Re: [mailop] Microsoft banned sender (Linode hosted IPs)

Hello, Andy Smith via mailop wrote on 01.03.22 at 21:12: So again, if anyone is able to push that along I'd be most grateful. Also if it's totally pointless for the intended recipient to do anything I'd appreciate knowing so I can stop pushing them about it. I made indeed good experiences

Re: [mailop] What the f**k, Google?

162.251.248.0/24 162.251.249.0/24 162.251.250.0/24 162.251.251.0/24 162.251.252.0/24 162.251.253.0/24 162.251.254.0/24

Re: [mailop] What the f**k, Google?

If you change your DMARC to reject instead of quarantine, Google will outright reject these. If you're looking at an attack this significant in scope, it may be worth doing. root@gw:~# dig TXT _dmarc.sender.net +short "v=DMARC1; p=quarantine; ruf=mailto:ab...@sender.net; pct=100" On

Re: [mailop] What the f**k, Google?

Dnia 2.03.2022 o godz. 10:08:48 Edgaras | SENDER via mailop pisze: > > sorry, I can't describe the stupidity and incompetence of Gmail systems > lately without resorting to expletives. Seriously everyone, see for > yourselves. Google has quite a time ago gone completely crazy with regard to

[mailop] What the f**k, Google?

Hi all, sorry, I can't describe the stupidity and incompetence of Gmail systems lately without resorting to expletives. Seriously everyone, see for yourselves. Gmail is now accepting mail from Spamhaus EDROP listed spam ranges: 176.56.220.0/24 176.56.221.0/24 176.56.222.0/24 Which are all

Re: [mailop] What the f**k, Google?

As far as I am aware, Google has never honored any SpamHaus listing whatsoever. Countless times over the years I have received spam in my inbox, and when I dig in, everything related to the email is listed in Spam, but Google ignores it. Always been like that as far as I know. Kind Regards,

Re: [mailop] What the f**k, Google?

Thanks, but the attack is affecting another domain of ours (sendersrv.com): dig TXT _dmarc.sendersrv.com +short "v=DMARC1\;p=reject\;pct=100\;rua=mailto:ab...@sender.lt; And Gmail completely ignores that. [image: Sender] Edgar Vaitkevičius, founder / CEO ed...@sender.net On Wed, Mar 2,

[mailop] What the f**k, Google?

Hi all, sorry, I can't describe the stupidity and incompetence of Gmail systems lately without resorting to expletives. Seriously everyone, see for yourselves. Gmail is now accepting mail from Spamhaus EDROP listed spam ranges: 176.56.220.0/24 176.56.221.0/24 176.56.222.0/24 Which are all

Re: [mailop] What the f**k, Google?

On 2 Mar 2022, at 11:38, Jaroslaw Rafa via mailop wrote: > Google has quite a time ago gone completely crazy with regard to spam > filtering. Obviously non-spam messages being constantly classified as spam, > obvious spams being accepted. If I may increase the sample size from 1 to 7; my

Re: [mailop] What the f**k, Google?

> Google has never honored any SpamHaus listing whatsoever Yeah I know they don't use SBL, but their systems should be able to identify complete garbage networks like the ones listed in DROP. I mean, if you're accepting mail from dumps like this, what's next? Accepting mail directly from botnets

Re: [mailop] [E] What the f**k, Google?

Hi Marcel, I sent an email to the list with examples where SFR, GetResponse, Klaviyo, Sendgrid and others are being abused the same way. Looks like it did not get posted, maybe due to the spam attachments. Will try again now. [image: Sender] Edgar Vaitkevičius, founder / CEO ed...@sender.net

[mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

All, For some reason we have recently had a spate of small businesses coming to us asking us for our recommendations for a service to host their regular one-to-one business communications. Google and MS seem to have the business email hosting thing locked up tight, but surely there must be

Re: [mailop] [E] What the f**k, Google?

