Re: [mailop] help with running a listserv and DMARC
On 15-02-12 10:15 AM, Steve Atkins wrote: AOL and Yahoo have published policies that they do not allow anyone to use email addresses at their domains from anywhere but their mailservers. If you're sending mail with aol.com or yahoo.com email addresses in the From: field you'll see errors just like the ones you're seeing. The misuse of DMARC by those two ISPs means that you cannot run a functional discussion mailing list if you have any subscribers at any of those domains. Not just them, but many ISP's adopt that policy as well now.. If SMTP AUTH is not used, or the relay client is not set.. MAIL FROM: j...@localdomain.com 553 Please check your email settings for SMTP Authentication or contact your ISP for assistance (#5.7.1 And this is rightfully so, if AOL is responsible for the email, no-one else should be acting as the MTA for that domain. That is what 'reply-to' is for.. -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] help with running a listserv and DMARC
On 15-02-13 02:08 PM, Franck Martin wrote: DMARC is just the shiny top of the iceberg, that gets people motivated to do something. then you learn more, and then it is just a ploy to add more domain authentication to emails (SPF/DKIM/TLS), because there is a benefit to do so (get the DMARC reports) and it helps find infrastructure that could behave better with DKIM with people motivated to make a change. then, with this momentum, you shift from IP reputation to domain reputation, and check that the domains in envelope from, from header, reply-to, sender,… are legit, exists, accept emails and are not on some form of blocklists… and then also you start to accept less and less malformed emails, because Postel did not say to accept anything, but to be lenient when it is not clear what you should accept. And it just keeps adding burdens, and network traffic.. And then spam and phishing get confused, and 'best approach' starts tripping over each other..And no one can do it properly.. To be truthful? (sheepish grin) So far, all we use DMARC/DKIM for is as part of our spam detector filters.. to identify known patterns that are associated with certain spammers .. Eg, always signs with DKIM.. Likes using V1.. Never uses DMARC IP Reputation is still the most powerful tool, with the lowest footprint.. The onus should be passed on to the sender.. not the receiver.. Sending servers should make sure nothing goes out their MTA unless the domain is something they are responsible for.. Mailing Lists should send out using the domain of the sender who instigated the mailing, not the mailing list operator.. (I see even banks using 3rd parties to send email out, from a domain totally unrelated.. @3rdpartybulkmailer.com is bound to have problems, when both good guys and bad guys use the same service) And I get 'hey, is this really from this company I do business with?' all the time... And then SPF is probably the next lightest.. Any domain that is really worried about someone forging their domain should have an SPF record of course, and not those sloppy ones that say 'maybe' our mail doesn't come from somewhere else.. 99% of our spam protection happens directly in the edge SMTP layer, and all the other fancy 'anti-phishing' will get relegated to filtering... For us, we would rather see the companies that are pushing so hard for DMARC/DKIM do a little better job on what's leaving their mail servers :) Still a little hard to put the big guys on reputation lists.. ;) And of course, the hosting companies are soon going to have to start thinking about this, while renting to spammers might be a nice way to justify more IP space, or make them a little fast money, soon it won't matter how they sign emails. It is amazing how much damage a single /29 can do in just a few hours, across the whole internet.. renting by hour, and allowing them to consume as much bandwidth as needed, isn't going to get you any friends in the spam protection space.. Enough, now I am just ranting.. PS.. Yeah, your subscribers are probably marking it as spam ;) (Always surprises me the times someone tries to report an uncaught spam accidentally.. for emails they want... or did subscribe to) -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
[mailop] SpamCop contact.. Please contact me off list.. trying to help out one of our ISP customers
They apparently have had trouble with de-listing for a couple of weeks.. Could you contact me off list please? -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
[mailop] Anyone dealing with mail originating from protection.outlook.com
Noticed interesting errors when it is trying to initiate STARTTLS.. Can someone catch me off line to discuss why we see incomplete sessions originating from there? -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us athttp://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Infohttp://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
[mailop] Can someone from Barracuda reach out to me off line..
Seems Barracuda has started to do a lot of queries against some of our reputation (RBL) servers.. Thanks for the complement, but it is also doing it in a manner that is unusual.. -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Outlook.com DNS/HELO mismatch / Am I wrong?
On 15-07-01 09:12 AM, Alarig Le Lay wrote: Hi, According tohttps://tools.ietf.org/html/rfc5321#section-2.3.5 it’s said that the EHLO must be resolvable and resolve to the A or the of the MX but it’s not necessary to be the PTR of the MX. (It’s what I understand, I could be wrong) In principal, this sounds fine, but there are many reasons for company's to have EHLO using internal addressing schemes, which may not be publicly resolvable, and in practice limiting connections based on that criteria affects too many legitimate email servers to make it a 'policy' rejection IMHO. We do require that it is a properly formed 'FQDN', and not just a host name, (and not localhost.localdomain ;) but to actually require resolvable EHLO is still problematic, and should only be used as a 'scoring' factor, but not an absolute policy. Often admin's would like to identify 'nodes' in a cluster, if there is a problem, and often this is represented in the EHLO (eg intident-1-3.ourpublicdomain.com), rather than 'mail.ourpublicdomain.com' for all nodes. (rDNS of course is easier to have it match the A of the MX, but again in practice many use different naming conventions for egress vs ingress, eg mail.ourdomain.com vs mx.ourdomain.com) Differing EHLO/HELO makes debugging and support easier, and we can understand the motivation, even though not specifically correct per RFC, of sysadmin's to do so, since the EHLO is presented on all connections, while additional headers may not be available at the receiving end to clearly identify which 'internal node' generated the email. And often EHLO is tied into internal naming conventions (eg hostname of the server) (and desired by the sysadmin) by default in most MTA implementations, unless specific overridden. There are a couple of places where following the RFC's to the letter simply won't work in the real world (as receivers), but we should be trying where ever possible as 'senders'. But in the end, you have to understand when a receiver chooses to not accept NON-RFC compliant communications. And of course, spammers very often have access to be able to present their own 'EHLO', but may not have access to rDNS, so many spam protection systems will highly weight senders where the EHLO/HELO appears to be 'strange'. IMHO, if the domain portion of the rDNS matches the EHLO domain portion, and they are both FQDN's, the 'host' portion of the EHLO is less important. -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Apple, iPhone setup, attempts SSL on port 587
On 15-08-02 03:46 PM, John Levine wrote: require credentials if you're submitting email to local users, but will require it for relay... Maybe I'm misreading something, but doesn't that turn it into a MTA port instead of an MSA port? That would seem to totally defeat the purpose of using a MSA port at all, no? Not necessarily. It's fairly common to allow submission without AUTH when the mail's coming from a host on the local network. The main difference between MSA and MTA is whether it cleans up the message headers and does non-local forwards. AUTH is just a means to keep random strangers from using you to relay. R's, John Ouch! Someone needs a refresher :) You should only be allowing relay nowadays, if for some reason you have an older device or software on a trusted static IP that can't do AUTH.. And usually in that case, it will usually have to be on the older Port 25 submission. Port 587 should ALWAYS be using AUTH, full email address, with TLS enabled.. Then you have a MUA-MTA connection (submission) Otherwise you have a big hole that the IoT (Internet of Things) can exploit.. remember the fridge that sent out the 75k messages? Allowed to relay ;) And to throw in my two bits, all recent IOS devices seem to behave reasonably in that regard, unless there was a previous account setting that preferred SSL to TLS (usually then it still doesn't use port 587, unless that is the only option) or is someone played with advanced settings, or there is a auto discovery mechanism that is set up for that server, that isn't configured right. They may be a little pickier on the certs used in TLS being set up correctly, and they aren't always great at choosing the right Trash/Sent folders in IMAP, any sometimes try to use the wrong outgoing SMTP server, when multiple's are set up.. But it would be interesting to find others take on it. But it is a good talking op to remind all the email operators out there, turn OFF and get rid of open email relaying, will make life a lot better for everyone, because let's face it.. your network isn't 'trusted' any more. Oh, when you are done.. lock down port 25 from your dynamic space, not only to your own servers, but to the internet as well (egress filtering people, you know how much of everyone's bandwidth and resources that will cure?) Have a great long weekend. -- Catch the Magic of Linux... Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca LinuxMagic a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Hotmail/Microsoft Contact Available?
That might not be the smartest tactic.. :) * Do you want to be on their radar? They have deep pockets.. * Email operators and end users have protected rights, they can choose to accept/deny based on almost any principle (eg, We don't accept emails from people who's name starts with the letter 'M' on Mondays ) * You have a better chance going after them for their outgoing spam :) (Have to admit, has been improving a bit lately) Delayed delivery times can be caused by many things, other than just operator/recipient saying no.. And because it does go through later, this could be anything from transient network, DNS, infrastructure problems.. Or it could simply be a form of rate limiting. I would suggest you find out more information first, and of course this list is a good place to start that conversation. However, no reports of issues currently at any of the ISP's or Telco's we monitor at this time. On 15-09-03 09:41 AM, Marc Perkel wrote: I'm thinking about writing Microsoft's legal department a letter threatening a lawsuit with the hope that their lawyers will get the attention of their tech staff and do something about this. Very very frustrating. On 09/03/15 08:05, Jim Popovitch wrote: On Thu, Sep 3, 2015 at 10:49 AM, Marc Perkel <supp...@junkemailfilter.com> wrote: Hi Brian, I'm having problem with Microsoft too. It's just plain weird. Sometimes it takes 6 hours to deliver an email. And I can't quite understand what is happening. I'm in the front end spam filtering business. Email comes to me - I clean it - and then forward it on to the recipient's server. That includes many domains hosted at outlook.com. I'm having this problem with all domains hosted there and only there. Who else is seeing this? I'm seeing it for confirmed-opt-in list subscribers using hotmail/live/outlook addrs. And the beauty is I'm getting mailbombed by MS about 1918 addrs: From: st...@hotmail.com To: postmas...@domainmail.org Subject: complaint about message from 10.162.145.146 -Jim P. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
[mailop] Gmail and PDF attachments.. Changes in policy?
Just had a few reports that Gmail is blocking messages with PDF attachments.. 74.125.28.26 failed after I sent the message. Remote host said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0 https://support.google.com/mail/answer/6590 to review our message 552 5.7.0 content and attachment content guidelines. 100si10432244iog.166 - gsmtp However, PDF files aren't listed as one of the attachment types they block. Has there been a change lately? Content-Type: application/pdf; name="20150912 accepted offer.pdf" -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Protection Outlook..
On 15-09-14 12:16 PM, Michael Wise wrote: If you see this ... X-Forefront-Antispam-Report: SFV:SPM (Specifically, the "SFV:SPM") That means we thought it was spam, but due to the pipelined nature of our service, rather than drop it on the floor as some do, we were compelled to deliver it. The traffic came in via a TLS connection from Bharti Airtel Ltd. In India. The account has probably already been killed. Aloha, Michael. This of course doesn't address the original question of why allowing delivery of messages without the MAIL FROM: that aren't really bounces.. (Time to stop pipelining ;) Thanks for the tip.. But it isn't helping anyone if you keep sending obvious spam out of your networks.. You aren't REALLY compelled to deliver it.. Hard to believe that the infrastructure can't reject known spam.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mailman/listinfo/mailop
Re: [mailop] Reputable place to host my SMTP?
On 16-06-07 01:09 PM, Robert Guthrie wrote: Can someone recommend a VPS host that would have IP addresses that have a good reputation with Google systems? Many good ones, and many bad ones... Main thing is to work with a provider that has a tight sign-up policy, some of the ones that allow anyone to auto sign-up for a couple bucks a month are bound to get burned by fly by nighters, and have a poor reputation. Ask if they provide 'rwhois' (or SWIP if you get enough IP(s)), so that your IP address is clearly labelled as being operated by yourself, that is helpful, so if someone in the neighbouring IP(s) is spamming, you don't get their reputation. Personal opinion? The VPS providers charging the higher rates have better reputations :) They can afford to invest in keeping their reputation cleaner. And use one that is demographically suited, choosing a VPS provider in another part of the world, is not always the best choice. And use something like MXToolbox or HetrixTools to check the company out before you sign-up. Spot checking IP(s) across their ranges might give you an idea of how likely you will be treated as suspect.. And lastly, monitor outbound activity yourself.. don't wait for complaints, the world has largely given up trying to 'report' email to abuse channels, while feedback loops are a valuable tool, it is harder to clear your reputation than to keep it clean in the first place. Be honest with yourself, if you can't monitor the outbound activity yourself, then maybe you have to pay the extra money to go with a provider that will, but make sure it is one that gives you dedicated IP(s), clear PTR records and sending practices, and not part of a 'shared' service. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Messages over IPv6 rejected by Google for failed authentication checks
On 16-06-09 11:26 AM, Franck Martin via mailop wrote: As people pointed out, an SPF record is easy to set and fast to solve the issue, DKIM can come later... Hehehe... 'easy' is a relative word, amazing how many poor SPF records are out there, and sometimes it is hard enough to get email operators to even have proper PTR records.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Excluding Message-ID from DKIM Signature
On 16-05-27 09:19 AM, Rich Kulawiec wrote: It's also a bad idea operationally, as it will break things like loop detection, it will complicate problem diagnosis, and it will break anti-spam/anti-abuse mechanisms that rely on Message-ID. ---rsk +1 -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] signup form abuse
Have been watching this thread for a bit, and do have an opinion. First of all, I see a lot of talk about 'COI' (Confirmed Opt-In), rather than the term 'CDOI' (Confirmed Double Opt-in) and the reason I point it out, is that there is a lot of loose definitions of both 'opt-in' and 'confirmed'. While it might be more 'attractive' to offer a simple 'click to confirm', why are you not using the more standard 'Please Reply To' this message if you want to receive these messages? This would solve the problem being discussed, and ensure that the recipient truly wants your message. On 16-05-26 08:06 AM, Alberto Miscia via mailop wrote: This opens up for an interesting discussion. We experienced the very same issue in the past for few customers and enabling a captcha was the only viable option. The "bots" (don't really know actually) managed to complete a COI process with several free accounts. Ip ranges were different some on CBL some not but blocking a listed IP in a COI process can be dangerous. For the very same reason I'd rule out e-hawk and alike. The vast majority of the addresses were listed on cleantalk.org The hidden link in the confirmation email (an HTML comment would work better than a "white-on-white tiny font" from a deliverabilityperspective) in may opinion is the way to go. Even if it can be very tricky to implement, we are seriously considering it to prevent bot clicks across the board. HTH Alberto Miscia | MailUp | Head of Deliverability & Compliance 2016-05-26 15:05 GMT+02:00 Vick Khera <vi...@khera.org>: On Wed, May 25, 2016 at 6:04 PM, Al Iverson <aiver...@spamresource.com> wrote: I've heard John Levine propose the "hidden link to catch scanning robots" solution but I've never heard of an email system implementing I'm running through my head how that would work, and makes for some very complicated state transition diagrams to go from "signup requested" to "confirmed". What if they scan in parallel and the timing works out they poked them in the opposite order, etc. I see a few new states and many transitions, and some timeout based events. Not pretty. it. Similarly, senders have often suggested that spamtrap systems shouldn't follow links. (Security systems, sure, but don't do that with spamtrap addresses.) And today I heard it suggested that it would be wiser to have COI have a second click (probably an HTTP POST-based What if the confirmation email button itself was a POST form rather than just a GET to a page? Are scanning systems following POSTs too? button) on the landing web page, to prevent security systems from erroneously completing COI confirm steps. All good stuff, but it I don't think you're going to get much buy-in for requiring so many clicks to get activated. I know we already lose customer just for requiring COI. Making the COI be more work for the subscriber will just make people go elsewhere faster. doesn't sound as though any of it has been widely broadcasted as a best practice or requirement. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." ---- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] signup form abuse
On 16-05-27 10:08 AM, Michael Wise wrote: The problem with the, "Please Reply" method is that it can lead to mailbombing the target. We've seen it happen. Of course, someone could use a forged address when sending the 'confirmation' email, but how they would get mail bombed I am unsure of. No-one will reply that they want the email, for a list they didn't subscribe to. And the sending system would normally limit the amount of subscription requests to an individual address. But I agree with you completely on the, "loose definition" issue, and have a rather nasty story about that. Always get the person who asserts their doing it to tell you exactly what that term means to them. " I checked with my manager, and we looked it up, that address DOES Exist! And we hear a lot of them too :) Putting your business card in a bowl to win a prize is definitely not giving permission to get on a mailing list ;) But true confirmed double opt-in lists very seldom get complaints, and provides a higher ROI.. http://www.isipp.com/documents/The-Case-for-COI.pdf My personal pet peeve (and yes I mean you ticket master) is when you expressly do everything you can (uncheck the box) to declare you don't want any marketing, but still get it.. Some ESP's do make a good effort to encourage it, but many still allow new customers to bring over their old 'confirmed' lists as an import, instead of forcing a new confirmation, which of course is ripe for abuse. The concern is that they will have a large drop in subscribers, as people don't re-confirm.. but probably they miss the point, those aren't the people you want on your list, as they aren't engaged enough to re-confirm. Most of the world's largest mailing lists, which operate as confirmed double opt-in, never get on the complaint radar.. I personally think that ESP's should make an effort to carefully separate their confirmed double opt-in mailings, from single opt-in mailers.. But, still there is a lot of commercial motivators to maximize delivery rates, (including mixing good and bad mailers together, obfuscating the sender information etc).. But in the end, whether it is adblocking, reputation lists, or even legislative powers, at some point those techniques may backfire.. IMHO -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] MailChimp Contact on list? Might be interested in this.
Looks like someone is using a similar name to spam? Return-Path: <i...@mailchimps.eu> Received: from mailchimps.eu (HELO mailchimps.eu) (62.76.179.14) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key1; d=mailchimps.eu; h=Message-ID:Reply-To:From:To:Subject:Date:MIME-Version:Content-Type; i=i...@mailchimps.eu; bh=UBevDirqSzEW/kh+DxJ+jxZRA5Y=; b=Nl5UQ0emRvXHHHqa+JhtcLB4KTXoqk2pxgqjvpGrXRrmJTNfnqjF1pPFvEUXq17ppiKupZ0o5p6Z WwtwSpBAwZNgZBzWmerzCM7VokfABeYAwYEPWwfCL0DGQpClxmej3AuCACT4DvJKsy2NyV96s0nu ol0AvEDX0LzxJDT0siI= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key1; d=mailchimps.eu; b=X1rFby4bHuZ5QvjcmtymjK2Hue6gfPpmK117tG9lDEWJy0ttXJ0sDgCeXzu42mn947RNoYBbgRGb cNBd+vcUUMzb9HjVTTHWFmdc+E3bkR/iTXk/FKMPqyI8D9/PwpToop4TsYppxnn/xF5zITmbS7+p Btq+uLxG/LFQKd3QwB0=; Message-ID: <42b8f473b6624f0cd0d59c2266f1b...@mailchimps.eu> Reply-To: "i...@mailchimps.eu" <i...@mailchimps.eu> From: "i...@mailchimps.eu" <i...@mailchimps.eu> Subject: Discounts on Adobe up to 80%! Buy NOW! inetnum:62.76.176.0 - 62.76.191.255 netname:Clodo-Cloud descr: IT House, Ltd org:ORG-IHL2-RIPE country:RU -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Failure reporting false positives to ClamAV
That rule has triggered more and more false positives of late BTW.. If you would like to disable this check in the future, you can do so by editing /etc/clamav/clamd.conf and setting the following value to false: PhishingScanURLs Once done, you will need to restart clamav: /etc/init.d/clamav-daemon restart On 16-02-09 11:58 PM, Ted Cooper wrote: I recently attempted to report a false positive via their web interface. I think it's safe to say, they didn't get my report so I thought I'd include it here and hope they might be reading, along what appears to have gone wrong. Regrettably, there doesn't seem to be a channel to report a false positive false positive. http://www.clamav.net/reports/fp The domain reported were Paypal related, and used in ESP newsletters sent to Australian users. They are picked up as "Heuristics.Phishing.Email.SpoofedDomain" any time they go through - I can't whitelist as the system rejecting is not local. e [dot] paypal [dot] com paypal-exchanges [dot] com Details on their website of these domains is here: https://www.paypal.com/au/webapps/mpp/email-whitelist The report was submitted last night, but the failure became apparent this morning when I received a series of bounce messages from Cisco relays indicating that my message couldn't be delivered. I'll exclude further details as it appears to have been a rather large boo boo they wouldn't want repeated. Suffice to say, I will not be able to report these domains via the interface until the system is fixed internally. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] DKIM signing domain selection (RFC 5863 section 2.3) question
It is a lot simpler to simply use a different originating IP Address, based on whether it is marketing vs transactional, I don't believe anyone should mix those two... On 16-02-10 09:45 AM, Doug Brenner wrote: RFC 5863 section 2.3, "Choosing the Signing Domain Name", discusses using multiple domains to separate different email streams, e.g., marketing vs. transactional. I'm curious about experiences of doing this when the RFC5822.From and/or RFC5821.From domain(s) are the parent. For example, say I send email with header, From: m...@example.com and DKIM sign with d=bulk.example.com. I know the DKIM RFC says the "signing identity specified by the DKIM signature is not required to match an address in any particular header field", however, it's really up the recipients in the end. Is anyone doing this to separate email streams and create different DKIM domain reputations? What "real-world" impact does it have when the header domain and DKIM domain don't match? (In particular, when the header domain is the parent as above.) Is it worth the effort to setup this type of environment instead of just putting everything under the example.com domain? I'm sure some sites are dealing with this by changing the From address to use a matching DKIM domain, but when you're dealing with a university where everyone wants to use the parent, sub-domains are likely to happen. If you can point me to resources or a better discussion list, that's fine too. Thanks. -- Doug Brenner, UNIX System Administrator Information Technology Services, The University of Iowa +1 319 467 1625 / doug-bren...@uiowa.edu / doug.bren...@gmail.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [ietf-smtp] Mail forwarding to Gmail problem/question
On 16-02-03 02:45 PM, John Levine wrote: Right now, there is no great solution. One I recommended before was to block relayed spam, and then have the user's set up pop fetching. So, the cleanest mail should arrive quickly, and everything else will be fetched more slowly. That's what my users do. After telling me what a horrible idea it was, they now like it just fine. I believe one of your competitors has a hack in which mail with a header like the one Spamassassin adds is generally delivered to the spam folder and doesn't count (much) against one's reputation. That is certainly subject to gaming, but in my experience getting my filters and Google's to agree what's spammy, if only to defer to POP fetch, is pretty hard. R's, John And again, why should we push spam any farther. You should explain to your customers that you don't allow spam to be forwarded any farther, and either 'reject it' (not bounce it) before accepting, or create a mechanism to 'hold' things you think are spam on your server. Don't expect Gmail (or anyone else) to accept spammy messages, simply because the sender says they want the spam to go to them. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Email issue with Synacor?
On 16-03-16 10:23 AM, Frank Bulk wrote: We have a few emails stacking up to CableOne (who appears to use Synacor) customers with "421 4.3.4 allocated resources exceeded". Anyone else seeing the same? Frank ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Frank's email showed up in the spam folder, and was curious why? This message had headers that showed either his email server, (but maybe the nosignal.org server) added lots of spam headers.. X-SPAM-FLAG: Yes X-SpamDetect: : 8.0 sd=8.0 0.87((!X-Verify-Helo:+OK), (X-myrbl:unknown)) [nnot=0, ng=0, nsum=0, nb=0, nw=0, 4.82] X-Aspam: Words 0.0 -coupon -spent -citizen -subsequently -returned -livery -browser -e-mails -purchased Might be what the other systems are seeing as well? -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Yahoo Mail Servers having new issues?
On 16-03-28 02:47 PM, Chris Vervais wrote: On Mar 28, 2016, at 14:32, Michael Peddemors <mich...@linuxmagic.com> wrote: Noticed that we are seeing cases of Yahoo servers dropping connections with no error messages.. From several locations, not just one.. Anyone know or notice any issues on their end? I’m not seeing anything amiss with what I’m responsible for having issues sending into Yahoo. Our delivery percentage over the last 4 hours is where it normally is. When did you start seeing this? Chris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop One of our ISP's started reporting this this morning.. just a connection dropped after it sent the response the the EHLO.. Tried it from a few other IP(s) manually to the same IP(s), and got the same result. eg.. telnet 98.138.112.33 25 Trying 98.138.112.33... Connected to 98.138.112.33. Escape character is '^]'. 220 mta1104.mail.ne1.yahoo.com ESMTP ready EHLO test.wizard.ca 250-mta1104.mail.ne1.yahoo.com 250-PIPELINING 250-SIZE 41943040 250-8BITMIME 250 STARTTLS Connection closed by foreign host. Closed connection within about 5 seconds.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] looking for a good reference on best practices
I can take this off list if you want, and maybe even have a chat with you on the phone, as this is a topic I regularly speak on. (Be warned, I might pitch you a little on our MagicMail platform, if it is right for your needs, judging by all your pieces, a product that does it all might be a better choice) But I can be honest about all the players in the space, your needs, and what you should consider for your environment. Just that the list might not be the place for a long winded discussion. -- Michael -- On 16-03-28 05:35 PM, Miles Fidelman wrote: Hi Folks, I'm getting ready to rebuild a rather old mail system. We support a mix of activities - both commercial and otherwise - probably the best characterization of our IT operations is that of an academic department (local users, remote users, basic email, a list server with a few dozen lists, web server, ...). The current configuration is fairly vanilla - but pieced together over time, lots of local knowledge applied, etc.: - linux (Debian, but might move to a BSD) - postfix - amavisd-new, clamAV, spamassassin - sympa list manager - procmail for local delivery - uw imap daemons It's all getting a little long in the tooth - particularly our antispam setup - so I've been planning on rebuilding from scratch, and maybe in the process replacing/augmenting some of the components: - GUI based admin tools (particularly for filtering rules) - SIEVE - a webmail server - maybe dbmail - maybe replacing the imap/pop daemons All my reference books, notes, web links to tutorials, etc. are 5-10 years old. I'm wondering if anybody can point me to a good CURRENT reference that summarizes/compares the latest and greatest software, provides some best practices, etc. Thanks very much, Miles Fidelman -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Yahoo DMARC changes - Proxying SMTP auth for freemail users
On 16-03-24 10:16 AM, Michael Wise wrote: A question ... Outside of the spam case, how typical is it for someone to send from one Freemail provider with a Reply-To: pointing to *ANOTHER* Freemail provider? Just wondering. Aloha, Michael. A lot in the spam box :) It is actually one of our filtering rules to watch for this, (fairly low score by itself).. And even worse, even in the Return-Path. This is why I chuckle a little at Yahoo's new policy.. (redacted headers from a real spam) Return-Path: <bensonsere...@gmail.com> Received: from ns502-vm11.bullet.mail.kks.yahoo.co.jp (HELO ns502-vm11.bullet.mail.kks.yahoo.co.jp) (183.79.57.66) From: Serena Benson <bensonsere...@gmail.com> Reply-To: Serena Benson <bserena2...@yahoo.ca> It would be helpful if Yahoo simply prevented anyone from sending out their email servers with a @gmail.com return path. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Google DNS Servers not returning results for Hotmail today?
Had several reports of DNS oddities from the Google DNS servers, from customers/clients who use them as the default. Are they in the middle of a move/change? -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Google DNS Servers not returning results for Hotmail today?
michael@mistress:~$ host 65.55.90.110 110.90.55.65.in-addr.arpa domain name pointer snt004-omc2s35.hotmail.com. michael@mistress:~$ host 65.55.90.110 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: Host 110.90.55.65.in-addr.arpa not found: 2(SERVFAIL) On 16-03-07 02:14 PM, Michael Wise wrote: Hotmail doesn't publish any DNSSEC records. Neither does Microsoft.com, etc As for the rDNS, this is from my home server: $ host 65.55.169.87 87.169.55.65.in-addr.arpa domain name pointer mail-bl2on0087.outbound.protection.outlook.com. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Tony Bunce Sent: Monday, March 7, 2016 1:56 PM To: Michael Peddemors <mich...@linuxmagic.com>; mailop <mailop@mailop.org> Subject: Re: [mailop] Google DNS Servers not returning results for Hotmail today? We are seeing similar issues on Office 365 mail. We are getting SERVFAIL on reverse DNS lookups, both using our resolvers as well as testing against Google. It looks DNSSEC related: https://na01.safelinks.protection.outlook.com/?url=87.169.55.65.in-addr.arpa=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=orZOsyfUwl8QutwjS33FHJ1lGr%2fkG2mP9D7cPpXW2F8%3d PTR: bad cache hit (https://na01.safelinks.protection.outlook.com/?url=55.65.in-addr.arpa%2fDS=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=zLpvVVaYnzIbpAu%2fJHl6qPl0e%2fGhRiOBqfY9J1waEoY%3d) With checks disabled the query works: dig -x 65.55.169.63 +cd This looks like something is not right: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdnsviz.net%2fd%2f55.65.in-addr.arpa%2fdnssec%2f=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=d3aCKTnyI0a1w6CjpyIfs2S1o49kxgBa1cULgt5ViAM%3d -Tony -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors Sent: Monday, March 7, 2016 4:29 PM To: mailop <mailop@mailop.org <mailto:mailop@mailop.org>> Subject: [mailop] Google DNS Servers not returning results for Hotmail today? Had several reports of DNS oddities from the Google DNS servers, from customers/clients who use them as the default. Are they in the middle of a move/change? ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop%0a=01%7c01%7cmichael.wise%40microsoft.com%7c44129af38f454438da6b08d346d43c41%7c72f988bf86f141af91ab2d7cd011db47%7c1=TOT%2fu4LSpF0EsgiWOCr5HQAWkkjjWVjhnaTglzYtMTA%3d ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Latest TLD issues..
On 16-04-25 01:06 PM, Michelle Sullivan wrote: Probably not so much a MailOp thing.. but for general info... Seems the latest TLD to be abused to hell and back is now .science ... ...and no surprises why... http://register.science has: "Be a .SCIENCE pioneer and be one of the first to register your .SCIENCE web address for only $0.89" .. :/ Been seeing that one for months now.. Some hosting providers are worse than others for allowing these types of 'customers', and/or not monitoring or not caring.. Today's outbreak was from .. eg.. coks8uue.newfashiongallery.science NetRange: 209.236.112.0 - 209.236.127.255 CIDR: 209.236.112.0/20 NetName:DFW-DATACENTER Correct? Same operator modus operandi.. #104.168.107.4 3 tqqzhod.conceaih.science #104.168.107.5 21 71peg.conten.science #104.168.107.7 20 bhq6igf.aguer.science #104.168.107.9 1 djq70fes.unsui.science #104.168.107.11 1 91r87i.fansire.science #162.252.38.10: wv6zgz.coulenage.science #162.252.38.11: yiq7r3tm.comprovid.science #162.252.38.12: cpayj6.saikale.science #162.252.38.13: ebt5r0.retlance.science #162.252.38.14: 66oa560w4.purchai.science #162.252.38.15: najq57yg.unfortan.science #162.252.38.16: 9ffdstomy.culances.science #162.252.38.17: wrl2fv7.reproted.science #185.74.67.2 : mdb2p35av.equic.science #185.74.67.3 : kpwv0r4.eyeho.science #185.107.25.5 5 8m7t29h.nobadise.science #185.107.25.7 1 e41eoh.graciful.science #198.52.177.130 : iyvwz9s2.daymoneymap.science #198.52.177.131 : texhhc.repairswarrantyplan.science #198.52.177.132 : 3fbj931.annuityretirement.science #198.52.177.133 : 07hcmb35.paintexterior.science #198.52.177.134 : y107ta.accessinfoeconomy.science #198.52.177.135 : mpb58n.seedgrass.science #208.51.115.4 : ee3uv.congoing.science #208.51.115.50: sl1qpe.keatoning.science #208.51.115.51: xnkv3b2.smallnach.science #208.51.115.53: dhmcaxmj.manization.science #208.51.115.54: 8khxyzum.exercial.science #216.2.66.12 : 3601nzaav.7hp.science #216.2.66.13 : pbarc.9es.science #216.2.66.14 : bxkoei1.9t6.science #216.169.105.198 : xzbqldb.arroup.science #216.169.105.200 : sx6kn.breact.science #216.169.105.202 : o3eod5a.elepsu.science #216.169.105.203 : glwq82yo.femace.science But again, it isn't the registrar that should be blamed, unless of course the domains are being registered with stolen or forged information and credit cards.. It is the companies that let them set up shop that should be complicit.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Bounces from outbound.protection.outlook.com
This has been going on for some time now, there was discussion on this list regarding the topic, we ended up putting a policy in our platforms just to deal with this issue. "Reject messages from senders forging bounce messages". On 16-04-29 06:25 AM, Benoit Panizzon wrote: Hi Renaud I am seeing in my logs some bounces messages (empty sender) from various outbound.protection.outlook.com servers. All those bounce messages are directed towards one specific email address which is probably used as an envelope field in a spam run. Now my question is: if it comes from outbound servers for outlook.com, shouldn't the mails also pass through some kind of inbound servers at outlook.com? If that's the case, how comes that those messages which surely have a wrong DMARC, SPF and DKIM pass through the incoming gateways? We have exactly the same problem. We sometimes observe that some of our customers get DOSed by large volumes of outbound.protection.outlook.com bounces. The 'Attacker' apparently is a botnet (aka many different ip addresses) that fakes the sender@our-domain and sends very small emails to various non existing recipients hosted on outbound.protection.outlook.com servers. Our domains are protected by SPF. In the first place, the outlook.com services should not accept emails to non existent recipients and then send 'late' bounces to the fake sender, resulting in some kind of amplificator attack. Secondly if the sender domains is protected by SPF with -all that email should be rejected my Microsoft right away during SMTP handshake. None of both is done. I documented the case and how to reproduce. I did try to open a trouble ticket with the Microsoft Security. It was impossible, because we, as an ISP do not use any outlook.com services. I did try to explain the microsoft security agent for long time, that his handling of the issue was completely wrong and that it was not a question what M$ product we use, but he did not want to connect me to his supervisor as we are no M$ customer and therefore there is no way to open an abuse/security trouble ticket. WTF! I contacted ab...@mircosoft.com several times about the issue, without reply. I even went so far to notify the Heise Journal security team with the hint that kind of an mail traffic amplificator attack was possible via outlook.com, to try to increase the pressure on Microsoft to look into the issue, but they unfortunately considered this not serious enough. We cannot block the IP Addresses of the outbound.protection.outlook.com as this would also affect a lot of legitimate email. So I have no solution here and don't know how I can make Microsoft take my reports seriously. Kind regards -Benoît Panizzon- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Microsoft POP3 Troubles
Generally an increase in POP is only related to two things: * Email Client has short time out's and long query times. Seems some* email clients will attempt to download messages, but if the re-query time comes around, it will terminate the first connection and then restart from the beginning. * Unique identifier related to the message keeps changing. The email client trusts that the server ID for the message is correct, so if it changes, the email client will consider this as new. This occurs usually when migrating data stores. On 16-05-05 06:40 AM, Joseph B wrote: I was reviewing my flow records and I can see in the last 24h we have started doing a much larger amount of POP3 traffic to Microsoft than usual. As an example, some of the IP's that are making the POP3 connections are: Yes, we started seeing these logins from around April 18th. Some users have gone from 5MB a day of POP traffic to 25GB per day :-\ May 5 17:31:52 server dovecot: pop3-login: Login: user=<u...@domain.com>, method=PLAIN, rip=40.100.16.125, lip=45.xx.xx.xx, mpid=294947, session=<7VRKwRMytG4oZBB9> May 5 17:31:52 server dovecot: pop3(u...@domain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/512, size=223773360, bytes=24/12306 May 5 17:32:17 server dovecot: pop3-login: Login: user=<u...@domain.com>, method=PLAIN, rip=40.100.16.125, lip=45.xx.xx.xx, mpid=295053, session= May 5 17:40:34 server dovecot: pop3(u...@domain.com): Disconnected: Logged out top=2/3772, retr=1024/447566492, del=0/512, size=223773360, bytes=10074/447591247 Cheers, Joseph ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On 16-04-19 07:01 AM, Michelle Sullivan wrote: Any other problems like HELO/EHLO not being FQDN, not matching the host, not existing etc... I'll usually 4xx or ignore (e.g. ignore for not matching, 421 for not existing... etc.) Regards, Hey, stop telling them all our tricks :) Yes, we also reject outright any HELO that is just a dotted quad in most of our technologies.. And usually mark as Spam anything that doesn't present a FQDN in the HELO, or generic localhost.localdomain. We found that you cannot make a policy that the HELO matches PTR, still too many HELO's represent internal naming conventions for the server, and do not match the outgoing IP, but it is used as an indicator for many of our filtering patterns in conjunction with other indicators. HELO is easy to forge, the PTR is not, so it is helpful but not absolute. All we ask is that the email administrator at least took the time to set up a FQDN for the server host name (which is usually what is used for the HELO in most email server implementations by default) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On 16-04-19 11:53 AM, Michael Wise wrote: ... unless it's coming from your localnet. Local clients in the IP space "You Own" should get a bit more slack. IMHO. Aloha, Michael. Yeah, only for MTA->MTA traffic, not MTU->MTA, if that is what you mean.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Null MX & Preference
Wouldn't it be nice if registrars (the one that provide default DNS when you purchase) could be encouraged to add that TXT or SPF record as default on all new domain purchases? This would also encourage adoption of it as a whole, would like to assume that real email admin's would update the record, vs delete the record. Any one suggest a medium to encourage that amongst registrars? On 16-07-15 01:31 PM, John Levine wrote: In article <CAGGEJxZSANdB+SvuSY2WCVH4=6gkfykjkusl49n+i4l8oro...@mail.gmail.com> you write: Doesn't receive emails, sure. Doesn't send emails, I look for the "SPF lockdown." Lots of places publish this as an SPF record: "v=spf1 -all" Yes, that's what the RFC suggests. In answer to the original question, I know that Gmam special cases MX 0 . to fail the message immediately. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Office365 still having issues?
here. Two example sending servers: NAM02-SN1-obe.outbound.protection.outlook.com <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fNAM02-SN1-obe.outbound.protection.outlook.com=01%7c01%7cMichael.Wise%40microsoft.com%7cbffa205e0c56464522ec08d3a51e482b%7c72f988bf86f141af91ab2d7cd011db47%7c1=z3TexfHucJ00OkioMS8ncLQULJ%2fA4I0H%2fL%2b7GoHDWdM%3d> NAM03-DM3-obe.outbound.protection.outlook.com <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fNAM03-DM3-obe.outbound.protection.outlook.com=01%7c01%7cMichael.Wise%40microsoft.com%7cbffa205e0c56464522ec08d3a51e482b%7c72f988bf86f141af91ab2d7cd011db47%7c1=NFftlSd2HtO9rIrWxhYZftQ2EglGVaB%2fc4EBG48mz7w%3d> Anywhere from 30 minutes to 3 hours, but they are getting here. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop=01%7c01%7cMichael.Wise%40microsoft.com%7cbffa205e0c56464522ec08d3a51e482b%7c72f988bf86f141af91ab2d7cd011db47%7c1=4fskRUYoo0TyCVi7hyHSQV9ZW28czEuqlCSF6VkjRXs%3d> -- Stay Classy, Ryan Postmaster & Director of Deliverability Groupon Cell: 815-955-0462 __ __ -- Stay Classy, Ryan Postmaster & Director of Deliverability Groupon Cell: 815-955-0462 __ __ -- Stay Classy, Ryan Postmaster & Director of Deliverability Groupon Cell: 815-955-0462 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Gmail SRS Problem: low reputation of sending domain
There is the class of spammers who seem fine with getting as much mail as possible in the spam label, with the assumption that enough folks will check their spam label and click on the links anyways. We'd probably need to have more complicated rules of when to listen to the X-Spam header, of course. Is there some other issues with a "deliver to spam"? My prefered solution is to bring an "inbound gateway" setting to consumer Gmail, but that's a lot more complicated. It's also possible that with ARC, you wouldn't need the SRS and we could better learn forwarding on a per-user basis, and so we'd just know it's a gateway. >So how do I solve that customer need in the best possible way? >Forwarding without some kind of SRS just does not work with all the SPF >protected domains out there (our own domains are also SPF protected >which cut of a lot of spam and phishing emails to our customers). Maybe things are different in the US, but around here, I don't know anyone who rejects on SPF failure other than a plain -all for we send no mail at all. If you want to do phish detection, sign your mail and use DMARC and hope your users don't subscribe to many discussion lists. Agreed. I have seen a couple non-US banks with a DMARC p=REJECT policy and no DKIM signatures, relying only on SPF. SRS won't solve that problem, though since it won't align. In general, Gmail won't reject based on an SPF failure (except -all), though it can cause spam rejections on the margins. And for Gmail, it's probably better to keep the envelope sender the same and not use SRS. Brandon ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mails to microsoft
MESSAGE- Hash: SHA512 Am Mo den 6. Feb 2017 um 17:50 schrieb John Levine: In article <20170206143318.wy6afi7dx332c...@ikki.ethgen.ch> you write: They can try. But in the end it will hit back to them. I recommend just everyone _not_ to have emails on microsoft. If they don't care about their customers, that is their problem. Approximately 400 million Hotmail/Outlook users disagree with you. Hmm... 300 million spamers and 100 million users? Or is it even worse? I only know one real person who has an account over there. All others coming from that network are spam, spam and spam. Microsoft is one of the biggest spam sending networks out there. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen <kl...@ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliaxAIACgkQpnwKsYAZ 9qwjqgv/WZCXVJXIYu7bOsgZZPDZ96hoYamyjPH9q6TceYMGg/fb8xe32Nt2hsvI F9ubsLcnEQf7XwFuyIWC54Q8/D+uPkNCoZtC/0TGNwPZsEUKjbVgx/fsjJTi8LOV cEqRpzEiX+HwISdFp5go/yzL3eWygA3Y8cMZKlGRJy6OuSNxqYH74jdUtc4jowa5 NGeQ5h7cmmDH7rXTVPAKorDexwuiuGlBGaA323yiw/Ak1Lr75/XpPXaawDl7LnTA YeyUfaOpiAEFMOVsnW1xtIllbM9H2I8Mo3pQIJ0phUz2TfgKiXkMyvdlWNC+pwhV 6q+Cj3VpQ1TFnw1YuBGN8kzTkIBP1b/UYngBT5F72564xnLM1CfwD4kXzYRwv3AF /12VWfu2WbhYKq1+Z5bEX/Ud7VQN0rSukccRsBOz668SwwDIsgf0c79dmvp5fsAv 4VSQ6/4KltL+jbdMgC87Zq3PCVZieCHZyaE4+Wm7leW5mEhpjTpRO4deLWvpAWP3 P8g1ZfUF =Jm8l -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mails to microsoft
On 17-02-08 08:30 AM, Michael Peddemors wrote: Ouch, as much as the Hotmail/Outlook spam might bother because of course it is harder to sort the good/bad, that is easier to do at source than at destination.. Oh, speaking of Hotmail.. Still appears that emails coming from cross-tenant still break RFC's.. Duplicate Return Paths.. Return-Path: <devendramishra2...@outlook.com> Received: from snt004-omc3s33.hotmail.com (HELO SNT004-OMC3S33.hotmail.com) (65.55.90.172) spamdiagnosticmetadata: NSPM Content-Type: multipart/alternative; boundary="_000_BM1PR01MB0737270F24F2EEA103EE2EF0DE400BM1PR01MB0737INDP_" MIME-Version: 1.0 X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2017 20:31:45.6644 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Internet X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435- X-MS-Exchange-Transport-CrossTenantHeadersStamped: BO1IND01HT012 Bcc: Return-Path: devendramishra2...@outlook.com ^^^ (That should be stripped at the original receiving server, if it isn't the final destination) X-OriginalArrivalTime: 06 Feb 2017 20:32:24.0421 (UTC) FILETIME=[1FDEF950:01D280B8] -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Deliverability services for non-newsletter services
On 17-01-26 02:37 AM, Andy Davidson wrote: Hi, all Are there any ‘bulk’ delivery operators who specialise in non-newsletter delivery (i.e. eschew those kinds of customer opportunities)? Specifically to do this in order to focus on, and by implication improve deliverability for, transactional email notifications ? (Like ‘order confirmed’, ‘shipping information’, ‘contract received’, etc.) Thanks in advance for any tips, Andy ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop There are good ones and bad ones.. Best suggestion? Try to find one that allows you to have customer PTR records, and 'rwhois' and dedicated IP(s), and a valid sender record reflecting your domain.. (eg MAIL FROM) If all your emails are clearly identified as representing your company, you should have less issues in the long run. Also one that is willing to work on your behalf in case of reputation issues. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Offtopic: How does an taiwanese IRT work / ppt.cc URL shortening
Not sure if it will help your situation, but we have been contacted before from Hinet from: r...@hibox.hinet.net I am sure that they might be able to help, and they speak good english. On 17-01-29 11:33 AM, John Levine wrote: remarks:Please note that TWNIC is not an ISP and is not empowered remarks:to investigate complaints of network abuse. What? Did I get that right? Their IRT Contact, responsible for abuse complaints has a comment that they do not investigate abuse complaints? TWNIC is what it sounds like, the registry for Taiwan. If you read farther down the APNIC whois output, it says to look in the TWNIC whois server, which works: $ whois -h whois.twnic.net 125.224.0.0 Netname: HINET-NET Netblock: 125.224.0.0/16 Administrator contact: network-...@hinet.net Technical contact: network-...@hinet.net If you can write in Chinese, even Google Translate style Chinese, that's slightly more likely to get an answer. Hinet is a large ISP and while not totally evil, is also not particularly responsive. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Gotta Love Banks.. Biggest Targets for Phishing yet..
This is the mail system at host emaildlp.security.bns. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system <ab...@scotiabank.com>: host mailrelay.glb.bns[172.22.1.204] said: 550 5.1.1 <ab...@scotiabank.com>... User unknown (in reply to RCPT TO command) Reporting-MTA: dns; emaildlp.security.bns Have a great weekend all.. (Love the private TLD) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Mails to microsoft
On 17-02-15 08:45 AM, Felix Schwarz via mailop wrote: Am 15.02.2017 um 17:08 schrieb Laura Atkins: If Hertzner cared they could sign up for the MS SNDS program and see a list of all the IPs that were currently blocked. They do that already (as Hetzner customers can see when registering a Hetzner IP in SNDS). AFAIK they also monitor IP blacklists for their IP range. One thing I'm wondering: If deliverability with Hetzner is already bad is there any chance to deliver anything at all from a OVH/DigitalOcean/AWS ip? (just to get a sense of how problematic Hetzner is) Felix From our observations.. depends.. Both OVH and Hetzner provide 'rwhois/SWIP' for parts of their ranges, and those parts are less problematic. The parts with no 'rwhois' are problematic. Digital Ocean/AWS, and for that matter any cloud provider that 'rents' IP(s) for short time intervals, will be problematic, especially if they don't bother to SWIP/rwhois that you are allocated those IP(s). And as more operators get into this space (Azure here in North America) and many others worldwide.. If you don't have the IP(s) long enough to justify SWIP/rwhois, then probably don't want email from you ;) But it comes down to this, if your hosting provider doesn't bother to monitor the outbound activity, they will likely be a bad place for you to make a home for legitimate services.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] How many more RBL's do we really need?
On 16-08-29 05:40 PM, Michelle Sullivan wrote: Don't you just hate these threads that can start arguments on what is an FP and what is not? :P You know what we could use more of? https://www.intra2net.com/en/support/antispam/ https://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html There isn't much like this any more.. Might be something that we can encourage universities, and/or large organizations with large email volumes who have the capability to check.. Not saying Google should do this ;) But for example, tag incoming emails somehow with a hash of which RBL's would be triggered, and compare it to their internal spam/ham systems. Any one else know some hidden gems on the 'net that might not be on the search results of real world results that can be shared around? Of course, the problem really stems from what Michelle alluded to.. While we can probably all agree on 99% of the content, it is that last 1% that different operators have different opinions on.. The small little WISP in rural Texas might have different opinions on what type of email they think their users want, than the large email provider in Turkey.. different RBL's can serve different purposes.. (oh, and you should see the Clinton/Trump divide on what is spam and what isn't) We used to do this with some friendly ISP's (course we didn't use direct RBL lookups, we created a caching system) in logging mode to identify UNIQUE and MULTIPLE RBL hits in the early days, but it really should be tied into some form of customer definition as well. (This is junk/not junk) but even then, take the case of the large provider who has a temporary really bad spam outbreak.. was the RBL who listed them wrong when a couple of good messages from the same source where also tagged? However, I think that data would be useful to help others make informed choices on which RBL's they might like to implement. RBL's are still one of the most efficient and effective way to reject the worst/most of the current spam outbreaks. (Followed by other simple DNS checks..talking to you 'static.vnpt.vn' and 'broadband.actcorp.in') But open comparison sources of the accuracy/validity of the data is something that would help everyone. I do suggest it needs to be based on demographics though. Which RBL's are most effective for email servers based on continent they operate might be a great start. (For instance, lists that identified sources of the CUT-WAIL outbreak for a while could claim to block 80-90-99% + of all attacks, if you happened to be one of those targeted by those attacks, doesn't mean in the long term it is the most accurate RBL for others) And I am sure that Gmail, or Yahoo, or AOL each would have a different opinion, based on the attackers who prefer targeting them, on which RBL is best (which is probably why they also run their own to some extent or another). -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] A lot of spam/malware from cox.net (68.230.241.0/24)
Sounds like the standard bot generated spam, but it has been mentioned before, if posting to this list, a complete header is usually best in order for list members to comment on. It would help to see if this is simply an outbreak of compromised email accounts (less likely) or some type of allowed relay.. or infrastructure change. Suprised that the c of this bot hasn't been found yet, it has been going on a while.. On 16-08-30 10:57 PM, Shane Clay wrote: We’re seeing huge amounts of spam coming from cox.net (68.230.241.0/24) over the past few days. Going to our filtering system but also getting through to Office 365 and Gmail accounts without any issue at all. They are all the well written, formatted “please remit” type emails with a Word Doc attached. Interesting, the example I’ve had sent to me today went directly to my users @domain.onmicrosoft.com address, so not to the custom domain. The customer has never actually used the onmicrosoft.com domain for anything. This is a repeat of what we saw from the same IP range in June. Anyone at Cox.net that can comment? Example of what we see: *From:*Coulson, Nick [mailto:bbulla...@cox.net] *Sent:* Wednesday, 31 August 2016 1:05 PM *To:* Real Staff Members Name <abc@hidden.onmicrosoft.com> *Subject:* Companies Actual Full Legal Name; Ben, Please See and Clear - NET-30 01V950901 Hello Real Staff Members Name, Mechanical Engineer I am writing to inform you that we haven't got deposit of $1662.00 from Real Companies Name (), which appears *outstanding*. Since you are our returning customer, we are offering you 3 extra days to remit the payment. Please refer to the attached paper for payment requisites. Cheers, Coulson, Nick *Forte School of Music Applecross* | Accounts Team A.B.N 73 106069311 325-327 Queensberry Street North Melbourne Vic 3051 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone from AOL on this list?
FYI.. see this again from either the sending server or chilli.. X-SPAM-FLAG: Yes So that message would be in people's spam folder.. On 16-10-04 09:29 AM, Frank Bulk wrote: I just started seeing this: Site aol.com (152.163.0.68) said after data sent: 421 4.2.1 Dragnet Timeout Site aol.com (152.163.0.99) said after data sent: 421 4.2.1 "Service unavailable. Please try again later." Anyone else? Frank -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rok Potocnik via mailop Sent: Tuesday, September 27, 2016 11:43 AM To: mailop@mailop.org Subject: Re: [mailop] Anyone from AOL on this list? On 5. 05. 2016 21:35, Josh Nason wrote: Hi all -- we have some AOL caching questions and are curious if someone from there is on this list. If so, I'd love to hear from you. Thanks! I'd also appreciate an AOL contact... I have only couple of messages in the queue, but as I tend to keep mailqueues as tidy as possible I'd like to verify why did we get black/greylisted... (host mailin-01.mx.aol.com[152.163.0.68] refused to talk to me: 421 mtaig-aad01.mx.aol.com Service unavailable - try again later) (host mailin-01.mx.aol.com[64.12.88.131] refused to talk to me: 421 mtaig-mca04.mx.aol.com Service unavailable - try again later) (host mailin-02.mx.aol.com[152.163.0.99] said: 421 4.2.1 : (DYN:T1) https://postmaster.aol.com/error-codes#421dynt1 (in reply to end of DATA command)) (host mailin-03.mx.aol.com[152.163.0.99] said: 421 4.2.1 : (DYN:T1) https://postmaster.aol.com/error-codes#421dynt1 (in reply to end of DATA command)) (host mailin-03.mx.aol.com[64.12.91.196] refused to talk to me: 421 mtaig-mbb03.mx.aol.com Service unavailable - try again later) (host mailin-04.mx.aol.com[152.163.0.67] said: 421 4.2.1 : (DYN:T1) https://postmaster.aol.com/error-codes#421dynt1 (in reply to end of DATA command)) (host mailin-04.mx.aol.com[64.12.88.132] refused to talk to me: 421 mtaig-maa04.mx.aol.com Service unavailable - try again later) (host mailin-04.mx.aol.com[64.12.91.196] refused to talk to me: 421 mtaig-mcc04.mx.aol.com Service unavailable - try again later) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] increased spam from "newslettertool2.1und1.de"
Yes, definitely on the too big to block, but noticed an overall increase in the amount of spam reports the team is seeing related to their servers over the last couple of weeks.. On 16-08-29 09:05 AM, Terry Barnum wrote: Yes, I'm seeing them too. -Terry On Aug 29, 2016, at 7:50 AM, Benoit Panizzon <benoit.paniz...@imp.ch> wrote: Hello In the last couple of days I have come across more spam emails originating from: mout.kundenserver.de [212.227.126.133] (whitelisted as much legitimate emails is sent from that IP) but which contain an unsubscribe link pointing to newslettertool2.1und1.de I wonder if OneAndOne created a new tool which is actrively being abused by spamers. Anyone else seing those emails? -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Terry Barnum digital OutPost Carlsbad, CA http://www.dop.com 800/464-6434 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] RoadRunner Admin's on the list?
Please reach out to me offline, spam auditors noticed an increase of 'locky' style spam leaking out just one part of your email platform, and would like more information.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Yahoo blacklist removal
And there is also http://hetrixtools.com/589066.html They also have a lot of RBL's listed, and a pretty attractive 'free' model for monitoring your IP(s). On 16-11-16 04:02 PM, Eric Henson wrote: http://www.mxtoolbox.com will check 50+ blacklists. Eric Henson Server Team Manager PFS p: 972.881.2900 x 3104 m: 972.948.3424 www.pfsweb.com -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of David Sgro, Dataspindle Sent: Wednesday, November 16, 2016 3:53 PM To: Vick Khera; mailop@mailop.org Subject: Re: [mailop] Yahoo blacklist removal Any good place to find a list of specific ones I should check? No deliverability problems elsewhere so far. Did http://multirbl.valli.org/ and several others and totally clean. I found out about Proofpoint when emailing a vender. -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera Sent: Wednesday, November 16, 2016 4:37 PM To: mailop@mailop.org Subject: Re: [mailop] Yahoo blacklist removal On Wed, Nov 16, 2016 at 3:53 PM, David Sgro, Dataspindle <d...@dataspindle.com> wrote: - A company called ProofPoint had my block along with several other neighboring /20's listed due to a SPAM incident that happened in 2013. Spoke to them. Very nice people. They understood and cleared it up right away. Yahoo uses ProofPoint to help determine email reputation. Proofpoint provides reputation to others too, most notably icloud.com. You probably want to check *every* known reputation source. I'm sure you're listed elsewhere if it was that bad. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Amazing when Banks don't use SPF records..
There is a large round of TD Bank phishing going around.. Would have liked to report this to their abuse team.. but.. *Delivery has failed to these recipients or groups:* ab...@td.com <mailto:ab...@td.com> The e-mail address you entered couldn't be found. Please check the recipient's e-mail address and try to resend the message. If the problem continues, please contact your helpdesk. host -t TXT td.com td.com descriptive text "QAZp0qAv8Fqtex+x8eNq13IduQHhP7Y76B4TEOW7A2BtJ+Eh6cjsPT1E3PQtGsWet9xNPHfuFz0XvAYYcm05LQ==" td.com descriptive text "MS=ms90345429" td.com descriptive text "adobe-idp-site-verification=7450d651-fff2-4ed9-aebd-7af8fd72e3ca" td.com descriptive text "google-site-verification=zr-IIMl9y61ysL3vSRXIh_UdOUr16u6a3IKFtg-AGG4" host -t SPF td.com td.com has no SPF record -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Comcast Postmaster for off-list dialogue
Surprised, but I don't seem to have a Comcast contact on file.. Looking for an off-list discussion, regarding some of the listed DUL space.. -- Michael -- -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Storing 821 envelope recipients in an 822.Header?
On 16-12-07 07:58 AM, Ned Freed wrote: /me is going to go with Envelope-To, as it's going to be the easiest to explain to users "this is from the envelope at SMTP delivery time, not the To: or Cc: or anywhere else". FWIW, we chose the closely related X-Envelope-To: for this function many years ago. (At the time best practice was to use X- prefixes on nonstandard headers.) If we were doing it today we'd use Envelope-To:. Ned ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Probably better directed to the IETF, but based on the comments in that RFC about deprecating X- headers (which I too do not understand why), it looks to specifically point this out to those designing 'new' protocols, and it points out that those protocol designers should maintain a list of 'extensions'.. However, I think you missing something in that RFC.. 5. Does not override existing specifications that legislate the use of "X-" for particular application protocols (e.g., the "x-name" token in [RFC5545]); this is a matter for the designers of those protocols. So, X headers are still the way to go it seems for SMTP.. PS, we use .. X-MagicMail-Original-Destination: To preserve the original RCPT TO, presented during SMTP mail transaction, for later local processing. Why? so that all headers with the same prefix are easily identifiable for removal, if they already exist during the SMTP mail transaction. eg.. remove all X-MagicMail headers.. Point being, remember that certain headers SHOULD/MAY be removed/replaced by the MTA, so when choosing a header for your purpose, you should remember that aspect of recording data. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Storing 821 envelope recipients in an 822.Header?
On 16-12-06 06:37 PM, Steve Atkins wrote: I know there's no standard header for storing the envelope recipients for a message (for good reason, especially when it comes to Bccs) but there are times when it's useful. Does anyone know of a system that does that? I'm stashing them in "X-Rcpt-To" at the moment, for lack of anything better, but if there's even a marginal ad-hoc standard for it I'd like to be consistent. Cheers, Steve ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Storing all of them isn't really the job of the headers IMHO.. And if you do, you better quickly figure out some MAX_RECIPS ;) Storing/Preserving the original intended recipient is of course.. And some mail processing systems, the recipient lists 'change' during the course of delivery.. And you might like to explain your concept of 'envelope recipients' just to be clear... And it might help if you defined 'why' you want this data stored? -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Anyone from BigPond on the list?
Want to take a discussion off line with you, regarding your outbound filtering system, possibly being borked.. maybe internal routing problem through your filtering system.. Received: from nsstlmta29p.bpe.bigpond.com (HELO nsstlmta29p.bpe.bigpond.com) (203.38.21.29) Received: from smtp.telstra.com ([10.10.24.4]) by nsstlfep29p-svc.bpe.nexus.telstra.com.au with ESMTP id <20170113155324.yfet22287.nsstlfep29p-svc.bpe.nexus.telstra.com...@smtp.telstra.com>; Sat, 14 Jan 2017 02:53:24 +1100 X-RG-Spam: Unknown X-RG-Size: 2047 X-Junkmail-Premium-Raw: X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 X-RG-Spam: Unknown X-RG-Size: 2047 Received: from [10.10.24.4] (10.10.24.4) by smtp.telstra.com (9.0.019.11-1) id 5820AC3E0924882E; Sat, 14 Jan 2017 02:53:24 +1100 Received: from [146.185.28.58] by email.telstra.com with HTTP; Sat, 14 Jan 2017 02:53:15 +1100 -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] GoDaddy Email admins' in the house?
Noticed that they are using underscores in their hostnames used in the HELO/EHLO.. https://www.ietf.org/rfc/rfc1034.txt p3plsmtp09-04_26.prod.phx3.secureserver.net Comments from the list? While a lot of 'loosening' up on domain name(s) encoding has occurred, haven't seen anything that has changed to allow underscores in the host name portion, which I 'believe' is still restricted to letter-number-hyphen. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] RoadRunner Abuse handers lurking on here?
Have seen an up-tick of a specific type of spam being reported.. Kind of curious about the delivery method, as the messages contain Return-Path headers when they normally shouldn't.. Return-Path: <lean...@sbcglobal.net> Received: from dnvrco-outbound-snat.email.rr.com (HELO dnvrco-oedge-vip.email.rr.com) (107.14.73.232) by [REDACCTED] with (DHE-RSA-AES256-GCM-SHA384 encrypted) SMTP (61f32b86-b826-11e6-b20f-ef093237de50); Thu, 01 Dec 2016 16:29:28 -0800 Return-Path: <lean...@sbcglobal.net> ^^ Should not have been set by 'dnvrco-omsmta01'^^^ Received: from [1.49.149.199] ([1.49.149.199:56743] helo=outlook.com) by dnvrco-omsmta01 (envelope-from <lean...@sbcglobal.net>) (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ESMTP id 49/C7-19237-260C0485; Fri, 02 Dec 2016 00:29:26 + Message-ID: <0306b0e3e83c07a4787d348216072...@sbcglobal.net> From: "PHARMACY EXPRESS" <lean...@sbcglobal.net> To: [REDACCTED] Subject: Best remedy for xxx life! Date: Fri, 2 Dec 2016 02:26:26 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="=_NextPart_000_1D4E_01D24C43.7B3582F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3528.331 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331 X-RR-Connecting-IP: 107.14.64.6:2525 (Strange p0f results as well, incidentally) PS... Found a referral to rwhois.rr.com:4321. connect: Connection refused Better fix the 'rwhois' server, or the listing with ARIN.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Too funny Amazon Abuse Responses..
Our auditors just shared this one .. After a particularly bad day of spam coming from AWS being reported, a careful email was crafted to the abuse desk, with full headers of a sampling of the spam, and a list of the IP(s) that were used.. Automated response .. "Thank you for your abuse report. We were unable to identify the customer responsible for the reported activity. Due to the frequency with which AWS public IP addresses can change ownership, we will need additional information in order to identify the responsible customer(s)." * Complete, accurate timestamps of the activity including: - Date - Time - Time Zone * [EMAIL SPAM] Full e-mail header and HTML content of the spam message For a faster response, please resubmit your report using the form at https://aws.amazon.com/forms/report-abuse I guess they don't read the email(s) before saying they can't identify the customer ... and if they can't with full headers, time stamps et al.. *Ouch* Have a great weekend all.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Google blocked senders list
hy not check both? It seems illogical to accept a message from an envelope sender address which is in the list. Am I wrong in thinking that in the case of spam the From: address is more variable than the envelope sender? There will be cases where we want to block an envelope sender address but unable to block the (different) From: address because it is used by legitimate mail. -- Richard Gilbert Corporate Information and Computing Services University of Sheffield, Sheffield, S10 2FN, UK Phone: +44 114 222 3028 <tel:%2B44%20114%20222%203028> ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop <https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop> ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." ---- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SORBS help
On 17-01-05 05:21 PM, John Leslie wrote: How to get that information back to the responsible party, as of today, remains unsolved. But to the casual observer, blocklist operators don't seem to be trying at all. They don't notify the blocklisted server at all, in most cases, and if there _is_ any way to retrieve information about why the listing happened, it's proprietary. and what do *YOU* perceive as "punishment"... Actually, any blocklisting without the least attempt to report why the listing happened _looks_like_ "punishment" -- even when the "punishment" is extremely unlikely to change the misbehavior. and I will answer why we can/cannot implement such policies/changes... Why you _currently_ can't implement them isn't terribly helpful. Instead, could you try to say what you would need in order to implement them? -- John Leslie <j...@jlc.net> Probably simply 'money', spammers make a lot more money that RBL operators, maybe when various CAN-SPAM organizations fine spammers, maybe they can spread the wealth to the RBL operators, and they can spend the money to become the 'reporting police'.. but seriously, it shouldn't be the job of RBL operators to let network operators know they have a problem, the network operators that do spend the money to monitor their own networks and email servers usually seldom end up on RBL lists, and/or can get off quickly in the case they missed something.. But asking small shops, often who are providing the service for little or no reward, to bear the cost of monitoring other peoples networks seems unrealistic. I don't know how often I hear, 'We don't monitor our networks/customers, because otherwise we might be deemed responsible for the activity' But getting off topic now.. But maybe instead of being critical, we should take time to thank those people who take the time out to provide that service, an obviously thankless job.. I think we all can agree that there are more network operators not doing their job (egress spam) than problem RBL operators. Ps, how quickly should this operator expect to be removed from an RBL.. 104.168.151.9 6 if1.perfecthealthadvice.com 104.168.151.107 host-10.thedesiredhealth.net 104.168.151.116 static-11.loveandhealthiness.net 104.168.151.1456 smtp.naturalhealthsaver.net 104.168.151.1548 manicmarketer.com 104.168.151.1753 mxst11.health-galleria.com 104.168.151.1857 manicmarketer.com 104.168.151.1954 abts.thedesiredhealth.net 104.168.151.2045 tgn.loveandhealthiness.net 104.168.151.4345 deadbeatmarketer.com 104.168.151.4449 deadbeatmarketer.com 104.168.151.4647 deadbeatmarketer.com 104.168.151.4749 deadbeatmarketer.com -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] LOUDMOUTHS WANTED!! ICANN WHOIS Replacement Work URGENT IMPORTANT ACTION NEEDED
On 17-03-24 02:29 PM, Rob Golding wrote: Is that referring to the possibility that companies who make their business parsing/trawling/storing whois data may not be able to sell the ~150 million registrant names/addresses/phone-numbers/emails for their own commercial gain on one suggested gated-access methodology ? So yes, benefitting 150 million people rather than being concerned about the financials of ~20 organisations, might be a possible outcome. Rob There are other ways to protect that information, however IMHO, it is as simple as this.. You want to use/advertise a publicly accessible resource, you should expect that the information about it's use should be public too. Securing the data, abuse of the data, are separate things from requiring legitimate information, and for that information to be publicly accessible. Please let's not confuse the issues.. And as for privacy issues, nothing says that you HAVE to own a domain name, or operate an IP or range, but if you 'choose' to do so, there are some responsibilities that go with it.. (They make me put a license plate on my car, a registration number on my boat, I need to wear an orange bracelet at my all inclusive resort, I have to get my picture taken to go into the nightclub or to visit the US.. all have differing levels of information I have to present) But if I want to use a public resource, eg get a permit to gather in the park, or hold a rally, I have to provide information that will be (and I should expect it to be) publicly available. (And, if it wasn't for all the rampant abuse, maybe this would not be an issue, but what about the millions of domains and IP(s) that are being abused every day... They need to be held accountable..) Sorry.. Rant Friday.. Have a good weekend all.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone Else notice a significant reduction in spam leakage from Gmail over last couple of weeks?
Aside from the evil's of forwarding, and the methods that are available to do that without running afoul of SPF.. that is an argument for another day. Every modern email client now supports checking multiple mailboxes don't they ;) ... host -t TXT gmail.com gmail.com descriptive text "v=spf1 redirect=_spf.google.com" host -t TXT _spf.google.com _spf.google.com descriptive text "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" host -t TXT _netblocks.google.com _netblocks.google.com descriptive text "v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~all" host -t TXT _netblocks2.google.com _netblocks2.google.com descriptive text "v=spf1 ip6:2001:4860:4000::/36 ip6:2404:6800:4000::/36 ip6:2607:f8b0:4000::/36 ip6:2800:3f0:4000::/36 ip6:2a00:1450:4000::/36 ip6:2c0f:fb50:4000::/36 ~all" host -t TXT _netblocks3.google.com _netblocks3.google.com descriptive text "v=spf1 ip4:172.217.0.0/19 ip4:108.177.96.0/19 ~all" Okay, I admit it is clearer and cleaner that many operators.. but are they ALL outgoing mail systems that should have an envelope from of @gmail.com? (I think gmail.com should be separate from google.com, IMHO) I would expect that most of those IP(s) should be relaying out the appropriate gmail servers.. Most of that 74.125.0.0/16 doesn't even have PTR records, so I am sure they are not used for sending email.. But yes, the -all would be nicer... ;) By being able to reject during the SMTP handshake, it would also help alert the sending servers admin's to a problem with compromised accounts.. But yeah, might be living in a dream world.. for a little bit yet. I will take the step in the right direction for today, and tip my hat.. On 17-08-01 04:37 PM, Brandon Long wrote: Tighter how? spf_checker_util: output header: softfail (google.com: domain of transitioning ptp...@gmail.com does not designate 58.64.196.210 as permitted sender) client-ip=58.64.196.210; You want it to just fail? That would be silly, we expect people to forward email. I'll pass on your compliments. Brandon On Tue, Aug 1, 2017 at 3:42 PM, Michael Peddemors <mich...@linuxmagic.com> wrote: Be interesting to know if they made changes, but no matter what.. "Kudos' and hats off.." Now if we can only convince them to have tighter SPF records ;) Return-Path: <ptp...@gmail.com> Received: from aton.hk (HELO mail.aton.hk) (58.64.196.210) (Dont' worry, still goes to spam folder but.. would make it easier for everyone else) (And if email operators would bite the bullet and force envelopeFrom that are on their servers.. ) Next one we want to see improvement on... (Oh, don't want to pick on them Michael) -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Penetration testing phishing emails
While some pen testing companies who do that want to make it as realistic as possible (phishing emails, eg in the same manner a villain would do) it depends on the target employees that they are trying to 'phish' test.. Normal employees are not sophisticated, and the content alone is enough. Unless the pen testing company was testing another security company, or very tech savvy targets, I would do the following: * Add a TXT record clearly showing the purpose. * Use a separate domain/sub-domain * Have the PTR record from the sending server CLEARLY spell out. -- PTR pentest.legitimatedomain.com * Ensure that there is an ab...@phishdomain.com * Have accurate SWIP/rwhois for the IP in question, with clear COMMENT section * Have the whois record for the phishdomain clearly show legitimacy * Have an associated website matching the phishdomain. However, in general the later is probably part of the pen test. Simply going to the site, might actually be the exploit, or it might add to the legitimacy. A tough one.. but I would really suggest that you get a legal disclaimer from the target company, with the ability to confirm that the target indeed registered the disclaimer. But of course, the 'obvious' question, is why they are looking to use your network ;) If they are a pen testing company without their own IP space, did they just set up shop? Social Engineering can be used just as easily against you, as the targets.. Sounds like something a Kevin Mitnick might invent.. On 17-08-01 02:37 PM, David Harris wrote: Hi, We have a potential customer in the business of doing penetration testing, and they want to send penetration testing phishing emails authorized by a target company to that company's own employees. If we allowed this in our network, I would require: (1) Evidence to our satisfaction that this was authorized by the target company (2) An X- header explaining what they are doing with a link to find more info (3) Use of a from address at a domain name like “whatever-company-name-is-phishing.com” -- which would have a web-page explaining what they do (4) The approval of our upstream's Abuse Desk. I’m considering also requiring: (5) Emails must be DKIM signed with a d= of the target company domain name. For example: From: f...@whatever-company-name-is-phishing.com To: emplo...@example.com DKIM-Signature: … d=example.com …. Thoughts? Are there best practices for something like this? Thanks, David Harris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Anyone Else notice a significant reduction in spam leakage from Gmail over last couple of weeks?
Be interesting to know if they made changes, but no matter what.. "Kudos' and hats off.." Now if we can only convince them to have tighter SPF records ;) Return-Path: <ptp...@gmail.com> Received: from aton.hk (HELO mail.aton.hk) (58.64.196.210) (Dont' worry, still goes to spam folder but.. would make it easier for everyone else) (And if email operators would bite the bullet and force envelopeFrom that are on their servers.. ) Next one we want to see improvement on... (Oh, don't want to pick on them Michael) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] spam report: ccm167.constantcontact.com [208.75.123.167]
hehe.. and it is always funny when marketers send to our spam auditing team, or the abuse addresses.. You 'think' that they would have a mechanism to strip abuse@ before sending to a culled list.. On 17-08-09 08:36 AM, Bryan Bradsby wrote: Constant Contact Why did you send spam to our DNS team attempting to sell your services? "Save 50% for 2 months" postmas...@texas.gov, Bryan Bradsby 512.936.2248 DIR/CTS/NOC-IT ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] [RFC 2822] RFC Header Line Length..
2.1.1. Line Length Limits There are two limits that this standard places on the number of characters in a line. Each line of characters MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF. Seeing more and more cases of this not being honoured.. Surprised that there is not more breakage, but noticed that Yahoo's DKIM is now one long line, in addition to Microsoft's VERY long header lines.. (1845 chars) Comments? -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Any ATT/Prodify admin's on list?
Noticed a lot of backscatter and what appears to be open relay traffic, as well as the servers not respecting SPF records, and would like to discuss this off-line This is from Prodigy/ATT server(s). Received: from flpd598.prodigy.net <http://flpd598.prodigy.net> (HELO flpd598.prodigy.net <http://flpd598.prodigy.net>) (144.160.152.219) X-Header-Overseas: Mail.from.Overseas.source.212.227.251.67 X-Originating-IP: [212.227.251.67] Humidifiers-Handle: 5a11ed6a1f23513a From: Reminder+Facebook -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Properly vetting an hosting provider before buying/moving
On 17-07-17 11:21 AM, Michael Wise via mailop wrote: Looks like #1 is mostly Azure. Bringing this to certain peoples' attention now. ... Aloha, Michael. At the same time, push them to implement an 'rwhois' server for the Microsoft IP space ;) Or at least try to SWIP to what parts of the the overall IP space are possibly designated for certain purposes.. NetRange: 23.96.0.0 - 23.103.255.255 CIDR: 23.96.0.0/13 NetName:MSFT NetHandle: NET-23-96-0-0-1 Parent: NET23 (NET-23-0-0-0-0) NetType:Direct Assignment OriginAS: AS8075 Organization: Microsoft Corporation (MSFT) RegDate:2013-06-18 Updated:2013-06-18 Ref:https://whois.arin.net/rest/net/NET-23-96-0-0-1 Out of that range, for instance, 23.97.128.0/17 is allocated for Azure.. Something like that could easily be SWIP'ed, however operating an internal 'rwhois' server would make day to day management a little simpler. My two cents.. (yes, we already know about the published ranges via website) But, based on our monitoring statistics, I would still say you are a long way from being number #1 ;) I think that (link) is more about issues that haven't been responded to or addressed, rather than spam sources.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Again, we are getting pretty off-topic.. but for the record.. inetnum:5.9.170.240 - 5.9.170.255 netname:HOS-201823 descr: HOS-201823 country:DE admin-c:HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA mnt-by: HOS-GUN created:2017-06-23T01:18:48Z last-modified: 2017-06-23T01:18:48Z source: RIPE # Filtered role: Hetzner Online GmbH - Contact Role address:Hetzner Online GmbH address:Industriestrasse 25 address:D-91710 Gunzenhausen address:Germany [240-255] 5.9.170.244 (RS) 3 static.244.170.9.5.clients.your-server.de 5.9.170.245 (RS) 4 static.245.170.9.5.clients.your-server.de 5.9.170.246 (RS) 3 static.246.170.9.5.clients.your-server.de 5.9.170.247 (RS) 1 static.247.170.9.5.clients.your-server.de We have automated systems that detect outbreaks like these from many hosting providers, close to zero day, but yes.. it seems that they are giving 'new customers' IP Space that are just snowshoe spammers, or general spammers, and it is still happening on an almost daily basis, so their methods for 'signing up' new customers does seem to be having it's challenges, or they aren't concerned until AFTER the abuse reports roll in. It would help if they advertised the operator of the delegated IP space properly in their 'rwhois/SWIP', but aside from that, it isn't hard for them to see sudden large increases in outbound SMTP from new operators if they want to. (HOS-201823 doesn't really help anyone) And egress reporting is available in almost every router out there, eg creating alerts when a sudden large amount of traffic on egress to port 25 is generated. And of course, no outbound email should be allowed to port 25, from certain DNS naming conventions.. Any hosting company which waits for an 'abuse report' before acting, is bound to end up with reputation problems.. On 17-07-10 12:41 PM, John Levine wrote: In article <34c9f2de-c6bf-69af-6570-f17b3f283...@latter.org> you write: We have been in the Hetzner "neighbourhood" for years. This is our fourth server (and hence IP address) there and the first time we have had this issue. [1] Honestly, you're lucky. Hetzner gushes spam, and I've had most of their IP ranges totally blocked for years. I report a lot of it (semi-automatic tools) which has never made any difference I could see. But it shouldn't matter. We are not spammers. It is stupid to block a range of IP addresses on the behaviour of one. But it makes a lot of sense to block a range of IP addresses when the whole range gushes spam. Whenever I've looked at the logs, the stuff from Hetzner is like 99% spam. R's, John PS: Unpersuasive argument: "This is inconvenient for me, therefore you should not do it." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] User question about getting off blocklists
On 17-07-12 10:10 AM, Scott Bonacker CPA wrote: What authority is required to make a request for removal from a block list? Certainly not a user, but what level in the sending organization? Personally, the person/organization listed in the 'rwhois' or SWIP for that IP Address, is a representation of who is responsible for the activity. They own/oeprate the IP(s), they are responsible for the activity there on.. A secondary case, is the owner of a domain, where the domain portion of PTR of the IP Address of the offending IP Address, as represented by 'whois', but in cases where the problem is pandemic, it might require the person in the first case.. And the email of the person requesting it, should reflect the domain/company as well.. 'f...@hotmail.com' should not be requesting for a legitimate email server, where they should have an account ;) See a lot of fred55...@somefreemail.com, asking for removal for a known compromised server.. hehehe.. yeah right.. sorry if your trojan can't send email but... -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
1 unassigned.psychz.net 45.35.107.116(RN) 3 unassigned.psychz.net 45.35.107.118 2 unassigned.psychz.net 45.35.107.119 1 unassigned.psychz.net 45.35.107.120 1 unassigned.psychz.net 45.35.107.121 4 unassigned.psychz.net 45.35.107.123 2 unassigned.psychz.net 45.35.107.125 5 unassigned.psychz.net -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] antispam service recommendations?
Spam detection usually comes in via SMTP, not IMAP ;) What is is the backend MTA? Postfix? SendMail? Are you looking to offer this for free, or as a value add? You can also reach me offlist for suggestions.. On 17-07-18 08:50 AM, Mark Jeftovic wrote: Thanks to all who replied thus far, to answer a few questions: * our IMAP implementation is dovecot * approx. 25K mail boxes but they will not all be using this, most won't And a follow-up question: * anybody familiar with zerospam.ca ? Will summarize thread. - mark Mark Jeftovic wrote: Hi, we're looking for recommendations for an antispam service we can layer in front of our hosted IMAP offering. We've tried a few services so far and our testing has found serious deficiencies. Requirements: * hosted or virtual appliance * quarantine with management (auto-purge options) * prefer content based filtering over RBLs, having serious false-positive issues with RBLs - bonus for being able to enable/disable individual RBL's by domain/user * tag-only mode * user defined white-lists * anti-virus filters * API * white-labelling a plus but not a requirement Any feedback, experiences recommendations would be appreciated. - mark -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] RFC question on smtp replies...
be transferred to a DSN as well (see https://tools.ietf.org/html/rfc3464#section-2.3.6 ). Those diagnostic-code field values may be multiline as well, but I presume one would leave the numeric codes out. @Stefano: Not sure if I have the time, but good tip on checking if it is a bug or not. Yours, David On 7 July 2017 at 12:28, David Hofstee <opentext.dhofs...@gmail.com> wrote: Yes, I know. The subsequent RFCs 2821 and 5321 are equally unclear on this, I think. But it is a bit weird to say the human-readable text is for humans only. Since it is transferred via SMTP, the RFC should define how to handle it. And it is ambiguous. I would like option 1 best. David On 7 July 2017 at 12:03, Vladimir Dubrovin <dubro...@corp.mail.ru> wrote: Hello David. RFC 821 is outdated, use RFC 2821 as proposed or RFC 5321 as a draft for SMTP. Also, there is an RFC 3463, it adds extended status codes and you should probably read it. According to RFC, only code (and potentially extended status code) are intended for machine interpretation. The rest of response is a human-readable text, which should not be automatically interpreted. So, as a human, you are absolutely free to use it in any reasonable way. You can either leave it as is, or remove status codes, or concatenate it in the single line (since it's a human readable form, you should probably replace CRLF + status code + delimiter characters with a whitespace, because in human-readable form you do not expect the words to be wrapped or the lines to contain extra spaces). 07.07.2017 12:27, David Hofstee пишет: Hi, I've an interesting RFC question. In an SMTP reply, one can have single line or multiline replies. E.g. 521 single line reply or 521-Line one 521-Line two 521 Line three See also https://tools.ietf.org/html/rfc821#page-50 . My question is: The reply is an answer that is, necessarily, formatted for SMTP. But how should the multiline answer be interpreted? What is its 'value'. option 1: Remove superfluous return codes and s. E.g.: 521 Line oneLine twoLine three or option 2: Remove superfluous return codes but keep . E.g. 521 Line one Line two Line three or option 3: Remove superfluous s. E.g. 521-Line one521-Line two521 Line three or option 4: Convert s into '\r\n' to make it a one line answer. E.g. 521-Line one\r\n521-Line two\r\n521 Line three or option 5: Keep everything. Eg. 521-Line one 521-Line two 521 Line three The RFC does not really state that. So I am not quite sure how that should be logged correctly. Where the formatting starts and what 'value' it is supposed to represent. When I look at other standards (e.g. http://json.org), the formatting and what it is to represent, is more clear. This came up when I saw 3 different outputs in different MTA's (1,4 and 5). Not sure if I have to file a bugreport to my favorite MTA supplier. Can anyone say something smart about how the reply should be seen? Yours, David ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Vladimir Dubrovin @Mail.Ru -- -- My opinion is mine. -- -- My opinion is mine. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Restricted email address UIDs for public email domains
On 17-07-25 09:59 AM, Kirk MacDonald wrote: In addition to what is mentioned in RFC2142, can anyone offer any resources (or "best practices") for what can be considered "restricted" email addresses/UIDs for a domain which offers mailbox service to the general public? This would also be assuming the "restricted" email addresses are otherwise valid in terms of length, characters, etc. I tend to think that UIDs which one could consider "vulgar" aren’t realistic to restrict, since those types of feelings evolve over time and are subject to personal and cultural bias (to say nothing of the wordlist/regex complexity), but it would be interesting to know if there are addresses which folks commonly feel fall into a role/reserved type of category and/or should otherwise be restricted to the domain owners use (or no one's use). Kirk MacDonald Eastlink ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Our standards are that the main domain on the email server should have 'postmaster','abuse','mailer-daemon', as well as any common OS names, eg 'root','postgres','www-data' etc created and restricted. All subsequent domains should have 'abuse' and 'postmaster'. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 17-07-11 09:09 AM, Seth Mattinen wrote: On 7/11/17 02:19, Philip Paeps wrote: Unfortunately, spammers have made the internet worse for everyone. In the world of email today, "we are not spammers" is not a good enough argument to get your email accepted by anyone. "We're not spammers" is up there with "double confirmed opt-in" or "can-spam compliant" as things a spammer would say to try and get unblocked so they can fire off a spam run. ~Seth Some of my favourites... Templated responses.. "Could you please send us some evidence.." "We have taken necessary steps to prevent any kind of spam email being sent from the server" "We have investigated this issue and has taken care of" "pls remove me from blacklist" (that is the full request) "not listed in any blacklist except yours" "The mail server is clean" "..signed.. delivery consultant" (Why do they need one?) "The spam problem related to this issue was already solved" "We use DKIM and SPF" -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SNDS - Low Inboxing
Use a confirmed double opt-in system, then you don't have to worry. 'direct relationship with Merck' falls under 'implied consent' 'content directly pertains to cancer treatments' IF the contact information is publicly available, also is only covered by 'implied consent' Adopt a confirmed double opt-in, and you will ensure the highest levels of engagement, and the lowest complaints, and you won't have to 'prove' that your emails are wanted... On 17-06-29 08:51 AM, Chris Truitt wrote: Hi Laura, Our complaint rates are very low. The oncologists all have a direct relationship with Merck and have signed up to receive mail. The content directly pertains to cancer treatments in this example. They also spent two weeks sending to a core list of contacts with a strong history of engagement, and this didn't make a dent on the report. To your point, we saw higher open rates as would be expected when sending to engaged contacts. No complaints and no trap hits during this time, but it seems the message content is still flagged by smart screen. I have put less emphasis on snds in my report. The sender will continue to concentrate sends on engaged contacts, but it seems like they are getting placed in a category with the traditional pharma content we've come to know and hate. Ideally I'd like to see if there's a way for us to have the sender identified as legitimate and get around some of the content constraints. On Wed, Jun 28, 2017 at 11:25 AM, Laura Atkins <la...@wordtothewise.com <mailto:la...@wordtothewise.com>> wrote: Smart Screen is a bit opaque, but the key is that it’s based on user feedback. Instead of focusing on “jumpstarting your IP reputation” focus on delivering mail your recipients asked for and want. You mention oncologists getting messages from Merck about cancer treatments. Did the oncologists ask for the mail from Merck? Is the treatment relevant to their clinical focus? Also, just because Smart Screen shows red does not mean that all your mail is going to bulk. My experience is that the colors on SNDS don’t actually correlated with, well, anything. I ignore them completely because I can’t make any sense out of them. Focus more on what users are seeing and less on getting SNDS to change from red. laura On Jun 28, 2017, at 7:36 AM, Chris Truitt <truitta...@gmail.com <mailto:truitta...@gmail.com>> wrote: Hello everyone, After seeing red indicating low inbox placement in Microsoft SNDS we concentrated all deliveries on a much smaller more engaged group with a strong history of opens. Our open rate went up, but SNDS remained in the Red. During this time we saw no instances of complaints or trap hits. I opened a ticket with Microsoft and they told me that our messages were filtered by Smart Screen. This is pharmaceutical content sent *_only_* to health care practitioners. Things like a Merck cancer treatment to a small group of Oncologists. Does anyone have any insight on how we can jump start our IP reputation for Microsoft and ultimately improve inbox placement? Is there a direct contact that can assist me with this inquiry? Thank you, Chris Truitt Deliverability Manager ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop <https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop> -- Having an Email Crisis? 800 823-9674 <tel:%28800%29%20823-9674> Laura Atkins Word to the Wise la...@wordtothewise.com <mailto:la...@wordtothewise.com> (650) 437-0741 <tel:%28650%29%20437-0741> Email Delivery Blog: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] GoDaddy abuse form
On 17-07-06 11:54 AM, Eric Tykwinski wrote: If anyone from GoDaddy is here, I tried to fill in the form at https://supportcenter.godaddy.com/AbuseReport#, Captcha just kept error out with the following: There was an error submitting your request. SSE001 CSE001 Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Related to the abusive domain tdbanksecuredocs.com 148.66.136.56? -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Any One on here doing business with Rediffpro?
Ransom ware outbreak, but wondering why they aren't generating RFC compliant headers.. Unless of course, the operating system there is compromised. Return-Path: <nanettebttbu...@gmail.com> Received: from smtp.rediffmailpro.com (HELO smtp.rediffmailpro.com) (122.169.113.172) by fe1.cityemail.com with SMTP (b70422d6-7916-11e7-b59f-1f8d7727941e); Fri, 04 Aug 2017 06:13:35 -0700 Content-Type: multipart/mixed; boundary=Apple-Mail-D45AC243-3753-9EB9-7327-C43F11E04639 Content-Transfer-Encoding: 7bit From: nanette busst <nanettebttbu...@gmail.com> Mime-Version: 1.0 (1.0) Date: Fri, 04 Aug 2017 18:43:31 +0530 Subject: IMG_9786.BMP Message-Id: <0382c199-0d6b-69d0-3043-de000af74...@gmail.com> Appears to be standard BOT style ransomware that is going around, but the rediff email servers should of course be adding a received header, when it accepts a message from another system. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "MagicSpam" is a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] GMX on various blacklists
Our Spam Auditors reported a large outbreak yesterday, but they still fell under the 'too big to flag', without other specific variables in place.. (eg, Confirmed Malware, length of time of outbreak, etc..) But it was large, triggered alerts at over 25% of the telco's we monitor.. On 17-07-28 08:14 AM, Kirk MacDonald wrote: https://www.spamhaus.org/sbl/query/SBL229646 This one is a pretty old listing. Kirk MacDonald -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Benoit Panizzon Sent: Friday, July 28, 2017 11:47 AM To: mailop@mailop.org Subject: [mailop] GMX on various blacklists Hi http://multirbl.valli.org/lookup/82.165.159.13.html Blacklisted: 17 Anyone knows if some outbreak just got GMX thrown in that many lists? -Benoît Panizzon- -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Anyone have contacts at Orange (France)?
Seems you have the same problem when using the outbound SMTP.. Return-Path: <ala...@gozmail.net> Delivered-To: ala...@swordarmor.fr Received: from smtp.smtpout.orange.fr (smtp07.smtpout.orange.fr [80.12.242.129]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by togepi.gozmail.bzh (Postfix) with ESMTPS id 773F21A0070 for <ala...@swordarmor.fr>; Tue, 1 Aug 2017 19:07:46 +0200 (CEST) Received: from airmure.swordarmor.fr ([86.229.168.245]) by mwinf5d14 with ME id rt7m1v0035J0xQe03t7m42; Tue, 01 Aug 2017 19:07:46 +0200 X-ME-Helo: airmure.swordarmor.fr === Trying smtp.orange.fr:25... === Connected to smtp.orange.fr. <- 220 mwinf5d14 ME ESMTP server ready Doesn't seem that the give a proper FQDN even in their EHLO/HELO response, and/or the initial greeting. So, hard to tell whether this server you are connecting to is the same as the the outbound relay... (eg if you are actually connecting to smtp07 when sending) but I highly doubt it... since it probably goes out at least SOME form of filtering/balancing system. And when you look at the host entries.. smtp.orange.fr has address 193.252.22.84 smtp.orange.fr has address 193.252.22.86 This confirms that, so they aren't following RFC's as far as properly inserting relay received headers.. On 17-08-01 10:14 AM, Alarig Le Lay wrote: Hi, (I’m not in orange’s mail staff, just a customer of the ISP part, I’m not enough crazy to use another mail server than my own ;) On mar. 1 août 08:54:45 2017, Michael Peddemors wrote: We would expect that the actual SMTP servers themselves should be inserting a received header.. and that we would see a FQDN for the 'mwinf5d13' that received the email.. Hard to tell if this was a webmail processed email, or open relay from their networks.. If it could help you, this is what I get when I use their SMTP relay: https://paste.swordarmor.fr/raw/p3sU I don’t see any 1918 IP, so I guess that your mail comes from the webmail. If any one has a contact, (we tried postmaster already) I will forward it on to the team .. This address never worked for me. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Anyone have contacts at Orange (France)?
Significant increases in spam from them, but the reason our team wants a contact for them, is the strange case of missing received headers for mail processed via their systems that started a few months back.. eg.. Received: from smtp07.smtpout.orange.fr (HELO smtp.smtpout.orange.fr) (80.12.242.129) by with (DHE-RSA-AES128-SHA encrypted) SMTP (47d57a92-7694-11e7-b574-001e67492cec); Tue, 01 Aug 2017 01:34:52 -0700 Received: from localhost ([10.162.66.161]) by mwinf5d13 with ME id rkao1v0093UlTPu03kaoYi; Tue, 01 Aug 2017 10:34:48 +0200 X-ME-Helo: localhost X-ME-Date: Tue, 01 Aug 2017 10:34:48 +0200 X-ME-IP: 10.162.66.161 Date: Tue, 1 Aug 2017 08:34:44 + To: From: "M. SOLOMON 0615850055" <il...@pourcreer.fr> Reply-To: il...@pourcreer.fr Subject: =?utf-8?Q?au_bureau_ou_=C3=A0_domicile?= Message-ID: X-Priority: 3 MIME-Version: 1.0 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 8bit We would expect that the actual SMTP servers themselves should be inserting a received header.. and that we would see a FQDN for the 'mwinf5d13' that received the email.. Hard to tell if this was a webmail processed email, or open relay from their networks.. If any one has a contact, (we tried postmaster already) I will forward it on to the team .. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Fwd: Leverage Social Media to get guaranteed results
Yes Michael, If you are going to have your team tackle anything, the ones selling b2b mailing lists and contacts are one of your higher leakages.. I could send you a bunch off-list if you want .. Offenders this week.. (just a sampling from my own spam folders) Return-Path:Return-Path: Return-Path: All via *.outbound.protection.outlook.com Have a great long weekend all.. --- Begin Message --- Hello, Social Media has evolved from a platform of uncertainty to a medium businesses can use to get guaranteed outcomes. With our team of experienced marketing experts, we help our clients achieve their objectives. If you are interested reply back to get the “FREE SOCIAL MEDIA ANALYSIS “, “Company profile”, “Service details”, “Pricing”, “Client Case Study” , “Detailed SMO plan”. Area of Improvement: 1. We will give you guaranteed outcome 2. Improve your sales and business reach. 3. We will increase the brand value & awareness from Targeted Market only 4. Increase your website traffic Warm Regards, Martin Bell, Business Development Manager Note: - If you are not interested then you can reply with a simple \"NO\",We will never contact you again. --- End Message --- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Just an Introduction... Nice to meet your acquintance..
On 17-05-03 11:20 AM, Michael Peddemors wrote: Just thought I would reach out, as in general SendGrid does a better job than most ESP's.. Sorry, that was meant to be offlist.. :( -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Just an Introduction... Nice to meet your acquintance..
Just thought I would reach out, as in general SendGrid does a better job than most ESP's.. However, of course.. differentiating between those doing single opt-in, and double opt-in, marketing from transactional email is always a challenge for those in the spam protection space. You might like to add me to your linked in. For the record, we also have seen problems with nationbuilder.com, as well as hubspot.com, as the two commonly reported offenders .. However, you have to understand that the process of 'reporting to abuse' is not something that occurs in the real world.. for two reasons, the belief that no action will occur, and the 'why should I have to go to that trouble, they should monitor it themselves' attitude. I know that our teams could never get any work done if they had to report all the spammers to abuse departments ;) But for the most part, good usage of PTR records on your part.. Received: from o1.email.financialstuff.ca (HELO o1.email.financialstuff.ca) (50.31.54.5) (they push conferences to stripped addresses BTW) Sometimes we would like to see better usage of clear identification in the MAIL FROM, but that is about the only complaint we would have. Sometimes your team sends reports in for removal from various related systems affiliated with our company that are simply 'please remove this ip', rather than taking the time out to explain who the actor is, and what types of email communication is being sent from the IP in question. Short 'remove me' requests are much more likely to be addressed at the bottom of the pile. However, I know we have even recommended your company as professional, compared to other players in your space.. So.. keep in touch.. -- Michael -- -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Speaking of too many SPF, Many SPF failures lately
On 17-05-17 04:16 PM, John Levine wrote: In article <caba8r6vb+ng6e1ebdara4q-8mpi15rzvwuxyqkx2cd1os3a...@mail.gmail.com> you write: _spf.google.com is 4 lookups in total). Do you know why? It'd be easy enough to glom them together into one record. It'd be more than 512 bytes but it is my impression that the number of DNS clients that support neither EDNS nor TCP queries is pretty small now. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop 4 UDP lookups is faster than a fallback to tcp.. and retry isn't it? And sorry John, but in this business we STILL run into ppl who forget, and only allow UDP traffic on port 53 through their firewalls.. IMHO, I would rather see recursive lookups, and for many it is easier to maintain that way.. But, given the reported 'docusign' breach, a real example is nice.. host -t TXT docusign.com docusign.com descriptive text "v=spf1 ip4:65.221.8.13 ip4:65.221.8.29 ip4:65.221.12.128 ip4:65.221.12.148 ip4:192.237.158.85 ip4:23.253.182.234 include:_spfA.docusign.com include:_spfB.docusign.com include:_spfC.docusign.com include:sharepointonline.com -all" It looks not bad, successive lookups to 3 parts.. and they all look good. Don't like this part of course.. include:sharepointonline.com ip4:52.104.0.0/14 which chains down to of course.. ip4:40.108.128.0/17 ip4:104.146.128.0/17 ip4:104.146.0.0/19 and more.. And I see that more and more of a trend, company uses a 3rd party newsletter company which has all of Amazon AWS or Digital Ocean or Azure IP Space.. in the SPF record chain.. Not too hard for someone else to get some of the IP space and start spoofing.. Most people don't understand what the innocuous include means.. just that someone (3rd party) told them they had to add it to their SPF chain.. and someone in management said 'just do it', without realizing that it completely invalidated the protection afforded by SPF.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] International Fix-Your-SPF day
On 17-05-16 12:14 PM, Andreas Schamanek wrote: On Tue, 16 May 2017, at 13:05, Vick Khera wrote: On Tue, May 16, 2017 at 12:11 PM, D'Arcy Cain <da...@vex.net> wrote: Heck, we may not even need to do it. Enough coverage and the threat may get a bunch of them fixed anyway. hahahaha. you are very optimistic. Maybe, but I still love the idea of organizing an Internatinal Fix-Your-SPF day. hehe... I would settle for a 'banks fix your SPF records day'. But in reality, we still can't get most people to even properly configure PTR/DNS records.. let alone SPF.. And of course, those people who don't even know the affects of DNS, eg firewalls that don't allow both TCP and UDP requests, creating REALLY long PTR record lists, that force fallback to TCP retry with it's associated lag and overhead.. SPF records that are incredibly long.. (use inheritance if you need to) the use of weak SPF includes, which anyone can forge.. So, let's start slower.. 'Fix your PTR record day' 'Block Port 25 day from residential networks day' 'Stop allowing open relay day' 'Stop forwarding email badly' (or at all ;) 'Monitor traffic on egress day' (Doesn't every modern router support this? and alarms?) These are simpler fixes, and if they were just done, would make the internet a heck of a lot safer in a real hurry.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] About mipspace-poor list/listing
On 17-06-22 12:00 PM, Philip Paeps wrote: On 2017-06-22 12:32:30 (+0200), Stefano Bagnara <mai...@bago.org> wrote: Maybe I'm a victim of a very broad block targeted to my provider (OVH) I treat all email coming from OVH as "extremely suspect". They represent a substantial fraction of my daily spam volume, most of it snowshoe. Their abuse@ doesn't care at all. If it weren't for the fact that they do have some high-profile legitimate customers, I would refuse all email from them. I'm actually quite tempted to start whitelisting the legitimate OVH customers I know about and tempfailing the rest of their address space until I'm fairly confident I've not missed any before outright rejecting the rest. OVH and Hetzner are tied for second place on my "would love to blacklist outright but can't" shitlist. Right behind leaseweb NL. Philip Forgot Colo-Crossing on that list ;) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SPF record
On 17-05-20 12:24 PM, Steve Atkins wrote: On May 19, 2017, at 6:58 PM, Bryan Blackwell <br...@skiblack.com> wrote: Hi folks, Please pardon the noob question, just want to make sure this is what a proper SPF record should look like: example.org.IN TXT "v=spf1 mx ~all" It's fine. I'd marginally prefer one that listed the source IP addresses explicitly ... skiblack.com. IN TXT "v=spf1 ip4:70.175.229.213 ~all" ... but that might require a little more maintenance, depending on how your MX and smarthosts are set up. "~all" is the smart policy to use; ignore those who tell you to use "-all" or "?all". Sorry Steve, but IMHO have to disagree.. if you ARE going to use SPF, you should use -all.. Otherwise you might as well not use SPF.. and save the DNS queries.. Some have pointed out on the list the problem with 'forwarding', however that is a forwarding problem, and not an SPF problem. Since every email client out there can check multiple mailboxes, if you want to properly take advantage of SPF as a recipient, don't do email forwarding ;) I like sending this link, https://emailcopilot.com/blog/how-should-i-end-my-spf-record-all/ It shows that only 22% use -all, which IMHO opinion means not a lot of faith in SPF records, but they put it in because it is recommended.. (Two year old stats though, btw) If you are a bank, or any form of a phishing target, using -all is the obvious choice.. yes, certain forwarding mechanisms will then fail, but really it should, IF you want the benefits of SPF.. (if it was forwarded, you are at risk of it being altered any ways) Using +all is worse than no SPF record at all.. Will have to start running some stats of our own on this, but we aren't 'great' believers in it (SPF). However, if someone does have a '-all', and they are a likely or proven phishing target, we do use that information in our 'Known Sender Forgery' tools... More efficient.. but yes, it will reject email forwarded.. We use a -all on some of our domains, and we do see 'bounces' on occasion, but in those cases, even though they may be critical emails that the sender should receive, the small amount of blow back is better than the alternative. We are also a proponent of 'stop remote forwarding', and some of our ISP's are moving to this as a policy even. (Reduces support AND backscatter and is good for business) It would be interesting to see use cases for remote email forwarding that remain in today's world.. and of course, there are standards for rewriting sender domain when forwarding as well. And as always, remember SPF is 'not' designed to be a spam protection tool to be clear.. and most of the professional spammers have better SPF records that legitimate companies ;) (Same with DKIM/DMARC) But, as mentioned previously.. More important issues to address than SPF, that will make the world a better/safer place. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Speaking of too many SPF, Many SPF failures lately
On 17-05-18 06:47 PM, Ángel wrote: The question is, when does a large range start being "too large"? Because otherwise, every org will start weighting at a different point. And the worst part of this is that there are good reasons to add those includes, to begin with (and little margin to have the upstream reducing them). How nice it is of you Angel to volunteer to update the RFC with a recommendation on this :) Maybe do a little research on the 'largest' email provider(s) and how many they think they could possibly need .. a kind of 'Best Practices for SPF'.. j/k of course.. I go back to working on getting ppl to conform to recommendations made over 10 years ago as 'Best Practices'. Or getting abuse@ responses when reporting networks that 'look' like belonging to a bank, that are hacked.. Or getting ColoCrossing and others to stop letting snowshoe spammers light up.. Or get ISP's to put proper PTR records in.. Or.. (yeah, getting jaded a little, thank god a 3 day weekend ahead, and golfing weather) Can we just turn off the internet for three days please? (Hoping for that Solar Flare) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New gmail warning about spoofing
A couple of points.. simply because the To/From are the same, is not an absolute guide to spam, as this will often be the case in legitimate email lists, auto generated messages, web forms, et al.. The reason it is a spammer favourite trick though, is hoping the end user has mistakenly white-listed their domain and/or email address, to bypass your filters. And the To, will often be different than your email address for exactly the same reason, it might be the first address on a large BCC, (empty to would be worse) or a mailing list address.. What is more important is the value in the MAIL FROM: (EnvelopeSender), and a pet peeve of mine is the 'too big to block' providers, who allow emails to relay out or accept it via SMTP, when the domain in their EnvelopeSender is OBVIOUSLY fake, eg who would send @gmail using a yahoo server? PS.. (OFF TOPIC) Spam Folder(s) showing a REALLY noisy day for hotmail spam.. Mostly all scammers, 'mutual benifit', but always without ANY recipients in the To or Cc.. NoRecipient rules, when the content is obvious pretending to be directed to a single email box.. Is an easy catch for filtering.. even easier on egress when the volumes are high ;) On 17-06-14 11:17 AM, Laura Atkins wrote: On Jun 14, 2017, at 10:24 AM, Stefano Bagnara <mai...@bago.org <mailto:mai...@bago.org>> wrote: My question is WHY gmail alert me when from and to are equals and received from an external server but at the same time doesn't care to alert me if the from is another gmail address or if the to doesn't contain my address (because I was in CCN). Spoof emails usually try to make you believe the sender is a friend/customer/coworker/supplier, not yourself: that's why this message surprised me (Google preferred to deal with a minor use case before the bigger use case). That’s an easy one. a) It’s a well defined use case (to/from are the same, comes from outside service) b) It’s common (spammers do this all the time) c) False positives are not a big deal (if the mail really is to/from same address, then the user knows they triggered the mail). Overall, it may seem like a minor thing, but it’s easy to catch, easy to define and has a low false positive rate. Even in your case - you know you sent the mail, so it’s not really a big deal. Why wouldn’t you alert on that? laura -- Having an Email Crisis? 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com <mailto:la...@wordtothewise.com> (650) 437-0741 Email Delivery Blog: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] New sending range for MailChimp - 148.105.0.0/16
On 17-05-05 09:40 AM, Joey Rutledge wrote: Hi fellow email geeks, MailChimp recently acquired a new IP range, 148.105.0.0/16 and have just started sending from 148.105.8.0/21. I’ve noticed a few issues with receivers treating this range poorly, likely due to the previous owners of the range. If you are a receiver and have the ability to clean up things on your side to help us with sending emails from it, I would greatly appreciate it. Thanks, Joey Rutledge ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Better first make sure that you have DNS servers for those ranges... (Maybe your firewall people haven't allowed tcp) And suggest that you also update SWIP for your sections, clearly indicating what they are used for.. (or is the whole /16 used for exactly the same purpose) ;; Truncated, retrying in TCP mode. ;; connection timed out; no servers could be reached NetRange: 148.105.0.0 - 148.105.255.255 CIDR: 148.105.0.0/16 NetName:RSGL-3 NetHandle: NET-148-105-0-0-1 Parent: NET148 (NET-148-0-0-0-0) NetType:Direct Assignment OriginAS: Organization: The Rocket Science Group, LLC (RSGL-3) RegDate:2016-01-22 Updated:2016-01-22 Ref:https://whois.arin.net/rest/net/NET-148-105-0-0-1 OrgName:The Rocket Science Group, LLC -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Best rate limiting response?
Do you really want them to retry in this situation? Compromised users/rate limiter users, you probably aren't sure which but if you do not want them to send any more while they are rate limited, you probably should set a permanent error. Otherwise you might find a back load of messages in the person's outgoing server might trigger another rate limiting event right away. Also, you probably want the sender to know right away, correct? We send a 554 error in those cases.. On 17-09-11 05:22 PM, Luis E. Muñoz via mailop wrote: Over the years I've seen rate limiting responses as 421 and 451 (with the first being the most frequent). Is there a consensus in what the correct code should be? I'm going through RFC-5821 and none of the codes mentioned there seem to be a perfect match to "hitting a rate limit for an authenticated user" in my submission servers. Given the above, I'm leaning towards using 421, returned after each and every MAIL TO command. Thanks in advance. -lem ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Slow botnet IMAP scans?
SMTP Auth Scanners are easier to stop, which is why there are more IMAP scanners being seen in the wild. But that is why we are pushing forward on our CID implementations.. https://datatracker.ietf.org/doc/draft-storey-smtp-client-id/ Can't really block AUTH attempts strictly by 'firewall' or IP rules, as a bot could be operating out of shared or dynamic space, which would mean that you effectively block legitimate users from accessing email. We actually have a RATS-AUTH list designed to report on IP(s) used for AUTH attacks, the broken bots are easier to pick up. But this isn't a 'Chinese' thing only, we see lot's of these attacks coming from everywhere, including Amazon AWS etc.. On 17-10-06 05:30 AM, Tim Bray wrote: On 06/10/17 10:51, Otto J. Makela wrote: Are you keeping an eye out for (mostly Chinese) botnets doing slow IMAP scans, using scraped email addresses and apparently going through whole dictionaries? I haven't seen them. But we are getting a lot more SMTP auth scanners than we used to. We just drop them in the firewall for a bit. We've dropped about 300 IPv4 addresses in the last 6 hours. Tim ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] MAAWG in Toronto, hands up who on the list is attending?
I have now had a couple of ppl ask if I was attending this year, and while it is in Toronto which is nice, and I have been saying for the last couple of years we need to get a few people down to one, sometimes scheduling is a pain.. But while investigating the topics on tap, and trying to get some idea of the anticipated attendance numbers this year, I had a little chuckle.. I had forgotten the login for Maawg, so had to do a password reset.. And the email arrived in my spam folder.. so of course I had to look at it more closely. Seems that they use 'mailgun' for delivery of those notices. And looking at the message, at first glance I can see how similar it looks to all of the 'phishing' types of emails that pretend to be password resets. Received: from so254-8.mailgun.net (HELO so254-8.mailgun.net) (198.61.254.8) Okay, they use a shared service from MailGun.. (I assume this is a shared IP in the pool, and the pool has been a sender of spam before) Return-Path: <bounce+29ac75.da36d-alias=linuxmagic@mailserver.m3aawg.org> host mailserver.m3aawg.org mailserver.m3aawg.org mail is handled by 10 mxa.mailgun.org. mailserver.m3aawg.org mail is handled by 10 mxb.mailgun.org. host m3aawg.org m3aawg.org has address 67.192.153.75 m3aawg.org mail is handled by 10 mx.m3aawg.org.cust.b.hostedemail.com And while it is nice that they at least use a domain name related to m3aawg, not really what a person would think of 'whitelisting' .. And of course, in todays age.. no one should be 'bouncing' messages any more.. we should be rejecting during SMTP transactions where ever possible. And really, if it 'did' "bounce" from say a client or internal mail delivery mechanism, it wouldn't go to the EnvelopeFrom, it would go to the apparent from.. (and of course, I think the webmaster would want to know right away if bounces are happening any ways, instead of looking for a bounce report) host -t TXT mailserver.m3aawg.org mailserver.m3aawg.org descriptive text "v=spf1 include:mailgun.org ~all" Hmmm... that is pretty wide.. and not even a -all... So, the thought was.. what stops someone else from sending a similar message out of mailgun. DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mailserver.m3aawg.org; DomainKey-Signature: a=rsa-sha1; c=nofws; d=mailserver.m3aawg.org; Received: from webm (Unknown [67.192.153.75]) (originated from a server that doesn't have an rDNS/PTR record?) Aeronet Communications (C01901751) 67.192.153.64/27 (MAAWG, you might like to get a PTR record, especially if this is a dedicated server.. ) X-PHP-Originating-Script: 33:SimpleMailInvoker.php (Like we don't see a lot of that in compromises) From: M3AAWG <webmas...@m3aawg.org> (Would like to see quotes around the friendly name) Subject: Replacement login information for at M3AAWG (Extra space and bare , in body are because missing first/last names, but also a common trend in phishing attacks by script kiddies) Okay, now .. how easy would it be to forge those password reset pages.. I leave this to your imagination, how a person could register a similar domain name to m3aawg.org. Sign up for a mailgun account, and send messages that are forged to be almost identical.. m3aaawg.com/org w3aawg.com/org (Those are available) I see a lot of sessions that look good at MAAWG, some beginner sessions even, but it might be a interesting topic to use this as example of risks.. A targeted phishing attack against this group might look good on a hacker resume.. But the point is, "everyone" should occasionally rethink current practices and look at the risks. Would you click on a link that went to: https://www.m3aaawg.org/user/reset/ (You get the drift) And while I like the way that MAAWG uses a 'one time pass' instead of asking for credentials, if you have never used it before, you would not be surprised if it asked you more questions. It may be also vulnerable to a man in the middle attack, if the DNS of the recipient is somehow compromised.. but that is not unique to this case of course.. Personally, I believe the EnvelopeFrom should ALWAYS reflect the senders domain name, makes white/black listing more effective, and easy to test if it is accurate/valid. Hope there are discussions on that topic.. Anyways, still thinking of attending, so would like to hear about others going.. Topics I would be open to chatting with anyone about: * ISP Recommendations, PTR naming conventions and blocking Port 25 (still, 15 years later same topic, IoT) (So many foreign ISP's haven't yet made a move in this direction, allowing for destructive levels of Bot activity) * EnvelopeFrom Best Practices * Next Evolution(s) of Email Security (Auth Recommendations) -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic In
Re: [mailop] Looks like GoDaddy is having email issues
hehehe.. sounds like that standard sys admin error, allowing UDP through firewalls, and forgetting about TCP.. On 17-09-25 11:35 AM, Brandon James wrote: Yes we are seeing the same thing. Their status.godaddy.com still shows an email outage ongoing. Brandon On 9/25/17 11:59 AM, Frank Bulk wrote: GoDaddy Support tweeted that the issue was resolved, but instead of: 421 p3plibsmtp02-14.prod.phx3.secureserver.net bizsmtp Temporarily rejected. Reverse DNS for 96.31.0.x failed. IB108 <http://x.co/srbounce> we're seeing: Open (72.167.238.32) Error 180sec (399 TCP Read failed (Err Code Zero after 180 seconds) 180 sec) Open (68.178.213.203) Error 0sec (399 TCP Read failed (Connection was closed. after 0 seconds) 0 sec) Site naturesedge-ds.com (72.167.238.32) said in response to MAIL FROM (452 4.1.0 ... temporary failure) From our perspective they're getting flooded or there are still other issues going on. Frank -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Anne P. Mitchell Esq. Sent: Monday, September 25, 2017 10:11 AM To: mailop@mailop.org Subject: Re: [mailop] Looks like GoDaddy is having email issues This has been passed on to GoDaddy. Anne Anne P. Mitchell, Attorney at Law CEO/President, SuretyMail Email Reputation Certification and Inbox Delivery Assistance http://www.SuretyMail.com/ http://www.SuretyMail.eu/ Attorney at Law / Legislative Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Author: The Email Deliverability Handbook Legal Counsel: The CyberGreen Institute Member, California Bar Cyberspace Law Committee Member, Colorado Cybersecurity Consortium Member, Board of Directors, Asilomar Microcomputer Workshop Member, Advisory Board, Cause for Awareness Member, Elevations Credit Union Member Council Former Chair, Asilomar Microcomputer Workshop Ret. Professor of Law, Lincoln Law School of San Jose Available for consultations by special arrangement. amitch...@isipp.com | @AnnePMitchell Facebook/AnnePMitchell | LinkedIn/in/annemitchell ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] anybody here from earthlink?
Loosing email transferring between accounts/folders is still an email client responsibility, eg not flagging the message correctly until verifying if the move was successful. For mission critical needs between accounts, the 'imapsync' program is a great way to go. Otherwise, you will probably have to assume that the email provider, eg in this case Earthlink, might have a 'not responsible for lost or stolen email' policy. Not all providers are going to go to snapshots or backups for individual accounts, that is what an email archiving service is for :) On 17-09-25 11:54 AM, Miles Fidelman wrote: Hi Folks, By chance, is there anybody here from earthlink operations? I'm trying to help someone who lost a whole slew of mail, while transferring it from one folder to another using IMAP. The folks at customer support (who are unbelievably horrible) tell me that there are no backups of their servers. Somehow, I have a hard time believing that they don't keep a few days worth of backups floating around. My sense is that the front-line support folks have no direct connection to operations, and don't know anything about anything. Anybody here who might be able to help. Thanks, Miles Fidelman -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Earthlink Unblock Requests
Maybe they got tired of unblocking you, maybe you have to address the situation that gets you blocked so often.. ;) And suggestion? Unless you work for 'gmail.com', suggest that you post to this list with an email address that represents the party you represent. On 17-10-17 03:19 PM, Casey Stopperan wrote: Hello- It appears we've stopped receiving responses for unblock requests sent to the blockedbyearthlink address over the last week or so. Can someone at Earthlink please look into this for us? Thank you, Casey Stopperan ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Any one from RoadRunner that can ping me offlist?
-- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Office 365 - Emails marked as not passing fraud detection
Thought I would point out as well.. This message was sent via Outlook to the list, and Outlook already marked your message as spam, which many other filtering systems will honour. That header remained intact while being processed by the mailing list software at mailop.org. x-forefront-antispam-report: SFV:SPM;... And to the original problem, you might like to look at standard 'Best Practices for Email Operators'.. PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au But in this case, it depends on how you expect that relay to function. If you configure the Postfix relay to use SMTP authentication through an email account at 'caznet.com.au', which is your provider correct? then you won't have any problems. (Or use any SMTP provider where the client has an account) However, if you want your relay to act as a true MTA, then you will have to conform to Best Practices.. eg change the PTR to be something like 'server.customerdomain.com'. (The domain for the responsible party for the emails) That default PTR you were assigned will probably be treated as an 'unconfigured' source/device, and not an MTA by most spam methods to some extent or another.. But given that your corp ip was flagged, as well as the IP in question, it suggests that the reputation is either with your company, your network, or your domain, and not just that one IP Address. On 17-11-23 07:59 PM, Shane Clay via mailop wrote: I’d considered that. This server has been around a long time (and the rdns hasn’t changed) and the problem has only just come up. If it is the rdns, it’s a new problem. Do the HELO and RDNS have to match to pass spam detection? I would have thought that a valid, matching SPF record and the fact that the IP actually has a PTR etc would be sufficient. Shane *From:*Postmaster [mailto:i...@mailvue.com] *Sent:* Friday, 24 November 2017 2:23 PM *To:* Shane Clay <sh...@caznet.com.au> *Subject:* Re: [mailop] Office 365 - Emails marked as not passing fraud detection Could it be the rdns? PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au <http://stcolumba.customer-wan.caznet.com.au>; On Nov 23, 2017, at 8:31 PM, Shane Clay via mailop <mailop@mailop.org <mailto:mailop@mailop.org>> wrote: PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au <http://stcolumba.customer-wan.caznet.com.au/>; ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Just because it is Friday.. Could and AT/SBC/Bellsouth contact me offlist?
-- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] IMAP to IMAP
On 17-12-15 12:07 PM, John Levine wrote: I have a client who's moving from one mail system to another, and has quite a lot of mail on the old system's IMAP server that they want to take with them. While I can certainly write a python script that enumerates the mailboxes and copies stuff, I was hoping someone else already had. R's, John Google 'imapsync', it is the goto tool for that.. -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] SPF recommendations
liverson.com http://www.spamresource.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Password habits - was Re: Gmail forwarding blowback
Just because you are talking about this.. (I guess I could 'google') Why the use of POP3 and not IMAP? I also assume of course that you ONLY allow POP3/SSL and IMAP/SSL, and aren't sending those clear text ;) But again, this is mostly 'moot', unless a person only uses the Gmail webmail interface.. Let them access both accounts using IMAP, and simply drag/drop to the storage they want to keep them in ;) But the issue mainly arises in people who use webmail as their primary email client. And with an app. 15-25% of consumers using webmail as their primary client, this needs addressing as well. Which is why we are working towards webmail clients (well, really you have to just say 'web clients') that can handle multiple accounts through a single login.. Just as many desktops actually even use separate IMAP connections, even as granular as individual folders, it will eventually have to be unified. All clients will simply have the ability to consolidate many IMAP streams, even if the streams come from multiple sources.. And of course, eventually it will merge many 'streams', regardless of the underlying protocols used.. (eg XMPP, IMAP, HTTPS) and what the data is returned.. Umm.. I believe we call that 'Unified Communications'.. And whom ever provides that unified tool, if it is cloud based (eg your ISP, or Gmail, or an App Provider) will end up having that authentication information stored, whether it is password based or not. The 'security' conscious might use a unified tool (if you can still call it an email client) that is desktop/device based, but more likely the trend to the 'cloud' will continue. The client that presents the best 'unified experience' will ultimately win.. And the person using it will only be remembering one password or using one token to access that tool, regardless of the underlying 'data streams' and their individual authentication methods. It will boil down to usability, and cost of service, and trust that the 'client' provider will treat your data with privacy, security, and respect. Now, I better get back to work, earn some money, so we can continue to grow, and be bigger, better, and faster than everyone else.. On 17-11-10 01:52 PM, Brandon Long via mailop wrote: On Fri, Nov 10, 2017 at 8:11 AM Rob Nagler <mailop-bp...@q33.us <mailto:mailop-bp...@q33.us>> wrote: Does Gmail ask for the POP3 password every time, or do they store it ? They store it. Just like they do with SMTP passwords. On the one hand, I totally sympathize with that position, though the difference between having it on some device that can be lost/hacked vs a cloud service... I guess cloud services can be hacked in bulk, but chances are your users are already just re-using their email password, and so that ship has sailed. I haven't kept up with oauth recently, have they solved the discovery problem? If so, I can file a bug to have our pop fetcher switch to support oauth, but that would come with a bunch of work on your end to support that (I don't think anything supports that out of the box yet). There's also Gmailify instead of pop fetch. It uses IMAP and oauth, but it has a small whitelist of services it works with, partially due to oauth, partially due to IMAP being a more complicated protocol, and mostly just being overly cautious. Brandon ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." -------- Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?
And ON that topic.. what to do about the elephant in the room.. Seems both Spammers and Email Marketers are all jumping on the Amazon bandwagon.. (Personally, I never thought the price point would make it worth it) And just came across the reports of starting to see it on this network.. NetRange: 18.219.0.0 - 18.228.255.255 CIDR: 18.219.0.0/16, 18.220.0.0/14, 18.224.0.0/14, 18.228.0.0/16 And of course, Amazon does not appear to want to SWIP it any more accurately than that.. IS this something that ARIN should be commenting on? I mean they are assigning the addresses, even if they say they aren't guaranteed to assign them for long in their cloud structures.. We have been tracking a steady increase in activity, both spam activity, and ransom ware hosted on the Amazon cloud.. and as anyone who has tried jumping through the hoops of reporting there, it isn't easy or quick. Fresh brand new domains, placeholders for websites.. And of course, they don't even assign a company contiguous IP ranges.. Should we just start blocking these types of ranges, and then only exempt the legitimate ones? A quick check across a couple of /22' across that block, and the ONLY ones with PTR records are all placeholder/spammer domains.. On 17-11-16 02:45 PM, Anne P. Mitchell Esq. wrote: On 23/12/2015 02:28, mikea wrote: On Tue, Dec 22, 2015 at 09:14:51AM -0700, Anne Mitchell wrote: We are repeatedly being spammed by Ezoic, and we have reported them to their providers (enom, scalr, Amazon and Google multiple times). Just *what* can be done about a non-moving target spammer who is sending through Google (already reported to them) and hosting on Amazon? (ditto.) I don't mean at the local level, I mean about getting them shut down (or at least listed). At this point, all I can think of is this: If you don't complain, then they can't ignore you. Google and Amazon are "too big to be shut down", "too important to be blocked", and "too big to be influenced from outside". That's a bad combination. Rubbish! no-ones too big to be blocked, it's this type of attitude that allows the bigger players to sit back and say "ah so what" when you do complain. As a follow up, either Google finally booted them, or they are sharing the wealth, as we just got this Ezoic spam and it went out through Amazon..here's the complaint we just sent in case any of you are interested: Hey Anne- I've reached out to you a handful of times in the last couple of years and I thought, 'hey, what's one more time?' Hey Piper - I'll tell you what "one more time is"..it's the time I report you and Ezoic (already known as big fat spammers) for spamming us! Providers: The below is 100% pure spam, sent to a role account that cannot (and indeed did not) sign up for anything. In other words, this spam was sent to a *scraped* email address. You are receiving this report, with full headers and content below, because your company in some manner hosts or otherwise facilitates the organization that is sending the spam. Amazon, you are hosting this spammer's spam-sending on your EC2 system. Amazon, you are also hosting this spammer's website. Scalr, you are providing their DNS. If you are not hosting the server through which the spam email is being sent, then you are receiving this because you are the registrar of record for the domain of this spammer, you are hosting their DNS, or in some other way providing material support to their spamming. Please let us know if you need any further information, and please let us know what actions have been taken regarding my complaint. Inaction or lack of reply will result in this matter being reported to Spamhaus, Spamcop, and other anti-spam blacklists. Thank you. Kind regards, Anne Anne P. Mitchell, Attorney at Law Author: Section 6 of the Federal CAN-SPAM Act of 2003 CEO/President: Institute for Social Internet Public Policy Member: California Bar Cyberspace Law Committee CEO: ISIPP SuretyMail Email Accreditation http://www.ISIPP.com/ http://www.ISIPP.eu/ -- Original Message -- From: Piper LofranoSubject: Google Certified Tools Date: November 15, 2017 at 5:29:25 PM MST To: i...@theinternetpatrol.com Message-Id: Reply-To: Piper Lofrano Delivered-To: anne.mitchell@gmail.com, i...@theinternetpatrol.com Received: by 10.25.228.77 with SMTP id b74csp1809564lfh; Wed, 15 Nov 2017 16:29:32 -0800 (PST), from partita.isipp.com (partita.isipp.com. [69.12.213.130]) by mx.google.com with ESMTPS id f19si19047909plr.675.2017.11.15.16.29.31 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Nov 2017 16:29:32 -0800 (PST), from concerto.isipp.com (69-12-212-226.static.sonic.net [69.12.212.226]) by partita.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id vAG0TUlc016183 for
Re: [mailop] Hotmail and 4.5.1 4.7.500 Server Busy with some
n/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- EMRE ÜST Deliverability Specialist t. +902123430739 f. +902123430742 email: emre@euromsg.com skype: user_name web: euromsg.com Yeşilce Mh. Yunus Emre Cd. Ada İş Mrk. No: 4 Zemin Kat 4. Levent / İstanbul This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. Related Digital is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop