positive issues with RBLs - bonus for being able to enable/disable
individual RBL's by domain/user
* tag-only mode
* user defined white-lists
* anti-virus filters
* API
* white-labelling a plus but not a requirement

Any feedback, experiences recommendations would be appreciated.

- mark







--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] RFC question on smtp replies...

[Michael Peddemors]

be transferred to a DSN as well
(see https://tools.ietf.org/html/rfc3464#section-2.3.6 ). Those
diagnostic-code field values may be multiline as well, but I presume one
would leave the numeric codes out.

@Stefano: Not sure if I have the time, but good tip on checking if it is a
bug or not.

Yours,


David

On 7 July 2017 at 12:28, David Hofstee <opentext.dhofs...@gmail.com> wrote:


Yes, I know. The subsequent RFCs 2821 and 5321 are equally unclear on
this, I think.

But it is a bit weird to say the human-readable text is for humans only.
Since it is transferred via SMTP, the RFC should define how to handle it.
And it is ambiguous. I would like option 1 best.

David

On 7 July 2017 at 12:03, Vladimir Dubrovin <dubro...@corp.mail.ru> wrote:



Hello David.

RFC 821 is outdated, use RFC 2821 as proposed or RFC 5321 as a draft for
SMTP. Also, there is an RFC 3463, it adds extended status codes and you
should probably read it.

According to RFC, only code (and potentially extended status code) are
intended for machine interpretation. The rest of response is a
human-readable text, which should not be automatically interpreted. So, as a
human, you are absolutely free to use it in any reasonable way. You can
either leave it as is, or remove status codes, or concatenate it  in the
single line (since it's a human readable form, you should probably replace
CRLF + status code + delimiter characters with a whitespace, because in
human-readable form you do not expect the words to be wrapped or the lines
to contain extra spaces).

07.07.2017 12:27, David Hofstee пишет:

Hi,

I've an interesting RFC question. In an SMTP reply, one can have single
line or multiline replies. E.g.

521 single line reply

or

521-Line one
521-Line two
521 Line three

See also https://tools.ietf.org/html/rfc821#page-50 .

My question is: The reply is an answer that is, necessarily, formatted
for SMTP. But how should the multiline answer be interpreted? What is its
'value'.

option 1: Remove superfluous return codes and s. E.g.:
521 Line oneLine twoLine three

or option 2: Remove superfluous return codes but keep . E.g.
521 Line one
Line two
Line three

or option 3: Remove superfluous s. E.g.
521-Line one521-Line two521 Line three

or option 4: Convert s into '\r\n' to make it a one line answer.
E.g.
521-Line one\r\n521-Line two\r\n521 Line three

or option 5: Keep everything. Eg.
521-Line one
521-Line two
521 Line three

The RFC does not really state that. So I am not quite sure how that
should be logged correctly. Where the formatting starts and what 'value' it
is supposed to represent. When I look at other standards (e.g.
http://json.org), the formatting and what it is to represent, is more clear.

This came up when I saw 3 different outputs in different MTA's (1,4 and
5). Not sure if I have to file a bugreport to my favorite MTA supplier.

Can anyone say something smart about how the reply should be seen?

Yours,



David


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
Vladimir Dubrovin
@Mail.Ru





--
--
My opinion is mine.





--
--
My opinion is mine.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Restricted email address UIDs for public email domains

[Michael Peddemors]

On 17-07-25 09:59 AM, Kirk MacDonald wrote:

In addition to what is mentioned in RFC2142, can anyone offer any resources (or "best practices") 
for what can be considered "restricted" email addresses/UIDs for a domain which offers mailbox 
service to the general public? This would also be assuming the "restricted" email addresses are 
otherwise valid in terms of length, characters, etc.

I tend to think that UIDs which one could consider "vulgar" aren’t realistic to 
restrict, since those types of feelings evolve over time and are subject to personal and 
cultural bias (to say nothing of the wordlist/regex complexity), but it would be 
interesting to know if there are addresses which folks commonly feel fall into a 
role/reserved type of category and/or should otherwise be restricted to the domain owners 
use (or no one's use).

Kirk MacDonald
Eastlink
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



Our standards are that the main domain on the email server should have 
'postmaster','abuse','mailer-daemon', as well as any common OS names, eg 
'root','postgres','www-data' etc created and restricted.


All subsequent domains should have 'abuse' and 'postmaster'.



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com blacklist

[Michael Peddemors]

On 17-07-11 09:09 AM, Seth Mattinen wrote:

On 7/11/17 02:19, Philip Paeps wrote:


Unfortunately, spammers have made the internet worse for everyone.  In 
the world of email today, "we are not spammers" is not a good enough 
argument to get your email accepted by anyone.



"We're not spammers" is up there with "double confirmed opt-in" or 
"can-spam compliant" as things a spammer would say to try and get 
unblocked so they can fire off a spam run.


~Seth


Some of my favourites...

Templated responses..

"Could you please send us some evidence.."
"We have taken necessary steps to prevent any kind of spam email being 
sent from the server"

"We have investigated this issue and has taken care of"
"pls remove me from blacklist" (that is the full request)
"not listed in any blacklist except yours"
"The mail server is clean"
"..signed.. delivery consultant" (Why do they need one?)
"The spam problem related to this issue was already solved"
"We use DKIM and SPF"




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SNDS - Low Inboxing

[Michael Peddemors]

Use a confirmed double opt-in system, then you don't have to worry.
'direct relationship with Merck' falls under 'implied consent'
'content directly pertains to cancer treatments' IF the contact 
information is publicly available, also is only covered by 'implied consent'


Adopt a confirmed double opt-in, and you will ensure the highest levels 
of engagement, and the lowest complaints, and you won't have to 'prove' 
that your emails are wanted...




On 17-06-29 08:51 AM, Chris Truitt wrote:

Hi Laura,

Our complaint rates are very low. The oncologists all have a direct 
relationship with Merck and have signed up to receive mail. The content 
directly pertains to cancer treatments in this example. They also spent 
two weeks sending to a core list of contacts with a strong history of 
engagement, and this didn't make a dent on the report.


To your point, we saw higher open rates as would be expected when 
sending to engaged contacts. No complaints and no trap hits during this 
time, but it seems the message content is still flagged by smart screen.


I have put less emphasis on snds in my report. The sender will continue 
to concentrate sends on engaged contacts, but it seems like they are 
getting placed in a category with the traditional pharma content we've 
come to know and hate. Ideally I'd like to see if there's a way for us 
to have the sender identified as legitimate and get around some of the 
content constraints.


On Wed, Jun 28, 2017 at 11:25 AM, Laura Atkins <la...@wordtothewise.com 
<mailto:la...@wordtothewise.com>> wrote:


Smart Screen is a bit opaque, but the key is that it’s based on user
feedback. Instead of focusing on “jumpstarting your IP reputation”
focus on delivering mail your recipients asked for and want.

You mention oncologists getting messages from Merck about cancer
treatments. Did the oncologists ask for the mail from Merck? Is the
treatment relevant to their clinical focus?

Also, just because Smart Screen shows red does not mean that all
your  mail is going to bulk. My experience is that the colors on
SNDS don’t actually correlated with, well, anything. I ignore them
completely because I can’t make any sense out of them. Focus more on
what users are seeing and less on getting SNDS to change from red.

laura



On Jun 28, 2017, at 7:36 AM, Chris Truitt <truitta...@gmail.com
<mailto:truitta...@gmail.com>> wrote:

Hello everyone,

After seeing red indicating low inbox placement in Microsoft SNDS
we concentrated all deliveries on a much smaller more engaged
group with a strong history of opens. Our open rate went up, but
SNDS remained in the Red. During this time we saw no instances of
complaints or trap hits.

I opened a ticket with Microsoft and they told me that our
messages were filtered by Smart Screen. This is pharmaceutical
content sent *_only_* to health care practitioners. Things like a
Merck cancer treatment to a small group of Oncologists.

Does anyone have any insight on how we can jump start our IP
reputation for Microsoft and ultimately improve inbox placement?
Is there a direct contact that can assist me with this inquiry?

Thank you,

Chris Truitt
Deliverability Manager
___
mailop mailing list
mailop@mailop.org <mailto:mailop@mailop.org>
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
<https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop>


-- 
Having an Email Crisis? 800 823-9674 <tel:%28800%29%20823-9674>


Laura Atkins
Word to the Wise
la...@wordtothewise.com <mailto:la...@wordtothewise.com>
(650) 437-0741 <tel:%28650%29%20437-0741>

Email Delivery Blog: http://wordtothewise.com/blog









___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GoDaddy abuse form

[Michael Peddemors]

On 17-07-06 11:54 AM, Eric Tykwinski wrote:
If anyone from GoDaddy is here, I tried to fill in the form at 
https://supportcenter.godaddy.com/AbuseReport#,


Captcha just kept error out with the following: There was an error 
submitting your request. SSE001 CSE001


Sincerely,

Eric Tykwinski

TrueNet, Inc.

P: 610-429-8300



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



Related to the abusive domain tdbanksecuredocs.com 148.66.136.56?


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Any One on here doing business with Rediffpro?

[Michael Peddemors]

Ransom ware outbreak, but wondering why they aren't generating RFC 
compliant headers..

Unless of course, the operating system there is compromised.

Return-Path: <nanettebttbu...@gmail.com>
Received: from smtp.rediffmailpro.com (HELO smtp.rediffmailpro.com) 
(122.169.113.172)

by fe1.cityemail.com with SMTP
(b70422d6-7916-11e7-b59f-1f8d7727941e); Fri, 04 Aug 2017 06:13:35 -0700
Content-Type: multipart/mixed; 
boundary=Apple-Mail-D45AC243-3753-9EB9-7327-C43F11E04639

Content-Transfer-Encoding: 7bit
From: nanette busst <nanettebttbu...@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 04 Aug 2017 18:43:31 +0530
Subject: IMG_9786.BMP
Message-Id: <0382c199-0d6b-69d0-3043-de000af74...@gmail.com>

Appears to be standard BOT style ransomware that is going around, but 
the rediff email servers should of course be adding a received header, 
when it accepts a message from another system.






--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"MagicSpam" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and 
intended solely for the use of the individual or entity to which they 
are addressed. Please note that any views or opinions presented in this 
email are solely those of the author and are not intended to represent 
those of the company.




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GMX on various blacklists

[Michael Peddemors]

Our Spam Auditors reported a large outbreak yesterday, but they still 
fell under the 'too big to flag', without other specific variables in 
place..  (eg, Confirmed Malware, length of time of outbreak, etc..)


But it was large, triggered alerts at over 25% of the telco's we monitor..

On 17-07-28 08:14 AM, Kirk MacDonald wrote:

https://www.spamhaus.org/sbl/query/SBL229646

This one is a pretty old listing.

Kirk MacDonald


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit Panizzon
Sent: Friday, July 28, 2017 11:47 AM
To: mailop@mailop.org
Subject: [mailop] GMX on various blacklists

Hi

http://multirbl.valli.org/lookup/82.165.159.13.html

Blacklisted: 17

Anyone knows if some outbreak just got GMX thrown in that many
lists?

-Benoît Panizzon-





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone have contacts at Orange (France)?

[Michael Peddemors]

Seems you have the same problem when using the outbound SMTP..

Return-Path: <ala...@gozmail.net>
Delivered-To: ala...@swordarmor.fr
Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr 
[80.12.242.129])

(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
(No client certificate requested)
by togepi.gozmail.bzh (Postfix) with ESMTPS id 773F21A0070
for <ala...@swordarmor.fr>; Tue,  1 Aug 2017 19:07:46 +0200 (CEST)
Received: from airmure.swordarmor.fr ([86.229.168.245])
by mwinf5d14 with ME
id rt7m1v0035J0xQe03t7m42; Tue, 01 Aug 2017 19:07:46 +0200
X-ME-Helo: airmure.swordarmor.fr

=== Trying smtp.orange.fr:25...
=== Connected to smtp.orange.fr.
<-  220 mwinf5d14 ME ESMTP server ready

Doesn't seem that the give a proper FQDN even in their EHLO/HELO 
response, and/or the initial greeting.


So, hard to tell whether this server you are connecting to is the same 
as the the outbound relay... (eg if you are actually connecting to 
smtp07 when sending) but I highly doubt it... since it probably goes out 
at least SOME form of filtering/balancing system.


And when you look at the host entries..

smtp.orange.fr has address 193.252.22.84
smtp.orange.fr has address 193.252.22.86

This confirms that, so they aren't following RFC's as far as properly 
inserting relay received headers..




