Re: Spammer in white list aka USER_IN_DEF_SPF_WL
On 5/2/19 3:11 PM, RW wrote: > > That just means it's a known source of email and not a zombie or IP > address controlled by an outright spammer. The level of trust is > described as 'none', that's a lower level than some freemail servers. > > The DKIM signing domain isn't listed at all on dkimwl. > > >> More importantly, it's [not] listed in Invaluement (IVM or IVM24): > > The Invaluement lists are marketed as low-FP. There's a huge difference > between being good enough to stay out of Invaluement and being good > enough for whitelisting at the -15 point level. Default score for def_whitelist_auth is -7.5. > > >> Every platform has the occassional bad customer that needs >> to be kicked off > > From it's website simpliv.com appears to be a company that markets > online training provided by third-party trainers. In that situation > simpliv should be managing the lists and enforcing opt-in. > > > > It's removed in SVN so it should get taken out tomorrow night as long as the rules promotion is working. -- David Jones
Re: Spammer in white list aka USER_IN_DEF_SPF_WL
On Thu, 2 May 2019 03:15:13 + David Jones wrote: > On 5/1/19 6:04 PM, RW wrote: > > On Wed, 1 May 2019 10:39:08 -0700 (MST) > > jandev wrote: > > > >> David, > >> > >> I tried to send the original email to the email address you > >> requested. But your mail hoster blocks (554 5.7.1) my TLDs. > > > > I doesn't really matter, you posted a link to pastebin on the list. > > > > It passed SPF with the envelope domain bounce.comm06.simpliv.com > > which matches: > > > > def_whitelist_auth *@*.simpliv.com > > > > 129.41.222.236 has a senderscore.org score of 94 currently it was 84 in early April. > and is > listed in dnswl.org as score but do not block outright. That just means it's a known source of email and not a zombie or IP address controlled by an outright spammer. The level of trust is described as 'none', that's a lower level than some freemail servers. The DKIM signing domain isn't listed at all on dkimwl. > More importantly, it's [not] listed in Invaluement (IVM or IVM24): The Invaluement lists are marketed as low-FP. There's a huge difference between being good enough to stay out of Invaluement and being good enough for whitelisting at the -15 point level. > Every platform has the occassional bad customer that needs > to be kicked off From it's website simpliv.com appears to be a company that markets online training provided by third-party trainers. In that situation simpliv should be managing the lists and enforcing opt-in.
Re: Spammer in white list aka USER_IN_DEF_SPF_WL
On 5/1/19 10:15 PM, David Jones wrote: > On 5/1/19 6:04 PM, RW wrote: >> On Wed, 1 May 2019 10:39:08 -0700 (MST) >> jandev wrote: >> >>> David, >>> >>> I tried to send the original email to the email address you >>> requested. But your mail hoster blocks (554 5.7.1) my TLDs. >> >> I doesn't really matter, you posted a link to pastebin on the list. >> >> It passed SPF with the envelope domain bounce.comm06.simpliv.com >> which matches: >> >> def_whitelist_auth *@*.simpliv.com >> > > 129.41.222.236 has a senderscore.org score of 94 currently and is listed > in dnswl.org as score but do not block outright. More importantly, it's I meant to say "it's NOT listed" in IVM which is a very accurate RBL. > listed in Invaluement (IVM or IVM24): > > http://multirbl.valli.org/lookup/129.41.222.236.html > > The email headers that were posted in pastebein.com are from mass > marketer that has a valid unsubscribe header/link. > > I wouldn't classify that email as spam unless there were multiple > reports of them not honoring the unsubscribe or not handling abuse > reports. Every platform has the occassional bad customer that needs to > be kicked off so most RBLs (good ones anyway) will allow for a small > amount of UCE before hitting the threshold to be listed/blocked. > -- David Jones
Re: Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
Likely but the cves have been closed and this was research only. It will be unlikely in the wild as people using pgp and smime will be high patches. To me, this will be a waste of cycles. On Thu, May 2, 2019, 03:26 Brent Clark wrote: > Good day Guys > > Just thought, and wondered, based on the following, > https://thehackernews.com/2019/04/email-signature-spoofing.html > > Is there not something that can we done, checked and caught at > Spamassasin level? > > Much like there is SPF, DKIM etc checks, is there not something to check > for spoofing > > Regards > Brent Clark >
Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
Good day Guys Just thought, and wondered, based on the following, https://thehackernews.com/2019/04/email-signature-spoofing.html Is there not something that can we done, checked and caught at Spamassasin level? Much like there is SPF, DKIM etc checks, is there not something to check for spoofing Regards Brent Clark