I have tried sending spam samples as attachments, looks like that didn't work, probably list spam filter rejects them. Uploaded them here: https://www.dropbox.com/sh/dtoz0af0k5b86ic/AAC4mFJeTqFUjuEF41jj13XNa?dl=0 All of them are exploiting the same flaw I reported a *month* ago. Scenario:

Re: [mailop] [E] What the f**k, Google?

On 2 March 2022 17:12:14 GMT, Edgaras | SENDER via mailop wrote: > To clarify further, I will walk through the case where an attacker abuses > Getresponse (getresponse2.eml). > What happens here: > 1. Attacker creates an account at Getresponse using a throwaway spam site > storagemodels.org.uk >

Re: [mailop] [E] What the f**k, Google?

On Wed, Mar 2, 2022 at 2:00 AM Edgaras | SENDER via mailop < mailop@mailop.org> wrote: > > sorry, I can't describe the stupidity and incompetence of Gmail systems > lately without resorting to expletives. > Personally I think it's more productive -- and in the spirit of this mailing list -- to

Re: [mailop] What the f**k, Google?

Dnia 2.03.2022 o godz. 11:44:57 Graeme Fowler via mailop pisze: > > Whilst I may occasionally - like 5 or 6 times a year - have something that > lands in the Junk folder, I almost _never_ receive “obvious” spam in the > Inbox, and neither do they. Personally I care more about the spam filtering

Re: [mailop] [E] What the f**k, Google?

On 02/03/2022 15:44, Edgaras | SENDER via mailop wrote: > Sorry for losing my nerve, but it is harming our reputation for a month > now, tried all possible channels to report this, and the issue is being > completely ignored. These examples have the same problem that the original one in January

Re: [mailop] What the f**k, Google?

On Wed, Mar 02, 2022, Graeme Fowler via mailop wrote: > Whilst I may occasionally - like 5 or 6 times a year - have something that > lands in the Junk folder, I almost _never_ receive “obvious” spam in the > Inbox, and neither do they. How do you know you are not missing (important) mail?

[mailop] State Of The Sendgrid

I'm in a good mood this morning. Going through my logs and rspamd console, still seeing webinar spams via abused Zoom sendgrid account. Yeah, the same ones from last year that I keep reporting. And the same ones with no unsubscribe, or any kind of footers to allow for reporting as abuse.

Re: [mailop] [E] What the f**k, Google?

Hi Simon, > Which domains, IP addresses and DKIM signatures are you responsible for > (or not) in the examples? Our domain that is impacted: sendersrv.com SPF: v=spf1 ip4:185.3.229.125 ip4:185.3.229.126 ip4:185.3.229.127 ip4: 185.3.229.128/27 ip4:141.136.38.0/24 ip4:141.136.40.0/24 ip4:

Re: [mailop] [E] What the f**k, Google?

Some attached spamples - all of them are exploiting the same flaw I reported a *month *ago. Attacker sends a message via Klaviyo, Sendgrid, SFR, etc to their own email address, then massively replays that message via whatever IP addresses under their control. It doesn't matter that the IP

Re: [mailop] [E] What the f**k, Google?

Add just the headers from a single abuse email here on the thread.. sanitize as needed.. seems that they of course can only use part of the information as a forgery (eg SendGrid headers) I think this is an attack vector that was seen back even a few months ago, however that type of an attack

Re: [mailop] State Of The Sendgrid

On 2022-03-02 09:56, Brie via mailop wrote: So, are we all still under the conclusion that it's a waste of time to hope that something might be done about abuse from their network? If nothing was fixed last year, why would anything be fixed this year? Maybe next year!

Re: [mailop] [E] What the f**k, Google?

On Wed, 2022-03-02 at 17:28 +, Simon Arlott via mailop wrote: > On 2 March 2022 17:12:14 GMT, Edgaras | SENDER via mailop > wrote: > > > There's literally nothing you can do as a sender to prevent your > > reputation from being trashed. > > No, that's quite clearly not literally true. Stop

Re: [mailop] [E] What the f**k, Google?

We did, several times actually. Does nothing. [image: Sender] Edgar Vaitkevičius, founder / CEO ed...@sender.net On Wed, Mar 2, 2022 at 7:55 PM Evan Burke wrote: > > Have you rotated keys since you began oversigning headers? Until you do, > there's nothing stopping them from replaying older

Re: [mailop] [E] What the f**k, Google?

> Add just the headers from a single abuse email here on the thread.. Here you go, latest victim (Wix) abused by azeddinebenlarbi...@gmail.com: Delivered-To: trappy.mctrapf...@gmail.com Received: by 2002:ac9:5a7:0:0:0:0:0 with SMTP id 36csp448821ocw; Wed, 2 Mar 2022 09:00:00 -0800 (PST)

Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

Fastmail looks good. I think I'm going to give it a try. Al On Wed, Mar 2, 2022 at 9:54 AM Anne Mitchell via mailop wrote: > > All, > > For some reason we have recently had a spate of small businesses coming to us > asking us for our recommendations for a service to host their regular >

Re: [mailop] [E] What the f**k, Google?

> It does seem like Google could notice "old" date headers and BCCs and the fact the mail is coming from a dedicated spam factory and maybe treat it a little differently, though. My point exactly. They could maybe notice it's hard failing SPF, or rDNS, or just about every requirement they have

Re: [mailop] [E] What the f**k, Google?

This will probably help Gmail understand the threat more, at the very least, if they haven't been watching for this already. For all we know, when they parse this, they see the SPF pass, and don't check the later SPF fail, but given that they get a lot of forwarded email from banks etc, that

Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

Anne, This is likely tied to Google's announcement that they are ending the legacy (Free) Gsuite services so many small or hobby domain owners are looking at other options. Zoho, Fastmail, NameCheap, and 1&1 are all services I've been looking at as they seem reasonably priced and easy to

Re: [mailop] [E] What the f**k, Google?

> This message was correctly marked as spam. This one was, but there are cases when they go to Primary tab. Sometimes they are moved to junk after delivery. > The DKIM reputation is taking a hit due to the spamming, but that is an accurate assessment on our part, as it is being used for sending

Re: [mailop] [E] What the f**k, Google?

> This will probably help Gmail understand the threat more, at the very > least, if they haven't been watching for this already. I hope that they will pay attention now that this is being exploited all over the place. When I reported this a month ago, nothing happened. > For all we know, when

Re: [mailop] [E] What the f**k, Google?

> No, that's quite clearly not literally true. Stop DKIM signing the spam email and the problem goes away. Yep, and go directly against all the best email practices, guidelines and so on. > You may not like it but Google is implementing DMARC correctly if the DKIM signature is still valid. The

Re: [mailop] [E] What the f**k, Google?

On 02/03/2022 18:00, Edgaras | SENDER via mailop wrote: > We did, several times actually. > Does nothing. It doesn't look like you're able to provide an example of an email where Google have accepted it as belonging to you when the DKIM signature fails. Do you only have the IP addresses that

Re: [mailop] [E] What the f**k, Google?

> We do notice all of those things, and we do use that to determine which are spam and which are not with some level of accuracy. It seems the weights of these things on spam filtering have been changed recently for the worse. I haven't seen these attacks in such volume before. > It seems like

Re: [mailop] [E] What the f**k, Google?

> I think you are misunderstanding what the dkim reputation means, that it is some sort of value judgement for the company or people who own the domain. No, I understand that it's just one of the signals you use, but it is a very significant one. It wouldn't be a problem if it did not have a large

Re: [mailop] Looking for EarthLink Contact

It appears that Chris Adams via mailop said: >-=-=-=-=-=- >-=-=-=-=-=- > >Is there anybody from EarthLink who can contact me off-list? >We are seeing emails sent to EarthLink recipients have the From header >domain overwritten with the CNAME the domain points to and would like to >discuss. See

Re: [mailop] spamhaus, was What the f**k, Google?

>If spamhaus is really listing /24’s they should really ... Hmmn. Is there some reason you were unable to spend 15 seconds seeing what range they actually list? Here, I'll do it for you: https://check.spamhaus.org/listed/?searchterm=162.251.255.1 R's, John

Re: [mailop] Preventing replay attacks after signing spam email (was: What the f**k, Google?)

On 02/03/2022 18:09, Edgaras | SENDER wrote: >> No, that's quite clearly not literally true. Stop DKIM signing the spam > email and the problem goes away. > Yep, and go directly against all the best email practices, guidelines and > so on. You're ignoring my point that you should stop sending

Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

It appears that Anne Mitchell via mailop said: >If a small business (say less than 10 people, hosts their website at their >registrar's free hosting service, or Square or Wix) were to come to >you and ask you from where they should send their one-to-one regular business >correspondence email,

Re: [mailop] [E] What the f**k, Google?

On Wed, Mar 2, 2022 at 11:22 AM Edgaras | SENDER wrote: > > This message was correctly marked as spam. > > This one was, but there are cases when they go to Primary tab. Sometimes > they are moved to junk after delivery. > > > The DKIM reputation is taking a hit due to the spamming, but that is

Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

> Fastmail looks good. I agree! I had completely forgotten about them! Anne ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop

Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

> On Mar 2, 2022, at 9:40 AM, Anne Mitchell via mailop > wrote: > > All, > > For some reason we have recently had a spate of small businesses coming to us > asking us for our recommendations for a service to host their regular > one-to-one business communications. Google and MS seem to

Re: [mailop] [E] What the f**k, Google?

On Wed, Mar 2, 2022 at 12:07 PM Edgaras | SENDER wrote: > > I think you are misunderstanding what the dkim reputation means, that it > is some sort of value judgement for the company or people who own the > domain. > No, I understand that it's just one of the signals you use, but it is a > very

Re: [mailop] [E] What the f**k, Google?

This message was correctly marked as spam. Generally speaking, it looks like our systems are correctly determining which of these is spam and which is not. The DKIM reputation is taking a hit due to the spamming, but that is an accurate assessment on our part, as it is being used for sending

Re: [mailop] [E] What the f**k, Google?

On Wed, Mar 2, 2022 at 10:51 AM Edgaras | SENDER via mailop < mailop@mailop.org> wrote: > > It does seem like Google could notice "old" date headers and BCCs and > the fact the mail is coming from a dedicated spam factory and maybe treat > it a little differently, though. > > My point exactly.

Re: [mailop] What the f**k, Google?

On 2022-03-02 at 06:44:57 UTC-0500 (Wed, 2 Mar 2022 11:44:57 +) Graeme Fowler via mailop is rumored to have said: On 2 Mar 2022, at 11:38, Jaroslaw Rafa via mailop wrote: Google has quite a time ago gone completely crazy with regard to spam filtering. Obviously non-spam messages being

Re: [mailop] Preventing replay attacks after signing spam email (was: What the f**k, Google?)

> You're ignoring my point that you should stop sending [signed] spam email by interpreting it as "stop signing email". Yeah, if only we had a 100% accurate way to tell spam/ham for every single message. > These emails were DKIM signed by the sender; except for the ones with > additional

Re: [mailop] Who Do You Recommend for Small Business Regular (Non-Bulk) Email?

> On 2 Mar 2022, at 18:52, Matthew V via mailop wrote: > > This is likely tied to Google's announcement that they are ending the legacy > (Free) Gsuite services so many small or hobby domain owners are looking at > other options. That is exactly the reason why I am looking for a solution (in

Re: [mailop] What the f**k, Google?

On 3/2/22 03:38, Jaroslaw Rafa via mailop wrote: ... Google has quite a time ago gone completely crazy with regard to spam filtering. Obviously non-spam messages being constantly classified as spam, obvious spams being accepted. Gmail should be now considered completely unreliable when it