Re: [mailop] Office 365 - Emails marked as not passing fraud detection

2017-11-23 Thread Mark Milhollan 
On Fri, 24 Nov 2017, Shane Clay wrote:

>I can't figure this one out so looking for some help from people in the 
>know. One of our clients has a postfix mail relay server used for 
>relaying emails from photocopiers/internal software systems out to the 
>world.

>Any ideas?

I don't know, but can't an admin put the fixed IP address(es) in some 
sort of "known relay / good(ish)" list.  Of course if they have dynamic 
addresses that shoots that idea in the other foot.

For other receivers the SPF+DKIM should do the trick but those sorts of 
messages are faked by malware a lot.  Maybe be sure they aren't using a 
generic FROM.


/mark

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Office 365 - Emails marked as not passing fraud detection

2017-11-23 Thread Shane Clay via mailop 
Bill - the email wasn't aimed at asking Microsoft for support on a public 
mailing list. It wasn't a technical support request at all. It was from a 
network person, separate the end user, looking into an issue which he is 
unforunately lumped with, who decided to ask a community of people who 
specialise in e-mail if they possibly see something that he didn't amongst a 
set of email headers. Surely that is an appropriate discussion to have amongst 
professionals.

Anyway

To the couple of people who did reply off-list, thanks. I think I'm now armed 
with some useful information to send back to the client on what they should be 
doing to resolve it.

Shane



-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Bill Cole
Sent: Friday, 24 November 2017 2:44 PM
To: Shane Clay via mailop 
Subject: Re: [mailop] Office 365 - Emails marked as not passing fraud detection

On 23 Nov 2017, at 22:31 (-0500), Shane Clay via mailop wrote:

> Any ideas?

Maybe an organization that is clearly paying Microsoft for email services 
should consider the possible utility of going directly to Microsoft for 
support???

I'm 100% serious about that. It's been a few months since I was an admin for an 
O365 account, but in that time I strongly doubt that MS has become more opaque 
and unhelpful to their direct customers than they are to random non-customers 
on a public-ish mailing list. Michael Wise (of
MS) is frequently quite helpful here but only to a point that can often be 
vague because he needs to be vague. OTOH, using the available tools and support 
system inside O365 to make special exceptions for messages that look possibly 
fake (like ones too and from the same address) worked for me in seconds to days 
every time in the 4 years that I had to fix a FP problem there.

TL;DR: Those paying for a service should seek and receive support for that 
service from their paid service provider and in my direct experience, O365 
customers get that.

(You can't imagine how painful it is for me to praise MS.)

--
Bill Cole
b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many 
*@billmail.scconsult.com addresses) Currently Seeking Steady Work: 
https://linkedin.com/in/billcole

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Office 365 - Emails marked as not passing fraud detection

2017-11-23 Thread Bill Cole 

On 23 Nov 2017, at 22:31 (-0500), Shane Clay via mailop wrote:


Any ideas?


Maybe an organization that is clearly paying Microsoft for email 
services should consider the possible utility of going directly to 
Microsoft for support???


I'm 100% serious about that. It's been a few months since I was an admin 
for an O365 account, but in that time I strongly doubt that MS has 
become more opaque and unhelpful to their direct customers than they are 
to random non-customers on a public-ish mailing list. Michael Wise (of 
MS) is frequently quite helpful here but only to a point that can often 
be vague because he needs to be vague. OTOH, using the available tools 
and support system inside O365 to make special exceptions for messages 
that look possibly fake (like ones too and from the same address) worked 
for me in seconds to days every time in the 4 years that I had to fix a 
FP problem there.


TL;DR: Those paying for a service should seek and receive support for 
that service from their paid service provider and in my direct 
experience, O365 customers get that.


(You can't imagine how painful it is for me to praise MS.)

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Currently Seeking Steady Work: https://linkedin.com/in/billcole

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Office 365 - Emails marked as not passing fraud detection

2017-11-23 Thread Shane Clay via mailop 
I'd considered that.

This server has been around a long time (and the rdns hasn't changed) and the 
problem has only just come up. If it is the rdns, it's a new problem.

Do the HELO and RDNS have to match to pass spam detection? I would have thought 
that a valid, matching SPF record and the fact that the IP actually has a PTR 
etc would be sufficient.

Shane

From: Postmaster [mailto:i...@mailvue.com]
Sent: Friday, 24 November 2017 2:23 PM
To: Shane Clay 
Subject: Re: [mailop] Office 365 - Emails marked as not passing fraud detection

Could it be the rdns?
PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au;



On Nov 23, 2017, at 8:31 PM, Shane Clay via mailop 
> wrote:

PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au;

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Office 365 - Emails marked as not passing fraud detection

2017-11-23 Thread Shane Clay via mailop 
Hi All

I can't figure this one out so looking for some help from people in the know. 
One of our clients has a postfix mail relay server used for relaying emails 
from photocopiers/internal software systems out to the world.

Below I've pasted the headers of one. Office 365 / Outlook chucks them in the 
junk mail folder with a message "This sender failed our fraud detection checks 
and may not be who they appear to be."

>From what I can see, the email is matches SPF and is passing SPF/DMARC checks. 
>I can't understand what it is seeing as wrong.

Any ideas?

Shane





Received: from SYXPR01MB1151.ausprd01.prod.outlook.com (10.171.35.141) by
SY3PR01MB1145.ausprd01.prod.outlook.com (10.171.0.11) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.239.5 via Mailbox Transport; Fri, 24 Nov 2017 03:23:28 +
Received: from ME1PR01CA0132.ausprd01.prod.outlook.com (10.171.9.145) by
SYXPR01MB1151.ausprd01.prod.outlook.com (10.171.35.141) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
15.20.260.4; Fri, 24 Nov 2017 03:23:27 +
Received: from ME1AUS01FT014.eop-AUS01.prod.protection.outlook.com
(2a01:111:f400:7eb4::204) by ME1PR01CA0132.outlook.office365.com
(2603:10c6:200:1b::17) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.260.4 via Frontend
Transport; Fri, 24 Nov 2017 03:23:27 +
Received: from mail.stcolumba.sa.edu.au (103.219.120.34) by
ME1AUS01FT014.mail.protection.outlook.com (10.152.232.114) with Microsoft
SMTP Server id 15.20.178.5 via Frontend Transport; Fri, 24 Nov 2017 03:23:26
+
Received: from KM269386 (unknown [10.102.10.54])
by mail.stcolumba.sa.edu.au (Postfix) with ESMTP id 95A4BC0BAE24
for ; Fri, 24 Nov 2017 
13:53:14 +1030 (ACDT)
From: Simon Flaherty 
To: Simon Flaherty 
Subject:
Thread-Index: AQHTZNOYCcOVafuWzkOoKK7iRk6SuQ==
Date: Fri, 24 Nov 2017 03:32:02 +
Message-ID: <20171124140202000ab70f.simon.flahe...@stcolumba.sa.edu.au>
Content-Language: en-AU
X-MS-Exchange-Organization-AuthSource: 
ME1AUS01FT014.eop-AUS01.prod.protection.outlook.com
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-Network-Message-Id: 
7b477dc8-ad88-4e86-092d-08d532eab9f3
X-MS-TNEF-Correlator:
received-spf: Pass (protection.outlook.com: domain of stcolumba.sa.edu.au
designates 103.219.120.34 as permitted sender)
receiver=protection.outlook.com; client-ip=103.219.120.34;
helo=mail.stcolumba.sa.edu.au;
x-ms-publictraffictype: Email
authentication-results: spf=pass (sender IP is 103.219.120.34)
smtp.mailfrom=stcolumba.sa.edu.au; stcolumba.sa.edu.au; dkim=none (message
not signed) header.d=none;stcolumba.sa.edu.au; dmarc=pass action=none
header.from=stcolumba.sa.edu.au;compauth=pass reason=100
x-microsoft-exchange-diagnostics: 
1;SYXPR01MB1151;7:DnxrWG6h0x38Y2EwYd7DEFPIAttOlbuTEZYmD/+ZbnoP0Fl74xE8fI/MVEs1qvQPqsa2Gvgs6tN2+Gc0i1fgde8YkGz0CLD+BAXOUzvG4VzNhuJXVPMKQMR9PyXZ4VKaCv+PjtDvevqdEb+5BmGQK1fDvhcktBv0nzYWNxT+LoIAP/4KQejWFVfF13wo9rRSzHjK6U9nqcx6+98hdB6lUv33MRcZFfaTxUDk56lukHjh6kFqcnM6vd2W6bCpINFnqR2QsI7KnIvm9am8YJ2X6g67gbITzvKHyyC2x/fRZ8s=
x-forefront-antispam-report: 
CIP:103.219.120.34;IPV:NLI;CTRY:;EFV:NLI;SFV:SPM;SFS:(6009001)(8046002)(298032)(438002)(189002)(199003)(2876002)(25636003)(305945005)(567704001)(620011)(84326002)(5406001)(2171002)(6266002)(589011)(81156014)(81166006)(74482002)(2351001)(86152003)(14003)(42882006)(6916009)(101346004)(2148043)(003)(566031)(5416004)(1076002)(63106013)(106002)(77096006)(50986999)(500011)(568964002)(106466001)(54356999)(564344004)(104016004)(356003)(37006003)(512874002)(2476003)(1096003)(287071)(88552002)(86362001)(462011)(189998001)(429038);DIR:INB;SFP:;SCL:5;SRVR:SYXPR01MB1151;H:mail.stcolumba.sa.edu.au;FPR:;SPF:Pass;PTR:ip-103-219-120-34.stcolumba.customer-wan.caznet.com.au;MX:1;A:1;CAT:SPM;LANG:en;SFTY:9.11;
x-ms-office365-filtering-correlation-id: 7b477dc8-ad88-4e86-092d-08d532eab9f3
x-microsoft-antispam: 
UriScan:;BCL:0;PCL:0;RULEID:(4534020)(49563074)(121220049038)(71702078);SRVR:SYXPR01MB1151;
x-ms-traffictypediagnostic: SYXPR01MB1151:
x-ms-exchange-transport-endtoendlatency: 00:00:02.2240358
x-ms-exchange-crosstenant-originalarrivaltime: 24 Nov 2017 03:23:26.0304 (UTC)
x-ms-exchange-crosstenant-fromentityheader: Internet
x-ms-exchange-crosstenant-id: fba15b65-df58-4536-b68c-9abdfb1b006d
x-ms-exchange-transport-crosstenantheadersstamped: SYXPR01MB1151
x-ms-exchange-crosstenant-network-message-id: 
7b477dc8-ad88-4e86-092d-08d532eab9f3
X-Microsoft-Exchange-Diagnostics: 
1;SY3PR01MB1145;27:70Llm1qlaswKeTTjCRyGryotp55ZC6CdTXHVoVvU2XJn8cdH4tsLWhaczNNmkLluWk/awzKlBGwt1ze1f8Qk9Eif/AFCoj/xzB6lqbGpxIsm/vwNGq1hUSf62wr4jsC4
Content-Type: multipart/mixed;

Re: [mailop] “Moderation pending” messages

2017-11-23 Thread Grant Taylor via mailop 

On 11/22/2017 06:47 PM, Brandon Long via mailop wrote:
I never liked the design choice which said permission failure had to 
look like nonexistence,


Is this a reference to the mentality of needing to say "username or 
password" instead of "password" in an attempt to not confirm that a 
"username" is accurate, just applied to Google Group names?




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Does JMRP send everything? (Was: Re: Hotmail, green SNDS and junk folder placement)

2017-11-23 Thread David Hofstee 
Hi Michael,

I recently wrote:
> My question would be: If Microsoft does not want all complaining
recipients removed / listwashed, which I can understand, why not provide
anonymous feedback on bad senders? Provide similar info like Google is
providing (with the Feedback-ID or sender domain). Why then provide FBL at
all?

My current remark would be that it is beneficial for us to have a decent
example set of people who complain. It makes it easier to confront the
customer and locate the source of problems. I think 1:5 to 1:20 should be
sufficient for that purpose (depending on the volume of that sender
domain). .

I also think that anonymous feedback is still a good idea. Maybe only for
authenticated emails (with aligned SPF/DKIM)? Gives ESPs a reason to (force
customers to) authenticate in line with DMARC.

Yours,



David


On 21 November 2017 at 09:25, Benjamin BILLON via mailop 
wrote:

> Hi all,
>
> I come to confirm the interest of the community in this question (was:
> "Does JMRP provide all or almost all the complaints through FBL as
> disclosed in the Live Postmaster page?").
>
> @Michael> we understand this topic could be out of your direct scope and
> we deeply appreciate every efforts you do to put the case on the right desk.
> I'm discussing (through tickets) with the SNDS Support these days, and we
> see discrepancy on Complaints numbers between what we receive from SNDS,
> what Microsoft sees internally, and the FBL we receive (respectively 29, 1
> and 3, for a given IP in a given time range).
> The other weirdness is that with these (objectively low) numbers, the
> messages get a BCL of 8.
>
> Also, I'm sure that any sender participating in this mailing-list would
> gladly provide his help and data if it can help anyone at Microsoft, so let
> us know!
>
> Cheers,
> --
> 
> Benjamin
>
> 2017-11-03 5:05 GMT+08:00 Luis E. Muñoz :
>
>>
>>
>> On 2 Nov 2017, at 12:24, Michael Wise via mailop wrote:
>>
>> Apologies for the delay.
>>
>> No apologies required. Instead, thank you again for your assistance!
>>
>> -lem
>>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>


-- 
--
My opinion is mine.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Libero.it contact?

2017-11-23 Thread Davide Migliavacca via mailop 
Indeed, they do read the postmaster@ messages, although not necessarily answer 
to any request.

Cheers,
Davide

Davide Migliavacca
cto, ContactLab
Tel +39 02 2831181
www.contactlab.com

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Luis E. Muñoz via 
mailop
Sent: 22 November 2017 20:09
To: Tim Starr 
Cc: mailop@mailop.org
Subject: Re: [mailop] Libero.it contact?



On 22 Nov 2017, at 10:02, Tim Starr wrote:

My apologies if I've asked this before and forgotten the answer, but is
there a good way to contact Libero.it about one of my ESP clients 
getting
blocked?

A couple years ago I had luck with postmaster@

Best regards

-lem


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Outlook says "mail accepted for delivery" but it never shows up

2017-11-23 Thread David Hofstee 
Hi Andrew,

But in your case you may have some differing "ip reputation" to account
for. For me the only difference was the html layout. Nothing else was
changed.

I have to say this was years ago. I generally do not spend so much time on
a single message.

Yours,


David

On 22 November 2017 at 17:03, Andrew Wingle  wrote:

> Hi David,
>
>
>
> I can attest to the same issue and the replication of the issue. We have
> found some scenarios where the same email will deliver to specific domain
> on one IP and not of the other. I cannot say that we have seen a different
> result by “cleaning” the HTML up. Seems that the blackholing has increased
> significantly over the past few weeks if other metrics are indeed
> indicative of this problem.
>
>
>
> e.g.
>
> This is for the same exact message. Nothing about the messages are
> changed. Messages are DKIM signed and have SPF-passing. IPs are given to
> show an example only.
>
>
>
> recipient domain  sender IP result
>
> x...@hotmail.com142.0.83.00 accepted and delivered
>
> a...@outlook.com   142.0.83.00 accepted but never found
> (blackholed)
>
>
>
> recipient domain  sender IP result
>
> x...@hotmail.com142.0.83.01 accepted but never found
> (blackholed)
>
> a...@outlook.com   142.0.83.01 accepted and delivered
>
>
>
> For the message that is received in the mailbox there is nothing unique
> about the header results to give way to what may have happened to the other
> recipient’s message.
>
>
>
> Regards,
>
> Andrew
>
>
>
>
>
> *ANDREW D. WINGLE*
>
>
>
> 717-625-7857 <(717)%20625-7857> direct
>
> 
>
>
>
> *From:* mailop [mailto:mailop-boun...@mailop.org] *On Behalf Of *David
> Hofstee
> *Sent:* Wednesday, November 22, 2017 10:40 AM
> *To:* mailop 
> *Subject:* Re: [mailop] Outlook says "mail accepted for delivery" but it
> never shows up
>
>
>
> Hi Klaus,
>
>
>
> No, actually it was perfectly repeatable. We couldn't believe it either.
> Since this was a notification email of the ESP application we really wanted
> to know why it was dropped by Microsoft so we rinsed and repeated...
>
>
>
>
>
>
>
> David
>
>
>
> On 22 November 2017 at 10:42, Klaus Ethgen  wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hi,
>
> Am Mi den 22. Nov 2017 um 10:21 schrieb David Hofstee:
> > It certainly could also have to do with the html content formatting. I
> have
> > seen that a cleaner html layout suddenly allowed my email.
>
> Well, that is just a random coincident. I have even plain text mails
> dropped by microsoft.
>
> Regards
>Klaus
> - --
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> -BEGIN PGP SIGNATURE-
> Comment: Charset: ISO-8859-1
>
> iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAloVRoYACgkQpnwKsYAZ
> 9qyEJQv8Ddn+dXzEI/ALtf1MGTu8DqavikaOiBo7fP4jhU9RFdmRRqTJ9nfPo9eU
> LYcnHnk32KIkUJ//RgmhbzvQfLfmoI8gjLublMdiGUZvrsGIPbHDIrhSVzh0XMOe
> wGl9gXK7Pqf8rh+EHBwKT14Lxf6do4PNGFiP8YDC8VNR2vjW0x3IOhEQmIE/NJgM
> 6RaE5cDv8h5PPmNKwdLxw7v5N1ZHHSw1yuOHZ3fP5Ck6gRpqcqUk8MVoINPvidf9
> ugYDSUJgBSCgZ3Jv4WhZ/4YvwaGIWAPefDhfBsmCcyj5bqr/C3074rPHbmsenttJ
> cXGTgRQT52vBGe0WQIf5rUmA1DEHDXyDwtQDKINUoE4VfoSDvyyIs049U4Nes7UY
> SXRjKM8UdnHmK5cbeBqRHBRXehFsRWq0rJ6uVaChtA1XVnJGmUwv18YebNwgVllS
> c/0w2bV5voPgTzpgWhA+xGnyud4ogSQ41zVMDT6MEZH7n/DeZQcKpZfZZ8YF6cmI
> hnQH6fWj
> =6qLG
> -END PGP SIGNATURE-
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
>
> --
>
> --
>
> My opinion is mine.
>



-- 
--
My opinion is mine.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop