On 5/19/20 5:51 AM, Thomas Walter via mailop wrote:
> On 19.05.20 12:01, Jaroslaw Rafa via mailop wrote:
>> A shared account by itself is a security loophole.
> Why is that? You can perfectly share an account with IMAP4 Access
> Control Lists.
>
> The issue is not the shared account, the issue is
On 19.05.20 13:11, Andrew C Aitchison via mailop wrote:
> A bug/issue tracking system or othe5r "help desk" tool
> *may* be a better solution here ...
That's a little overkill for boss & secretary environments.
Regards,
Thomas Walter
--
Thomas Walter
Datenverarbeitungszentrale
FH Münster
-
On Tue, 19 May 2020, Thomas Walter via mailop wrote:
On 19.05.20 12:01, Jaroslaw Rafa via mailop wrote:
There are no practical scenarios that justify the existence and use of
shared accounts.
Use a mailing list instead.
And multiply each and every mail to multiple people, making it difficult
Hey Jaroslaw,
On 19.05.20 12:01, Jaroslaw Rafa via mailop wrote:
> A shared account by itself is a security loophole.
Why is that? You can perfectly share an account with IMAP4 Access
Control Lists.
The issue is not the shared account, the issue is a shared password.
> There are no practical
Dnia 18.05.2020 o godz. 16:28:47 Jesse Thompson via mailop pisze:
>
> (actually, this was a shared account, which means that it likely has a
> poor password, even if it isn't what the attacker is using)
A shared account by itself is a security loophole.
There are no practical scenarios that
Finally got one!
I expect these reports to be largely a lagging indicator of 3rd party password
dumps, reflecting a certain subset of credential stuffing scenarios. I don't
think anyone in our organization is comparing all available breached password
hashes to local hashes, so it's nice to
We are an outbound only ESP so most of the senders are not real addresses,
the reply addresses are.
I've had to create a filter in my mailbox to send these to trash - pretty
annoying.
On Fri, 24 Apr 2020 at 14:31, micah anderson via mailop
wrote:
>
> Just got two more Abusix reports, things
Just got two more Abusix reports, things have improved, and gotten
worse:
1. I only was notified about one user, and it was an actual legitimate
user! That is new.
2. I got a notification for that same user twice, in two different
emails... huh?
3. The emails were sent as text/html, with no
On 3/24/20 11:36 AM, Steve Freegard via mailop wrote:
> I also found that I wasn't discarding some drive-by stuff which is more akin
> to
> what you were talking about so I've also corrected that which will further
> reduce the noise, raise the quality and reduce the number of daily reports
>
On 3/24/2020 11:19 AM, Steve Freegard via mailop wrote:
Hi Micah,
On 24/03/2020 16:10, micah anderson wrote:
FWIW, we got a couple of these Abusix reports, checked them out and
determined they were all false positives. Every single one of them was
either an account that hasn't existed for
I got my first "Abusix Potentially Compromised Account Report" today,
I'm so lucky.
It is useless. It's warning us about activity relating to domains that
don't have users. Activity not originating from or directly targeting
anything hosted by us.
No thanks? We want only reports of actual abuse,
> Once-only invitations to opt-in sound cool.
Not to me - we tell marketers they can't ask permission by spamming,
so I don't think anybody else should get a free pass either.
IT. DOES. NOT. SCALE. Nobody gives a flying flamingo about who the
sender is or what the purpose of the messaging is.
On Wed 25/Mar/2020 11:36:52 +0100 Laura Atkins via mailop wrote:
>> On 25 Mar 2020, at 10:00, Alessandro Vesely via mailop wrote:
>>
>> For a comparison, how'd you rate the signal to noise ratio of (accumulated)
>> DMARC aggregate reports?
>
> I don’t think there’s a valid comparison as DMARC
> Uh, well, aren't you curious about how bots harvest that data?
I am indeed not.
Using leaked credentials from Adobe, Dropbox, LinkedIn, or any other
widely available leak that has email addresses and passwords is quite
the sufficient explanation for me. There may be others, but this is
large
> On 25 Mar 2020, at 10:00, Alessandro Vesely via mailop
> wrote:
>
> For a comparison, how'd you rate the signal to noise ratio of (accumulated)
> DMARC aggregate reports?
I don’t think there’s a valid comparison as DMARC reports are opt-in and the
folks who are opting into them understand
On Tue 24/Mar/2020 17:22:14 +0100 Atro Tossavainen via mailop wrote:
> On Tue, Mar 24, 2020 at 10:58:14AM -0500, Al Iverson via mailop wrote:
>> I'm not understanding how this intersects with spamtraps. What does
>> this alert actually notify a network owner of?
>> Failed SMTP auth attempt from my
On 24 Mar 2020, at 16:52, Michael Peddemors via mailop
wrote:
> Like others on the list pointed out, if you send 'noise' then people will
> simply 'tune out' to your reports. While I commend you for looking at ways to
> help address the problem, you might want to have a smaller set of more
>
On 3/24/2020 6:36 AM, Steve Freegard via mailop wrote:
Rob should have done the same
Steve,
The last time I even mentioned "invaluement" at MailOp - and it was an
on-topic post - I got very harshly criticized for allegedly being too
promotional and spammy. Someone had complained about a
On 2020-03-24 9:35 a.m., micah anderson via mailop wrote:
Steve Freegard via mailop writes:
I included the partial SHA-1 to be compatible with automation and
tooling around the HaveIBeenPwned API - see
https://haveibeenpwned.com/API/v3#PwnedPasswords
I understand that desire, but I wish the
On 2020-03-24 11:48, Steve Freegard via mailop wrote:
thraxisp@:16472
Sure - that's a totally useless password and I'm happy to report I
haven't seen that particular username, but without an IP - it's a bit
meaningless as I can't tell you if we're seeing traffic on it or not.
I checked.
On Tue, Mar 24, 2020 at 11:27 AM Atro Tossavainen via mailop
wrote:
>
> On Tue, Mar 24, 2020 at 10:58:14AM -0500, Al Iverson via mailop wrote:
> > I'm not understanding how this intersects with spamtraps. What does
> > this alert actually notify a network owner of?
> > Failed SMTP auth attempt
Steve Freegard via mailop writes:
> I included the partial SHA-1 to be compatible with automation and
> tooling around the HaveIBeenPwned API - see
> https://haveibeenpwned.com/API/v3#PwnedPasswords
I understand that desire, but I wish the HaveIBeenPwned things were
better. As a provider,
Hi Al,
On 24/03/2020 15:58, Al Iverson via mailop wrote:
I'm not understanding how this intersects with spamtraps. What does
this alert actually notify a network owner of?
Failed SMTP auth attempt from my IP space?
Or a failed SMTP auth attempt from someplace else TO my IP space?
Or door #3?
On Tue, Mar 24, 2020 at 10:58:14AM -0500, Al Iverson via mailop wrote:
> I'm not understanding how this intersects with spamtraps. What does
> this alert actually notify a network owner of?
> Failed SMTP auth attempt from my IP space?
> Or a failed SMTP auth attempt from someplace else TO my IP
Hi Micah,
On 24/03/2020 16:10, micah anderson wrote:
FWIW, we got a couple of these Abusix reports, checked them out and
determined they were all false positives. Every single one of them was
either an account that hasn't existed for years, or wasn't even a valid
account (like mailing list
Steve Freegard via mailop writes:
> On 24/03/2020 15:10, Chris via mailop wrote:
>> On 2020-03-24 06:36, Steve Freegard via mailop wrote:
>>
>>> I have great respect for you, but I didn't spend a considerable
>>> amount of development time without actually being absolutely certain
>>> about
On 24/03/2020 15:10, Chris via mailop wrote:
On 2020-03-24 06:36, Steve Freegard via mailop wrote:
I have great respect for you, but I didn't spend a considerable
amount of development time without actually being absolutely certain
about what I was doing. Your experience is not relevant
On 2020-03-24 06:36, Steve Freegard via mailop wrote:
I have great respect for you, but I didn't spend a considerable amount
of development time without actually being absolutely certain about what
I was doing. Your experience is not relevant because you do not have
experience with
Chris,
On 22/03/2020 20:41, Chris via mailop wrote:
> On 2020-03-22 16:20, Nick Stallman via mailop wrote:
>> I got one of these the other day and I'm scratching my head about it
as what's in the report cannot possibly be correct.
>>
>> The report was for a domain we host the website for, but
On 2020-03-22 20:44, Rob McEwen via mailop wrote:
On 3/22/2020 4:41 PM, Chris via mailop wrote:
It's been my experience that MOST of them are going to be red-herrings
+1
2 days ago, I got one of these for a domain for which I host email. I
checked the SHA-1 hash against the current
On Sun 22/Mar/2020 18:12:57 +0100 Steve Freegard via mailop wrote:
> On 22/03/2020 16:05, Andrew C Aitchison wrote:
>> On Sun, 22 Mar 2020, Steve Freegard via mailop wrote:
>>> I didn't design this to annoy people, I did it because it's useful for the
>>> internet in general because compromised
On 3/22/2020 4:41 PM, Chris via mailop wrote:
It's been my experience that MOST of them are going to be red-herrings
+1
2 days ago, I got one of these for a domain for which I host email. I
checked the SHA-1 hash against the current password's SHA-1 hash, and it
didn't match. So it seemed
On 2020-03-22 16:20, Nick Stallman via mailop wrote:
I got one of these the other day and I'm scratching my head about it as
what's in the report cannot possibly be correct.
The report was for a domain we host the website for, but the domain has
no email at all.
The account referenced is also
I got one of these the other day and I'm scratching my head about it as
what's in the report cannot possibly be correct.
The report was for a domain we host the website for, but the domain has
no email at all.
The account referenced is also not a valid website login or anything
else I can
On 22 Mar 2020, at 10:28, Steve Freegard via mailop wrote:
Abuse reports shouldn't have to be opt-in.
True, but these are not abuse reports to an empowered party, but rather
to possible victims.
It's akin to the FUSSPs that use mail-based challenge/response models or
to SMTP callback
Steve,
> >I am not impressed.
>
> Sorry about that Atro.
Having witnessed what I have today, I have to say I think your concept
is inherently flawed.
Also, my handful-of-dozen spams of this type are apparently a drop in
the ocean when compared to some of the more serious spamtrappers who
claim
Hi Andrew,
On 22/03/2020 16:05, Andrew C Aitchison wrote:
On Sun, 22 Mar 2020, Steve Freegard via mailop wrote:
I didn't design this to annoy people, I did it because it's useful
for the internet in general because compromised accounts are a huge
issue, and one that causes issues for
On Sun, 22 Mar 2020, Steve Freegard via mailop wrote:
This data is inherently noisy and I've gone to extreme lengths
to remove as much noise as possible and provide Abuse
Desks/Postmasters some visibility that they do not currently
have.
Whilst this time it's reported an alias, next time
Hi Atro,
On 22/03/2020 11:23, Atro Tossavainen via mailop wrote:
On Sun, Mar 22, 2020 at 02:11:45PM +1000, Ted Cooper via mailop wrote:
Has anyone run into "Abusix" /potentially/ compromised account
notification emails before?
Not before, but now that you say, yes.
I have a few dozen samples
Hi Thomas,
On 22/03/2020 09:03, Thomas Walter via mailop wrote:
I got the same email with some of our local accounts and aliases.
Interestingly enough it included the same IP address 185.234.219.89.
That will happen, one IP usually goes absolutely crazy and sends most of
the traffic, other
Hi Luis,
On 22/03/2020 04:59, Luis E. Muñoz via mailop wrote:
I got three in the last 48 hours at different sites. All referenced
real user accounts – no clue about the password. The warning seemed
legit so I passed the info to the potentially affected users, with the
recommendation to
Hello Ted,
On 22/03/2020 04:11, Ted Cooper via mailop wrote:
Has anyone run into "Abusix" /potentially/ compromised account
notification emails before?
Their website "abusix.ai" looks to be about a week old based on the age
of all of the articles. I would have guessed they'd have been around
On Sun, Mar 22, 2020 at 02:11:45PM +1000, Ted Cooper via mailop wrote:
> Has anyone run into "Abusix" /potentially/ compromised account
> notification emails before?
Not before, but now that you say, yes.
I have a few dozen samples in spamtraps from Friday Mar 20, never before.
They're both in
Hey everyone,
On 22.03.20 05:11, Ted Cooper via mailop wrote:
> Has anyone run into "Abusix" /potentially/ compromised account
> notification emails before?
I got the same email with some of our local accounts and aliases.
Interestingly enough it included the same IP address 185.234.219.89.
On 21 Mar 2020, at 21:11, Ted Cooper via mailop wrote:
Has anyone run into "Abusix" /potentially/ compromised account
notification emails before?
I got three in the last 48 hours at different sites. All referenced real
user accounts – no clue about the password. The warning seemed legit
I pinged someone there to take a look.
Udeme
On Sat, Mar 21, 2020 at 9:17 PM Ted Cooper via mailop
wrote:
> Has anyone run into "Abusix" /potentially/ compromised account
> notification emails before?
>
> Their website "abusix.ai" looks to be about a week old based on the age
> of all of the
46 matches
Mail list logo