On 17-08-01 10:14 AM, Alarig Le Lay wrote:

Hi,

(I’m not in orange’s mail staff, just a customer of the ISP part, I’m
not enough crazy to use another mail server than my own ;)

On mar.  1 août 08:54:45 2017, Michael Peddemors wrote:

We would expect that the actual SMTP servers themselves should be inserting
a received header.. and that we would see a FQDN for the 'mwinf5d13' that
received the email.. Hard to tell if this was a webmail processed email, or
open relay from their networks..


If it could help you, this is what I get when I use their SMTP relay:
https://paste.swordarmor.fr/raw/p3sU

I don’t see any 1918 IP, so I guess that your mail comes from the
webmail.


If any one has a contact, (we tried postmaster already) I will forward it on
to the team ..


This address never worked for me.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone have contacts at Orange (France)?

[Michael Peddemors]

Significant increases in spam from them, but the reason our team wants a 
contact for them, is the strange case of missing received headers for 
mail processed via their systems that started a few months back..


eg..

Received: from smtp07.smtpout.orange.fr (HELO smtp.smtpout.orange.fr) 
(80.12.242.129)

by  with (DHE-RSA-AES128-SHA encrypted) SMTP
(47d57a92-7694-11e7-b574-001e67492cec); Tue, 01 Aug 2017 01:34:52 -0700
Received: from localhost ([10.162.66.161])
by mwinf5d13 with ME
id rkao1v0093UlTPu03kaoYi; Tue, 01 Aug 2017 10:34:48 +0200
X-ME-Helo: localhost
X-ME-Date: Tue, 01 Aug 2017 10:34:48 +0200
X-ME-IP: 10.162.66.161
Date: Tue, 1 Aug 2017 08:34:44 +
To: 
From: "M. SOLOMON 0615850055" <il...@pourcreer.fr>
Reply-To: il...@pourcreer.fr
Subject: =?utf-8?Q?au_bureau_ou_=C3=A0_domicile?=
Message-ID:
X-Priority: 3
MIME-Version: 1.0
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

We would expect that the actual SMTP servers themselves should be 
inserting a received header.. and that we would see a FQDN for the 
'mwinf5d13' that received the email.. Hard to tell if this was a webmail 
processed email, or open relay from their networks..


If any one has a contact, (we tried postmaster already) I will forward 
it on to the team ..



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Fwd: Leverage Social Media to get guaranteed results

[Michael Peddemors]

Yes Michael,

If you are going to have your team tackle anything, the ones selling b2b 
mailing lists and contacts are one of your higher leakages..


I could send you a bunch off-list if you want ..

Offenders this week.. (just a sampling from my own spam folders)

Return-Path: 

Return-Path: 
Return-Path: 

All via *.outbound.protection.outlook.com

Have a great long weekend all..

--- Begin Message ---
Hello,

Social Media has evolved from a platform of uncertainty to a medium businesses 
can use to get guaranteed outcomes. With our team of experienced marketing 
experts, we help our clients achieve their objectives.

If you are interested reply back to get the “FREE SOCIAL MEDIA ANALYSIS “, 
“Company profile”, “Service details”,   “Pricing”, “Client Case Study” , 
“Detailed SMO plan”.

Area of Improvement:

1.  We will give you guaranteed outcome
2.  Improve your sales and business reach.
3.  We will increase the brand value & awareness from Targeted Market only
4.  Increase your website traffic

Warm Regards,
Martin Bell,
Business Development Manager
Note: - If you are not interested then you can reply with a simple \"NO\",We 
will never contact you again.


--- End Message ---
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just an Introduction... Nice to meet your acquintance..

[Michael Peddemors]

On 17-05-03 11:20 AM, Michael Peddemors wrote:

Just thought I would reach out, as in general SendGrid does a better job
than most ESP's..



Sorry, that was meant to be offlist.. :(



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Just an Introduction... Nice to meet your acquintance..

[Michael Peddemors]

Just thought I would reach out, as in general SendGrid does a better job 
than most ESP's..
However, of course.. differentiating between those doing single opt-in, 
and double opt-in, marketing from transactional email is always a 
challenge for those in the spam protection space.


You might like to add me to your linked in.

For the record, we also have seen problems with nationbuilder.com, as 
well as hubspot.com, as the two commonly reported offenders ..


However, you have to understand that the process of 'reporting to abuse' 
is not something that occurs in the real world.. for two reasons, the 
belief that no action will occur, and the 'why should I have to go to 
that trouble, they should monitor it themselves' attitude.


I know that our teams could never get any work done if they had to 
report all the spammers to abuse departments ;)


But for the most part, good usage of PTR records on your part..

Received: from o1.email.financialstuff.ca (HELO 
o1.email.financialstuff.ca) (50.31.54.5)

(they push conferences to stripped addresses BTW)

Sometimes we would like to see better usage of clear identification in 
the MAIL FROM, but that is about the only complaint we would have.


Sometimes your team sends reports in for removal from various related 
systems affiliated with our company that are simply 'please remove this 
ip', rather than taking the time out to explain who the actor is, and 
what types of email communication is being sent from the IP in question.


Short 'remove me' requests are much more likely to be addressed at the 
bottom of the pile.


However, I know we have even recommended your company as professional, 
compared to other players in your space..


So.. keep in touch..

-- Michael --





 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Speaking of too many SPF, Many SPF failures lately

[Michael Peddemors]

On 17-05-17 04:16 PM, John Levine wrote:

In article <caba8r6vb+ng6e1ebdara4q-8mpi15rzvwuxyqkx2cd1os3a...@mail.gmail.com> 
you write:

_spf.google.com is 4 lookups in total).


Do you know why?  It'd be easy enough to glom them together into one record.

It'd be more than 512 bytes but it is my impression that the number of DNS
clients that support neither EDNS nor TCP queries is pretty small now.

R's,
John


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




4 UDP lookups is faster than a fallback to tcp.. and retry isn't it?

And sorry John, but in this business we STILL run into ppl who forget, 
and only allow UDP traffic on port 53 through their firewalls..


IMHO, I would rather see recursive lookups, and for many it is easier to 
maintain that way..


But, given the reported 'docusign' breach, a real example is nice..

host -t TXT docusign.com
docusign.com descriptive text "v=spf1 ip4:65.221.8.13 ip4:65.221.8.29 
ip4:65.221.12.128 ip4:65.221.12.148 ip4:192.237.158.85 
ip4:23.253.182.234 include:_spfA.docusign.com include:_spfB.docusign.com 
include:_spfC.docusign.com include:sharepointonline.com -all"


It looks not bad, successive lookups to 3 parts.. and they all look 
good. Don't like this part of course.. include:sharepointonline.com


ip4:52.104.0.0/14

which chains down to of course..
ip4:40.108.128.0/17 ip4:104.146.128.0/17 ip4:104.146.0.0/19

and more..

And I see that more and more of a trend, company uses a 3rd party 
newsletter company which has all of Amazon AWS  or Digital Ocean or 
Azure IP Space.. in the SPF record chain..   Not too hard for someone 
else to get some of the IP space and start spoofing..


Most people don't understand what the innocuous include means.. just 
that someone (3rd party) told them they had to add it to their SPF 
chain.. and someone in management said 'just do it', without realizing 
that it completely invalidated the protection afforded by SPF..









--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] International Fix-Your-SPF day

[Michael Peddemors]

On 17-05-16 12:14 PM, Andreas Schamanek wrote:

On Tue, 16 May 2017, at 13:05, Vick Khera wrote:


On Tue, May 16, 2017 at 12:11 PM, D'Arcy Cain <da...@vex.net> wrote:


Heck, we may not even need to do it.  Enough coverage and the threat may
get a bunch of them fixed anyway.


hahahaha. you are very optimistic.


Maybe, but I still love the idea of organizing an Internatinal
Fix-Your-SPF day.



hehe... I would settle for a 'banks fix your SPF records day'.

But in reality, we still can't get most people to even properly 
configure PTR/DNS records.. let alone SPF..


And of course, those people who don't even know the affects of DNS, eg 
firewalls that don't allow both TCP and UDP requests, creating REALLY 
long PTR record lists, that force fallback to TCP retry with it's 
associated lag and overhead.. SPF records that are incredibly long.. 
(use inheritance if you need to) the use of weak SPF includes, which 
anyone can forge..


So, let's start slower..

'Fix your PTR record day'
'Block Port 25 day from residential networks day'
'Stop allowing open relay day'
'Stop forwarding email badly' (or at all ;)
'Monitor traffic on egress day'
(Doesn't every modern router support this? and alarms?)

These are simpler fixes, and if they were just done, would make the 
internet a heck of a lot safer in a real hurry..



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] About mipspace-poor list/listing

[Michael Peddemors]

On 17-06-22 12:00 PM, Philip Paeps wrote:

On 2017-06-22 12:32:30 (+0200), Stefano Bagnara <mai...@bago.org> wrote:

Maybe I'm a victim of a very broad block targeted to my provider
(OVH)


I treat all email coming from OVH as "extremely suspect".  They 
represent a substantial fraction of my daily spam volume, most of it 
snowshoe.  Their abuse@ doesn't care at all.


If it weren't for the fact that they do have some high-profile 
legitimate customers, I would refuse all email from them.  I'm actually 
quite tempted to start whitelisting the legitimate OVH customers I know 
about and tempfailing the rest of their address space until I'm fairly 
confident I've not missed any before outright rejecting the rest.


OVH and Hetzner are tied for second place on my "would love to blacklist 
outright but can't" shitlist.  Right behind leaseweb NL.


Philip



Forgot Colo-Crossing on that list ;)


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

[Michael Peddemors]

On 17-05-20 12:24 PM, Steve Atkins wrote:



On May 19, 2017, at 6:58 PM, Bryan Blackwell <br...@skiblack.com> wrote:

Hi folks,

Please pardon the noob question, just want to make sure this is what a proper 
SPF record should look like:

example.org.IN  TXT "v=spf1 mx ~all"


It's fine. I'd marginally prefer one that listed the source IP addresses 
explicitly ...

skiblack.com. IN TXT "v=spf1 ip4:70.175.229.213 ~all"

... but that might require a little more maintenance, depending on how your MX 
and smarthosts are set up.

"~all" is the smart policy to use; ignore those who tell you to use "-all" or 
"?all".




Sorry Steve, but IMHO have to disagree.. if you ARE going to use SPF, 
you should use -all..


Otherwise you might as well not use SPF.. and save the DNS queries..

Some have pointed out on the list the problem with 'forwarding', however 
that is a forwarding problem, and not an SPF problem.


Since every email client out there can check multiple mailboxes, if you 
want to properly take advantage of SPF as a recipient, don't do email 
forwarding ;)


I like sending this link,

https://emailcopilot.com/blog/how-should-i-end-my-spf-record-all/

It shows that only 22% use -all, which IMHO opinion means not a lot of 
faith in SPF records, but they put it in because it is recommended..


(Two year old stats though, btw)

If you are a bank, or any form of a phishing target, using -all is the 
obvious choice.. yes, certain forwarding mechanisms will then fail, but 
really it should, IF you want the benefits of SPF.. (if it was 
forwarded, you are at risk of it being altered any ways)


Using +all is worse than no SPF record at all..

Will have to start running some stats of our own on this, but we aren't 
'great' believers in it (SPF).  However, if someone does have a '-all', 
and they are a likely or proven phishing target, we do use that 
information in our 'Known Sender Forgery' tools...


More efficient.. but yes, it will reject email forwarded..

We use a -all on some of our domains, and we do see 'bounces' on 
occasion, but in those cases, even though they may be critical emails 
that the sender should receive, the small amount of blow back is better 
than the alternative.


We are also a proponent of 'stop remote forwarding', and some of our 
ISP's are moving to this as a policy even.  (Reduces support AND 
backscatter and is good for business)


It would be interesting to see use cases for remote email forwarding 
that remain in today's world.. and of course, there are standards for 
rewriting sender domain when forwarding as well.


And as always, remember SPF is 'not' designed to be a spam protection 
tool to be clear.. and most of the professional spammers have better SPF 
records that legitimate companies ;) (Same with DKIM/DMARC)


But, as mentioned previously.. More important issues to address than 
SPF, that will make the world a better/safer place.






--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Speaking of too many SPF, Many SPF failures lately

[Michael Peddemors]

On 17-05-18 06:47 PM, Ángel wrote:

The question is, when does a large range start being "too large"?

Because otherwise, every org will start weighting at a different point.
And the worst part of this is that there are good reasons to add those
includes, to begin with (and little margin to have the upstream reducing
them).



How nice it is of you Angel to volunteer to update the RFC with a 
recommendation on this :)  Maybe do a little research on the 'largest' 
email provider(s) and how many they think they could possibly need ..


a kind of 'Best Practices for SPF'..

j/k of course.. I go back to working on getting ppl to conform to 
recommendations made over 10 years ago as 'Best Practices'.


Or getting abuse@ responses when reporting networks that 'look' like 
belonging to a bank, that are hacked..


Or getting ColoCrossing and others to stop letting snowshoe spammers 
light up..


Or get ISP's to put proper PTR records in..

Or.. (yeah, getting jaded a little, thank god a 3 day weekend ahead, and 
golfing weather)


Can we just turn off the internet for three days please?
(Hoping for that Solar Flare)



--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] New gmail warning about spoofing

[Michael Peddemors]

A couple of points.. simply because the To/From are the same, is not an 
absolute guide to spam, as this will often be the case in legitimate 
email lists, auto generated messages, web forms, et al..


The reason it is a spammer favourite trick though, is hoping the end 
user has mistakenly white-listed their domain and/or email address, to 
bypass your filters.


And the To, will often be different than your email address for exactly 
the same reason, it might be the first address on a large BCC, (empty to 
would be worse) or a mailing list address..


What is more important is the value in the MAIL FROM: (EnvelopeSender), 
and a pet peeve of mine is the 'too big to block' providers, who allow 
emails to relay out or accept it via SMTP, when the domain in their 
EnvelopeSender is OBVIOUSLY fake, eg who would send @gmail using a yahoo 
server?



PS.. (OFF TOPIC) Spam Folder(s) showing a REALLY noisy day for hotmail 
spam..


Mostly all scammers, 'mutual benifit', but always without ANY recipients 
in the To or Cc..


NoRecipient rules, when the content is obvious pretending to be directed 
to a single email box.. Is an easy catch for filtering.. even easier on 
egress when the volumes are high ;)




On 17-06-14 11:17 AM, Laura Atkins wrote:


On Jun 14, 2017, at 10:24 AM, Stefano Bagnara <mai...@bago.org 
<mailto:mai...@bago.org>> wrote:


My question is WHY gmail alert me when from and to are equals and 
received from an external server but at the same time doesn't care to 
alert me if the from is another gmail address or if the to doesn't 
contain my address (because I was in CCN). Spoof emails usually try to 
make you believe the sender is a friend/customer/coworker/supplier, 
not yourself: that's why this message surprised me (Google preferred 
to deal with a minor use case before the bigger use case).


That’s an easy one.

a) It’s a well defined use case (to/from are the same, comes from 
outside service)

b) It’s common (spammers do this all the time)
c) False positives are not a big deal (if the mail really is to/from 
same address, then the user knows they triggered the mail).


Overall, it may seem like a minor thing, but it’s easy to catch, easy to 
define and has a low false positive rate. Even in your case - you know 
you sent the mail, so it’s not really a big deal. Why wouldn’t you alert 
on that?


laura

--
Having an Email Crisis?  800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com <mailto:la...@wordtothewise.com>
(650) 437-0741

Email Delivery Blog: http://wordtothewise.com/blog








___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] New sending range for MailChimp - 148.105.0.0/16

[Michael Peddemors]

On 17-05-05 09:40 AM, Joey Rutledge wrote:

Hi fellow email geeks,

MailChimp recently acquired a new IP range, 148.105.0.0/16 and have just 
started sending from 148.105.8.0/21.  I’ve noticed a few issues with receivers 
treating this range poorly, likely due to the previous owners of the range.  If 
you are a receiver and have the ability to clean up things on your side to help 
us with sending emails from it, I would greatly appreciate it.

Thanks,
Joey Rutledge
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



Better first make sure that you have DNS servers for those ranges...
(Maybe your firewall people haven't allowed tcp)

And suggest that you also update SWIP for your sections, clearly 
indicating what they are used for.. (or is the whole /16 used for 
exactly the same purpose)


;; Truncated, retrying in TCP mode.
;; connection timed out; no servers could be reached

NetRange:   148.105.0.0 - 148.105.255.255
CIDR:   148.105.0.0/16
NetName:RSGL-3
NetHandle:  NET-148-105-0-0-1
Parent: NET148 (NET-148-0-0-0-0)
NetType:Direct Assignment
OriginAS:
Organization:   The Rocket Science Group, LLC (RSGL-3)
RegDate:2016-01-22
Updated:2016-01-22
Ref:https://whois.arin.net/rest/net/NET-148-105-0-0-1


OrgName:The Rocket Science Group, LLC




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Best rate limiting response?

[Michael Peddemors]

Do you really want them to retry in this situation?

Compromised users/rate limiter users, you probably aren't sure which but 
if you do not want them to send any more while they are rate limited, 
you probably should set a permanent error.


Otherwise you might find a back load of messages in the person's 
outgoing server might trigger another rate limiting event right away.


Also, you probably want the sender to know right away, correct?

We send a 554 error in those cases..



On 17-09-11 05:22 PM, Luis E. Muñoz via mailop wrote:
Over the years I've seen rate limiting responses as 421 and 451 (with 
the first being the most frequent). Is there a consensus in what the 
correct code should be?


I'm going through RFC-5821 and none of the codes mentioned there seem to 
be a perfect match to "hitting a rate limit for an authenticated user" 
in my submission servers.


Given the above, I'm leaning towards using 421, returned after each and 
every MAIL TO command.


Thanks in advance.

-lem



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop






--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Slow botnet IMAP scans?

[Michael Peddemors]

SMTP Auth Scanners are easier to stop, which is why there are more IMAP 
scanners being seen in the wild.


But that is why we are pushing forward on our CID implementations..

https://datatracker.ietf.org/doc/draft-storey-smtp-client-id/

Can't really block AUTH attempts strictly by 'firewall' or IP rules, as 
a bot could be operating out of shared or dynamic space, which would 
mean that you effectively block legitimate users from accessing email.


We actually have a RATS-AUTH list designed to report on IP(s) used for 
AUTH attacks, the broken bots are easier to pick up.


But this isn't a 'Chinese' thing only, we see lot's of these attacks 
coming from everywhere, including Amazon AWS etc..


On 17-10-06 05:30 AM, Tim Bray wrote:

On 06/10/17 10:51, Otto J. Makela wrote:

Are you keeping an eye out for (mostly Chinese) botnets doing slow IMAP scans,
using scraped email addresses and apparently going through whole dictionaries?


I haven't seen them.  But we are getting a lot more SMTP auth scanners
than we used to.

