Re: [mailop] signup form abuse

On Wed, May 25, 2016 at 10:45 AM, Matthew Black wrote: > Are your customers using confirmed opt-in mailing lists? If not, they > should not be running mailing lists. > > Yes, the only effect is to send a confirmation message, which is quite generic and at most contains

Re: [mailop] signup form abuse

Matthew, Which ESPs operate that way? (Hint: none. Most ESPs offer COI, few or none require it.) So since that's not happening... -- Al Iverson www.aliverson.com (312)725-0130 On Wed, May 25, 2016 at 9:45 AM, Matthew Black wrote: > Are your customers using

Re: [mailop] signup form abuse

On Tue, May 24, 2016 at 2:18 PM, Michael Wise wrote: > Are these IP addresses on CBL? > I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it got signed up to 12 lists during May 17 and 18. Amazingly, whoever is on the other

Re: [mailop] signup form abuse

On Wed, May 25, 2016 at 3:02 PM, Erwin Harte wrote: > I did a spot check of a recent attack. The email address was > jabradb...@kanawhascales.com and it got signed up to 12 lists during May > 17 and 18. Amazingly, whoever is on the other end of that address clicked > to

Re: [mailop] Connection failures to Hotmail domains

Finally has a chance to look at my logs … looking at error count over time (all U.S. Central) I see the following: Server 1: 1 25 12:3 1 25 12:4 4 25 13:1 22 25 13:2 22 25 13:3 24 25 13:4 31 25 13:5 18 25 14:0 8 25 14:1 16 25

Re: [mailop] signup form abuse

Vick Khera wrote: On Wed, May 25, 2016 at 3:02 PM, Erwin Harte > wrote: I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it got signed up to 12

Re: [mailop] signup form abuse

When you say, “Confirmation Clicks”, do you mean on a link provided via email, or a confirmation button of a web form? Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting

Re: [mailop] signup form abuse

On 5/25/16 4:40 PM, Michelle Sullivan wrote: Vick Khera wrote: On Wed, May 25, 2016 at 3:02 PM, Erwin Harte > wrote: I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com

Re: [mailop] signup form abuse

I've heard John Levine propose the "hidden link to catch scanning robots" solution but I've never heard of an email system implementing it. Similarly, senders have often suggested that spamtrap systems shouldn't follow links. (Security systems, sure, but don't do that with spamtrap addresses.) And

Re: [mailop] signup form abuse

On 5/25/16 10:36 AM, Vick Khera wrote: On Tue, May 24, 2016 at 2:18 PM, Michael Wise > wrote: Are these IP addresses on CBL? I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com

Re: [mailop] signup form abuse

On 2016-05-24 15:17, Jay Hennigan wrote: On 5/24/16 12:26 PM, Michael Wise wrote: We're still seeing cases where a malicious actor, typically in Eastern Europe, will try and sign up a target email address for thousands of lists all at once, flooding their mailbox with confirmation traffic ,

Re: [mailop] signup form abuse

On 2016-05-24 15:30, Michael Wise via mailop wrote: If someone has a better idea how to keep mailinglist software like MailMan from being co-opted into such an attack, I would LOVE to hear it. I think the obvious approach would be to move back to listname-subscr...@example.com requests, but

Re: [mailop] signup form abuse

Oh heck yeah. And if nothing else, it's Rule Fodder. Subject =~ /confirm [\da-f]{32}/ Body =~ /\bxx.yy.zz.\d+\b/ ... you know the drill. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original

Re: [mailop] signup form abuse

> On May 25, 2016, at 4:03 PM, Jay Hennigan wrote: > > On 5/25/16 8:36 AM, Vick Khera wrote: > >> I did a spot check of a recent attack. The email address >> was jabradb...@kanawhascales.com >> and it got signed up to 12 lists

Re: [mailop] signup form abuse

[ lightbulb / ] I've been thinking about this for a while, and just had a flash of brilliance (or madness, hard to tell at times...) You know what might be a good solution? Just occurred to me. The mailing list software displays a clickable link that will send an email address with a

Re: [mailop] signup form abuse

On 5/25/16 7:59 AM, Vick Khera wrote: On Wed, May 25, 2016 at 10:45 AM, Matthew Black > wrote: Are your customers using confirmed opt-in mailing lists? If not, they should not be running mailing lists. Yes, the only effect

Re: [mailop] signup form abuse

On 5/25/16 7:45 AM, Matthew Black wrote: Are your customers using confirmed opt-in mailing lists? If not, they should not be running mailing lists. The monetary compensation of ESPs is directly proportional to the volume of promotional messages that they send. Let that sink in. -- -- Jay

Re: [mailop] signup form abuse

On 5/25/16 8:36 AM, Vick Khera wrote: I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it got signed up to 12 lists during May 17 and 18. Amazingly, whoever is on the other end of that address clicked to confirm

Re: [mailop] signup form abuse

That may or may not be a good metric, since if I just signed up for a legit mailing-list, I may be anxiously awaiting the confirmation mail, or if I'm a robot, I might be backlogged a few tens of seconds. So the Venn Diagram circles just might overlap more than you would wish. Aloha, Michael.

Re: [mailop] Connection failures to Hotmail domains

You're not alone. It's quite widespread. Multiple folks have talked to Microsoft people about the issue, they are aware. Regards, Al -- Al Iverson www.aliverson.com (312)725-0130 On Wed, May 25, 2016 at 3:08 PM, Keenan Tims wrote: > I'm seeing 90+% of our connection

Re: [mailop] Connection failures to Hotmail domains

Oh yeah, we're aware. Hearing some reports that the issue may have been mitigated, but until I hear anything from Inside the House, can't really comment except to say ... PRI:0, being worked on as I type. But not by me, as I have no insight into the inner workings. Aloha, Michael. -- Michael

[mailop] Connection failures to Hotmail domains

I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' and other Hotmail domains (mx[1-4].hotmail.com) are either timing out (30s) or getting connection refused since ~11:00am PDT. Anyone else seeing this? I've tested from a few off-net points and am seeing the same. Mail is

Re: [mailop] Connection failures to Hotmail domains

On 5/25/2016 3:08 PM, Keenan Tims wrote: I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' and other Hotmail domains (mx[1-4].hotmail.com) are either timing out (30s) or getting connection refused since ~11:00am PDT. Anyone else seeing this? I've tested from a few

Re: [mailop] Connection failures to Hotmail domains

On 25/05/16 21:08, Keenan Tims wrote: > I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' > and other Hotmail domains (mx[1-4].hotmail.com) are either timing out > (30s) or getting connection refused since ~11:00am PDT. Anyone else > seeing this? Yup. -- Jeremy

Re: [mailop] signup form abuse

Yeah, pretty much. :) Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Wednesday, May 25, 2016

Re: [mailop] signup form abuse

Are your customers using confirmed opt-in mailing lists? If not, they should not be running mailing lists. matthew From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera Sent: Tuesday, May 24, 2016 10:18 AM To: mailop@mailop.org Subject: [mailop] signup form abuse As an ESP,