Re: [mailop] Scanner frequency ?

The website is here below; I get this in my web logs occasionally. https://about.censys[.]io/ User Agent: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys[.]io/) - Mark Alley On 5/29/2024 3:29 PM, J Doe via mailop wrote: Hi list, Has anyone noticed a recent increase in

Re: [mailop] Does Google not accept bounce emails anymore?

Do you not have SPF records for your HELO/EHLO FQDNs? It appears the A record the PTR of that IP address resolved to " mail-108-mta34.mxroute.com" and it does not have an SPF record. You should have a SPF record for each of your MTA hostnames that authorizes the IP and/or A record of said

Re: [mailop] v=spf1 -all SPF treewalk?

On 5/16/2024 6:09 PM, John Levine wrote: It appears that Mark Alley via mailop said: This claim stated that (and I'm quoting verbatim here), "/I forced many ESPs to start failing SPF for any subdomain of a domain that has no explicit SPF, and fails SPF at the *primary domain level* /(Co

Re: [mailop] [EXTERNAL] v=spf1 -all SPF treewalk?

with a sender’s wildcard dns? Aloha, Michael. -- *Michael J Wise* MicrosoftCorporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail <http://go.microsoft.com/fwlink/?LinkID=614866> ? *From:*mailop *On Behalf Of *Mark Alley via mailop *Sent:*

[mailop] v=spf1 -all SPF treewalk?

Hey all, got a dubious claim I read today that's somewhat of a head-scratcher. Let's lay out the scenario. * The following DNS answers are returned when queried (pseudocode): o domain.com IN TXT "v=spf1 -all" o test.domain.com IN TXT  - NXDOMAIN o _dmarc.test.domain.com IN TXT

Re: [mailop] "The email didn't arrive" to Office 365

On 5/9/2024 3:51 PM, Gellner, Oliver via mailop wrote: On 09.05.2024 at 20:21 Jarland Donnell via mailop wrote: Quick question for you experts. What do you find to be the most common root cause for reports of emails not being received by Office 365 domains, when you can confirm conclusively

Re: [mailop] Cannot send messages to Google Mail users

On 4/24/2024 10:04 AM, Al Iverson via mailop wrote: Is disabling IPv6 an option here? A prior poster suggested as such, but I don't know if that was just a general suggestion or if that's actually possible in O365 settings. But if you can yes, try sending outbound mail only via IPv4. A

Re: [mailop] Cannot send messages to Google Mail users

I've also seen Google provide this error when a domain had a spammer/phisher attempt to spoof said domain several hundred thousand times. Since Google saw their domain in the RFC5321.Mailfrom, even though the messages weren't authenticated and were rejected as per their DMARC policy, the domain's

Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)

+1 - Mark Alley On 3/8/2024 10:01 AM, Bill Cole via mailop wrote: On 2024-03-08 at 09:13:32 UTC-0500 (Fri, 8 Mar 2024 15:13:32 +0100) Stefano Bagnara via mailop is rumored to have said: Well, I undestand you all hate OVH, but this really doesn't look like an intended block. Sure it does.

Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)

Having seen this behavior before from overzealous network admins, especially given the fact that freenet owns their netblock and their NS are self-hosted on said netblock rather than cloud DNS SaaS, it's very likely a firewall rule. I wouldn't be surprised if it was the case, OVH isn't exactly

Re: [mailop] freenet.de routing issues anyone? (Cloudflare-OVH issue?)

Have you considered they may be blocking OVH ASNs on their firewall? Their NS and zone seems resolvable and reachable from pretty much everything else on the internet according to DNSchecker.org. - Mark Alley On Fri, Mar 8, 2024, 5:54 AM Stefano Bagnara via mailop wrote: > Hi, > > I'm

Re: [mailop] mimecast "antispoofing"

On 3/5/2024 3:01 PM, Julian Bradfield via mailop wrote: What should they be doing according to "best practice"? Not rejecting mail based solely on SPF results. - Mark Alley ___ mailop mailing list mailop@mailop.org

Re: [mailop] Dot as the first character of a line ? (RFC 5321, Section 4.5.2)

Unless I'm missing something, it's the first bullet in RFC5321 4.5.2. - Mark Alley On 3/1/2024 3:49 PM, Cyril - ImprovMX via mailop wrote: @Julien Bradfield: I've initially shared the exact line in the code on what Aiosmtpd - not my software - is doing, which it is saying is following the

Re: [mailop] Gmail.com SPF false negatives?

On 2/28/2024 6:53 AM, Benny Pedersen via mailop wrote: L. Mark Stone via mailop skrev den 2024-02-27 23:52: I believe you need a DMARC record... does this fix spf fails ? Not directly, but for some evaluator configurations, it may alter their disposition handling behavior if a DMARC policy

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

Ah, yep, thanks for catching that typo. On 1/14/2024 4:56 PM, Andrew C Aitchison wrote: On Sun, 14 Jan 2024, Mark Alley via mailop wrote: This is anecdotal, but I think it illustrates even at a smaller scale the persistent problem Microsoft currently has with their tenancy. I did some quick

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

This is anecdotal, but I think it illustrates even at a smaller scale the persistent problem Microsoft currently has with their tenancy. I did some quick perusal of the last month's data from our email logs, and out of a total of 22,473 external emails that contain a .onmicrosoft.com

Re: [mailop] Proofpoint mailop contact?

Check if your IPs are listed on PDR , usually that's why. A manager over PPE is on-list too, I believe. https://ipcheck.proofpoint.com/ - Mark Alley On 1/5/2024 3:37 PM, Thomas Johnson via mailop wrote: Hello- We're seeing some dropped connections from various servers on ppe-hosted.com

Re: [mailop] DMARC processing

Is that on Github somewhere? I'd be glad to add it to the list. On 12/19/2023 9:20 AM, Slavko via mailop wrote: Dňa 19. decembra 2023 15:02:15 UTC používateľ Mark Alley via mailop napísal: https://dmarcvendors.com/#Self-Hosted_Solutions I use own python script (piped from exim), which

Re: [mailop] DMARC processing

https://dmarcvendors.com/#Self-Hosted_Solutions - Mark Alley On 12/19/2023 2:47 AM, Eduardo Diaz Comellas via mailop wrote: Hi, I'm starting to deploy DMARC records in all our managed domains, but we don't have any specific tool to parse and extract meaningful information from the reports.

[mailop] SMTP smuggling

Hey all, recently saw this mail server SMTP vulnerability that popped up on a blog yesterday. Sharing here for those interested. https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ -Mark Alley ___ mailop mailing list

Re: [mailop] If one signature is good, 72 signatures must be better

Your hypothesis is accurate; speaking from professional experience with Proofpoint products, there is an option within the Proofpoint PoD DKIM signing configuration to set the Domain scope to "Any" which will reproduce this behavior if someone just left the defaults when generating a key(s).

[mailop] Potential MIT email compromise

Hey all, anyone from MIT on list? Seeing a significant amount of QR phishing and docusign phishing from MIT mail servers. IP addresses: 18.9.28.11 (outgoing-auth-1.mit.edu) 18.4.43.33 (littlewood.mit.edu) Header FROM: h...@math.mit.edu Thanks, Mark Alley

Re: [mailop] hotmail.com SPF forgot IPv6

d your approach here, Mark _ L. Mark Stone, Founder North America's Leading Zimbra VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs - Original Message - From: "Mark Alley via mailop" To: "

Re: [mailop] hotmail.com SPF forgot IPv6

VAR/BSP/Training Partner For Companies With Mission-Critical Email Needs - Original Message - From: "Mark Alley via mailop" To: "mailop" Sent: Friday, August 18, 2023 10:33:50 AM Subject: Re: [mailop] hotmail.com SPF forgot IPv6 This will definitely showcase how many

Re: [mailop] hotmail.com SPF forgot IPv6

This will definitely showcase how many receivers are still rejecting based on SPF failure by itself. There's already many threads on Reddit about this from regular consumers experiencing bounces they don't know what to do with, it's actually quite sad reading some of them. - Mark Alley On

Re: [mailop] ANY OVH Contact?

On 8/9/2023 3:31 AM, Jaroslaw Rafa via mailop wrote: Dnia 9.08.2023 o godz. 11:00:12 Otto J. Makela via mailop pisze: Unless the situation has dramatically changed in the last year, OVH has no functioning abuse team. I block a majority of their nets from sending email, don't seem to getting

[mailop] Puma email admins

Anyone on list happen to have contacts with Puma.com email admins? Emails from their invoice billing vendor Billtrust are failing SPF, and subsequently DMARC. - Mark Alley ___ mailop mailing list mailop@mailop.org

Re: [mailop] [EXT] - Dkim fails, success on same email?

On 6/20/2023 12:20 PM, Benny Pedersen via mailop wrote: Mark Alley via mailop skrev den 2023-06-20 19:05: You'll need to add the DKIM selector (and key) Sophos generated for you to your external DNS provider so that other receivers can resolve the key, which enables them to validate messages

Re: [mailop] [EXT] - Dkim fails, success on same email?

You'll need to add the DKIM selector (and key) Sophos generated for you to your external DNS provider so that other receivers can resolve the key, which enables them to validate messages signed by your email filter. - Mark Alley On 6/20/2023 11:53 AM, Salvatore Jr Walter P via mailop wrote:

Re: [mailop] Twitter DKIM/DMARC Fails

Looks specific to several of their NS' in the "u06" subdomain. Everything returned from the "r06" servers resolves correctly. a.u06.twtrdns.net b.u06.twtrdns.net c.u06.twtrdns.net d.u06.twtrdns.net On 6/20/2023 11:17 AM, Tom Bartel via mailop wrote: Twitter seems to have copy/pasted quoted 

Re: [mailop] SPF: Does include: a host without TXT entry invalidate the whole SPF entry?

https://datatracker.ietf.org/doc/html/rfc7208#section-5.2 See the table at the bottom of the section regarding recursive check_host() evaluation. In this case, the recursive check_host() function returned "none" as a result from the include mechanism, and therefore according to the table, the

Re: [mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)

Update on this - it appears that Google will now be restricting BIMI display to specifically DKIM authenticated mail. Link below, see the update on the article. https://www.scmagazine.com/news/email-security/gmail-spoofing-google-priority-1-probe "This issue stems from a third-party security

Re: [mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)

On 6/5/2023 7:41 PM, Benny Pedersen via mailop wrote: Mark Alley via mailop skrev den 2023-06-06 02:17: O365 customers can mitigate this by ensuring they sign DKIM and remove the O365 include where feasible (only possible if O365 is not a domain's last hop), or by signing DKIM and making

Re: [mailop] When Will Outlook Rollout SRS for All of Their Email Servers? (For the sake of bimi)

Last time it was reported to Microsoft, IIRC the individual got the response, "it's working as expected" as to the vulnerability that allows aligned SPF mail to be forwarded without SRS from any tenant. Realistically, DMARC and BIMI are working as expected in this scenario. Email was (re)sent

Re: [mailop] Google Toolbox broken?

Apologies, typo correction - *"/MX address record limitation as *10 *A lookups/ /instead of 1/" On 6/2/2023 5:45 PM, Mark Alley wrote: You'll find that several validators are somewhat liberal with interpretation of RFC logic and the ABNFs. So, it's not really too surprising. For example,

Re: [mailop] Google Toolbox broken?

You'll find that several validators are somewhat liberal with interpretation of RFC logic and the ABNFs. So, it's not really too surprising. For example, MXToolbox's SPF validator (until very recently, it seems they have since fixed it) used to count the number of IP addresses resolved from

Re: [mailop] verifier.port25.com

For email authentication, dmarctester.com (AKA LearnDMARC) is a good tool. mail-tester.com is another, and it also performs checks with SpamAssassin, RBLs, etc. - Mark Alley On 5/23/2023 1:31 PM, Blake Hudson via mailop wrote: Looks like the email verification application at

Re: [mailop] Microsoft Office365 not rejecting emails when instructed so by SPF recored?

Assuming you're emailing someone that's an Office 365 customer, it's largely dependent on the receiving tenant's spam filtering configuration within O365 spam settings and Defender. Exchange Online itself does not outright reject SPF failure unless a customer has configured it to do so. -

Re: [mailop] Amazon please stop your outgoing spam

Here's a few prominent services I know of sending from this 54.224.0.0/11 subnet. (Whether or not these are spam in your eyes is up to you, I'm just noting actual legitimate senders.) * Amazon Business (no-re...@amazon.com) * Amazon DE (donotre...@amazon.de) * Adobe

Re: [mailop] SPF behavior on email forwarding

My understanding is that ARC validators have a list of trusted ADMDs (domains) that they trust the ARC results of to be "accurate and true". If the chain is valid at receipt, all of the sealed

Re: [mailop] agilitylive.com publishing empty SPF record

their domain respectively, as they are legitimate emails and duly expected, but I'd rather the root problem be fixed so we as receivers do not have to resort to manual safelisting. - Mark Alley On 4/14/2023 7:15 AM, Gellner, Oliver via mailop wrote: On 13.04.2023 at 19:37 Mark Alley via mailop wrote:

Re: [mailop] agilitylive.com publishing empty SPF record

To clarify - /legitimate /mail getting rejected. I have not seen any malicious messages from these IP's, this seems to be a recent change in their DNS according to securitytrails. On 4/13/2023 12:22 PM, Mark Alley wrote: Any Kofax reps or someone who knows the owners of agilitylive.com on

[mailop] agilitylive.com publishing empty SPF record

Any Kofax reps or someone who knows the owners of agilitylive.com on list? It appears they've recently published an empty SPF record with a hardfail policy and an (incorrectly) placed DMARC policy of reject. Lots of mail getting rejected from them because of their SPF record. IP Addresses

Re: [mailop] software for a DMARC report db

https://dmarcvendors.com/#Self-Hosted_Solutions has a list of all (known) self-hosted DMARC solutions, as well as the hosted SaaS ones. If anyone on list knows of any that aren't listed, let me know and I'll update the site. -Mark Alley On 4/7/2023 12:37 PM, Michael W. Lucas via mailop

Re: [mailop] Salesforce abuse bounces

Looks like a typoed domain. On 4/3/2023 1:38 PM, Jay Hennigan via mailop wrote: Trying to report spam from their network, got this: Reporting-MTA: dns; speedy.sb.west.net X-Postfix-Queue-ID: 4PqzpV4cYJz6N6gs X-Postfix-Sender: rfc822; [me] Arrival-Date: Mon,  3 Apr 2023 11:25:22 -0700 (PDT)

Re: [mailop] If possible can I get a email back from someone either at Google Workspaces or Google Domains

I replied off list. On Tue, Mar 21, 2023, 9:54 AM Eric Tykwinski via mailop wrote: > > > > > Sincerely, > > > > Eric Tykwinski > > TrueNet, Inc. > > P: 610-429-8300 > > > ___ > mailop mailing list > mailop@mailop.org >

Re: [mailop] [EXT] - Re: [EXT] - Re: [EXT] - Re: New member, trying to bring our mail server inline.

That would definitely do it - does it have the ability to sign DKIM? Maybe you should do it there, instead of on exchange. Typically you want to sign DKIM at the edge. On 3/4/2023 5:48 PM, Salvatore Jr Walter P via mailop wrote: Something just accored to me, we have a sophos email appliance.

Re: [mailop] Intuit directly spaming

I'm not sure if they have an API, but I've used Hurricane Electric's BGP toolkit   to look up AS' frequently. If you want API integration, BGPview is quite useful. On 3/4/2023 4:58 PM, MRob via mailop

Re: [mailop] Google Postmaster Crash

I've seen the same with my domains. Just spins on load. On Sat, Mar 4, 2023, 3:35 PM Emre Üst via mailop wrote: > Hello , > > Google Postmaster not working since Friday. After log in, it should list > the domain list, but the loading screen returns and does not appear. > > Are you like that

Re: [mailop] New member, trying to bring our mail server inline.

The selector seems to just be "1", of which the published record appears to be valid in DNS. https://tools.wordtothewise.com/dkim/check/warwickri.gov/1 DNS propagation shows the DKIM record is resolvable across the internet, so

Re: [mailop] DKIM record IONOS

On 2/17/2023 9:27 PM, H wrote: > On February 16, 2023 8:57:49 PM EST, Mark Alley via mailop > wrote: >> As long as the organizational domain you want reports for is the same >> as >> you have published in the DMARC RUA/RUF "mailto" tags, then no, you do >&

Re: [mailop] DKIM record IONOS

As long as the organizational domain you want reports for is the same as you have published in the DMARC RUA/RUF "mailto" tags, then no, you do not need it to be able to receive said reports. - Mark Alley On Thu, Feb 16, 2023, 7:47 PM H wrote: > On February 16, 2023 6:37:42 PM ES

Re: [mailop] DKIM record IONOS

You only need to create that record if you are sending the aggregate/failure reports for a particular domain that is different from the one the reports are actually on behalf of. So for example, if you owned domain1.com and wanted to send RUA/RUF reports for domain1.com to a mailbox at

Re: [mailop] DKIM record IONOS

In consumer applications, DKIM is usually signed on behalf of the sending domain it has been configured for (if at all). If you own domain1.com on IONOS and set up DKIM signing for it, domain1.com email from that mail system will be signed. If you own domain2.com on IONOS and have not set up

Re: [mailop] Question of SPF record

Per their instructions here: https://www.ionos.com/help/domains/configuring-mail-servers-and-other-related-records/using-an-spf-record-to-prevent-spam/ Just add these to your SPF record like so. v=spf1 a mx include:_spf.perfora.net include:_spf.kundenserver.de ~all You probably don't need the

Re: [mailop] gmail putting most messages into Spam

Fair point. I've seen that with the .tk free TLD as well, same boat. Generally, nobody I've seen using that TLD has a good time related to email. On 1/18/2023 4:00 PM, John Levine via mailop wrote: It appears that Jaroslaw Rafa via mailop said: Dnia 18.01.2023 o godz. 07:39:48 Mark Alley via

Re: [mailop] gmail putting most messages into Spam

m. Thanks again. Thanks again. On Wed, 18 Jan 2023 05:50:51 -0500, Mark Alley via mailop wrote: [1 ] [1.1 ] One other thing - it also appears the SPF syntax for "ccs.covici.com" is currently an issue. You'll want to address this so it can be parsed by mail servers correctly. Here

Re: [mailop] gmail putting most messages into Spam

That might be your email client rendering my original message differently - there shouldn't be any delimiter necessary in your SPF record at the beginning/end, you can remove them. On 1/18/2023 10:44 AM, John Covici via mailop wrote: So, what can I use to begin and end the record? Do I need

Re: [mailop] gmail putting most messages into Spam

Ah ok, apologies, I missed that in the chain. I knew someone had mentioned it before in this or another thread, but couldn't find it. On 1/18/2023 7:43 AM, Jaroslaw Rafa via mailop wrote: Dnia 18.01.2023 o godz. 07:38:32 Mark Alley via mailop pisze: Have you tried submitting via the Google

Re: [mailop] gmail putting most messages into Spam

Woops, sorry, wrong link pasted. That's the sender guidelines - while still helpful, was not what I was trying to send. https://support.google.com/mail/contact/gmail_bulk_sender_escalation On 1/18/2023 7:38 AM, Mark Alley wrote: Have you tried submitting via the Google Sender Contact Form

Re: [mailop] gmail putting most messages into Spam

Have you tried submitting via the Google Sender Contact Form to get this resolved? On 1/18/2023 5:02 AM, Jaroslaw Rafa via mailop wrote: Dnia 17.01.2023 o godz. 20:05:45 Jarland Donnell via mailop pisze: You visit mail-tester.com, copy the email

Re: [mailop] gmail putting most messages into Spam

it was hello covici.com since I am not sending from that address? On Wed, 18 Jan 2023 05:33:32 -0500, Mark Alley via mailop wrote: [1 ] [1.1 ] //X-Spam-Last-External-HELO: covici.com/ * 0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS * I don't understand this one, I have rdns

Re: [mailop] gmail putting most messages into Spam

Sorry - categories*, not labels. On 1/17/2023 9:43 AM, Mark Alley wrote: The labels in Gmail/workspace aren't the same as spam, they are part of the Inbox. If you have the user turn off labels, you will see them still in the inbox as expected. On 1/17/2023 9:32 AM, Robert Schoneman via

Re: [mailop] gmail putting most messages into Spam

The labels in Gmail/workspace aren't the same as spam, they are part of the Inbox. If you have the user turn off labels, you will see them still in the inbox as expected. On 1/17/2023 9:32 AM, Robert Schoneman via mailop wrote: Our outbound email from O365 through PPE to Gmail and Google

Re: [mailop] gmail putting most messages into Spam

Ah, that is interesting. I checked with a few client PoD clusters I have access to and haven't noticed any spam filtering issues at the moment with consumer gmail accounts or workspace tenants. On 1/17/2023 9:05 AM, Paul Gregg wrote: On Tue, Jan 17, 2023 at 08:28:54AM -0600, Mark Alley via

Re: [mailop] gmail putting most messages into Spam

Just to clarify - Do you mean from Proofpoint enterprise (PoD) customers or Proofpoint essentials? I could definitely see essentials having this problem as their IP space is shared amongst customers, but PoD clusters each individually have their own IPs that are separate from any other

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Looking at it again, I agree with Todd and Jarland's hypothesis; Forwarding sounds more plausible than an API submission via compromised credentials in this case. I think that hit the nail on the head. This also correlates to one of Mailgun's product offerings

Re: [mailop] Valid SPF/DKIM/DMARC *SPAM* coming from my domain ?!

Do you have an API ID and key/password for Mailgun somewhere that was compromised? Was it saved somewhere like a password manager (think Lastpass)? This looks as if the host submitted it directly to Mailgun, hence it passed all email authentication. On 1/11/2023 3:00 PM, Cyril - ImprovMX via

Re: [mailop] Intentionally vague SPF records.

+1 to Laura's statement about Macros - and just wanted to add there is also an open source solution that allows for self-hosted SPF macros on github as well. https://github.com/smck83/expurgate On 1/11/2023 9:00 AM, Laura Atkins via mailop wrote: On 11 Jan 2023, at 13:08, Simon Burke via

Re: [mailop] Intentionally vague SPF records.

11 Jan 2023 at 13:32, Mark Alley via mailop wrote: What makes you think you'd go over the limit if you haven't done the discovery? You might be surprised that you may not exceed the lookup count, as with optimization/analysis and proper SPF design (even without flattening), the

Re: [mailop] Intentionally vague SPF records.

What makes you think you'd go over the limit if you haven't done the discovery? You might be surprised that you may not exceed the lookup count, as with optimization/analysis and proper SPF design (even without flattening), the lookup count can be quite easily managed. This sounds like a prime

Re: [mailop] I received a scam letter from Paypal

A common scenario for these is that a legitimate PayPal account is compromised and then used to send out these invoices requests from the account, hence these requests/messages are sent via PayPal's email infrastructure to external recipients. The best course of action for remediation would

Re: [mailop] Contact info for antispamcloud.com ?

Checking the MX history, it looks like they've had these MX records in place for that domain for several years. Or am I missing something? Were you getting no resolution results previously? On 12/26/2022 12:53 PM, Peter N. M. Hansteen via mailop wrote: On Mon, Dec 26, 2022 at 06:26:26PM