We just drop them in the firewall for a bit.    We've dropped about 300
IPv4 addresses in the last 6 hours.


Tim

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] MAAWG in Toronto, hands up who on the list is attending?

[Michael Peddemors]

I have now had a couple of ppl ask if I was attending this year, and 
while it is in Toronto which is nice, and I have been saying for the 
last couple of years we need to get a few people down to one, sometimes 
scheduling is a pain..


But while investigating the topics on tap, and trying to get some idea 
of the anticipated attendance numbers this year, I had a little chuckle..

I had forgotten the login for Maawg, so had to do a password reset..

And the email arrived in my spam folder.. so of course I had to look at 
it more closely.


Seems that they use 'mailgun' for delivery of those notices.

And looking at the message, at first glance I can see how similar it 
looks to all of the 'phishing' types of emails that pretend to be 
password resets.


Received: from so254-8.mailgun.net (HELO so254-8.mailgun.net) (198.61.254.8)

Okay, they use a shared service from MailGun.. (I assume this is a shared IP in 
the pool, and the pool has been a sender of spam before)

Return-Path: <bounce+29ac75.da36d-alias=linuxmagic@mailserver.m3aawg.org>

host mailserver.m3aawg.org
mailserver.m3aawg.org mail is handled by 10 mxa.mailgun.org.
mailserver.m3aawg.org mail is handled by 10 mxb.mailgun.org.

host m3aawg.org
m3aawg.org has address 67.192.153.75
m3aawg.org mail is handled by 10 mx.m3aawg.org.cust.b.hostedemail.com

And while it is nice that they at least use a domain name related to m3aawg, 
not really what a person would think of 'whitelisting' ..
And of course, in todays age.. no one should be 'bouncing' messages any more.. 
we should be rejecting during SMTP transactions where ever possible.
And really, if it 'did' "bounce" from say a client or internal mail delivery 
mechanism, it wouldn't go to the EnvelopeFrom, it would go to the apparent from..
(and of course, I think the webmaster would want to know right away if bounces 
are happening any ways, instead of looking for a bounce report)

host -t TXT mailserver.m3aawg.org
mailserver.m3aawg.org descriptive text "v=spf1 include:mailgun.org ~all"

Hmmm... that is pretty wide.. and not even a -all...

So, the thought was.. what stops someone else from sending a similar message 
out of mailgun.

DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mailserver.m3aawg.org;
DomainKey-Signature: a=rsa-sha1; c=nofws; d=mailserver.m3aawg.org;
Received: from webm (Unknown [67.192.153.75])

(originated from a server that doesn't have an rDNS/PTR record?)

Aeronet Communications (C01901751) 67.192.153.64/27

(MAAWG, you might like to get a PTR record, especially if this is a dedicated 
server.. )

X-PHP-Originating-Script: 33:SimpleMailInvoker.php (Like we don't see a lot of 
that in compromises)

From: M3AAWG <webmas...@m3aawg.org> (Would like to see quotes around the 
friendly name)
Subject: Replacement login information for  at M3AAWG
   (Extra space and bare , in body are because missing first/last names, but 
also a common trend in phishing attacks by script kiddies)

Okay, now .. how easy would it be to forge those password reset pages..

I leave this to your imagination, how a person could register a similar domain 
name to m3aawg.org.
Sign up for a mailgun account, and send messages that are forged to be almost 
identical..

m3aaawg.com/org
w3aawg.com/org

(Those are available)

I see a lot of sessions that look good at MAAWG, some beginner sessions even, 
but it might be a interesting topic to use this as example of risks..
A targeted phishing attack against this group might look good on a hacker 
resume..

But the point is, "everyone" should occasionally rethink current practices and 
look at the risks.

Would you click on a link that went to:

https://www.m3aaawg.org/user/reset/ (You get the drift)

And while I like the way that MAAWG uses a 'one time pass' instead of asking 
for credentials, if you have never used it before, you would not be surprised 
if it asked you more questions.

It may be also vulnerable to a man in the middle attack, if the DNS of the 
recipient is somehow compromised.. but that is not unique to this case of 
course..

Personally, I believe the EnvelopeFrom should ALWAYS reflect the senders domain 
name, makes white/black listing more effective, and easy to test if it is 
accurate/valid.
Hope there are discussions on that topic..

Anyways, still thinking of attending, so would like to hear about others going..

Topics I would be open to chatting with anyone about:

* ISP Recommendations, PTR naming conventions and blocking Port 25 (still, 15 
years later same topic, IoT)
  (So many foreign ISP's haven't yet made a move in this direction, allowing 
for destructive levels of Bot activity)
* EnvelopeFrom Best Practices
* Next Evolution(s) of Email Security (Auth Recommendations)





















 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic In

Re: [mailop] Looks like GoDaddy is having email issues

[Michael Peddemors]

hehehe.. sounds like that standard sys admin error, allowing UDP through 
firewalls, and forgetting about TCP..




On 17-09-25 11:35 AM, Brandon James wrote:
Yes we are seeing the same thing. Their status.godaddy.com still shows 
an email outage ongoing.



Brandon


On 9/25/17 11:59 AM, Frank Bulk wrote:

GoDaddy Support tweeted that the issue was resolved, but instead of:
421 p3plibsmtp02-14.prod.phx3.secureserver.net bizsmtp Temporarily 
rejected. Reverse DNS for 96.31.0.x failed. IB108  <http://x.co/srbounce>

we're seeing:
Open (72.167.238.32) Error 180sec (399 TCP Read failed (Err Code 
Zero after 180 seconds) 180 sec)
Open (68.178.213.203) Error 0sec (399 TCP Read failed (Connection 
was closed. after 0 seconds) 0 sec)
Site naturesedge-ds.com (72.167.238.32) said in response to MAIL 
FROM (452 4.1.0 ... temporary failure)


 From our perspective they're getting flooded or there are still other 
issues going on.


Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Anne P. 
Mitchell Esq.

Sent: Monday, September 25, 2017 10:11 AM
To: mailop@mailop.org
Subject: Re: [mailop] Looks like GoDaddy is having email issues

This has been passed on to GoDaddy.

Anne

Anne P. Mitchell,
Attorney at Law
CEO/President,
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] anybody here from earthlink?

[Michael Peddemors]

Loosing email transferring between accounts/folders is still an email 
client responsibility, eg not flagging the message correctly until 
verifying if the move was successful.


For mission critical needs between accounts, the 'imapsync' program is a 
great way to go.


Otherwise, you will probably have to assume that the email provider, eg 
in this case Earthlink, might have a 'not responsible for lost or stolen 
email' policy.


Not all providers are going to go to snapshots or backups for individual 
accounts, that is what an email archiving service is for :)




On 17-09-25 11:54 AM, Miles Fidelman wrote:

Hi Folks,

By chance, is there anybody here from earthlink operations?  I'm trying 
to help someone who lost a whole slew of mail, while transferring it 
from one folder to another using IMAP.


The folks at customer support (who are unbelievably horrible) tell me 
that there are no backups of their servers.  Somehow, I have a hard time 
believing that they don't keep a few days worth of backups floating 
around.  My sense is that the front-line support folks have no direct 
connection to operations, and don't know anything about anything.


Anybody here who might be able to help.

Thanks,

Miles Fidelman






--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Earthlink Unblock Requests

[Michael Peddemors]

Maybe they got tired of unblocking you, maybe you have to address the 
situation that gets you blocked so often.. ;)


And suggestion? Unless you work for 'gmail.com', suggest that you post 
to this list with an email address that represents the party you represent.


On 17-10-17 03:19 PM, Casey Stopperan wrote:
Hello-  It appears we've stopped receiving responses for unblock 
requests sent to the blockedbyearthlink address over the last week or 
so.   Can someone at Earthlink please look into this for us?


Thank you,

Casey Stopperan


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Any one from RoadRunner that can ping me offlist?

[Michael Peddemors]

--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Office 365 - Emails marked as not passing fraud detection

[Michael Peddemors]

Thought I would point out as well..

This message was sent via Outlook to the list, and Outlook already 
marked your message as spam, which many other filtering systems will 
honour.  That header remained intact while being processed by the 
mailing list software at mailop.org.


x-forefront-antispam-report: SFV:SPM;...

And to the original problem, you might like to look at standard 'Best 
Practices for Email Operators'..


PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au

But in this case, it depends on how you expect that relay to function. 
If you configure the Postfix relay to use SMTP authentication through an 
email account at 'caznet.com.au', which is your provider correct? then 
you won't have any problems.  (Or use any SMTP provider where the client 
has an account)


However, if you want your relay to act as a true MTA, then you will have 
to conform to Best Practices.. eg change the PTR to be something like 
'server.customerdomain.com'. (The domain for the responsible party for 
the emails)


That default PTR you were assigned will probably be treated as an 
'unconfigured' source/device, and not an MTA by most spam methods to 
some extent or another..


But given that your corp ip was flagged, as well as the IP in question, 
it suggests that the reputation is either with your company, your 
network, or your domain, and not just that one IP Address.






On 17-11-23 07:59 PM, Shane Clay via mailop wrote:

I’d considered that.

This server has been around a long time (and the rdns hasn’t changed) 
and the problem has only just come up. If it is the rdns, it’s a new 
problem.


Do the HELO and RDNS have to match to pass spam detection? I would have 
thought that a valid, matching SPF record and the fact that the IP 
actually has a PTR etc would be sufficient.


Shane

*From:*Postmaster [mailto:i...@mailvue.com]
*Sent:* Friday, 24 November 2017 2:23 PM
*To:* Shane Clay <sh...@caznet.com.au>
*Subject:* Re: [mailop] Office 365 - Emails marked as not passing fraud 
detection


Could it be the rdns?

PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au 
<http://stcolumba.customer-wan.caznet.com.au>;




On Nov 23, 2017, at 8:31 PM, Shane Clay via mailop
<mailop@mailop.org <mailto:mailop@mailop.org>> wrote:

PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au
<http://stcolumba.customer-wan.caznet.com.au/>;



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Just because it is Friday.. Could and AT/SBC/Bellsouth contact me offlist?

[Michael Peddemors]

 
--

"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] IMAP to IMAP

[Michael Peddemors]

On 17-12-15 12:07 PM, John Levine wrote:

I have a client who's moving from one mail system to another, and has
quite a lot of mail on the old system's IMAP server that they want to
take with them.

While I can certainly write a python script that enumerates the
mailboxes and copies stuff, I was hoping someone else already had.

R's,
John



Google 'imapsync', it is the goto tool for that..


--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF recommendations

[Michael Peddemors]

liverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop








--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Password habits - was Re: Gmail forwarding blowback

[Michael Peddemors]

Just because you are talking about this.. (I guess I could 'google')
Why the use of POP3 and not IMAP?  I also assume of course that you ONLY 
allow POP3/SSL and IMAP/SSL, and aren't sending those clear text ;)


But again, this is mostly 'moot', unless a person only uses the Gmail 
webmail interface..


Let them access both accounts using IMAP, and simply drag/drop to the 
storage they want to keep them in ;)


But the issue mainly arises in people who use webmail as their primary 
email client. And with an app. 15-25% of consumers using webmail as 
their primary client, this needs addressing as well.


Which is why we are working towards webmail clients (well, really you 
have to just say 'web clients') that can handle multiple accounts 
through a single login.. Just as many desktops actually even use 
separate IMAP connections, even as granular as individual folders, it 
will eventually have to be unified.


All clients will simply have the ability to consolidate many IMAP 
streams, even if the streams come from multiple sources..


And of course, eventually it will merge many 'streams', regardless of 
the underlying protocols used.. (eg XMPP, IMAP, HTTPS) and what the data 
is returned.. Umm.. I believe we call that 'Unified Communications'..


And whom ever provides that unified tool, if it is cloud based (eg your 
ISP, or Gmail, or an App Provider) will end up having that 
authentication information stored, whether it is password based or not.


The 'security' conscious might use a unified tool (if you can still call 
it an email client) that is desktop/device based, but more likely the 
trend to the 'cloud' will continue.


The client that presents the best 'unified experience' will ultimately 
win.. And the person using it will only be remembering one password or 
using one token to access that tool, regardless of the underlying 'data 
streams' and their individual authentication methods.


It will boil down to usability, and cost of service, and trust that the 
'client' provider will treat your data with privacy, security, and respect.


Now, I better get back to work, earn some money, so we can continue to 
grow, and be bigger, better, and faster than everyone else..





On 17-11-10 01:52 PM, Brandon Long via mailop wrote:




On Fri, Nov 10, 2017 at 8:11 AM Rob Nagler <mailop-bp...@q33.us 
<mailto:mailop-bp...@q33.us>> wrote:



Does Gmail ask for the POP3 password every time, or do they
store it ?


They store it. Just like they do with SMTP passwords. 



On the one hand, I totally sympathize with that position, though the 
difference between having it on some device that can be lost/hacked vs a 
cloud service... I guess cloud services can be hacked in bulk, but 
chances are your users are already just re-using their email password, 
and so that ship has sailed.


I haven't kept up with oauth recently, have they solved the discovery 
problem?  If so, I can file a bug to have our pop fetcher switch to 
support oauth, but that would come with a bunch of work on your end to 
support that (I don't think anything supports that out of the box yet).


There's also Gmailify instead of pop fetch.  It uses IMAP and oauth, but 
it has a small whitelist of services it works with, partially due to 
oauth, partially due to IMAP being a more complicated protocol, and 
mostly just being overly cautious.


Brandon


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."
--------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?

[Michael Peddemors]

And ON that topic.. what to do about the elephant in the room..

Seems both Spammers and Email Marketers are all jumping on the Amazon 
bandwagon.. (Personally, I never thought the price point would make it 
worth it)


And just came across the reports of starting to see it on this network..

NetRange:   18.219.0.0 - 18.228.255.255
CIDR:   18.219.0.0/16, 18.220.0.0/14, 18.224.0.0/14, 18.228.0.0/16

And of course, Amazon does not appear to want to SWIP it any more 
accurately than that..


IS this something that ARIN should be commenting on?  I mean they are 
assigning the addresses, even if they say they aren't guaranteed to 
assign them for long in their cloud structures..


We have been tracking a steady increase in activity, both spam activity, 
and ransom ware hosted on the Amazon cloud.. and as anyone who has tried 
jumping through the hoops of reporting there, it isn't easy or quick.


Fresh brand new domains, placeholders for websites..

And of course, they don't even assign a company contiguous IP ranges..

Should we just start blocking these types of ranges, and then only 
exempt the legitimate ones?


A quick check across a couple of /22' across that block, and the ONLY 
ones with PTR records are all placeholder/spammer domains..




On 17-11-16 02:45 PM, Anne P. Mitchell Esq. wrote:


  


On 23/12/2015 02:28, mikea wrote:

On Tue, Dec 22, 2015 at 09:14:51AM -0700, Anne Mitchell wrote:

We are repeatedly being spammed by Ezoic, and we have reported them to their 
providers (enom, scalr, Amazon and Google multiple times).
Just *what* can be done about a non-moving target spammer who is sending 
through Google (already reported to them) and hosting on Amazon? (ditto.)
I don't mean at the local level, I mean about getting them shut down (or at 
least listed).

At this point, all I can think of is this:
If you don't complain, then they can't ignore you.
Google and Amazon are "too big to be shut down", "too important to be
blocked", and "too big to be influenced from outside". That's a bad
combination.



Rubbish! no-ones too big to be blocked, it's this type of attitude that allows the bigger 
players to sit back and say "ah so what" when you do complain.



As a follow up, either Google finally booted them, or they are sharing the 
wealth, as we just got this Ezoic spam and it went out through Amazon..here's 
the complaint we just sent in case any of you are interested:




Hey Anne- I've reached out to you a handful of times in the last couple of 
years and I thought, 'hey, what's one more time?'


Hey Piper - I'll tell you what "one more time is"..it's the time I report you 
and Ezoic (already known as big fat spammers) for spamming us!

Providers:

The below is 100% pure spam, sent to a role account that cannot (and
indeed did not) sign up for anything.

In other words, this spam was sent to a *scraped* email address.

You are receiving this report, with full headers and content below,
because your company in some manner hosts or otherwise facilitates
the organization that is sending the spam.

Amazon, you are hosting this spammer's spam-sending on your EC2 system.

Amazon, you are also hosting this spammer's website.

Scalr, you are providing their DNS.

If you are not hosting the server through which the spam email is
being sent, then you are receiving this because you are the registrar
of record for the domain of this spammer, you are hosting their DNS,
or in some other way providing material support to their spamming.

Please let us know if you need any further information, and please let
us know what actions have been taken regarding my complaint.  Inaction
or lack of reply will result in this matter being reported to
Spamhaus, Spamcop, and other anti-spam blacklists.

Thank you.

Kind regards,

Anne

Anne P. Mitchell, Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Member: California Bar Cyberspace Law Committee
CEO: ISIPP SuretyMail Email Accreditation
http://www.ISIPP.com/
http://www.ISIPP.eu/



-- Original Message --

From: Piper Lofrano 
Subject: Google Certified Tools
Date: November 15, 2017 at 5:29:25 PM MST
To: i...@theinternetpatrol.com
Message-Id: 
Reply-To: Piper Lofrano 
Delivered-To: anne.mitchell@gmail.com,
i...@theinternetpatrol.com
Received: by 10.25.228.77 with SMTP id b74csp1809564lfh; Wed, 15 Nov 2017 
16:29:32 -0800 (PST),
from partita.isipp.com (partita.isipp.com. [69.12.213.130]) by mx.google.com with 
ESMTPS id f19si19047909plr.675.2017.11.15.16.29.31 for 
 (version=TLS1_2 
cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Nov 2017 16:29:32 -0800 
(PST),
from concerto.isipp.com (69-12-212-226.static.sonic.net [69.12.212.226]) by 
partita.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id vAG0TUlc016183 for 

Re: [mailop] Hotmail and 4.5.1 4.7.500 Server Busy with some

[Michael Peddemors]

n/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop







--
EMRE ÜST
Deliverability Specialist

t.   +902123430739
f.   +902123430742

email: emre@euromsg.com
skype: user_name
web: euromsg.com
Yeşilce Mh. Yunus Emre Cd. Ada İş Mrk. No: 4 Zemin Kat 4. Levent / İstanbul


This e-mail message may contain confidential or legally privileged
information and is intended only for the use of the intended recipient(s).
Any unauthorized disclosure, dissemination, distribution, copying or the
taking of any action in reliance on the information herein is prohibited.
E-mails are not secure and cannot be guaranteed to be error free as they can
be intercepted, amended, or contain viruses. Anyone who communicates with us
by e-mail is deemed to have accepted these risks. Related Digital is not
responsible for errors or omissions in this message and denies any
responsibility for any damage arising from the use of e-mail. Any opinion
and other statement contained in this message and any attachment are solely
those of the author and do not necessarily represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop