subject:"Spam\?"

RE: Mail to Microsoft being falsely marked as spam/bulk

2024-01-23 Thread Christopher Hawker

For me, it did. To be fair I did have two tickets open through two different 
channels. One of the tickets came back with advice that they had reset the 
score on the domain and IP address as I advised them that it was a private mail 
server, in use by one person (myself) with 2-3 mailboxes in use on the Axigen 
Mail Server software.

It's all about who you get on the day at the time you open the ticket and who 
replies.

Regards,
Christopher Hawker

-Original Message-
From: NANOG  On Behalf Of Bjoern 
Franke via NANOG
Sent: Tuesday, January 23, 2024 11:51 PM
To: nanog@nanog.org
Subject: Re: Mail to Microsoft being falsely marked as spam/bulk


> 
> Yes. Or just sending new stuff in the old ticket. (Apparently, you get 
> a different guy each time, keep trying until you find one who is 
> willing to act.)
> 

That didn't help either.
First, they asked for a proof that I did not use the IP before. After sending 
that proof, they told me that the issue (mails junked) was caused by forwarding 
spam and that I should confirm to Outlooks Technical Standards. After 
confirming this, they told me that they can't do anything, they have no liberty 
to discuss the source of the block and that I should take care of complying to 
Hotmails Technicals Standards.

I've asked them why they even asked for the proof for the usage of the IP if 
they can't do anything and got no reply.

Regards
Bjoern

Re: Mail to Microsoft being falsely marked as spam/bulk

2024-01-23 Thread Bjoern Franke via NANOG






Yes. Or just sending new stuff in the old ticket. (Apparently, you get
a different guy each time, keep trying until you find one who is
willing to act.)



That didn't help either.
First, they asked for a proof that I did not use the IP before. After 
sending that proof, they told me that the issue (mails junked) was 
caused by forwarding spam and that I should confirm to Outlooks 
Technical Standards. After confirming this, they told me that they can't 
do anything, they have no liberty to discuss the source of the block and 
that I should take care of complying to Hotmails Technicals Standards.


I've asked them why they even asked for the proof for the usage of the 
IP if they can't do anything and got no reply.


Regards
Bjoern

Re: Mail to Microsoft being falsely marked as spam/bulk

2024-01-22 Thread Stephane Bortzmeyer

On Sun, Jan 21, 2024 at 12:18:21PM +0100,
 Bjoern Franke via NANOG  wrote 
 a message of 25 lines which said:

> I had the same issue in which they were unable (or unwillig) to resolve it,
> and wouldn't have "the liberty to discuss the source of the block". Creating
> a new ticket some weeks later and they solved it without discussion.

Yes. Or just sending new stuff in the old ticket. (Apparently, you get
a different guy each time, keep trying until you find one who is
willing to act.)

Re: Mail to Microsoft being falsely marked as spam/bulk

2024-01-21 Thread Mike Hammett

https://www.mailop.org/ 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Christopher Hawker"  
To: "nanog"  
Sent: Saturday, January 20, 2024 5:07:39 AM 
Subject: Mail to Microsoft being falsely marked as spam/bulk 


Hi folks, 


I'm having an issue with Microsoft email filtering, where it is flagging 
messages from a private mail server as spam, with an SCL of 9 and a BCL of 7, 
resulting in it being sent to the Junk folder. 


We are not seeing this issue with Google's mail environment (being filtered to 
junk), confirmed that SPF, DMARC and DKIM are all correct and valid and that 
the domain and IP addresses are not on any block lists. 


If there is anyone from Microsoft around that can look into mail issues, could 
you please reach out to me off-list? Or if anyone has any ideas/suggestions as 
to how to resolve this, I'd be thankful to hear from you. 


Thanks, 
Christopher Hawker

Re: Mail to Microsoft being falsely marked as spam/bulk

2024-01-21 Thread Bjoern Franke via NANOG


Hi,



"Unfortunately, after reviewing the information you provided and in 
compliance with our mail policies, we are unable to offer immediate 
resolve for your deliverability issue."


Will give them credit though for the timing in their response, received 
it a few hours later after submission.




I had the same issue in which they were unable (or unwillig) to resolve 
it, and wouldn't have "the liberty to discuss the source of the block". 
Creating a new ticket some weeks later and they solved it without 
discussion.


Regards
Bjoern

Re: Mail to Microsoft being falsely marked as spam/bulk

2024-01-20 Thread Christopher Hawker

I tried this, got a scripted response:

"Unfortunately, after reviewing the information you provided and in
compliance with our mail policies, we are unable to offer immediate resolve
for your deliverability issue."

Will give them credit though for the timing in their response, received it
a few hours later after submission.

Regards,
Christopher Hawker

On Sat, 20 Jan 2024 at 22:19, Stephane Bortzmeyer  wrote:

> On Sat, Jan 20, 2024 at 10:07:39PM +1100,
>  Christopher Hawker  wrote
>  a message of 132 lines which said:
>
> > If there is anyone from Microsoft around that can look into mail issues,
> > could you please reach out to me off-list? Or if anyone has any
> > ideas/suggestions as to how to resolve this, I'd be thankful to hear from
> > you.
>
> In my experience with self-hosting, reporting it to Microsoft with
>  works sometimes. (Patience and calm
> required.)
>
>

Re: Mail to Microsoft being falsely marked as spam/bulk

2024-01-20 Thread Stephane Bortzmeyer

On Sat, Jan 20, 2024 at 10:07:39PM +1100,
 Christopher Hawker  wrote 
 a message of 132 lines which said:

> If there is anyone from Microsoft around that can look into mail issues,
> could you please reach out to me off-list? Or if anyone has any
> ideas/suggestions as to how to resolve this, I'd be thankful to hear from
> you.

In my experience with self-hosting, reporting it to Microsoft with
 works sometimes. (Patience and calm
required.)

Mail to Microsoft being falsely marked as spam/bulk

2024-01-20 Thread Christopher Hawker

Hi folks,

I'm having an issue with Microsoft email filtering, where it is flagging
messages from a private mail server as spam, with an SCL of 9 and a BCL of
7, resulting in it being sent to the Junk folder.

We are not seeing this issue with Google's mail environment (being filtered
to junk), confirmed that SPF, DMARC and DKIM are all correct and valid and
that the domain and IP addresses are not on any block lists.

If there is anyone from Microsoft around that can look into mail issues,
could you please reach out to me off-list? Or if anyone has any
ideas/suggestions as to how to resolve this, I'd be thankful to hear from
you.

Thanks,
Christopher Hawker

Re: Spam from ARIN to POC addresses

2023-09-13 Thread packetcat

On Wed, 13 Sep 2023, at 14:40, John Curran wrote:
> Thanks for raising this…   here’s how ARIN Meeting Invites are handled – 
>
> A series of announcements about registration and related reminders are 
> sent to arin-announce and published on www.arin.net, including:
>> Registration Open – 12-16 weeks prior
>> Meeting Materials Available – 1 week prior
>> Meeting Open – Day 1
>> 
> There are two direct email invitations:
>> Admin and Tech POCs within 100 – 150 miles of the meeting location – 45-30 
>> days prior
>> Admin, Tech, and Voting Contacts for all Member organizations (Service and 
>> General) – “Per the VA nonstock corporation act - Formal notice (to 
>> membership) shall be no more than 60 days and no less than 10 days prior to 
>> the announced date of the special meeting.”
> (Note that our registration system will dedupe so that contacts do not 
> receive both of these emails.) 
>
> All ASN holders are now legal members of ARIN, and therefore by 
> applicable law get notice of the meetings.  
>
> We could probably cut this list to just Admin and Voting by dropping 
> Tech contacts, but you’d end up getting one via the Admin POC. 
> (you want to suggest such a change - or any other change on how our 
> meeting announcements are handled, then please
> submit such to the ARIN Consultation and Suggestion Process -  
> https://www.arin.net/participate/community/acsp/process/ ) 
>
> Thanks!
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers

Thank you for your response John. My suggestion here is that legal text you 
quoted would be useful at the bottom of such emails so recipients know why they 
are getting them. I'll look into getting the suggestion submitted via the 
official channel.

-- 
packetcat
https://bastetrix.com

Re: Spam from ARIN to POC addresses

2023-09-13 Thread John Curran


On Sep 12, 2023, at 5:56 PM, packetcat  wrote:

At 14:01 and 14.46 EST I received two identical emails from 
meeti...@arin-events.net with the subject “Join us for ARIN 52 in October”. One 
was sent to the NOC POC address and one to the abuse POC address for my ASN.

As far as I am aware, I never signed up for whatever that mailing list is and 
if I did I wouldn’t subscribe to it on those addresses. Furthermore, I am not 
seeing an unsubscribe button on either email. That makes both messages spam.

Considering I’ve never received messages like those from ARIN on those 
addresses, I’ll give ARIN the benefit of the doubt and say someone accidentally 
imported the wrong list of emails into their MSP. I hope this is not the start 
of a new pattern of behaviour because that would not be…good to put it mildly.

Thanks for raising this…   here’s how ARIN Meeting Invites are handled –

A series of announcements about registration and related reminders are sent to 
arin-announce and published on www.arin.net, including:
Registration Open – 12-16 weeks prior
Meeting Materials Available – 1 week prior
Meeting Open – Day 1

There are two direct email invitations:
Admin and Tech POCs within 100 – 150 miles of the meeting location – 45-30 days 
prior
Admin, Tech, and Voting Contacts for all Member organizations (Service and 
General) – “Per the VA nonstock corporation act - Formal notice (to membership) 
shall be no more than 60 days and no less than 10 days prior to the announced 
date of the special meeting.”
(Note that our registration system will dedupe so that contacts do not receive 
both of these emails.)

All ASN holders are now legal members of ARIN, and therefore by applicable law 
get notice of the meetings.

We could probably cut this list to just Admin and Voting by dropping Tech 
contacts, but you’d end up getting one via the Admin POC.
(you want to suggest such a change - or any other change on how our meeting 
announcements are handled, then please
submit such to the ARIN Consultation and Suggestion Process -  
https://www.arin.net/participate/community/acsp/process/ )

Thanks!
/John

John Curran
President and CEO
American Registry for Internet Numbers

Re: Spam from ARIN to POC addresses

2023-09-12 Thread TJ Trout

I can help you get rid of pesky ARIN, let's start a 8.2 transfer!

On Tue, Sep 12, 2023 at 3:00 PM packetcat  wrote:

> At 14:01 and 14.46 EST I received two identical emails from
> meeti...@arin-events.net with the subject “Join us for ARIN 52 in
> October”. One was sent to the NOC POC address and one to the abuse POC
> address for my ASN.
>
> As far as I am aware, I never signed up for whatever that mailing list is
> and if I did I wouldn’t subscribe to it on those addresses. Furthermore, I
> am not seeing an unsubscribe button on either email. That makes both
> messages spam.
>
> Considering I’ve never received messages like those from ARIN on those
> addresses, I’ll give ARIN the benefit of the doubt and say someone
> accidentally imported the wrong list of emails into their MSP. I hope this
> is not the start of a new pattern of behaviour because that would not
> be…good to put it mildly.
>
> --
> packetcat
> https://bastetrix.com
>

Re: Spam from ARIN to POC addresses

2023-09-12 Thread Tom Beecher

>
>  I hope this is not the start of a new pattern of behaviour because that
> would not be…good to put it mildly.
>

What exactly is "not good" about ARIN emailing about the ARIN Public Policy
and Members meeting, to email addresses on file related to ARIN assigned
resources?

On Tue, Sep 12, 2023 at 5:58 PM packetcat  wrote:

> At 14:01 and 14.46 EST I received two identical emails from
> meeti...@arin-events.net with the subject “Join us for ARIN 52 in
> October”. One was sent to the NOC POC address and one to the abuse POC
> address for my ASN.
>
> As far as I am aware, I never signed up for whatever that mailing list is
> and if I did I wouldn’t subscribe to it on those addresses. Furthermore, I
> am not seeing an unsubscribe button on either email. That makes both
> messages spam.
>
> Considering I’ve never received messages like those from ARIN on those
> addresses, I’ll give ARIN the benefit of the doubt and say someone
> accidentally imported the wrong list of emails into their MSP. I hope this
> is not the start of a new pattern of behaviour because that would not
> be…good to put it mildly.
>
> --
> packetcat
> https://bastetrix.com
>

Spam from ARIN to POC addresses

2023-09-12 Thread packetcat

At 14:01 and 14.46 EST I received two identical emails from 
meeti...@arin-events.net with the subject “Join us for ARIN 52 in October”. One 
was sent to the NOC POC address and one to the abuse POC address for my ASN.

As far as I am aware, I never signed up for whatever that mailing list is and 
if I did I wouldn’t subscribe to it on those addresses. Furthermore, I am not 
seeing an unsubscribe button on either email. That makes both messages spam.

Considering I’ve never received messages like those from ARIN on those 
addresses, I’ll give ARIN the benefit of the doubt and say someone accidentally 
imported the wrong list of emails into their MSP. I hope this is not the start 
of a new pattern of behaviour because that would not be…good to put it mildly.

--
packetcat
https://bastetrix.com

Re: email spam

2022-08-29 Thread Nick Boyce

> especially as it's *known* that email is not a reliable method of 
> communication

That's the problem - it is *not* known by most ordinary folks that
email is not reliable.  They all think it *is* reliable.

Nick


On Wed, 24 Aug 2022 at 17:34, Anne Mitchell  wrote:
>
>
>
> > On Aug 23, 2022, at 8:52 PM, Suresh Ramasubramanian  
> > wrote:
> >
> > If you have something business critical, let alone anything that affects 
> > child safety, pick up a phone and call, or send an officer over to the 
> > school.
>
> 100%.  Belt and suspender approach.  If between 2020 and 2022 any child was 
> actually harmed by the guy, their parents are going to have a good lawsuit 
> (which sucks, because it would be much better to have no harmed child, of 
> course, but in my _academic_ opinion (i.e. this is not legal advice) the PD 
> was really, *really* negligent here, especially as it's *known* that email is 
> not a reliable method of communication, and if you aren't requiring an 
> acknowledgement that's on *you*).
>
> --
> Anne P. Mitchell, Attorney at Law
> CEO Institute for Social Internet Public Policy
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Author: The Email Deliverability Handbook
> Board of Directors, Denver Internet Exchange
> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
> Prof. Emeritus, Lincoln Law School
> Chair Emeritus, Asilomar Microcomputer Workshop
> Counsel Emeritus, eMail Abuse Prevention System (MAPS)
>

Re: email spam

2022-08-24 Thread Anne Mitchell

> On Aug 23, 2022, at 8:52 PM, Suresh Ramasubramanian  
> wrote:
> 
> If you have something business critical, let alone anything that affects 
> child safety, pick up a phone and call, or send an officer over to the school.

100%.  Belt and suspender approach.  If between 2020 and 2022 any child was 
actually harmed by the guy, their parents are going to have a good lawsuit 
(which sucks, because it would be much better to have no harmed child, of 
course, but in my _academic_ opinion (i.e. this is not legal advice) the PD was 
really, *really* negligent here, especially as it's *known* that email is not a 
reliable method of communication, and if you aren't requiring an 
acknowledgement that's on *you*).

--
Anne P. Mitchell, Attorney at Law
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

Legal notices being tagged as spam (was Re: email spam)

2022-08-24 Thread Anne Mitchell




> On Aug 23, 2022, at 7:33 PM, William Herrin  wrote:
> 
> Hello,
> 
> To folks at places like Google and Godaddy which have gotten, shall we
> say, overzealous about preventing spam from entering their systems,
> consider the risk:
> 
> https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
> 
> "Chesterfield County police said emails notifying Fairfax County
> Public Schools that an employee was arrested and charged with
> soliciting prostitution from a minor were not delivered to the school
> system."

..and for those who don't have access to the WashPo, that was in 2020, and he 
was just arrested again for repeat offending, and "Police arrested Thornton 
again and were surprised he was still employed by Fairfax County Public 
Schools." (Because of the email notification they had sent in 2020 which, of 
course, was never delivered, but the police didn't know that.)

This is one of the primary reasons that three of our data response codes that 
receiving systems get when querying the IADB DNSL (what senders know as "the 
Good Senders List") are:

127.3.200.120   Legally mandated email – email from this IP address consists 
entirely of communications that are required by law

127.3.200.130   Court-ordered email – email from this IP address consists 
entirely of communications that have been ordered by a court of law such as 
public notice of service or notifications of class action lawsuits to members 
of the class

127.3.200.255   Services the emergency alert or first-responder sector – email 
from this IP address consists of time-critical urgent or emergency 
communications

Of course, if the sender isn't certified with is - or the receiving system 
doesn't query us - that doesn't help, but we *are* trying hard to do our part.

---
We provide the IADB Good Senders email sender reputation certification list to 
inbox providers
around the world. 

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by ISIPP SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

Re: email spam

2022-08-24 Thread Matthew Petach

On Wed, Aug 24, 2022 at 7:28 AM Jawaid Bazyar 
wrote:

> "flawlessly map IP address to GPS coordinates"


Thanks, I needed a good hearty belly laugh to start off the day today.  ;P

*hint*
It's easier to fix the spam problem than it is to map IP addresses to
physical locations in reality-land.

This is one case where xkcd got it wrong.

https://imgs.xkcd.com/comics/tasks.png

Matt

Re: email spam

2022-08-24 Thread Jawaid Bazyar

Simple solution: create a system that can flawlessly map IP address to GPS 
coordinates, then just nuke the spammers from orbit. It's the only way to be 
sure.

Then the rest of us don't have to filter out emails.

On 8/23/22, 11:19 PM, "NANOG on behalf of b...@theworld.com" 
 wrote:


They should demand a full refund.

On August 23, 2022 at 18:33 b...@herrin.us (William Herrin) wrote:
 > Hello,
 > 
 > To folks at places like Google and Godaddy which have gotten, shall we
 > say, overzealous about preventing spam from entering their systems,
 > consider the risk:
 > 
 > 
https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
 > 
 > "Chesterfield County police said emails notifying Fairfax County
 > Public Schools that an employee was arrested and charged with
 > soliciting prostitution from a minor were not delivered to the school
 > system."
 > 
 > Long story short, the pedo kept his school job another year and a half.
 > 
 > There was once a time when both the outbound emails and the bounce
 > messages when they failed... worked. It was a spammy place but the
 > important emails got through.
 > 
 > Regards,
 > Bill Herrin

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: email spam

2022-08-24 Thread Tom Beecher

>
>
> https://wjla.com/news/local/timeline-darren-thornton-sex-crime-case-fairfax-county-public-schools-fcps-virginia-what-we-know-arrest-charges-conviction-chesterfield-county-police-hiring-firing-corrections
>
> The outbound mail DID bounce. And the bounce message is what ended up in
> the sender's spam folder which the sender never checked... until later when
> they started the investigation. No mail was dropped on the floor by
> anti-spam.
>
> There is still a place for things to be formally delivered on a piece of
> paper. Sure, send the email for quick notification, but also back it up
> with a physical letter sent via certified mail.
>

This x100.

1. Send the email for notification.
2. Pick up the phone. "Hey, we just emailed you an official notification
about one of your employees that was arrested. Can you please get back to
us within 24h to confirm that you received it?"
3. Send a physical certified letter.

Just a LITTLE bit of extra effort would have prevented all of this, and the
nerds could poke at the email situation at their own pace.

On Wed, Aug 24, 2022 at 2:06 AM Crist Clark  wrote:

> From the timeline here,
>
>
> https://wjla.com/news/local/timeline-darren-thornton-sex-crime-case-fairfax-county-public-schools-fcps-virginia-what-we-know-arrest-charges-conviction-chesterfield-county-police-hiring-firing-corrections
>
> The outbound mail DID bounce. And the bounce message is what ended up in
> the sender's spam folder which the sender never checked... until later when
> they started the investigation. No mail was dropped on the floor by
> anti-spam.
>
> There is still a place for things to be formally delivered on a piece of
> paper. Sure, send the email for quick notification, but also back it up
> with a physical letter sent via certified mail.
>
> And not that I feel sorry for the guy who was convicted, more than once,
> of soliciting a minor, but it doesn't necessarily mean he's a pedophile.
>
>
> On Tue, Aug 23, 2022 at 8:09 PM Jeremy Chequer <
> jer...@resolvergroup.com.au> wrote:
>
>> Or at the bare minimum, require a response. Just assuming the email went
>> through and then blaming that for a pedo keeping their job for another year
>> and a half is just bad on the officials side. With scams increasing,
>> measures need to be in place. Unfortunately, several agencies seem to think
>> that you should just trust anything that comes from their address but
>> that’s how we end up with email spoofing. The agencies need to ensure they
>> have the right setup in place to avoid ending up in spam and also ensure
>> they are following up in some form, especially when its to do with child
>> safety.
>>
>>
>>
>> - Jeremy
>>
>>
>>
>> *From:* NANOG  *On
>> Behalf Of *Suresh Ramasubramanian
>> *Sent:* Wednesday, 24 August 2022 12:52 PM
>> *To:* Eric Tykwinski 
>> *Cc:* nanog@nanog.org
>> *Subject:* Re: email spam
>>
>>
>>
>> *[External Sender] Be cautious of any links or attachments within this
>> email as it has come from an External Sender.*
>>
>> 100%. Also - there’s no way to offer a delivery sla for email.  If you
>> have something business critical, let alone anything that affects child
>> safety, pick up a phone and call, or send an officer over to the school.
>>
>>
>>
>> --srs
>> --
>>
>> *From:* Eric Tykwinski 
>> *Sent:* Wednesday, August 24, 2022 8:14:16 AM
>> *To:* Suresh Ramasubramanian 
>> *Cc:* nanog@nanog.org 
>> *Subject:* Re: email spam
>>
>>
>>
>> Sorry about the bad examples, but I remember contacting both about issues
>> with SPF multiple times.  They both have seemed have to fixed things at
>> least searching my logs for the last week.  Most of my customers have had
>> to whitelist them though for past issues. It’s also ezpassnj.com for the
>> NJ collection.  Point still stands, assume incompetence over malice.
>>
>>
>>
>> Sincerely,
>>
>>
>>
>> Eric Tykwinski
>>
>> TrueNet, Inc.
>>
>> P: 610-429-8300
>>
>>
>>
>> On Aug 23, 2022, at 10:20 PM, Eric Tykwinski 
>> wrote:
>>
>>
>>
>> Bill,
>>
>>
>>
>> Not only that, did they even follow their own rules, I’ve been fighting
>> with septa.org, the Pennsylvania train authority, and easypassnj.com,
>> the New Jersey transit toll collectors about invalid SPF records for years,
>> and they literally don’t give a shit.  If they say to put it in spam, well
>> than that is their own fault.
>>
>>
>>
>>

Re: email spam

2022-08-24 Thread Mukund Sivaraman

On Tue, Aug 23, 2022 at 10:50:22PM -0700, Jay Hennigan wrote:
> On 8/23/22 18:33, William Herrin wrote:
> > Hello,
> > 
> > To folks at places like Google and Godaddy which have gotten, shall we
> > say, overzealous about preventing spam from entering their systems,
> 
> Sigh. They are substantially less zealous about preventing spam from leaving
> their systems.

+1 on the observation. @gmail.com addresses constitute the largest
number of spam rejections on our office MX. These have passed SPF and
DKIM validation.

Would Google not be able to scan outgoing emails for spam activity?  Our
MX's SpamAssassin spam filter is able to detect most of them by
content. Is Google unable to do better than what they currently do for
outgoing email?

(It is understandable some don't like spam filtering at all. But
practically, if all these spam emails were delivered, email would become
almost unusable.)

Mukund

signature.asc
Description: PGP signature

Re: email spam

2022-08-24 Thread Crist Clark

>From the timeline here,

https://wjla.com/news/local/timeline-darren-thornton-sex-crime-case-fairfax-county-public-schools-fcps-virginia-what-we-know-arrest-charges-conviction-chesterfield-county-police-hiring-firing-corrections

The outbound mail DID bounce. And the bounce message is what ended up in
the sender's spam folder which the sender never checked... until later when
they started the investigation. No mail was dropped on the floor by
anti-spam.

There is still a place for things to be formally delivered on a piece of
paper. Sure, send the email for quick notification, but also back it up
with a physical letter sent via certified mail.

And not that I feel sorry for the guy who was convicted, more than once, of
soliciting a minor, but it doesn't necessarily mean he's a pedophile.


On Tue, Aug 23, 2022 at 8:09 PM Jeremy Chequer 
wrote:

> Or at the bare minimum, require a response. Just assuming the email went
> through and then blaming that for a pedo keeping their job for another year
> and a half is just bad on the officials side. With scams increasing,
> measures need to be in place. Unfortunately, several agencies seem to think
> that you should just trust anything that comes from their address but
> that’s how we end up with email spoofing. The agencies need to ensure they
> have the right setup in place to avoid ending up in spam and also ensure
> they are following up in some form, especially when its to do with child
> safety.
>
>
>
> - Jeremy
>
>
>
> *From:* NANOG  *On
> Behalf Of *Suresh Ramasubramanian
> *Sent:* Wednesday, 24 August 2022 12:52 PM
> *To:* Eric Tykwinski 
> *Cc:* nanog@nanog.org
> *Subject:* Re: email spam
>
>
>
> *[External Sender] Be cautious of any links or attachments within this
> email as it has come from an External Sender.*
>
> 100%. Also - there’s no way to offer a delivery sla for email.  If you
> have something business critical, let alone anything that affects child
> safety, pick up a phone and call, or send an officer over to the school.
>
>
>
> --srs
> --
>
> *From:* Eric Tykwinski 
> *Sent:* Wednesday, August 24, 2022 8:14:16 AM
> *To:* Suresh Ramasubramanian 
> *Cc:* nanog@nanog.org 
> *Subject:* Re: email spam
>
>
>
> Sorry about the bad examples, but I remember contacting both about issues
> with SPF multiple times.  They both have seemed have to fixed things at
> least searching my logs for the last week.  Most of my customers have had
> to whitelist them though for past issues. It’s also ezpassnj.com for the
> NJ collection.  Point still stands, assume incompetence over malice.
>
>
>
> Sincerely,
>
>
>
> Eric Tykwinski
>
> TrueNet, Inc.
>
> P: 610-429-8300
>
>
>
> On Aug 23, 2022, at 10:20 PM, Eric Tykwinski 
> wrote:
>
>
>
> Bill,
>
>
>
> Not only that, did they even follow their own rules, I’ve been fighting
> with septa.org, the Pennsylvania train authority, and easypassnj.com, the
> New Jersey transit toll collectors about invalid SPF records for years, and
> they literally don’t give a shit.  If they say to put it in spam, well than
> that is their own fault.
>
>
>
> Sincerely,
>
>
>
> Eric Tykwinski
>
> TrueNet, Inc.
>
> P: 610-429-8300
>
>
>
> On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian 
> wrote:
>
>
>
> Without saying why the mail was blocked (dumb content filter looking for
> porn? a spamhaus listing because the police server was hacked? something
> else?) that’s not going to help too much.
>
>
>
> I’ve been spam filtering stuff at large providers since the late 90s and
> it never gets any easier to block 100% spam or let 100% legit mail through.
>
>
>
> —srs
>
>
>
> --srs
> --
>
> *From:* NANOG  on behalf of
> William Herrin 
> *Sent:* Wednesday, August 24, 2022 7:03:52 AM
> *To:* nanog@nanog.org 
> *Subject:* email spam
>
>
>
> Hello,
>
> To folks at places like Google and Godaddy which have gotten, shall we
> say, overzealous about preventing spam from entering their systems,
> consider the risk:
>
>
> https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
>
> "Chesterfield County police said emails notifying Fairfax County
> Public Schools that an employee was arrested and charged with
> soliciting prostitution from a minor were not delivered to the school
> system."
>
> Long story short, the pedo kept his school job another year and a half.
>
> There was once a time when both the outbound emails and the bounce
> messages when they failed... worked. It was a spammy place but the
> important emails got through.
>
> Regards,
> Bill Herrin
>
>
>
>
>

Re: email spam

2022-08-23 Thread Jay Hennigan


On 8/23/22 18:33, William Herrin wrote:

Hello,

To folks at places like Google and Godaddy which have gotten, shall we
say, overzealous about preventing spam from entering their systems,


Sigh. They are substantially less zealous about preventing spam from 
leaving their systems.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

Re: email spam

2022-08-23 Thread bzs



They should demand a full refund.

On August 23, 2022 at 18:33 b...@herrin.us (William Herrin) wrote:
 > Hello,
 > 
 > To folks at places like Google and Godaddy which have gotten, shall we
 > say, overzealous about preventing spam from entering their systems,
 > consider the risk:
 > 
 > https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
 > 
 > "Chesterfield County police said emails notifying Fairfax County
 > Public Schools that an employee was arrested and charged with
 > soliciting prostitution from a minor were not delivered to the school
 > system."
 > 
 > Long story short, the pedo kept his school job another year and a half.
 > 
 > There was once a time when both the outbound emails and the bounce
 > messages when they failed... worked. It was a spammy place but the
 > important emails got through.
 > 
 > Regards,
 > Bill Herrin

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

RE: email spam

2022-08-23 Thread Jeremy Chequer

Or at the bare minimum, require a response. Just assuming the email went 
through and then blaming that for a pedo keeping their job for another year and 
a half is just bad on the officials side. With scams increasing, measures need 
to be in place. Unfortunately, several agencies seem to think that you should 
just trust anything that comes from their address but that's how we end up with 
email spoofing. The agencies need to ensure they have the right setup in place 
to avoid ending up in spam and also ensure they are following up in some form, 
especially when its to do with child safety.

- Jeremy

From: NANOG  On Behalf Of 
Suresh Ramasubramanian
Sent: Wednesday, 24 August 2022 12:52 PM
To: Eric Tykwinski 
Cc: nanog@nanog.org
Subject: Re: email spam

[External Sender] Be cautious of any links or attachments within this email as 
it has come from an External Sender.
100%. Also - there's no way to offer a delivery sla for email.  If you have 
something business critical, let alone anything that affects child safety, pick 
up a phone and call, or send an officer over to the school.

--srs

From: Eric Tykwinski mailto:eric-l...@truenet.com>>
Sent: Wednesday, August 24, 2022 8:14:16 AM
To: Suresh Ramasubramanian mailto:ops.li...@gmail.com>>
Cc: nanog@nanog.org<mailto:nanog@nanog.org> 
mailto:nanog@nanog.org>>
Subject: Re: email spam

Sorry about the bad examples, but I remember contacting both about issues with 
SPF multiple times.  They both have seemed have to fixed things at least 
searching my logs for the last week.  Most of my customers have had to 
whitelist them though for past issues. It's also 
ezpassnj.com<http://ezpassnj.com> for the NJ collection.  Point still stands, 
assume incompetence over malice.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


On Aug 23, 2022, at 10:20 PM, Eric Tykwinski 
mailto:eric-l...@truenet.com>> wrote:

Bill,

Not only that, did they even follow their own rules, I've been fighting with 
septa.org<http://septa.org/>, the Pennsylvania train authority, and 
easypassnj.com<http://easypassnj.com/>, the New Jersey transit toll collectors 
about invalid SPF records for years, and they literally don't give a shit.  If 
they say to put it in spam, well than that is their own fault.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300


On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:

Without saying why the mail was blocked (dumb content filter looking for porn? 
a spamhaus listing because the police server was hacked? something else?) 
that's not going to help too much.

I've been spam filtering stuff at large providers since the late 90s and it 
never gets any easier to block 100% spam or let 100% legit mail through.

-srs

--srs

From: NANOG 
mailto:nanog-bounces+ops.lists=gmail@nanog.org>>
 on behalf of William Herrin mailto:b...@herrin.us>>
Sent: Wednesday, August 24, 2022 7:03:52 AM
To: nanog@nanog.org<mailto:nanog@nanog.org> 
mailto:nanog@nanog.org>>
Subject: email spam

Hello,

To folks at places like Google and Godaddy which have gotten, shall we
say, overzealous about preventing spam from entering their systems,
consider the risk:

https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/

"Chesterfield County police said emails notifying Fairfax County
Public Schools that an employee was arrested and charged with
soliciting prostitution from a minor were not delivered to the school
system."

Long story short, the pedo kept his school job another year and a half.

There was once a time when both the outbound emails and the bounce
messages when they failed... worked. It was a spammy place but the
important emails got through.

Regards,
Bill Herrin

Re: email spam

2022-08-23 Thread Suresh Ramasubramanian

100%. Also - there’s no way to offer a delivery sla for email.  If you have 
something business critical, let alone anything that affects child safety, pick 
up a phone and call, or send an officer over to the school.

--srs

From: Eric Tykwinski 
Sent: Wednesday, August 24, 2022 8:14:16 AM
To: Suresh Ramasubramanian 
Cc: nanog@nanog.org 
Subject: Re: email spam

Sorry about the bad examples, but I remember contacting both about issues with 
SPF multiple times.  They both have seemed have to fixed things at least 
searching my logs for the last week.  Most of my customers have had to 
whitelist them though for past issues. It’s also 
ezpassnj.com<http://ezpassnj.com> for the NJ collection.  Point still stands, 
assume incompetence over malice.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

On Aug 23, 2022, at 10:20 PM, Eric Tykwinski 
mailto:eric-l...@truenet.com>> wrote:

Bill,

Not only that, did they even follow their own rules, I’ve been fighting with 
septa.org<http://septa.org/>, the Pennsylvania train authority, and 
easypassnj.com<http://easypassnj.com/>, the New Jersey transit toll collectors 
about invalid SPF records for years, and they literally don’t give a shit.  If 
they say to put it in spam, well than that is their own fault.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian 
mailto:ops.li...@gmail.com>> wrote:

Without saying why the mail was blocked (dumb content filter looking for porn? 
a spamhaus listing because the police server was hacked? something else?) 
that’s not going to help too much.

I’ve been spam filtering stuff at large providers since the late 90s and it 
never gets any easier to block 100% spam or let 100% legit mail through.

—srs

--srs

From: NANOG 
mailto:nanog-bounces+ops.lists=gmail@nanog.org>>
 on behalf of William Herrin mailto:b...@herrin.us>>
Sent: Wednesday, August 24, 2022 7:03:52 AM
To: nanog@nanog.org<mailto:nanog@nanog.org> 
mailto:nanog@nanog.org>>
Subject: email spam

Hello,

To folks at places like Google and Godaddy which have gotten, shall we
say, overzealous about preventing spam from entering their systems,
consider the risk:

https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/

"Chesterfield County police said emails notifying Fairfax County
Public Schools that an employee was arrested and charged with
soliciting prostitution from a minor were not delivered to the school
system."

Long story short, the pedo kept his school job another year and a half.

There was once a time when both the outbound emails and the bounce
messages when they failed... worked. It was a spammy place but the
important emails got through.

Regards,
Bill Herrin

Re: email spam

2022-08-23 Thread Eric Tykwinski

Sorry about the bad examples, but I remember contacting both about issues with 
SPF multiple times.  They both have seemed have to fixed things at least 
searching my logs for the last week.  Most of my customers have had to 
whitelist them though for past issues. It’s also ezpassnj.com for the NJ 
collection.  Point still stands, assume incompetence over malice.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Aug 23, 2022, at 10:20 PM, Eric Tykwinski  wrote:
> 
> Bill,
> 
> Not only that, did they even follow their own rules, I’ve been fighting with 
> septa.org <http://septa.org/>, the Pennsylvania train authority, and 
> easypassnj.com <http://easypassnj.com/>, the New Jersey transit toll 
> collectors about invalid SPF records for years, and they literally don’t give 
> a shit.  If they say to put it in spam, well than that is their own fault.
> 
> Sincerely,
> 
> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300
> 
>> On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian > <mailto:ops.li...@gmail.com>> wrote:
>> 
>> Without saying why the mail was blocked (dumb content filter looking for 
>> porn? a spamhaus listing because the police server was hacked? something 
>> else?) that’s not going to help too much.
>> 
>> I’ve been spam filtering stuff at large providers since the late 90s and it 
>> never gets any easier to block 100% spam or let 100% legit mail through.
>> 
>> —srs
>> 
>> --srs
>> From: NANOG > <mailto:nanog-bounces+ops.lists=gmail@nanog.org>> on behalf of William 
>> Herrin mailto:b...@herrin.us>>
>> Sent: Wednesday, August 24, 2022 7:03:52 AM
>> To: nanog@nanog.org <mailto:nanog@nanog.org> > <mailto:nanog@nanog.org>>
>> Subject: email spam
>>  
>> Hello,
>> 
>> To folks at places like Google and Godaddy which have gotten, shall we
>> say, overzealous about preventing spam from entering their systems,
>> consider the risk:
>> 
>> https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
>>  
>> <https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/>
>> 
>> "Chesterfield County police said emails notifying Fairfax County
>> Public Schools that an employee was arrested and charged with
>> soliciting prostitution from a minor were not delivered to the school
>> system."
>> 
>> Long story short, the pedo kept his school job another year and a half.
>> 
>> There was once a time when both the outbound emails and the bounce
>> messages when they failed... worked. It was a spammy place but the
>> important emails got through.
>> 
>> Regards,
>> Bill Herrin
>

Re: email spam

2022-08-23 Thread Eric Tykwinski

Bill,

Not only that, did they even follow their own rules, I’ve been fighting with 
septa.org, the Pennsylvania train authority, and easypassnj.com, the New Jersey 
transit toll collectors about invalid SPF records for years, and they literally 
don’t give a shit.  If they say to put it in spam, well than that is their own 
fault.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Aug 23, 2022, at 10:00 PM, Suresh Ramasubramanian  
> wrote:
> 
> Without saying why the mail was blocked (dumb content filter looking for 
> porn? a spamhaus listing because the police server was hacked? something 
> else?) that’s not going to help too much.
> 
> I’ve been spam filtering stuff at large providers since the late 90s and it 
> never gets any easier to block 100% spam or let 100% legit mail through.
> 
> —srs
> 
> --srs
> From: NANOG  on behalf of 
> William Herrin 
> Sent: Wednesday, August 24, 2022 7:03:52 AM
> To: nanog@nanog.org 
> Subject: email spam
>  
> Hello,
> 
> To folks at places like Google and Godaddy which have gotten, shall we
> say, overzealous about preventing spam from entering their systems,
> consider the risk:
> 
> https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/
>  
> <https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/>
> 
> "Chesterfield County police said emails notifying Fairfax County
> Public Schools that an employee was arrested and charged with
> soliciting prostitution from a minor were not delivered to the school
> system."
> 
> Long story short, the pedo kept his school job another year and a half.
> 
> There was once a time when both the outbound emails and the bounce
> messages when they failed... worked. It was a spammy place but the
> important emails got through.
> 
> Regards,
> Bill Herrin

Re: email spam

2022-08-23 Thread Suresh Ramasubramanian

Without saying why the mail was blocked (dumb content filter looking for porn? 
a spamhaus listing because the police server was hacked? something else?) 
that’s not going to help too much.

I’ve been spam filtering stuff at large providers since the late 90s and it 
never gets any easier to block 100% spam or let 100% legit mail through.

—srs

--srs

From: NANOG  on behalf of William 
Herrin 
Sent: Wednesday, August 24, 2022 7:03:52 AM
To: nanog@nanog.org 
Subject: email spam

Hello,

To folks at places like Google and Godaddy which have gotten, shall we
say, overzealous about preventing spam from entering their systems,
consider the risk:

https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/

"Chesterfield County police said emails notifying Fairfax County
Public Schools that an employee was arrested and charged with
soliciting prostitution from a minor were not delivered to the school
system."

Long story short, the pedo kept his school job another year and a half.

There was once a time when both the outbound emails and the bounce
messages when they failed... worked. It was a spammy place but the
important emails got through.

Regards,
Bill Herrin

email spam

2022-08-23 Thread William Herrin

Hello,

To folks at places like Google and Godaddy which have gotten, shall we
say, overzealous about preventing spam from entering their systems,
consider the risk:

https://www.washingtonpost.com/education/2022/08/23/fairfax-county-counselor-solicitation-minor/

"Chesterfield County police said emails notifying Fairfax County
Public Schools that an employee was arrested and charged with
soliciting prostitution from a minor were not delivered to the school
system."

Long story short, the pedo kept his school job another year and a half.

There was once a time when both the outbound emails and the bounce
messages when they failed... worked. It was a spammy place but the
important emails got through.

Regards,
Bill Herrin

Re: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-21 Thread bzs



FWIW the term I'd use is "swatting" rather than "joe job".

Perhaps picky but it may be the right interpretation, someone is
trying to get someone else arrested and in some dramatic fashion, not
just harassed.

On October 21, 2021 at 16:43 hanni...@gmail.com (Martin Hannigan) wrote:
 > 
 > Hi Becki,
 > 
 > For me, it's not credible enough to put resources into pursuing it. Beyond 
 > that
 > any benefits as a result of tracking it down would probably be less than 
 > zero.
 > I posted the contents and headers in pastebin so if it had value to anyone 
 > else
 > they'd be able to take advantage of it.
 > 
 > Warm regards,
 > 
 > -M<
 > 
 > 
 > On Thu, Oct 21, 2021 at 9:24 AM Kain, Becki (.)  wrote:
 > 
 > 
 > So what ever happened to the threatener?  Was he caught?
 > 
 >  
 > 
 > From: NANOG  On Behalf Of Martin
 > Hannigan
 > Sent: Wednesday, October 20, 2021 11:44 PM
 > To: Omar Haider 
 > Cc: nanog 
 > Subject: Re: [External] Re: Anyone else getting the 'spam' bomb threat?
 > 
 >  
 > 
 > WARNING: This message originated outside of Ford Motor Company. Use 
 > caution
 > when opening attachments, clicking links, or responding.
 > 
 >  
 > 
 >  
 > 
 > Hi Omar, 
 > 
 >  
 > 
 > This is likely a hoax. Probably a “joe job” - making it appear as someone
 > innocent is responsible. Its good to share this info to raise  network
 > operators awareness since even if it is fake its concerning how many
 > received it. 
 > 
 >  
 > 
 > I’ll leave it to the pros here to tell us if we shouldn’t worry.
 > 
 >  
 > 
 > Warm regards,
 > 
 >  
 > 
 > -M<
 > 
 >  
 > 
 >  
 > 
 >  
 > 
 > On Wed, Oct 20, 2021 at 21:18 Omar Haider  wrote:
 > 
 > I feel uncomfortable in this newsletter
 > 
 >  
 > 
 > On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan 
 > wrote:
 > 
 >  
 > 
 >  
 > 
 > I put what we received up on pastebin entirely with headers (and
 > redacted our info).
 > 
 >  
 > 
 > https://pastebin.com/kLjPm8Nk
 > 
 >  
 > 
 > Warm regards,
 > 
 >  
 > 
 > -M<
 > 
 >  
 > 
 >  
 > 
 >  
 > 
 > On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean <
 > na...@radu-adrian.feurdean.net> wrote:
 > 
 > On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG 
 > wrote:
 > > We have a distinct abuse address (not just abuse@) and that
 > is where
 > > the messages were sent.
 > >
 > > We didn't receive the bomb threat ones. We only received 
 > the
 > (somewhat
 > > more amusing) messages entitled "Your network has been 
 > PWNED"
 > and
 > > "Fuck you".
 > 
 > Hi,
 > 
 > We got the same here at France-IX. It was on friday 15th.
 > Hopefully, they "PWNED" all our Cisco and Mikrotik routers 
 > (of
 > which we have none).
 > 
 > > The situation loses its humor entirely with the 
 > introduction
 > of bomb
 > > threats. Seems like a script kiddie taking things way too
 > far.
 > 
 > I heard that yesterday (19th) evening there was law 
 > enforcement
 > deployment and evacuation in the area of a major Paris (FR, 
 > EU)
 > telco hotel, apparently due to "threats to a business in the
 > area". Details (popcorn) on FrNOG (in french) : https://
 > www.mail-archive.com/frnog@frnog.org/msg67540.html
 > 

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-21 Thread Martin Hannigan

Hi Becki,

For me, it's not credible enough to put resources into pursuing it. Beyond
that any benefits as a result of tracking it down would probably be less
than zero. I posted the contents and headers in pastebin so if it had value
to anyone else they'd be able to take advantage of it.

Warm regards,

-M<


On Thu, Oct 21, 2021 at 9:24 AM Kain, Becki (.)  wrote:

> So what ever happened to the threatener?  Was he caught?
>
>
>
> *From:* NANOG  *On Behalf Of *Martin
> Hannigan
> *Sent:* Wednesday, October 20, 2021 11:44 PM
> *To:* Omar Haider 
> *Cc:* nanog 
> *Subject:* Re: [External] Re: Anyone else getting the 'spam' bomb threat?
>
>
>
> WARNING: This message originated outside of Ford Motor Company. Use
> caution when opening attachments, clicking links, or responding.
>
>
>
>
>
> Hi Omar,
>
>
>
> This is likely a hoax. Probably a “joe job” - making it appear as someone
> innocent is responsible. Its good to share this info to raise  network
> operators awareness since even if it is fake its concerning how many
> received it.
>
>
>
> I’ll leave it to the pros here to tell us if we shouldn’t worry.
>
>
>
> Warm regards,
>
>
>
> -M<
>
>
>
>
>
>
>
> On Wed, Oct 20, 2021 at 21:18 Omar Haider  wrote:
>
> I feel uncomfortable in this newsletter
>
>
>
> On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan  wrote:
>
>
>
>
>
> I put what we received up on pastebin entirely with headers (and redacted
> our info).
>
>
>
> https://pastebin.com/kLjPm8Nk
> <https://clicktime.symantec.com/35Wa5BUMZ7c8nUrobeoNvR67Vc?u=https%3A%2F%2Fpastebin.com%2FkLjPm8Nk>
>
>
>
> Warm regards,
>
>
>
> -M<
>
>
>
>
>
>
>
> On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean <
> na...@radu-adrian.feurdean.net> wrote:
>
> On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
> > We have a distinct abuse address (not just abuse@) and that is where
> > the messages were sent.
> >
> > We didn't receive the bomb threat ones. We only received the (somewhat
> > more amusing) messages entitled "Your network has been PWNED" and
> > "Fuck you".
>
> Hi,
>
> We got the same here at France-IX. It was on friday 15th. Hopefully, they
> "PWNED" all our Cisco and Mikrotik routers (of which we have none).
>
> > The situation loses its humor entirely with the introduction of bomb
> > threats. Seems like a script kiddie taking things way too far.
>
> I heard that yesterday (19th) evening there was law enforcement deployment
> and evacuation in the area of a major Paris (FR, EU) telco hotel,
> apparently due to "threats to a business in the area". Details (popcorn) on
> FrNOG (in french) :
> https://www.mail-archive.com/frnog@frnog.org/msg67540.html
> <https://clicktime.symantec.com/3P7mG6Lx8b2Qo7sjs1uqaSZ7Vc?u=https%3A%2F%2Fwww.mail-archive.com%2Ffrnog%40frnog.org%2Fmsg67540.html>
>
>

RE: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-21 Thread Kain, Becki (.)

So what ever happened to the threatener?  Was he caught?

From: NANOG  On Behalf Of Martin 
Hannigan
Sent: Wednesday, October 20, 2021 11:44 PM
To: Omar Haider 
Cc: nanog 
Subject: Re: [External] Re: Anyone else getting the 'spam' bomb threat?

WARNING: This message originated outside of Ford Motor Company. Use caution 
when opening attachments, clicking links, or responding.

Hi Omar,

This is likely a hoax. Probably a “joe job” - making it appear as someone 
innocent is responsible. Its good to share this info to raise  network 
operators awareness since even if it is fake its concerning how many received 
it.

I’ll leave it to the pros here to tell us if we shouldn’t worry.

Warm regards,

-M<

On Wed, Oct 20, 2021 at 21:18 Omar Haider 
mailto:mrhdr...@gmail.com>> wrote:
I feel uncomfortable in this newsletter

On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan 
mailto:hanni...@gmail.com>> wrote:

I put what we received up on pastebin entirely with headers (and redacted our 
info).

https://pastebin.com/kLjPm8Nk<https://clicktime.symantec.com/35Wa5BUMZ7c8nUrobeoNvR67Vc?u=https%3A%2F%2Fpastebin.com%2FkLjPm8Nk>

Warm regards,

-M<

On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean 
mailto:na...@radu-adrian.feurdean.net>> wrote:
On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
> We have a distinct abuse address (not just abuse@) and that is where
> the messages were sent.
>
> We didn't receive the bomb threat ones. We only received the (somewhat
> more amusing) messages entitled "Your network has been PWNED" and
> "Fuck you".

Hi,

We got the same here at France-IX. It was on friday 15th. Hopefully, they 
"PWNED" all our Cisco and Mikrotik routers (of which we have none).

> The situation loses its humor entirely with the introduction of bomb
> threats. Seems like a script kiddie taking things way too far.

I heard that yesterday (19th) evening there was law enforcement deployment and 
evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to 
"threats to a business in the area". Details (popcorn) on FrNOG (in french) : 
https://www.mail-archive.com/frnog@frnog.org/msg67540.html<https://clicktime.symantec.com/3P7mG6Lx8b2Qo7sjs1uqaSZ7Vc?u=https%3A%2F%2Fwww.mail-archive.com%2Ffrnog%40frnog.org%2Fmsg67540.html>

Re: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-20 Thread Martin Hannigan

Hi Omar,

This is likely a hoax. Probably a “joe job” - making it appear as someone
innocent is responsible. Its good to share this info to raise  network
operators awareness since even if it is fake its concerning how many
received it.

I’ll leave it to the pros here to tell us if we shouldn’t worry.

Warm regards,

-M<



On Wed, Oct 20, 2021 at 21:18 Omar Haider  wrote:

> I feel uncomfortable in this newsletter
>
> On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan  wrote:
>
>>
>>
>> I put what we received up on pastebin entirely with headers (and redacted
>> our info).
>>
>> https://pastebin.com/kLjPm8Nk
>>
>> Warm regards,
>>
>> -M<
>>
>>
>>
>> On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean <
>> na...@radu-adrian.feurdean.net> wrote:
>>
>>> On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
>>> > We have a distinct abuse address (not just abuse@) and that is where
>>> > the messages were sent.
>>> >
>>> > We didn't receive the bomb threat ones. We only received the (somewhat
>>> > more amusing) messages entitled "Your network has been PWNED" and
>>> > "Fuck you".
>>>
>>> Hi,
>>>
>>> We got the same here at France-IX. It was on friday 15th. Hopefully,
>>> they "PWNED" all our Cisco and Mikrotik routers (of which we have none).
>>>
>>> > The situation loses its humor entirely with the introduction of bomb
>>> > threats. Seems like a script kiddie taking things way too far.
>>>
>>> I heard that yesterday (19th) evening there was law enforcement
>>> deployment and evacuation in the area of a major Paris (FR, EU) telco
>>> hotel, apparently due to "threats to a business in the area". Details
>>> (popcorn) on FrNOG (in french) :
>>> https://www.mail-archive.com/frnog@frnog.org/msg67540.html
>>>
>>

Re: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-20 Thread Martin Hannigan

I put what we received up on pastebin entirely with headers (and redacted
our info).

https://pastebin.com/kLjPm8Nk

Warm regards,

-M<



On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean <
na...@radu-adrian.feurdean.net> wrote:

> On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
> > We have a distinct abuse address (not just abuse@) and that is where
> > the messages were sent.
> >
> > We didn't receive the bomb threat ones. We only received the (somewhat
> > more amusing) messages entitled "Your network has been PWNED" and
> > "Fuck you".
>
> Hi,
>
> We got the same here at France-IX. It was on friday 15th. Hopefully, they
> "PWNED" all our Cisco and Mikrotik routers (of which we have none).
>
> > The situation loses its humor entirely with the introduction of bomb
> > threats. Seems like a script kiddie taking things way too far.
>
> I heard that yesterday (19th) evening there was law enforcement deployment
> and evacuation in the area of a major Paris (FR, EU) telco hotel,
> apparently due to "threats to a business in the area". Details (popcorn) on
> FrNOG (in french) :
> https://www.mail-archive.com/frnog@frnog.org/msg67540.html
>

Re: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-20 Thread Radu-Adrian Feurdean

On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
> We have a distinct abuse address (not just abuse@) and that is where
> the messages were sent.
>
> We didn't receive the bomb threat ones. We only received the (somewhat
> more amusing) messages entitled "Your network has been PWNED" and
> "Fuck you".

Hi,

We got the same here at France-IX. It was on friday 15th. Hopefully, they 
"PWNED" all our Cisco and Mikrotik routers (of which we have none).

> The situation loses its humor entirely with the introduction of bomb
> threats. Seems like a script kiddie taking things way too far.

I heard that yesterday (19th) evening there was law enforcement deployment and 
evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to 
"threats to a business in the area". Details (popcorn) on FrNOG (in french) : 
https://www.mail-archive.com/frnog@frnog.org/msg67540.html

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Baldur Norddahl

On Tue, 19 Oct 2021 at 19:20, Kain, Becki (.)  wrote:

> The thing is, who is in office to care?  Oh wait, guess equipment *is*
> important
>
>
For how long did you keep up with the evacuation of the equipment? :-)

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Neil Hanlon

scammers and attackers aren't well known for their eloquent prose...

As soon as you decide to not take one thing seriously, how do you draw the
line? three spelling mistakes and the wrong tense of a verb means its fake?
I'd rather not play chicken with peoples' lives.


On Tue, Oct 19, 2021, 14:11 Matt Hoppes 
wrote:

> Honestly, for how 'spammy' that e-mail looked it's hard to believe
> anyone took it seriously - but also, you never know.
>
> On 10/19/21 12:51 PM, Jon Sands wrote:
> > The kid sending these (if it is Bytefend, who has a history/tweets of
> > bragging about attacking Frantech within the past month if I understand
> > correctly) is going to be looking at serious jail time given the amount
> > of evacuations he's caused already. A brief list:
> >
> >
> https://abc6onyourside.com/news/local/police-clear-downtown-columbus-building-after-bomb-threat-10-19-2021
> >
> >
> https://miami.cbslocal.com/2021/10/19/miami-att-call-center-evacuated-bomb-threat/
> >
> >
> https://www.wwlp.com/news/local-news/franklin-county/greenfield-police-and-fire-investigate-bomb-threat-at-gcet/amp/
> >
> >
> https://www.mystateline.com/news/local-news/rockford-university-evacuated-due-to-bomb-threat/amp/
> >
> > https://globalnews.ca/news/8274492/bomb-threats-kitchener-waterloo/amp/
> >
> > https://amp.newsobserver.com/news/local/crime/article255116937.html
> >
> >
> https://www.technicianonline.com/news/nc-state-receives-bomb-threat-university-police-close-section-of-hillsborough-st/article_2ceca39e-30ea-11ec-a068-47bacab4a0f0.html
> >
> > On Tue, Oct 19, 2021, 11:30 AM Miles Fidelman
> > mailto:mfidel...@meetinghouse.net>> wrote:
> >
> > Matt Hoppes wrote:
> >  > I've now heard from several operators - our selves included -
> about
> >  > getting an e-mail bomb threat to our datacenters asking for
> > $5,000 USD
> >  > or the "bomb will be detonated".
> >  >
> >  > Is this being seen on a wide spread e-mail blast to the RIR
> > contacts,
> >  > or am I just unlucky to know like 6 other data center folks who
> have
> >  > also gotten this e-mail?
> >  >
> >  >  It seems like a very odd/bizarre spam/threat campaign which would
> >  > carry significant jail time.
> >
> > And now I REALLY want to get moving on a service to drop a drone on
> > spammers.  (Active Countermeasures!)
> >
> > Miles Fidelman
> >
> > --
> > In theory, there is no difference between theory and practice.
> > In practice, there is.   Yogi Berra
> >
> > Theory is when you know everything but nothing works.
> > Practice is when everything works but no one knows why.
> > In our lab, theory and practice are combined:
> > nothing works and no one knows why.  ... unknown
> >
>

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Matt Hoppes

Honestly, for how 'spammy' that e-mail looked it's hard to believe 
anyone took it seriously - but also, you never know.

On 10/19/21 12:51 PM, Jon Sands wrote:
The kid sending these (if it is Bytefend, who has a history/tweets of 
bragging about attacking Frantech within the past month if I understand 
correctly) is going to be looking at serious jail time given the amount 
of evacuations he's caused already. A brief list:

https://abc6onyourside.com/news/local/police-clear-downtown-columbus-building-after-bomb-threat-10-19-2021

https://miami.cbslocal.com/2021/10/19/miami-att-call-center-evacuated-bomb-threat/

https://www.wwlp.com/news/local-news/franklin-county/greenfield-police-and-fire-investigate-bomb-threat-at-gcet/amp/

https://www.mystateline.com/news/local-news/rockford-university-evacuated-due-to-bomb-threat/amp/

https://globalnews.ca/news/8274492/bomb-threats-kitchener-waterloo/amp/

https://amp.newsobserver.com/news/local/crime/article255116937.html

https://www.technicianonline.com/news/nc-state-receives-bomb-threat-university-police-close-section-of-hillsborough-st/article_2ceca39e-30ea-11ec-a068-47bacab4a0f0.html

On Tue, Oct 19, 2021, 11:30 AM Miles Fidelman 
mailto:mfidel...@meetinghouse.net>> wrote:

Matt Hoppes wrote:
 > I've now heard from several operators - our selves included - about
 > getting an e-mail bomb threat to our datacenters asking for
$5,000 USD
 > or the "bomb will be detonated".
 >
 > Is this being seen on a wide spread e-mail blast to the RIR
contacts,
 > or am I just unlucky to know like 6 other data center folks who have
 > also gotten this e-mail?
 >
 >  It seems like a very odd/bizarre spam/threat campaign which would
 > carry significant jail time.

And now I REALLY want to get moving on a service to drop a drone on
spammers.  (Active Countermeasures!)

Miles Fidelman

-- 
In theory, there is no difference between theory and practice.

In practice, there is.   Yogi Berra

Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and no one knows why.  ... unknown

RE: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Kain, Becki (.)

The thing is, who is in office to care?  Oh wait, guess equipment *is* important

-Original Message-
From: NANOG  On Behalf Of Sadiq Saif
Sent: Tuesday, October 19, 2021 9:11 AM
To: nanog@nanog.org
Subject: Re: Anyone else getting the 'spam' bomb threat?

WARNING: This message originated outside of Ford Motor Company. Use caution 
when opening attachments, clicking links, or responding.

On Tue, 19 Oct 2021, at 08:40, Matt Hoppes wrote:
> Are you contacting your LEO?  Or is this so spammy just hit delete?
>
> I feel like even spam chosen poorly comes with consequences.

I hit delete after I saw Frantech had already reported it the FBI as per their 
website.

Whoever this is seems to be scraping ASN WHOIS data, the spam got sent to the 
noc@ address that's in whois for my ASN and IP space.
--
Sadiq Saif
https://clicktime.symantec.com/3CGqBWqm6zQeVfjidfCLhna7Vc?u=https%3A%2F%2Fbastetrix.com

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Jon Sands

The kid sending these (if it is Bytefend, who has a history/tweets of
bragging about attacking Frantech within the past month if I understand
correctly) is going to be looking at serious jail time given the amount of
evacuations he's caused already. A brief list:

https://abc6onyourside.com/news/local/police-clear-downtown-columbus-building-after-bomb-threat-10-19-2021

https://miami.cbslocal.com/2021/10/19/miami-att-call-center-evacuated-bomb-threat/

https://www.wwlp.com/news/local-news/franklin-county/greenfield-police-and-fire-investigate-bomb-threat-at-gcet/amp/

https://www.mystateline.com/news/local-news/rockford-university-evacuated-due-to-bomb-threat/amp/

https://globalnews.ca/news/8274492/bomb-threats-kitchener-waterloo/amp/

https://amp.newsobserver.com/news/local/crime/article255116937.html

https://www.technicianonline.com/news/nc-state-receives-bomb-threat-university-police-close-section-of-hillsborough-st/article_2ceca39e-30ea-11ec-a068-47bacab4a0f0.html

On Tue, Oct 19, 2021, 11:30 AM Miles Fidelman 
wrote:

> Matt Hoppes wrote:
> > I've now heard from several operators - our selves included - about
> > getting an e-mail bomb threat to our datacenters asking for $5,000 USD
> > or the "bomb will be detonated".
> >
> > Is this being seen on a wide spread e-mail blast to the RIR contacts,
> > or am I just unlucky to know like 6 other data center folks who have
> > also gotten this e-mail?
> >
> >  It seems like a very odd/bizarre spam/threat campaign which would
> > carry significant jail time.
>
> And now I REALLY want to get moving on a service to drop a drone on
> spammers.  (Active Countermeasures!)
>
> Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
>
> Theory is when you know everything but nothing works.
> Practice is when everything works but no one knows why.
> In our lab, theory and practice are combined:
> nothing works and no one knows why.  ... unknown
>
>

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Miles Fidelman


Matt Hoppes wrote:
I've now heard from several operators - our selves included - about 
getting an e-mail bomb threat to our datacenters asking for $5,000 USD 
or the "bomb will be detonated".


Is this being seen on a wide spread e-mail blast to the RIR contacts, 
or am I just unlucky to know like 6 other data center folks who have 
also gotten this e-mail?


 It seems like a very odd/bizarre spam/threat campaign which would 
carry significant jail time.


And now I REALLY want to get moving on a service to drop a drone on 
spammers.  (Active Countermeasures!)


Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and no one knows why.  ... unknown

Re: [External] Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Hunter Fuller via NANOG

We have a distinct abuse address (not just abuse@) and that is where
the messages were sent.

We didn't receive the bomb threat ones. We only received the (somewhat
more amusing) messages entitled "Your network has been PWNED" and
"Fuck you".
The situation loses its humor entirely with the introduction of bomb
threats. Seems like a script kiddie taking things way too far.

--
Hunter Fuller (they)
Router Jockey
VBH M-1A
+1 256 824 5331

Office of Information Technology
The University of Alabama in Huntsville
Network Engineering

On Tue, Oct 19, 2021 at 8:57 AM Sadiq Saif  wrote:
>
> On Tue, 19 Oct 2021, at 08:40, Matt Hoppes wrote:
> > Are you contacting your LEO?  Or is this so spammy just hit delete?
> >
> > I feel like even spam chosen poorly comes with consequences.
>
> I hit delete after I saw Frantech had already reported it the FBI as per 
> their website.
>
> Whoever this is seems to be scraping ASN WHOIS data, the spam got sent to the 
> noc@ address that's in whois for my ASN and IP space.
> --
> Sadiq Saif
> https://bastetrix.com

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Sadiq Saif

On Tue, 19 Oct 2021, at 08:40, Matt Hoppes wrote:
> Are you contacting your LEO?  Or is this so spammy just hit delete?
>
> I feel like even spam chosen poorly comes with consequences.

I hit delete after I saw Frantech had already reported it the FBI as per their 
website.

Whoever this is seems to be scraping ASN WHOIS data, the spam got sent to the 
noc@ address that's in whois for my ASN and IP space.
-- 
Sadiq Saif
https://bastetrix.com

RE: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Robert Berlin

We received 2, and I heard from other operators that they had received it as 
well. This is the second or third "threat" in a matter of a couple of weeks. 
Seems like someone scraped some information from somewhere.

From: Travis Garrison 
Sent: 10/19/21 8:32 AM
To: Matt Hoppes 
Cc: "Nanog@nanog.org" 
Subject: RE: Anyone else getting the 'spam' bomb threat?

Yup, same here

Travis
From: NANOG  On Behalf Of 
Shawn L via NANOG
Sent: Tuesday, October 19, 2021 7:25 AM
To: Matt Hoppes 
Cc: North American Network Operators' Group 
Subject: RE: Anyone else getting the 'spam' bomb threat?

we received it as well

 -Original Message-
From: "Matt Hoppes" 
Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" 
Subject: Anyone else getting the 'spam' bomb threat?
I've now heard from several operators - our selves included - about
getting an e-mail bomb threat to our datacenters asking for $5,000 USD
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or
am I just unlucky to know like 6 other data center folks who have also
gotten this e-mail?

It seems like a very odd/bizarre spam/threat campaign which would
carry significant jail time.

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Siyuan Miao

Yes, it's from the operator of bytefend and they have been sending numerous
threatening emails for months.

You can check the statement from the victim Frantech from the link below:

https://frantech.ca/

On Tue, Oct 19, 2021 at 9:34 PM Ray Bellis  wrote:

>
>
> On 19/10/2021 13:29, Travis Garrison wrote:
>
> > Yup, same here
>
> and here.
>
> For now we're just ignoring it, but if anyone wants to quote us (ISC, a
> DNS root server operator) in the event of law enforcement action please
> let me know.
>
> Ray
>
>

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Ray Bellis




On 19/10/2021 13:29, Travis Garrison wrote:

> Yup, same here

and here.

For now we're just ignoring it, but if anyone wants to quote us (ISC, a
DNS root server operator) in the event of law enforcement action please
let me know.

Ray

RE: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Milt Aitken

I got one and I don’t have a datacenter.  I’d better check my pockets….

From: NANOG [mailto:nanog-bounces+milt=net2atlanta@nanog.org] On Behalf Of 
Travis Garrison
Sent: Tuesday, October 19, 2021 8:29 AM
To: Matt Hoppes
Cc: Nanog@nanog.org
Subject: RE: Anyone else getting the 'spam' bomb threat?

Yup, same here

Travis

From: NANOG  On Behalf Of 
Shawn L via NANOG
Sent: Tuesday, October 19, 2021 7:25 AM
To: Matt Hoppes 
Cc: North American Network Operators' Group 
Subject: RE: Anyone else getting the 'spam' bomb threat?

we received it as well

-Original Message-
From: "Matt Hoppes" < <mailto:mattli...@rivervalleyinternet.net> 
mattli...@rivervalleyinternet.net>
Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" < <mailto:nanog@nanog.org> 
nanog@nanog.org>
Subject: Anyone else getting the 'spam' bomb threat?

I've now heard from several operators - our selves included - about 
getting an e-mail bomb threat to our datacenters asking for $5,000 USD 
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or 
am I just unlucky to know like 6 other data center folks who have also 
gotten this e-mail?

It seems like a very odd/bizarre spam/threat campaign which would 
carry significant jail time.

Re: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Matt Hoppes


Are you contacting your LEO?  Or is this so spammy just hit delete?

I feel like even spam chosen poorly comes with consequences.

On 10/19/21 8:29 AM, Travis Garrison wrote:

Yup, same here

Travis

*From:* NANOG  *On 
Behalf Of *Shawn L via NANOG

*Sent:* Tuesday, October 19, 2021 7:25 AM
*To:* Matt Hoppes 
*Cc:* North American Network Operators' Group 
*Subject:* RE: Anyone else getting the 'spam' bomb threat?

we received it as well


-Original Message-
From: "Matt Hoppes" <mailto:mattli...@rivervalleyinternet.net>>

Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" <mailto:nanog@nanog.org>>

Subject: Anyone else getting the 'spam' bomb threat?

I've now heard from several operators - our selves included - about
getting an e-mail bomb threat to our datacenters asking for $5,000 USD
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or
am I just unlucky to know like 6 other data center folks who have also
gotten this e-mail?

It seems like a very odd/bizarre spam/threat campaign which would
carry significant jail time.

RE: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Travis Garrison

Yup, same here

Travis
From: NANOG  On Behalf Of 
Shawn L via NANOG
Sent: Tuesday, October 19, 2021 7:25 AM
To: Matt Hoppes 
Cc: North American Network Operators' Group 
Subject: RE: Anyone else getting the 'spam' bomb threat?

we received it as well

-Original Message-
From: "Matt Hoppes" 
mailto:mattli...@rivervalleyinternet.net>>
Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" 
mailto:nanog@nanog.org>>
Subject: Anyone else getting the 'spam' bomb threat?

I've now heard from several operators - our selves included - about
getting an e-mail bomb threat to our datacenters asking for $5,000 USD
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or
am I just unlucky to know like 6 other data center folks who have also
gotten this e-mail?

It seems like a very odd/bizarre spam/threat campaign which would
carry significant jail time.

RE: Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Shawn L via NANOG

we received it as well

-Original Message-
From: "Matt Hoppes" 
Sent: Tuesday, October 19, 2021 8:21am
To: "North American Network Operators' Group" 
Subject: Anyone else getting the 'spam' bomb threat?

I've now heard from several operators - our selves included - about 
getting an e-mail bomb threat to our datacenters asking for $5,000 USD 
or the "bomb will be detonated".

Is this being seen on a wide spread e-mail blast to the RIR contacts, or 
am I just unlucky to know like 6 other data center folks who have also 
gotten this e-mail?

 It seems like a very odd/bizarre spam/threat campaign which would 
carry significant jail time.

Anyone else getting the 'spam' bomb threat?

2021-10-19 Thread Matt Hoppes

I've now heard from several operators - our selves included - about 
getting an e-mail bomb threat to our datacenters asking for $5,000 USD 
or the "bomb will be detonated".


Is this being seen on a wide spread e-mail blast to the RIR contacts, or 
am I just unlucky to know like 6 other data center folks who have also 
gotten this e-mail?


 It seems like a very odd/bizarre spam/threat campaign which would 
carry significant jail time.

Re: Admin for .tk (not a spam/abuse complaint!)

2021-09-29 Thread Jeroen Massar via NANOG


On 2021-09-29 01:03, Tim Harman via NANOG wrote:
[..]

{11:58}~ ➭ dig @194.0.41.1 test.tk

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @194.0.41.1 test.tk
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached


A traceroute with a source IP would be sooo useful.

Also, don't forget to check things like RIPE ATLAS, or join NLNOG RING 
to be able to determine where you might have connectivity issues.


Greets,
 Jeroen

Admin for .tk (not a spam/abuse complaint!)

2021-09-29 Thread Tim Harman via NANOG


Hi,

If anyone has contact details for the operators of the .tk TLD, could 
you contact me off-list please?


We are unable to contact the authoritive NS for this TLD - it seems our 
range is on a blacklist or they have some odd route back to us that 
isn't working.

Thus our customers can't resolve any .tk names.

I've tried mailing a few @dot.tk (from a host that has no trouble 
resolving the domain!) but have heard nothing back.


Specifically after a contact for whoever maintains

;; ADDITIONAL SECTION:
a.ns.tk.172800  IN  A   194.0.38.1
b.ns.tk.172800  IN  A   194.0.39.1
c.ns.tk.172800  IN  A   194.0.40.1
d.ns.tk.172800  IN  A   194.0.41.1

{11:58}~ ➭ dig @194.0.41.1 test.tk

; <<>> DiG 9.11.5-P4-5.1+deb10u5-Debian <<>> @194.0.41.1 test.tk
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Many Thanks,

Tim

Re: DoNotPay Spam?

2021-01-14 Thread Robert Webb

Thank you for the follow up and your time to take care of  this.

On Thu, Jan 14, 2021 at 3:33 PM Mel Beckman  wrote:

> After we began the process to serve their agent for legal service, the CEO
> emailed me the following assertion that they’ve fixed the issue, including
> the missing unsubscribe. We are waiting to see if the fix has indeed been
> made.
>
> -mel
>
> Begin forwarded message:
>
> On Jan 14, 2021, at 12:13 PM, Joshua Browder  wrote:
>
>
> 
>
> Hi Mel,
>
>
> My name is Joshua and I am the CEO of DoNotPay. I am writing to say that
> the issue with the emails has finally been fixed. Specifically, we
> identified two problems:
>
>
> 1. We had logic that replied to an email if a user with an account didn't
> sign up. Someone who had signed up to the mailing list was automatically
> forwarding these emails to us. The system then replied to the mailing list
> serv. We have fixed this logic.
>
>
> 2. Because someone would forward an email to us (and would therefore have
> an account) we did not anticipate that the receiver of the automatic reply
> would want to unsubscribe. As a final last line of defence, we have also
> fixed the manage preferences/unsubscribe link to allow any recipient to
> unsubscribe automatically.
>
>
> I apologize that you had to deal with this. Our support over the holiday
> season was not qualified to understand the issue and so may have given
> confusing responses. It is not worth it to upset people in this way and
> this confusion was entirely unintentional. It has since been resolved.
>
>
> Please let me know if you have any further questions/issues at this email.
> Alternatively, my cell is xxx-xxx-.
>
>
> Best regards,
>
> Joshua
>
>
> On Jan 13, 2021, at 8:33 PM, J. Hellenthal via NANOG 
> wrote:
>
>  Any chance the HTML can be turned off ?
>
> ;-)
>
> --
>  J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says
> a lot about anticipated traffic volume.
>
> On Jan 13, 2021, at 19:18, Mel Beckman  wrote:
>
>  Tons, and we are litigating them. They are spamming most of the
> addresses in several of our domains.
>
> -mel via cell
>
> On Jan 13, 2021, at 2:18 PM, Mike Hammett  wrote:
>
> 
> I have reached out to the list admins and the donotpay people and they're
> working on it.
>
> In short, someone that uses that service reported the NANOG list as SPAM
> to the DoNotPay service.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
> --
> *From: *"Robert Webb" 
> *To: *"NANOG list" 
> *Sent: *Wednesday, January 13, 2021 4:06:15 PM
> *Subject: *DoNotPay Spam?
>
> Anyone else getting spam from DoNotPay everytime they send an email to the
> list?
>
> I have not sent anything in a while until my ATT email and now I am
> getting this on every new email I send to the list.
>
> [image: Alternate text]
>
>
> *You’re almost there! Sign up once to unlock lifetime protection (and even
> compensation) on all spam emails. *
>
>

Re: DoNotPay Spam?

2021-01-14 Thread Mel Beckman

After we began the process to serve their agent for legal service, the CEO 
emailed me the following assertion that they’ve fixed the issue, including the 
missing unsubscribe. We are waiting to see if the fix has indeed been made.

-mel

Begin forwarded message:
On Jan 14, 2021, at 12:13 PM, Joshua Browder  wrote:


Hi Mel,

My name is Joshua and I am the CEO of DoNotPay. I am writing to say that the 
issue with the emails has finally been fixed. Specifically, we identified two 
problems:

1. We had logic that replied to an email if a user with an account didn't sign 
up. Someone who had signed up to the mailing list was automatically forwarding 
these emails to us. The system then replied to the mailing list serv. We have 
fixed this logic.

2. Because someone would forward an email to us (and would therefore have an 
account) we did not anticipate that the receiver of the automatic reply would 
want to unsubscribe. As a final last line of defence, we have also fixed the 
manage preferences/unsubscribe link to allow any recipient to unsubscribe 
automatically.

I apologize that you had to deal with this. Our support over the holiday season 
was not qualified to understand the issue and so may have given confusing 
responses. It is not worth it to upset people in this way and this confusion 
was entirely unintentional. It has since been resolved.

Please let me know if you have any further questions/issues at this email. 
Alternatively, my cell is xxx-xxx-.

Best regards,
Joshua

On Jan 13, 2021, at 8:33 PM, J. Hellenthal via NANOG  wrote:

 Any chance the HTML can be turned off ?

;-)

--
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

On Jan 13, 2021, at 19:18, Mel Beckman  wrote:

 Tons, and we are litigating them. They are spamming most of the addresses in 
several of our domains.

-mel via cell

On Jan 13, 2021, at 2:18 PM, Mike Hammett  wrote:


I have reached out to the list admins and the donotpay people and they're 
working on it.

In short, someone that uses that service reported the NANOG list as SPAM to the 
DoNotPay service.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Robert Webb" 
To: "NANOG list" 
Sent: Wednesday, January 13, 2021 4:06:15 PM
Subject: DoNotPay Spam?

Anyone else getting spam from DoNotPay everytime they send an email to the list?

I have not sent anything in a while until my ATT email and now I am getting 
this on every new email I send to the list.

[Alternate text]


You’re almost there! Sign up once to unlock lifetime protection (and even 
compensation) on all spam emails.

Re: DoNotPay Spam?

2021-01-13 Thread J. Hellenthal via NANOG

Any chance the HTML can be turned off ? 

;-)

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Jan 13, 2021, at 19:18, Mel Beckman  wrote:
> 
>  Tons, and we are litigating them. They are spamming most of the addresses 
> in several of our domains. 
> 
> -mel via cell
> 
>>> On Jan 13, 2021, at 2:18 PM, Mike Hammett  wrote:
>>> 
>> 
>> I have reached out to the list admins and the donotpay people and they're 
>> working on it.
>> 
>> In short, someone that uses that service reported the NANOG list as SPAM to 
>> the DoNotPay service.
>> 
>> 
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>> 
>> Midwest-IX
>> http://www.midwest-ix.com
>> 
>> From: "Robert Webb" 
>> To: "NANOG list" 
>> Sent: Wednesday, January 13, 2021 4:06:15 PM
>> Subject: DoNotPay Spam?
>> 
>> Anyone else getting spam from DoNotPay everytime they send an email to the 
>> list?
>> 
>> I have not sent anything in a while until my ATT email and now I am getting 
>> this on every new email I send to the list.
>> 
>> 
>> 
>> You’re almost there! Sign up once to unlock lifetime protection (and even 
>> compensation) on all spam emails.
>>

Re: DoNotPay Spam?

2021-01-13 Thread Mel Beckman

DoNotPay is a spammer and by all accounts a scammer too. They violate the US 
CAN SPAM Act by not including a clear opt-out mechanism (their Manage 
Preferences link leads to an “unsubscribe” form that in reality signs people up 
to your service!) I’ve also repeatedly ask that they unsubscribe all the emails 
in our domains, and they repeatedly claim, falsely, that we ever mentioned any 
other emails.

They don’t tell the truth, and the company is highly deceptive. As an ISP we 
can file a claim for damages, which I’m doing.

-mel via cell

On Jan 13, 2021, at 5:15 PM, Mel Beckman  wrote:

 Tons, and we are litigating them. They are spamming most of the addresses in 
several of our domains.

-mel via cell

On Jan 13, 2021, at 2:18 PM, Mike Hammett  wrote:


I have reached out to the list admins and the donotpay people and they're 
working on it.

In short, someone that uses that service reported the NANOG list as SPAM to the 
DoNotPay service.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Robert Webb" 
To: "NANOG list" 
Sent: Wednesday, January 13, 2021 4:06:15 PM
Subject: DoNotPay Spam?

Anyone else getting spam from DoNotPay everytime they send an email to the list?

I have not sent anything in a while until my ATT email and now I am getting 
this on every new email I send to the list.

[Alternate text]


You’re almost there! Sign up once to unlock lifetime protection (and even 
compensation) on all spam emails.

Re: DoNotPay Spam?

2021-01-13 Thread Mel Beckman

Tons, and we are litigating them. They are spamming most of the addresses in 
several of our domains.

-mel via cell

On Jan 13, 2021, at 2:18 PM, Mike Hammett  wrote:


I have reached out to the list admins and the donotpay people and they're 
working on it.

In short, someone that uses that service reported the NANOG list as SPAM to the 
DoNotPay service.



-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

Midwest-IX
http://www.midwest-ix.com


From: "Robert Webb" 
To: "NANOG list" 
Sent: Wednesday, January 13, 2021 4:06:15 PM
Subject: DoNotPay Spam?

Anyone else getting spam from DoNotPay everytime they send an email to the list?

I have not sent anything in a while until my ATT email and now I am getting 
this on every new email I send to the list.

[Alternate text]


You’re almost there! Sign up once to unlock lifetime protection (and even 
compensation) on all spam emails.

Re: DoNotPay Spam?

2021-01-13 Thread Rich Kulawiec

On Wed, Jan 13, 2021 at 05:06:15PM -0500, Robert Webb wrote:
> Anyone else getting spam from DoNotPay everytime they send an email to the
> list?

This is solvable by permanently blocking all traffic from Mailgun in
your MTA.  This should be a good start and may suffice:

mailgun.info
mailgun.net
mailgun.org
mailgun.us

---rsk

Re: DoNotPay Spam?

2021-01-13 Thread Ben Cannon

FYI geek team I received it too.

Ms. Lady Benjamin PD Cannon, ASCE
6x7 Networks & 6x7 Telecom, LLC 
CEO 
b...@6by7.net
"The only fully end-to-end encrypted global telecommunications company in the 
world.”

FCC License KJ6FJJ

Sent from my iPhone via RFC1149.

> On Jan 13, 2021, at 4:28 PM, Sabri Berisha  wrote:
> 
> - On Jan 13, 2021, at 2:22 PM, Bryan Fields br...@bryanfields.net wrote:
> 
> Hi Bryan,
> 
>> What you can do is when you notice these, email geeks@nanog with the full
>> email including headers immediately.  We can then cross check it against new
>> signups.  I wish there was a more scientific way to process it.
> 
> The first time I got it, I sent this to supp...@donotpay.com:
> 
>> I received this email in, what appears to be, reply to a post I made on 
>> NANOG.
> 
>> Needless to say, I never signed up for this. I did not even know you existed.
>> Since you do add "supp...@donotpay.com" in your email, I assume this is a
>> honest mistake, and you'll be happy that I'm contacting you and will be 
>> fixing
>> it immediately.
> 
>> Obviously, further unsolicited emails will result in ... a different approach
>> taken.
> 
> A few days later, I got the same again, and contacted their hosting provider,
> Mailgun (while CCing supp...@donotpay.com), with the following:
> 
>> I've received, multiple times, email such as below after posting to the North
>> American Network Operators Group (NANOG) email list. I've tried contacting
>> supp...@donotpay.com (ticket #13202), but they seem oblivious to the issue
>> and asked me to unsubscribe.
> 
>> Please educate your customer. Alternatively, I will contact Amazon, who seem
>> to advertise your IP space.
> 
>> 161.38.200.0/22*[BGP/170] 00:51:18, localpref 150
>>   AS path: 53356 60011 3356 16509 I, validation-state: 
>> unverified
>>> to 195.16.87.249 via ge-0/0/6.0
> 
>> Headers are as follows:
> 
> [snip]
> 
> I did not even get a reply on that. So, as promised, the third time I was
> spammed, I took the liberty of contacting AWS. They responded with:
> 
>> This is a follow up regarding the abusive content or activity report that you
>> submitted to AWS. We have investigated this report, and have taken steps to
>> mitigate the reported abusive content or activity.
> 
> But of course, nothing changed.
> 
> This goes a lot further than someone accidentally subscribing. So, it seems
> that there are few options other than to simply block mail from that /22. 
> 
> Thanks,
> 
> Sabri

Re: DoNotPay Spam?

2021-01-13 Thread Sabri Berisha

- On Jan 13, 2021, at 2:22 PM, Bryan Fields br...@bryanfields.net wrote:

Hi Bryan,

> What you can do is when you notice these, email geeks@nanog with the full
> email including headers immediately.  We can then cross check it against new
> signups.  I wish there was a more scientific way to process it.

The first time I got it, I sent this to supp...@donotpay.com:

> I received this email in, what appears to be, reply to a post I made on NANOG.

> Needless to say, I never signed up for this. I did not even know you existed.
> Since you do add "supp...@donotpay.com" in your email, I assume this is a
> honest mistake, and you'll be happy that I'm contacting you and will be fixing
> it immediately.

> Obviously, further unsolicited emails will result in ... a different approach
> taken.

A few days later, I got the same again, and contacted their hosting provider,
Mailgun (while CCing supp...@donotpay.com), with the following:

> I've received, multiple times, email such as below after posting to the North
> American Network Operators Group (NANOG) email list. I've tried contacting
> supp...@donotpay.com (ticket #13202), but they seem oblivious to the issue
> and asked me to unsubscribe.

> Please educate your customer. Alternatively, I will contact Amazon, who seem
> to advertise your IP space.

> 161.38.200.0/22*[BGP/170] 00:51:18, localpref 150
>AS path: 53356 60011 3356 16509 I, validation-state: 
> unverified
>  > to 195.16.87.249 via ge-0/0/6.0

> Headers are as follows:

[snip]

I did not even get a reply on that. So, as promised, the third time I was
spammed, I took the liberty of contacting AWS. They responded with:

> This is a follow up regarding the abusive content or activity report that you
> submitted to AWS. We have investigated this report, and have taken steps to
> mitigate the reported abusive content or activity.

But of course, nothing changed.

This goes a lot further than someone accidentally subscribing. So, it seems
that there are few options other than to simply block mail from that /22. 

Thanks,

Sabri

Re: DoNotPay Spam?

2021-01-13 Thread Bryan Fields

On 1/13/21 5:06 PM, Robert Webb wrote:
> Anyone else getting spam from DoNotPay everytime they send an email to the
> list?
> 
> I have not sent anything in a while until my ATT email and now I am getting
> this on every new email I send to the list.

yup, I've spent a few hours to gleam who might be the source of it.  It's
almost impossible to trace as they have the email subscribed as a normal user,
and then harvest the sender address and send it from a totally different spam
server.

What you can do is when you notice these, email geeks@nanog with the full
email including headers immediately.  We can then cross check it against new
signups.  I wish there was a more scientific way to process it.

Thanks,
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: DoNotPay Spam?

2021-01-13 Thread Brielle


On 1/13/2021 3:12 PM, Mike Hammett wrote:
I have reached out to the list admins and the donotpay people and 
they're working on it.


In short, someone that uses that service reported the NANOG list as SPAM 
to the DoNotPay service.



Wow, someone needs to be whacked upside the head pretty hard for that.

I actually DM'd with their CEO guy (I think it was) on Twitter a week or 
so ago about their unsubscribe process that didn't seem to work right. 
Worthwhile for anyone having issues with their service to reach out on 
Twitter.



--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

AWS Hosts spammers Re: DoNotPay Spam?

2021-01-13 Thread Sabri Berisha

Hi, 

Yep. I complained to their support. Then I complaint to their "mail provider" 
Mailgun. When that proved useless, I complaint to AWS who hosts Mailgun. AWS 
replied and said they would get in touch with Mailgun. 

We'll see whether or not Mailgun gets the Parler treatment. 

Thanks, 

Sabri 

- On Jan 13, 2021, at 2:06 PM, Robert Webb  wrote: 

> Anyone else getting spam from DoNotPay everytime they send an email to the 
> list?

> I have not sent anything in a while until my ATT email and now I am getting 
> this
> on every new email I send to the list.

> You’re almost there! Sign up once to unlock lifetime protection (and even
> compensation) on all spam emails.

Re: DoNotPay Spam?

2021-01-13 Thread Mike Hammett

I have reached out to the list admins and the donotpay people and they're 
working on it. 


In short, someone that uses that service reported the NANOG list as SPAM to the 
DoNotPay service. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Robert Webb"  
To: "NANOG list"  
Sent: Wednesday, January 13, 2021 4:06:15 PM 
Subject: DoNotPay Spam? 



Anyone else getting spam from DoNotPay everytime they send an email to the 
list? 


I have not sent anything in a while until my ATT email and now I am getting 
this on every new email I send to the list. 









Alternate text

















You’re almost there! Sign up once to unlock lifetime protection (and even 
compensation) on all spam emails.

Re: DoNotPay Spam?

2021-01-13 Thread Michael Thomas


oh is that where it's coming from. yes. my filter now zaps it.

Mike

On 1/13/21 2:06 PM, Robert Webb wrote:
Anyone else getting spam from DoNotPay everytime they send an email to 
the list?


I have not sent anything in a while until my ATT email and now I am 
getting this on every new email I send to the list.


Alternate text

**


*You’re almost there! Sign up once to unlock lifetime protection (and 
even compensation) on all spam emails. *

DoNotPay Spam?

2021-01-13 Thread Robert Webb

Anyone else getting spam from DoNotPay everytime they send an email to the
list?

I have not sent anything in a while until my ATT email and now I am getting
this on every new email I send to the list.

[image: Alternate text]


*You’re almost there! Sign up once to unlock lifetime protection (and even
compensation) on all spam emails. *

Re: [Spam]Re: A letter from the CEO

2020-11-23 Thread Carsten Bormann

Hundred Meg, Ten Gig, One erm...?
Maybe harder to create vernacular for.

> On 2020-11-23, at 14:35, Mark Tinka  wrote:
> […]
> 
> Given that Tbps is still relatively uncommon in many operator networks, it's 
> not uncommon to hear people say Megabit and Gigabit with no problem, but say 
> Terabyte when referring to Terabit, as well.

Grüße, Carsten

RE: [SPAM] Re: plea for comcast/sprint handoff debug help

2020-10-30 Thread p.fazio

please remove me from list

 Original Message 
Subject: [SPAM] Re: plea for comcast/sprint handoff debug help
From: Alex Band <a...@nlnetlabs.nl>
Date: Thu, October 29, 2020 2:14 pm
To: Randy Bush <ra...@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>

> On 28 Oct 2020, at 16:58, Randy Bush <ra...@psg.com> wrote:
> 
>> tl;dr:
>> 
>> comcast: does your 50.242.151.5 westin router receive the announcement
>> of 147.28.0.0/20 from sprint's westin router 144.232.9.61?
> 
> tl;dr: diagnosed by comcast.  see our short paper to be presented at imc
>   tomorrow https://archive.psg.com/200927.imc-rp.pdf
> 
> lesson: route origin relying party software may cause as much damage as
> 	it ameliorates
> 
> randy

To clarify this for the readers here: there is an ongoing research experiment where connectivity to the RRDP and rsync endpoints of several RPKI publication servers is being purposely enabled and disabled for prolonged periods of time. This is perfectly fine of course.

While the resulting paper presented at IMC is certainly interesting, having relying party software fall back to rsync when RRDP is unavailable is not a requirement specified in any RFC, as the paper seems to suggest. In fact, we argue that it's actually a bad idea to do so:

https://blog.nlnetlabs.nl/why-routinator-doesnt-fall-back-to-rsync/

We're interested to hear views on this from both an operational and security perspective.

-Alex

RE: [SPAM] Re: Apple Catalina Appears to Introduce Massive Jitter

2020-10-30 Thread p.fazio

PLEASE REMOVE ME FROM THE LISTTHANK YOU

 Original Message 
Subject: [SPAM] Re: Apple Catalina Appears to Introduce Massive Jitter
From: colin johnston <col...@gt86car.org.uk>
Date: Thu, October 29, 2020 11:12 am
To: Mark Tinka <mark.ti...@seacom.com>
Cc: NANOG <nanog@nanog.org>

Hey Mark,Good shout with debug, same issue seen on MacBook Air with Catalina 10.15.6 beta, pings upto 150ms seeniMac with Sierra zero jitter and usually sub 1m pingsNow need to find out why, I never noticed as wife using the MacBook Air :(I cant yet update to big sur since need lots of sad space, need to cutdown on university docs me thinksColOn 29 Oct 2020, at 12:07, Mark Tinka <mark.ti...@seacom.com> wrote:   Hi all.  I've been on High Sierra for several years now due to a limitation with an app that couldn't deal with Apple's latest rounds of system permissions since Mojave. Eventually, I gave up on waiting for them to fix it and upgraded my older Butterfly keyboard laptop to Catalina 4 weeks ago.  At the same time, I picked up the new Magic keyboard laptop 2 weeks ago which came with Catalina.  Over the past week, I've been troubleshooting a massive jitter issue on Catalina, just between itself and my home router. For control, I have a Windows PC (tower-top) using a wireless adapter to connect to my home network. That has no jitter at all.  I have noticed as much as 300ms+ jitter on Catalina.  I then asked a few friends around the world to run tests for me on their own Catalina installations to their local router over wi-fi, and the results are the same. Jitter so high that what should be a 1ms - 5ms latency can (for a short period) jump to 200ms+, 300ms+, 400ms+.  On the off-chance that it is an issue with the new wireless chips on the later MacBook models, one of my friends tested the same on a 2013 MacBook Pro running a beta version of Big Sur. Same story!  Another friend in South East Asia, testing on a 2018 13-inch MacBook Pro running Catalina, also had the same issue.  A Google search suggests that this is some known issue since Mojave, to do with Location Services, and some other apps, in a non-deterministic way:      https://apple.stackexchange.com/questions/263638/macbook-pro-experiencing-ping-spikes-to-local-router  For me, even after disabling all or some Location Services features, the problem remains.  Is anyone else seeing this on their Catalina Mac's while on wi-fi? If so, does anyone know what's going on here?  Ideally, this wouldn't matter if it was just a cosmetic issue - but I do actually see physical impact to performance of network access to/from the laptop, which has all the hallmarks of high jitter and/or packet loss.   An app like Zoom, which can display network performance data for a session in real-time, does indicate nominal packet loss for audio and video on this device, while other devices on the same WLAN are happy.  Thoughts?  Mark.

Recent List Spam

2020-10-19 Thread Bryan Fields

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Looks like this recent spammer has been removed from the list.  They were
moderated, and using the email address From: or known users.

Thanks,
- -- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEaESdNosUjpjcN/JhYTmgYVLGkUAFAl+NvKMACgkQYTmgYVLG
kUAcGRAAlQ/VmB99Y+by+BPQpNVFnlAHC2vtBz4fqXINHg0rONhsyc6I8RVfvSnN
bxrWh5ewduqnQPQzIB14FFMCiNqSQUqro8iYh3bZ/BknQ3nPn82zUjyGD1BQBMUv
Iv43O57OGc7rK/z1SS2xzMedmsSdUsRbwEHP2lSWqXvNBWnuG17lC2ITvGf796UR
I1BYj/eh5bp262KBDQfTxGuX+4FECVd8aho8wWQxVwJil5R7sMuDpHFn/Ikm1Bde
SevZ5JaW4NyX0RxOjGlNWFM7ic76GVxdAj4I3sCkokVkuSf9kh4rNrbU+VFwMJ/h
iqR/qCKPEGeDotFj8GpCBogb8ywAzn6wUwKVB5Ax9hWyrolIsxODS939HF1ayVah
9PL6bcVo1yKu458VmV7kdsy16zHGQnMoE0giZfbqQvxyKyE6CzqJnDN7UFfNH+Nv
lKxHJwpx7YC2Wr4co7tZrXUSOq2RbyV39BkPetFo8zGy5lqs6vfzDsHwIdAGYkgU
14N45NW/g9sLDxUOso7pT1EsLGpF/Cl86MVp9A8wP4A0U1kqZJbHnWXYloSS0qq5
ideKbex+keLOBuTqbZ2/+NOpi+8C+t8kGdAu+H5Hr/a/wvlD8zMpE9OP1fKbycAk
e4HadiStrFj9/PH4CecT4jNc535KcOGePmA6EFOlPMEV//K8L7I=
=PfBg
-END PGP SIGNATURE-

Re: NANOG SPAM (was Re: Just got this apparently fake NANOG invoice - Looks phishy)

2020-09-22 Thread Sabri Berisha

- On Sep 21, 2020, at 6:03 PM, Bryan Fields br...@bryanfields.net wrote:

Hi,

> What's happening here is a subscription comes in from a valid email bot using
> gmail or $BIGHOST (google doesn't give af)

I'm old enough to remember the Usenet Death Penalty. That used to be pretty 
effective
in dealing with sources of net-abuse.

Thanks,

Sabri

NANOG SPAM (was Re: Just got this apparently fake NANOG invoice - Looks phishy)

2020-09-21 Thread Bryan Fields

On 9/21/20 7:28 PM, Mike Hammett wrote:
> Can we please send this stuff to the admins and not the whole list? 

Both the list admin account in the headers and the ge...@nanog.org is
monitored and responded to.  If you don't get a reply, you all have my email 
too.

What's happening here is a subscription comes in from a valid email bot using
gmail or $BIGHOST (google doesn't give af) and that doesn't send email.  The
list posters are then spammed from third party address(es).

It's frankly hard to track down as only posters get the spams, not the whole 
list.

That said, the geeks team knows what to look for to kill this when it happens.
 Forward the entire email including _FULL_HEADERS_ to ge...@nanog.org.  We
will kill it and ban them from the list.

Thanks,
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net



signature.asc
Description: OpenPGP digital signature

Re: SPAM for nanog@ senders

2020-09-21 Thread Łukasz Bromirski

Hi Randy,

> On 22 Sep 2020, at 00:14, Randy Bush  wrote:
> 
>> I already taught my SpamAssasin and then deleted them
> 
> :0
> * ^From:.*@csvwebsupport.com
> | /usr/bin/mail -s 'Screw You' dating.supp...@csvwebsupport.com < 
> ~/screw-you.txt

I’m using different technique. I like tarpitting such scums to death.
Record holders keep their SMTP bots connected for weeks ;)

But good old punch in the face works wonders too :)

— 
./

Re: SPAM for nanog@ senders

2020-09-21 Thread Randy Bush

> I already taught my SpamAssasin and then deleted them

:0
* ^From:.*@csvwebsupport.com
| /usr/bin/mail -s 'Screw You' dating.supp...@csvwebsupport.com < 
~/screw-you.txt

Re: SPAM for nanog@ senders

2020-09-21 Thread Łukasz Bromirski

Job,

I already taught my SpamAssasin and then deleted them, and my
Postfix is no longer taking submission from the IP from which they
were sent - 216.176.196.72.

They seem to be using correct sending host according to SPF
record (host spamtitan.csvwebsupport.com validates using
'dating.supp...@csvwebsupport.com’).

Let me unblock them again and see if they’ll continue doing so,
hopefully I’ll be able to help.

I’m sending this email just to (hopefully) trigger the same
behavior, and will follow up with you separately.

Apologies for the noise for the rest of subscribers.

-- 
Łukasz Bromirski
CCIE R/SP #15929, CCDE #2012::17, PGP Key ID: 0xFD077F6A

Re: SPAM for nanog@ senders

2020-09-21 Thread Mark Tinka





On 21/Sep/20 12:47, Łukasz Bromirski wrote:


NANOGers,

Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)

Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
from last e-mail.

I understand there’s need to connect people in hard, COVID times,
but I doubt automated spam sender has good intentions with that regard ;)

So.. somebody is scrapping this list to feed their spamming lists :/


Been happening to me since several weeks into lockdown.

It went by a different name before. Now, it's "Dating". But the chase is 
the same.


Mark.

Re: SPAM for nanog@ senders

2020-09-21 Thread Job Snijders

Dear Łukasz, others,

Can you please send any suspecious emails (including headers) to
the mailing list admin team at ge...@nanog.org?

We'll try to figure out if it happens through an existing subscription.

Kind regards,

Job
(hat: NANOG geeks)

On Mon, Sep 21, 2020 at 12:51:44PM +0200, Octolus Development wrote:
> I did yeah, annoying.
> 
> 
> Best Regards,
> Octolus
> On 9/21/2020 12:50:54 PM, Łukasz Bromirski  wrote:
> NANOGers,
> 
> Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
> after you post to nanog@? First time I thought it’s coincidence, but
> today when I got it, it’s hardly one ;)
> 
> Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
> from last e-mail.
> 
> I understand there’s need to connect people in hard, COVID times,
> but I doubt automated spam sender has good intentions with that regard ;)
> 
> So.. somebody is scrapping this list to feed their spamming lists :/
> 
> —
> ./

Re: SPAM for nanog@ senders

2020-09-21 Thread Octolus Development

I did yeah, annoying.


Best Regards,
Octolus
On 9/21/2020 12:50:54 PM, Łukasz Bromirski  wrote:
NANOGers,

Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)

Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
from last e-mail.

I understand there’s need to connect people in hard, COVID times,
but I doubt automated spam sender has good intentions with that regard ;)

So.. somebody is scrapping this list to feed their spamming lists :/

—
./

SPAM for nanog@ senders

2020-09-21 Thread Łukasz Bromirski

NANOGers,

Have you got email from 'dating.supp...@csvwebsupport.com’ immediately
after you post to nanog@? First time I thought it’s coincidence, but
today when I got it, it’s hardly one ;)

Topic is '[#WHB-257-41491]: Re: XX’ where  is subject taken
from last e-mail.

I understand there’s need to connect people in hard, COVID times,
but I doubt automated spam sender has good intentions with that regard ;)

So.. somebody is scrapping this list to feed their spamming lists :/

— 
./

Re: curious spam...

2020-09-15 Thread Thomas Scott

>
> I treat it as a back-end mailbox for my own smtp server. 100% of email
> that reaches my gmail

box without going to another address at my mail server first is spam.


I used a similar flow a few years ago that worked until I made the mistake
of signing into some service using "Sign in with Google" and then it was
all down-hill from there. Within a few months I found myself on customer
lists that I hadn't signed up for, and my spam folder grew as well. YMMV,
but that was my culprit.
- Thomas Scott | mr.thomas.sc...@gmail.com


On Tue, Sep 15, 2020 at 8:15 AM J. Hellenthal via NANOG 
wrote:

> Hey google, siri, or Alexa phoning home and your information put into a
> local database as a new person in the area for which they have bought your
> address I could believe that.
>
> --
>  J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says
> a lot about anticipated traffic volume.
>
> > On Sep 14, 2020, at 13:33, William Herrin  wrote:
> >
> > Howdy,
> >
> > I've noticed something odd. When I lived in Virginia, I started
> > receiving email directly to my gmail box from my U.S. Representative.
> > Unsolicited spam from Congressmen is nothing new but it was a little
> > odd that they found my gmail box (which I don't give out) and not one
> > of the hundreds of aliases at herrin.us or dirtside.com which I do
> > give out. The gmail box exists only in mail headers; "From" is always
> > a different address.
> >
> > I moved to Seattle. Today I found my grmail box subscribed to a
> > congressman's list from a nearby Washington jurisdiction. Not some
> > random congressman. And not any of the addresses I give out; my gmail
> > box's address which I don't.
> >
> > Anyone else have a similar experience? Any idea how a hidden address
> > is making it on to relevant congressmens' lists but not any others?
> > That's weird right?
> >
> > Regards,
> > Bill Herrin
> >
> > --
> > William Herrin
> > b...@herrin.us
> > https://bill.herrin.us/
>

Re: curious spam...

2020-09-15 Thread J. Hellenthal via NANOG

Hey google, siri, or Alexa phoning home and your information put into a local 
database as a new person in the area for which they have bought your 
address I could believe that.

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a 
lot about anticipated traffic volume.

> On Sep 14, 2020, at 13:33, William Herrin  wrote:
> 
> Howdy,
> 
> I've noticed something odd. When I lived in Virginia, I started
> receiving email directly to my gmail box from my U.S. Representative.
> Unsolicited spam from Congressmen is nothing new but it was a little
> odd that they found my gmail box (which I don't give out) and not one
> of the hundreds of aliases at herrin.us or dirtside.com which I do
> give out. The gmail box exists only in mail headers; "From" is always
> a different address.
> 
> I moved to Seattle. Today I found my grmail box subscribed to a
> congressman's list from a nearby Washington jurisdiction. Not some
> random congressman. And not any of the addresses I give out; my gmail
> box's address which I don't.
> 
> Anyone else have a similar experience? Any idea how a hidden address
> is making it on to relevant congressmens' lists but not any others?
> That's weird right?
> 
> Regards,
> Bill Herrin
> 
> -- 
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/


smime.p7s
Description: S/MIME cryptographic signature

Re: curious spam...

2020-09-15 Thread William Herrin

On Tue, Sep 15, 2020 at 12:39 AM David Hubbard
 wrote:
> Here in Florida the self-preservation interests of the two party system have 
> resulted in all voter registrations being made public, including email, 
> d/o/b, phone, home address (since you can't legally register any other), 
> party affiliation.  If you used your private email for

Nothing. I used the gmail address for nothing. Ever. Not even when I
first got it many years ago. I provide an @herrin.us or @dirtside.com
address which my server later forwards to gmail for my perusal. I
usually use a custom address so I can figure out who broke my trust. I
have a couple of generic addresses (like b...@herrin.us) for mailing
lists and situations where I don't have a custom address ready. But I
simply don't give out the gmail address. I treat it as a back-end
mailbox for my own smtp server. 100% of email that reaches my gmail
box without going to another address at my mail server first is spam.

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: SPAM: Re: Cogent emails

2020-09-14 Thread Tom Hill

On 14/09/2020 18:13, Simon Lockhart wrote:
> We gave in and just bought a small amount of transit from them.

Aha! You're the reason they don't stop! :p

-- 
Tom

Re: curious spam...

2020-09-14 Thread Mark Seiden

> On Sep 14, 2020, at 5:04 PM, John Levine  wrote:
> 
> In article 
>  you 
> write:
>> I moved to Seattle. Today I found my grmail box subscribed to a
>> congressman's list from a nearby Washington jurisdiction. Not some
>> random congressman. And not any of the addresses I give out; my gmail
>> box's address which I don't. ...
> 
> It's strange but I think it's not typical.  I have given tagged
> addresses to lots of political candidates and am getting buckets
> of mail, like five a day from each of the presidential campaigns
> to those addresses.
> 
> I am getting no political spam to my gmail box, and do not recall any
> that wasn't clearly due to nitwits signing me up who thought that my
> address (which is my name) was their address.
> 
> R's,
> John

on a probably unrelated note, the new yorker has an interesting piece this week 
about the 
ultra invasive trump2020 app, provided by Phunware.

The writer claims in the last 'graph that they managed to track down an email 
address she 
never provided to the app:

“...the messages I began getting from the Trump campaign every couple of hours 
were sent not only to the name and address I’d used to access the app. They 
were also sent to the e-mail address and name associated with the credit card 
I’d used to buy the phone and its SIM card, neither of which I had shared with 
the campaign. Despite my best efforts, they knew who I was and where to reach 
me."

https://www.newyorker.com/news/campaign-chronicles/the-trump-campaigns-mobile-app-is-collecting-massive-amounts-of-voter-data

Re: curious spam...

2020-09-14 Thread John Levine

In article 
 you 
write:
>I moved to Seattle. Today I found my grmail box subscribed to a
>congressman's list from a nearby Washington jurisdiction. Not some
>random congressman. And not any of the addresses I give out; my gmail
>box's address which I don't. ...

It's strange but I think it's not typical.  I have given tagged
addresses to lots of political candidates and am getting buckets
of mail, like five a day from each of the presidential campaigns
to those addresses.

I am getting no political spam to my gmail box, and do not recall any
that wasn't clearly due to nitwits signing me up who thought that my
address (which is my name) was their address.

R's,
John

Re: curious spam...

2020-09-14 Thread David Hubbard

Here in Florida the self-preservation interests of the two party system have 
resulted in all voter registrations being made public, including email, d/o/b, 
phone, home address (since you can't legally register any other), party 
affiliation.  If you used your private email for any state government 
registrations, they may have leaked it as soon as you moved.  Alternatively, if 
your previous state had already leaked it, and you have declared a party 
affiliation, the state level entity likely shared it with the national entity, 
who then shared it with the new state entity where you moved so they can spam 
you all over again.  I made the mistake of donating to a party backed candidate 
about a decade ago, and the cesspool of political entities associated with that 
party continue to email and text me every single cycle.  Unless I start suing, 
or change all my contact info, there's no likely any way I'll ever get it to 
stop.

I believe several states' DMV's have been found to be selling license 
registration info as a revenue source too.

Florida does have a way to not have your personal info released; it's 
conveniently only available to people you'd expect, first responders, judges, 
and of course, members of congress.



On 9/14/20, 2:32 PM, "NANOG on behalf of William Herrin" 
 wrote:

Howdy,

I've noticed something odd. When I lived in Virginia, I started
receiving email directly to my gmail box from my U.S. Representative.
Unsolicited spam from Congressmen is nothing new but it was a little
odd that they found my gmail box (which I don't give out) and not one
of the hundreds of aliases at herrin.us or dirtside.com which I do
give out. The gmail box exists only in mail headers; "From" is always
a different address.

I moved to Seattle. Today I found my grmail box subscribed to a
congressman's list from a nearby Washington jurisdiction. Not some
random congressman. And not any of the addresses I give out; my gmail
box's address which I don't.

Anyone else have a similar experience? Any idea how a hidden address
is making it on to relevant congressmens' lists but not any others?
That's weird right?

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: curious spam...

2020-09-14 Thread Aaron C. de Bruyn via NANOG

Yes.  I get spammed about once a week from Jaime Herrera Beutler.  Never
looked at the headers though.
It's entirely possible someone is either pranking me by signing me up to
political lists or they harvested my well-known address from somewhere.

I'll check the headers next time.

-A

On Mon, Sep 14, 2020 at 11:33 AM William Herrin  wrote:

> Howdy,
>
> I've noticed something odd. When I lived in Virginia, I started
> receiving email directly to my gmail box from my U.S. Representative.
> Unsolicited spam from Congressmen is nothing new but it was a little
> odd that they found my gmail box (which I don't give out) and not one
> of the hundreds of aliases at herrin.us or dirtside.com which I do
> give out. The gmail box exists only in mail headers; "From" is always
> a different address.
>
> I moved to Seattle. Today I found my grmail box subscribed to a
> congressman's list from a nearby Washington jurisdiction. Not some
> random congressman. And not any of the addresses I give out; my gmail
> box's address which I don't.
>
> Anyone else have a similar experience? Any idea how a hidden address
> is making it on to relevant congressmens' lists but not any others?
> That's weird right?
>
> Regards,
> Bill Herrin
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/
>

curious spam...

2020-09-14 Thread William Herrin

Howdy,

I've noticed something odd. When I lived in Virginia, I started
receiving email directly to my gmail box from my U.S. Representative.
Unsolicited spam from Congressmen is nothing new but it was a little
odd that they found my gmail box (which I don't give out) and not one
of the hundreds of aliases at herrin.us or dirtside.com which I do
give out. The gmail box exists only in mail headers; "From" is always
a different address.

I moved to Seattle. Today I found my grmail box subscribed to a
congressman's list from a nearby Washington jurisdiction. Not some
random congressman. And not any of the addresses I give out; my gmail
box's address which I don't.

Anyone else have a similar experience? Any idea how a hidden address
is making it on to relevant congressmens' lists but not any others?
That's weird right?

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: SPAM: Re: Cogent emails

2020-09-14 Thread Mike Hammett

I manage three networks. All three have transit from Cogent. I get assaulted 
non-stop by Cogent sales reps. 

- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

- Original Message -

From: "Simon Lockhart"  
To: "David Guo"  
Cc: "NANOG"  
Sent: Monday, September 14, 2020 12:13:37 PM 
Subject: SPAM: Re: Cogent emails 

We gave in and just bought a small amount of transit from them. The sales 
emails stopped. Seems to be about the only effective method. 

Simon 

On Mon Sep 14, 2020 at 05:07:28PM +, David Guo via NANOG wrote: 
> Yes, every week 
> 
> Proof 
> 
> https://vip1.loli.net/2020/09/15/bq3lHGuvNRkW9YS.jpg

Re: SPAM: Re: Cogent emails

2020-09-14 Thread Mike Lyon

I tell them to hit me up once they have direct peering with HE.net.

Haven’t heard from them since.

-Mike

> On Sep 14, 2020, at 10:15, Simon Lockhart  wrote:
> 
> We gave in and just bought a small amount of transit from them. The sales 
> emails stopped. Seems to be about the only effective method.
> 
> Simon
> 
>> On Mon Sep 14, 2020 at 05:07:28PM +, David Guo via NANOG wrote:
>> Yes, every week
>> 
>> Proof
>> 
>> https://vip1.loli.net/2020/09/15/bq3lHGuvNRkW9YS.jpg

SPAM: Re: Cogent emails

2020-09-14 Thread Simon Lockhart

We gave in and just bought a small amount of transit from them. The sales 
emails stopped. Seems to be about the only effective method.

Simon

On Mon Sep 14, 2020 at 05:07:28PM +, David Guo via NANOG wrote:
> Yes, every week
> 
> Proof
> 
> https://vip1.loli.net/2020/09/15/bq3lHGuvNRkW9YS.jpg

Re: More spam

2020-01-13 Thread Baldur Norddahl

A guy signs up to a mailing list. Years later he leaves the company. The
boss says hey lets forward the mail to support so somebody can reply if
something important is received.

And here we are.


man. 13. jan. 2020 08.37 skrev Mark Tinka :

> Been getting these too.
>
> Looks like someone from shopee.sg signed their support e-mail address up
> on NANOG, and every time one posts to the list, you get this.
>
> Mark.
>
> On 10/Jan/20 20:17, Ross Tajvar wrote:
>
> FYI, this is a new one for me
>
> -- Forwarded message -
> From: Shopee SG Support 
> Date: Fri, Jan 10, 2020, 12:10 PM
> Subject: [Request Received] Re: De-bogonising 2a10::/12
> To: r...@tajvar.io 
>
>
>
> Hi Ross Tajvar,
>
>
> Thank you for contacting Shopee!
>
>
> Your request has been received and is being reviewed by our Customer
> Service Representative.Your reference case# is 43565028.
>
>
> Kindly allow us up to 1 Working Day(s) to revert back to you. If your
> concern is urgent, please contact us via Live Chat or call us at our
> customer service hotline +65 6206 6610.
>
>
> For any concerns in regards to your order purchases, do provide us the
> Order ID that you may retrieve as below;
>
>
> "Me" Tab > My Purchases > Click on the order > Scroll down in the order
> details to find Order ID
>
>
> If you are having issues to log in to your account, please provide below
> details;
>
>
> - Current phone number linked to your Shopee account
>
> - Email address
>
> - Shopee Username
>
>
> While waiting for our response, you can also find useful information at
> out help center at: https://help.shopee.sg
>
>
> For shipment tracking, you may check the links of our logistic partners
> below:
>
> 1) https://www.ninjavan.co/en-sg/tracking
>
> 2) https://www.speedpost.com.sg/track-and-trace
>
> 3) https://roadbull.com/
>
>
>
> Operation Hours (Closed during Public Holidays):
>
>
> Live Chat Support (Shopee App Help Centre) : Monday - Sunday (9:00 AM to
> 10:00 PM)
>
>
> Call Hotline: +65 6206 6610, Monday - Friday (9:00 AM to 6:00 PM)
>
>
> Thank you for your patience and have a great day.
>
>
>
> Best Regards,
>
> Shopee Customer Service
>
>
>
> ref:_00D6F1oO9b._5006F2WBghc:ref
>
>
>
>
>

Re: More spam

2020-01-12 Thread Mark Tinka

Been getting these too.

Looks like someone from shopee.sg signed their support e-mail address up
on NANOG, and every time one posts to the list, you get this.

Mark.

On 10/Jan/20 20:17, Ross Tajvar wrote:
> FYI, this is a new one for me
>
> -- Forwarded message -
> From: *Shopee SG Support* mailto:supp...@shopee.sg>>
> Date: Fri, Jan 10, 2020, 12:10 PM
> Subject: [Request Received] Re: De-bogonising 2a10::/12
> To: r...@tajvar.io   >
>
>
>
> Hi Ross Tajvar,
>
>
> Thank you for contacting Shopee!
>
>
> Your request has been received and is being reviewed by our Customer
> Service Representative.Your reference case# is 43565028. 
>
>
> Kindly allow us up to 1 Working Day(s) to revert back to you. If your
> concern is urgent, please contact us via Live Chat or call us at our
> customer service hotline +65 6206 6610.
>
>
> For any concerns in regards to your order purchases, do provide us the
> Order ID that you may retrieve as below;
>
>
> "Me" Tab > My Purchases > Click on the order > Scroll down in the
> order details to find Order ID 
>
>
> If you are having issues to log in to your account, please provide
> below details; 
>
>
> - Current phone number linked to your Shopee account
>
> - Email address 
>
> - Shopee Username 
>
>
> While waiting for our response, you can also find useful information
> at out help center at: https://help.shopee.sg
>
>
> For shipment tracking, you may check the links of our logistic
> partners below:
>
> 1) https://www.ninjavan.co/en-sg/tracking
>
> 2) https://www.speedpost.com.sg/track-and-trace
>
> 3) https://roadbull.com/
>
>
>
> Operation Hours (Closed during Public Holidays):
>
>
> Live Chat Support (Shopee App Help Centre) : Monday - Sunday (9:00 AM
> to 10:00 PM)
>
>
> Call Hotline: +65 6206 6610, Monday - Friday (9:00 AM to 6:00 PM)
>
>
> Thank you for your patience and have a great day.
>
>
>
> Best Regards,
>
> Shopee Customer Service
>
>
>
> ref:_00D6F1oO9b._5006F2WBghc:ref
>
>
>
>

More spam

2020-01-10 Thread Ross Tajvar

FYI, this is a new one for me

-- Forwarded message -
From: Shopee SG Support 
Date: Fri, Jan 10, 2020, 12:10 PM
Subject: [Request Received] Re: De-bogonising 2a10::/12
To: r...@tajvar.io 

Hi Ross Tajvar,

Thank you for contacting Shopee!

Your request has been received and is being reviewed by our Customer
Service Representative.Your reference case# is 43565028.

Kindly allow us up to 1 Working Day(s) to revert back to you. If your
concern is urgent, please contact us via Live Chat or call us at our
customer service hotline +65 6206 6610.

For any concerns in regards to your order purchases, do provide us the
Order ID that you may retrieve as below;

"Me" Tab > My Purchases > Click on the order > Scroll down in the order
details to find Order ID

If you are having issues to log in to your account, please provide below
details;

- Current phone number linked to your Shopee account

- Email address

- Shopee Username

While waiting for our response, you can also find useful information at out
help center at: https://help.shopee.sg

For shipment tracking, you may check the links of our logistic partners
below:

1) https://www.ninjavan.co/en-sg/tracking

2) https://www.speedpost.com.sg/track-and-trace

3) https://roadbull.com/

Operation Hours (Closed during Public Holidays):

Live Chat Support (Shopee App Help Centre) : Monday - Sunday (9:00 AM to
10:00 PM)

Call Hotline: +65 6206 6610, Monday - Friday (9:00 AM to 6:00 PM)

Thank you for your patience and have a great day.

Best Regards,

Shopee Customer Service

ref:_00D6F1oO9b._5006F2WBghc:ref

Re: Is anybody else getting spam from cytranet.com?

2019-10-22 Thread John Sage


On 10/22/19 5:41 AM, Rich Kulawiec wrote:

I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
wrote to me about voice/data services -- that it's possible they've
been scraping addresses from here.




This exact issue received exhaustive coverage over on the Outages 
(outa...@outages.org) email list under "[outages] sales critter Ben 
Reynolds" starting back on the 19th.


- John
--
John Sage

Re: Is anybody else getting spam from cytranet.com?

2019-10-22 Thread Tom Beecher

Seems likely that they scraped the list, yes.

Two more names to my Never Do Business With list I guess. :)

On Tue, Oct 22, 2019 at 8:43 AM Rich Kulawiec  wrote:

> I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
> wrote to me about voice/data services -- that it's possible they've
> been scraping addresses from here.
>
> ---rsk
>

Re: Is anybody else getting spam from cytranet.com?

2019-10-22 Thread Brandon Martin


On 10/22/19 8:41 AM, Rich Kulawiec wrote:

I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
wrote to me about voice/data services -- that it's possible they've
been scraping addresses from here.


Yes, mine came to my voiceops tagged address.
--
Brandon Martin

Is anybody else getting spam from cytranet.com?

2019-10-22 Thread Rich Kulawiec

I'm guessing -- because spammer Ben Reynolds (breyno...@cytranet.com)
wrote to me about voice/data services -- that it's possible they've
been scraping addresses from here.

---rsk

Re: Spam due to new ARIN allocation

2019-09-05 Thread JASON BOTHE via NANOG

Oddly enough, I created a Z Org for legacy resources and got hit up on 
linked-in by IPv4 brokers as well as some spam from Cogent. 

Annoying. 

> On Aug 4, 2019, at 09:29, Tim Burke  wrote:
> 
> Done, Sir. Thanks.
> 
> Tim Burke
> t...@burke.us
> 
>> On Sat, Aug 3, 2019, at 10:42 PM, John Curran wrote:
>> Tim -  
>> 
>> When you have moment, could you forward both of those Whois spam messages to 
>> complia...@arin.net ?
>> 
>> Thanks!
>> /John
>> 
>> John Curran
>> President and CEO
>> American Registry for Internet Numbers]
>> 
>> 
>>> On 2 Aug 2019, at 7:32 PM, Tim Burke  wrote:
>>> 
>>> We recently received a new ASN from ARIN - you know what that means... the 
>>> sales vultures come out to play!
>>> 
>>> So far, it has resulted in spam from Cogent (which is, of course, to be 
>>> expected), and now another company called "CapCon Networks" - 
>>> http://www.capconnetworks.com. As far as I am aware, this practice is 
>>> against ARIN's Terms of Use. Is it worth reporting to ARIN, or perhaps it's 
>>> worth creating a List of People To Never Do Business With™, complete with 
>>> these jokers, and other vultures that engage in similar tactics? 
>>> 
>>> Regards,
>>> Tim Burke
>>> t...@burke.us
>

1 2 3 4 5 6 7 8 >

1 - 100 of 783 matches

Mail list logo