Re: [mailop] Hotmail/Microsoft Contact Available?

[G. Miliotis]

On 15/9/2015 12:12 πμ, Michael Wise wrote:


Sooner or later, your discussions will end there, and the ticketing 
will begin.


There is **NO** way around it; Microsoft Legal has been very clear on 
the matter.


This is interesting, I was just instructed by my server provider to 
contact del...@messaging.microsoft.com concerning a blacklisted IP range 
I'm trying to get unblocked. If this is wrong, I should let them know 
not to tell anyone else.


--GM
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[Michael Wise]

If it's Hotmail that is blocking you, my advice stands.

If it's"protection.outlook.com" which is a different entity entirely, then 
delist@ is the way to proceed, yes.

Aloha,
Michael.
--
Sent from my Windows Phone

From: G. Miliotis
Sent: ‎9/‎15/‎2015 12:03 AM
To: mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?

On 15/9/2015 12:12 ??, Michael Wise wrote:
Sooner or later, your discussions will end there, and the ticketing will begin.
There is *NO* way around it; Microsoft Legal has been very clear on the matter.

This is interesting, I was just instructed by my server provider to contact 
del...@messaging.microsoft.com 
concerning a blacklisted IP range I'm trying to get unblocked. If this is 
wrong, I should let them know not to tell anyone else.

--GM
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Security contacts needed for libero.it / tin.it / alice.it / tiscali.it / virgilio.it / fastwebnet.it / email.it

[Neil Schwartzman]

Please contact me offlist at Neil Schwartzman 

set of compromised user credentials.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Steve Freegard]

On 15/09/15 18:24, Al Iverson via mailop.org wrote:

Is this truly having an immediate negative impact operationally? It
seems like this could be feedback you could give them directly,
offlist, without having to share it with the rest of us.




Very funny.   Feedback to where?  Their 1st line support wouldn't have a 
clue what to do with that.


I'm sure that plenty of us check RFC validity (e.g. there shouldn't be 
more than one Message-Id header), so it's pretty pertinent information.


I'm sure it's causing them issues with deliverability because of it.

Regards,
Steve.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk

[Rich Kulawiec]

On Mon, Sep 14, 2015 at 01:05:28PM -0400, Rich Kulawiec wrote:
> That's part of it, sure.  But having working RFC 2152 role addresses,

RFC 2142, sorry for the typo.

---rsk

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Rich Kulawiec]

On Mon, Sep 14, 2015 at 12:00:01PM -0700, Michael Peddemors wrote:
> Monitoring from ISP's and Telco's has always shown a lot of leakage
> from the servers called..
> 
> mail-pu1apc01hn0200.outbound.protection.outlook.com

I've seen a noticeable uptick in (obvious) spam from the following
similarly-named servers in the last 60 days:

65.55.169.251   mail-bl2un0251.outbound.protection.outlook.com
104.47.124.213  mail-hk2apc01hn0213.outbound.protection.outlook.com
104.47.124.216  mail-hk2apc01hn0216.outbound.protection.outlook.com
104.47.125.218  mail-sg2apc01hn0218.outbound.protection.outlook.com
104.47.125.235  mail-sg2apc01hn0235.outbound.protection.outlook.com
104.47.126.202  mail-pu1apc01hn0202.outbound.protection.outlook.com
104.47.126.240  mail-pu1apc01hn0240.outbound.protection.outlook.com
134.170.140.253 mail-hk1hn0253.outbound.protection.outlook.com
157.55.234.144  mail-db3on0144.outbound.protection.outlook.com
157.55.234.249  mail-db3hn0249.outbound.protection.outlook.com
157.55.234.251  mail-db3hn0251.outbound.protection.outlook.com
157.56.110.247  mail-bn1hn0247.outbound.protection.outlook.com
157.56.110.248  mail-bn1hn0248.outbound.protection.outlook.com
157.56.110.251  mail-bn1hn0251.outbound.protection.outlook.com
157.56.112.250  mail-am1hn0250.outbound.protection.outlook.com
157.56.112.251  mail-am1hn0251.outbound.protection.outlook.com
157.56.112.253  mail-am1hn0253.outbound.protection.outlook.com
157.56.112.254  mail-am1hn0254.outbound.protection.outlook.com
207.46.100.245  mail-by2hn0245.outbound.protection.outlook.com
207.46.100.248  mail-by2hn0248.outbound.protection.outlook.com

I haven't bothered reporting any of it because I'm not convinced that
anyone there will actually do anything meaningful about it.  But if there
is someone there with the baseline professionalism to individually and
completely investigate every single specimen (with an eye toward
identifying root cause(s) and fixing same), I would be happy to package
them all up and forward them along.

---rsk

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Michael Wise]

About the only way to report it that won't get ignored (presupposing this 
didn't wind up in the mailbox of a HotMail, AOL, Yahoo, or similar service that 
we have an ARF-based Feedback Loop with) is via SpamCop.
 

Seriously, the days of one-off reports ... when you're handling billions of 
messages a day for hundreds of millions of mailboxes ... have ended. They ended 
some time ago.

We have a system that filters out the largest trends in the 100's of thousands 
of sender submissions we get each day for triage, and we handle the top ~70% of 
them ... the ones that are one-off samples pretty much always get ignored 
because they're in error, or they are a small enough sample of the whole 
problem space that we are dealing with that they are almost always eclipsed by 
the larger issues. It allows us to deal with the biggest issues fastest. One 
sample gets lost in the noise, as ... some would argue, it should be.

As I said previously, chances are, these samples have already been dealt with 
by the time you see them.

I tried to act to forestall this long ago by advocating for a sort of Open 
Feedback Loop system, but my efforts were ignored.
Welcome to the desert of the real.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rich Kulawiec
Sent: Tuesday, September 15, 2015 5:15 AM
To: mailop@mailop.org
Subject: Re: [mailop] Protection Outlook.. 

On Mon, Sep 14, 2015 at 12:00:01PM -0700, Michael Peddemors wrote:
> Monitoring from ISP's and Telco's has always shown a lot of leakage
> from the servers called..
> 
> https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0200.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=oecCQ9QICA9k0oa%2fKDx5oZtm7I6K%2bh6%2fIqBpZhI3Htg%3d

I've seen a noticeable uptick in (obvious) spam from the following
similarly-named servers in the last 60 days:

65.55.169.251   
https://na01.safelinks.protection.outlook.com/?url=mail-bl2un0251.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=TAOhTL0mWKHS28%2fa9oUGd1%2bZfV27i5C%2fDmVn8MXXihc%3d
104.47.124.213  
https://na01.safelinks.protection.outlook.com/?url=mail-hk2apc01hn0213.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=NYqDqdl%2fBwDiYsOUT37czTTq2v4kubVOsBZJ%2f3RzyqY%3d
104.47.124.216  
https://na01.safelinks.protection.outlook.com/?url=mail-hk2apc01hn0216.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=l8m1CWRVmPU38Ava8VtPtOYQ98jxM9TTyVEXEOVOLis%3d
104.47.125.218  
https://na01.safelinks.protection.outlook.com/?url=mail-sg2apc01hn0218.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=NXOsSN%2fBz%2bI3OERNL8WLiYpJ5lLZsL4SPS%2b%2bpblKUz8%3d
104.47.125.235  
https://na01.safelinks.protection.outlook.com/?url=mail-sg2apc01hn0235.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=tssNhjNgOKZxczncEnnRyAx7ntnEV1GhPzd7UToXCBI%3d
104.47.126.202  
https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0202.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=5RUV8qMIewPnME%2fSamkwt0L9qAJYSYTCV2REzEl3VTk%3d
104.47.126.240  
https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0240.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=JgDLpwP0QPL8vKIDMae8vNhKDD0THC5VBx7GS%2bcIuKc%3d
134.170.140.253 
https://na01.safelinks.protection.outlook.com/?url=mail-hk1hn0253.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=4WAENiP0rY%2b8g%2fPtAumLaDMZaW%2fdqwzQdKmzkR0XGno%3d
157.55.234.144  
https://na01.safelinks.protection.outlook.com/?url=mail-db3on0144.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1=qcK0Bc0rh5a4dZe2hZc4Tk9Qe2kcEWTriNwP%2fYncjfE%3d
157.55.234.249  

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Krishna Garewal]

Multiple Message-ID/id headers for MSA mails has been brought to the right 
people’s (as far as I know) attention.

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise
Sent: Tuesday, September 15, 2015 12:23 PM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..

I’ve been on the list for a while, no need to consult archives.
But the recent threads I have found … disconcerting.

Yes, there’s a lot of angst, mostly about things that we can’t typically do 
anything about; those are not topics we should be discussing.
Things that can be dealt with, especially if it involves my employer, all over 
it.
One off complaints, or … LOOK AT ALL THESE HOST NAMES LEAKING SPAM, OH NOEZ!
… when we’re sending hundreds of millions of legit emails a day… for businesses 
you know … I grieve.

We have issues. (“Who doesn’t? Ours are just bigger than most at times…”)
On the “Protection” side as well as the “Outlook/Hotmail” side.
Some of those I can be an advocate for change on, but it’s not like the old 
days when I could cobble together a spam classification system based on some 
ProcMail and PERL scripts, and have it pumping out actionable intel in a matter 
of days; other people do the Exchange-Equivalent (?!) of those things now, and 
I have next to no input. Not for lack of trying.

I can block traffic from the “Protection” side, or at least mark it as spam as 
it goes out. “SFV:SPM” is my little gift to y’all.
And I can sometimes escalate other issues, especially if it really is impacting 
your system or pushing systems over onto the floor.

But I can’t handle one-off complaints.
I don’t scale.

And, in most cases, I gather, neither do y’all.

As for the Outlook/Hotmail side of the house (stuff that doesn’t have, 
“Protection” in the rDNS, there’s very little I can do. Complaining to Abuse@ 
won’t get you anywhere, because they’re only interested in handling stuff with 
@microsoft.com addresses, for the most part; I don’t talk to those people so 
can’t state with certainty, but y’all have enough stories I’m sure. I can’t 
help there. If you’re blocked by Outlook/Hotmail, the link is … down-thread 
somewhere, and it’s the only way into the ticketing system, and Legal and 
Corporate Affairs (LCA) insists that this be the only way that those issues get 
handled.

“ What we do for one, we must do for all.
“ If we can’t do it for all, we can’t do it at all.

It’s the only way the volume of work can scale.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool
 ?

From: Gil Bahat [mailto:g...@magisto.com]
Sent: Tuesday, September 15, 2015 12:07 PM
To: Michael Wise >
Cc: Steve Freegard >; 
mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..

Hi,

the archives will quickly tell you the list never was such and thus isn't 
likely to become one. there's enough value in the list - varying of course by 
your definition of value.
If I were you, I'd stick around the list, perhaps answer a bit less or only 
when you find things interesting.

As a sidenote, I'm nowhere near surprised by the angst level of senders and 
recipients alike, created by distrust between mailbox operators and senders. 
IMHO If the industry would work on better communication facilities, things 
should gradually cool down, on a long term scale.

Regards,

Gil Bahat,
DevOps/Postmaster,
Magisto Ltd.

On Tue, Sep 15, 2015 at 9:44 PM, Michael Wise 
> wrote:
No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(

And the information is not pertinent.
If this ML is going to become a forum for reporting spam, I'm gone.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop 
[mailto:mailop-boun...@mailop.org] On Behalf 
Of Steve Freegard
Sent: Tuesday, September 15, 2015 11:33 AM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..


On 15/09/15 18:24, Al Iverson via 

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Adam McGreggor]

On Tue, Sep 15, 2015 at 10:06:31PM +0300, Gil Bahat wrote:
> If I were you, I'd stick around the list, perhaps answer a bit less or only
> when you find things interesting.

…maybe adding a couple of lines to one's killfile(s)…

I think it's vital -- for the mail ecosystem -- that there are
representatives from the Big Guys on-list. It would be a loss, I think
to us smaller guys to not have their input (because I'm sure others
are thinking the same, too).


-- 
"If more of us valued food and cheer and song above hoarded gold, it
 would be a merrier world"
 -- J. R. R. Tolkien

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Steve Freegard]

On 15/09/15 19:44, Michael Wise via mailop.org wrote:

No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(


Yeah - it might say SHOULD, but it's explicit about the maximum number 
of times it can appear if it is added.



And the information is not pertinent.


I'd have thought Microsoft would have been interested that would appear 
to have a bug in recognising Message-ID .vs. Message-Id (e.g. lowercase 
'd') and that might need to be fixed.



If this ML is going to become a forum for reporting spam, I'm gone.


This isn't a spam report per-se though, more of a bug report.   And it 
explains why my own recent password reset of my Microsoft account ended 
up in my Spam folder.


Kind regards,
Steve.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Al Iverson]

On Tue, Sep 15, 2015 at 1:33 PM, Steve Freegard  wrote:
>
> On 15/09/15 18:24, Al Iverson via mailop.org wrote:
>>
>> Is this truly having an immediate negative impact operationally? It
>> seems like this could be feedback you could give them directly,
>> offlist, without having to share it with the rest of us.
>>
>>
>
> Very funny.

Very snotty.

> Feedback to where?

Mr. Peddemors has multiple Microsoft contacts, as I do I. There's even
a Microsoft guy or two on this list, though at least one of them seems
to be tiring of the rock throwing and fantastically tall hyperbole.

Regards,
Al Iverson

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[Matthew Newton]

On Tue, Sep 15, 2015 at 09:49:50AM +0200, David Hofstee wrote:
> I’m not sure why you cannot have an autoresponder behind the
> abuse@/postmaster@ with a link in it, to a ticket, containing
> the info sent in the first place. See abuse.io for example.

I got ~2,000 spam mails to our abuse address in the last three
months - so about 8,000 a year. I get about one legitimate mail per year.

I'm sure that doesn't easily scale when you get to the size of the
big mail providers, especially as you're more likely to get spam
to that address in the first place.

> The rest is just ‘resistance’ in being able to solve issues.

I am not saying I agree with not having a proper abuse@ address, I
just understand why they might be reluctant to. They certainly
shouldn't feed it into a system that blindly responds to what is
usually going to be a forged sender.

But if you're big enough to host millions of mailboxes, you should
also be responsible enough to have staff to run all aspects of the
system, which includes standard ways of reporting problems such as
abuse@.

Matthew


-- 
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop