Dnia 5.03.2023 o godz. 20:58:22 Benny Pedersen via mailop pisze:
> Jaroslaw Rafa via mailop skrev den 2023-03-05 20:45:
> >It's obvious to check MX for *recipient* domain, but not
> >for sender...
>
> reject_mumble_sender is very hard ?, you have it as recipient, hmmp :)
>
> tip dont accept
Jaroslaw Rafa via mailop skrev den 2023-03-05 20:45:
It's obvious to check MX for *recipient* domain, but not
for sender...
reject_mumble_sender is very hard ?, you have it as recipient, hmmp :)
tip dont accept mail for unknown domains, rfc 7505 does create this, but
keeps domain valid for
Dnia 5.03.2023 o godz. 04:50:34 Benny Pedersen via mailop pisze:
> Jaroslaw Rafa via mailop skrev den 2023-03-04 20:00:
> >Dnia 3.03.2023 o godz. 22:21:28 John Levine via mailop pisze:
> >Why isn't it just "v=spf1 -all" then? That's the most common way of
> >indicating that a domain should never
Jaroslaw Rafa via mailop skrev den 2023-03-04 20:00:
Dnia 3.03.2023 o godz. 22:21:28 John Levine via mailop pisze:
Why isn't it just "v=spf1 -all" then? That's the most common way of
indicating that a domain should never send mail...
it would be more weak then rfc 7505 anyway, since not all
Raymond Dijkxhoorn via mailop skrev den 2023-03-04 00:51:
$ host -t txt h-email.net
h-email.net descriptive text "v=spf1 ip6:fd96:1c8a:43ad::/48 -all"
Disposable email services.
10minutemail[.]pro
10minutesmail[.]net
And so on ...
fd96: is bogus aswell, as in i like to see an email from
they also own thousands of typo domains like gmai.com
On Sat, Mar 4, 2023 at 1:28 PM Collider via mailop
wrote:
> Likely that ULA has to send email from that host inside their network?
>
> On 4 March 2023 19:00:18 UTC, Jaroslaw Rafa via mailop
> wrote:
>>
>> Dnia 3.03.2023 o godz. 22:21:28
Likely that ULA has to send email from that host inside their network?
On 4 March 2023 19:00:18 UTC, Jaroslaw Rafa via mailop
wrote:
>Dnia 3.03.2023 o godz. 22:21:28 John Levine via mailop pisze:
>> It appears that Jan Schaumann via mailop said:
>> >$ host -t txt h-email.net
>> >h-email.net
Dnia 3.03.2023 o godz. 22:21:28 John Levine via mailop pisze:
> It appears that Jan Schaumann via mailop said:
> >$ host -t txt h-email.net
> >h-email.net descriptive text "v=spf1 ip6:fd96:1c8a:43ad::/48 -all"
>
> That's the most interestingly broken SPF record I have ever seen.
>
> All valid
At second glance, it seems more that I’m seeing spammers stating their
HELO as “mail.h-email.net” while sending from IPs unrelated to that of
the actual mail.h-email.net. So probably what I’m seeing is actually
unrelated to anything run by whoever owns that domain.
On 2023-03-03 18:49,
All of the domains I’ve checked with that MX are parked. Many of them go
through multiple rounds of redirects and some of them even attempt to load apps
when visited. I don’t know what they’re used for, but there don’t appear to be
users there. When I do hygiene for clients I list anything
It appears that Jan Schaumann via mailop said:
>$ host -t txt h-email.net
>h-email.net descriptive text "v=spf1 ip6:fd96:1c8a:43ad::/48 -all"
That's the most interestingly broken SPF record I have ever seen.
All valid IPv6 global addresses start with 2 or 3. That fd96 address
is a Unique Local
My guess is these are spam support services, not spam sending services.
They might be drop boxes or service signup boxes. I've checked the /24
and /22 around these IPs and natch, nadda in SpamCop for them
Richard
On 2023-03-03 6:16 p.m., Jan Schaumann via mailop wrote:
Jarland Donnell via
Hello Jaroslaw,
$ host mail.h-email.net
mail.h-email.net has address 178.62.199.248
Yes. the nature of those 'temp email services' it exactly that.
I always thought temp email services are meant for receiving mail only and
don't ever send anything?
Serveral variations of the same. Some
Dnia 4.03.2023 o godz. 01:05:04 Raymond Dijkxhoorn via mailop pisze:
>
> >won't correlate to any particular front-end mail service. I mean
> >just 100% correlation with spam in my logs, and not a small amount
> >of logs either.
>
> >>$ host mail.h-email.net
> >>mail.h-email.net has address
Jarland Donnell via mailop wrote:
> A quick parse of my logs suggests that it's a spam-only operation, so likely
> won't correlate to any particular front-end mail service. I mean just 100%
> correlation with spam in my logs, and not a small amount of logs either.
Interesting that e.g., Spamhaus
Hi!
won't correlate to any particular front-end mail service. I mean just 100%
correlation with spam in my logs, and not a small amount of logs either.
$ host mail.h-email.net
mail.h-email.net has address 178.62.199.248
Yes. the nature of those 'temp email services' it exactly that.
Bye,
A quick parse of my logs suggests that it's a spam-only operation, so
likely won't correlate to any particular front-end mail service. I mean
just 100% correlation with spam in my logs, and not a small amount of
logs either.
On 2023-03-03 17:12, Jan Schaumann via mailop wrote:
Hey,
Does
Hello Jan,
The other curious thing is that mail.h-email.net has
only IPv4 addresses (in Digital Ocean and Hetzner),
but h-email.net has an SPF policy that only allows
IPv6 connections:
$ host mail.h-email.net
mail.h-email.net has address 178.62.199.248
mail.h-email.net has address
18 matches
Mail list logo
