Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Matt Palmer via mailop]

On Tue, Jan 11, 2022 at 11:40:10AM +, Laura Atkins via mailop wrote:
> > On 11 Jan 2022, at 10:25, Alessandro Vesely via mailop  
> > wrote:
> > On Tue 11/Jan/2022 07:40:31 +0100 Hans-Martin Mosner via mailop wrote:
> >> As a list admin, you're between a rock and a hard place.  In some
> >> cases, unsubscribing the user who unknowingly caused the spam report is
> >> indeed the easiest way out.  If you find that your interest in keeping
> >> the subscriber on the list weighs more than their interest in staying
> >> on the list you should question the motivation of that list.  Of
> >> course, there are valid reasons, such as when you're contractually or
> >> legally required to regularly inform customers.  But when the
> >> subscription to your list is entirely optional, I'd say out with them.
> > 
> > On the opposite, lists seem to me to be the easiest case.  Like in the
> > usual behavior of web interface, to unsubscribe send a confirmation
> > request whereby the user can confirm unsub or just forget it.  That way,
> > users can solve by themselves the question, for both automatic and
> > manually generated spam reports.
> 
> There are few things users hate more than getting a “did you really mean
> to unsubscribe” email from companies they unsubscribed from.  I’m pretty
> sure I can point to multiple rants and examples and companies being
> treated horribly on this mailing list when senders do that.  I can see
> “did you really mean to report our mail as spam” generating similar
> negative feelings.

There's quite a difference between a list that was affirmatively subscribed
to by the user (or at least their e-mail address), compared to a list you
got subscribed to because some marketing weenie trawled the contact
database.

Asking someone if they *really* want to unsubscribe when they never
subscribed in the first place is, I agree, very annoying.  Personally, I
don't even request unsubscription from marketing lists; I just keep
reporting as spam until the spam filter gets the message and the sender is
blocked solidly.  Don't like the hit to your sending reputation?  Then don't
send spam.

- Matt

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] blocked by microsoft -- support procedure?

[Michael Peddemors via mailop]

On 2022-01-11 12:32 p.m., Mark G Thomas via mailop wrote:

Hi,

On Tue, Jan 11, 2022 at 11:21:47AM -0800, Michael Peddemors via mailop wrote:

On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:

Here's an example from one ticket, however I'm more looking for whether
there is anything I can do to facilitate improving this overall, then
starting trying to intervene about (many!) specific tickets and IPs. I
would be happy to help with more details off-list, if so requested. I
also could relay suggestions or procedural instructions to our support
group.

redac...@enlogic.gr: host 
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To request
removal from this list please forward this message to
del...@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT TO 
command)

Mark


No comments on Linode spamming, but looking at this, have to comment.

host enlogic.gr
enlogic.gr has address 172.105.85.167
enlogic.gr mail is handled by 0 enlogic-gr.mail.protection.outlook.com

host 172.104.233.127
127.233.104.172.in-addr.arpa domain name pointer extmail.enlogic.gr

If microsoft thinks that the email server for that domain is their
infrastructure, why would they accept any email from outside MS with
that domain, if it isn't authenticated.

The rejection message looks pretty clear.. banned sender.

What is the address in the MAIL FROM, it looks liek @enlogic.gr?


In this specific case, the sender was reported to be an address @kentia.gr.


host kentia.gr
kentia.gr has address 31.22.115.154
kentia.gr mail is handled by 10 mx1.mydomain.ro.
kentia.gr mail is handled by 20 mx2.mydomain.ro.
kentia.gr mail is handled by 5 obd0bh.static.otenet.gr.

host -t TXT kentia.gr
kentia.gr descriptive text "v=spf1 a mx ip4:62.38.3.0/24 
ip4:62.38.240.10 ip4:195.46.27.139/29 ip4:172.104.233.127 
a:outgoing.holservices.gr -all"





I don't think you would get a response quickly from MS, if they
think they are authoritive for the email domain.  Anyone can put up
a PTR record or MAIL FROM forging a domain on their networks.  I get

...

Got it. I can look at other cases, which may have other issues. This was
an example I snagged, but I'm sure there are other different scenarios.

Something changed and now we have this flood of tickets, many from
people who have been e-mailing successfully to MS recipients for a long
time, until a few weeks ago when something changed.

Is there anything I can do to help our support people in handling this?

Mark



You 'could' simply send an email from the command line to a MS address, 
using one of your own domains (with of course a wide SPF record) to see 
if this is an IP based reputation issue, or a domain based reputation issue.


You 'could' subscribe to something like 'HetrixTools' to see when IP(s) 
on your network get listed on RBL's


You 'could' put in a network alert in your egress routers to report when 
too high of SYN packets are generated from an IP address in your 
networks destined to certain ports.


You 'could' start offering 'rwhois' automation, eg a person gets an IP 
address on your networks, the ownership is updated in your 'rwhois' server.


You 'could' do a random walk on your networks for suspicious PTR records.

(See where I am heading? Stop the threats first, reduces support calls)

But, the thing I was pointing out, and this goes for anyone on the list, 
if you want to shout out for help, make sure you provide the list 
members with as much detail as possible.


Let's try to get the full information of one (1) case, to confirm that 
there isn't something obvious that could be causing issues.


And pick an easier case where the MX and SPF records are a little 
simpler and sane, where you see the problem.


However, in December there WAS a smaller outbreak from Linode IP(s) i 
seem to recall.. maybe might have triggered something..




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Jaroslaw Rafa via mailop]

Dnia 11.01.2022 o godz. 19:12:14 Andrew C Aitchison via mailop pisze:
> 
> But yes, if the user downloads the message with something like fetchmail,
> then uses thunderbird to read the *local* inbox.

In recent Thunderbird versions the support for "movemail" type accounts, ie.
local system mailboxes, has been removed. ;)
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Jaroslaw Rafa via mailop]

Dnia 11.01.2022 o godz. 16:57:21 Matthias Leisi via mailop pisze:
> >> How would it know the difference if it was Thunderbird, or the user?
> > 
> > You can guess by timing.
> > 
> > If the message is moved to spam folder immediately after being fetched by
> > client, then it is an automated filter action. If there is at least a few
> > seconds delay, then it is probably the user manually moving the message into
> > spam folder (the user needs some time to look at least at the subject of
> > the message and click the appropriate button).
> 
> The mail client with its local spam filter may not be connected at the
> time the message arrives in the inbox.  It may come online at a later
> point and move messages to the spam folder with considerable delay.

I'm afraid I don't understand. If the client is not connected, then it will
not fetch (download) the message at that time. If it later downloads the
message and immediately moves it into spam folder (immediately after
download, not after the message arrives) then it is a mark of a filter
action. The client must download the message first in order for the filter
to analyze it and move it into spam folder; it can't move it to the spam
filter without downloading. So if move to the spam folder occurs immediately
after downloading, it is probably caused by a filter. It has nothing to do
with message arrival time.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] blocked by microsoft -- support procedure?

[Michael Wise via mailop]

delist@ is very much monitored, but December saw an incredible increase in 
abusive traffic thru our system, and responses ... have been delayed.

Aloha, 
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Mark G Thomas via mailop
Sent: Tuesday, January 11, 2022 11:05 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] blocked by microsoft -- support procedure?

Hi,

I'm not generally involved in our support issues, but a coworker at 
my work (Linode) reached out to me about what looks to be a new problem 
involving hosting customers being blocked by by Microsoft. We have 
150-200 new support tickets about this, starting on December 21, 2021. 
Our support goes back and forth with the customers and tries to help, 
typically 4 responses, but up to 48, per ticket, and both support and 
customers are growing increasingly frustrated.

Customers and our support team have been reaching out to 
del...@messaging.microsoft.com, but are concluding this is non-monitored.

Linode doesn't provide any e-mail services for the customers, so all 
these involve different customer-allocated IPs and different hosting 
customers. While the ones I'm spot checking, looking at these tickets, 
have DNS, SPF, and other mechanisms set up appropriately, of course 
the situation varies. At least some of these customers and/or our support 
has confirmed their Linode IPs are not listed on any public DNSBLS they 
can find.

Linode has by default blocked all outbound SMTP for all accounts starting 
November 2019, until customers have met certain criteria. I have not
become aware of any recent large or not-promptly addressed spamming 
problems, nor seen recent mention of spammers from Linode IP space on 
here or other e-mail hosting related lists since I started here in 
January, 2020.

I saw the December thread on this list from a listmember who is (or was?) 
Linode hosted, and ran into this MS blocking Linode trouble.

Here's an example from one ticket, however I'm more looking for whether 
there is anything I can do to facilitate improving this overall, then 
starting trying to intervene about (many!) specific tickets and IPs. I 
would be happy to help with more details off-list, if so requested. I 
also could relay suggestions or procedural instructions to our support 
group.

   redac...@enlogic.gr: host 
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
   said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To request
   removal from this list please forward this message to
   del...@messaging.microsoft.com. For more information please go to
   
https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D526653data=04%7C01%7Cmichael.wise%40microsoft.com%7Ca82a254b023a4115a34008d9d535d45a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637775249461291307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=sHOWRtvXx4r7mxHncg%2B89uyHlClKZB0eZqweJfxCYXQ%3Dreserved=0.
 AS(1410)
   [DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT TO 
command)

Mark

-- 
Mark G. Thomas , KC3DRE
___
mailop mailing list
mailop@mailop.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist.mailop.org%2Flistinfo%2Fmailopdata=04%7C01%7Cmichael.wise%40microsoft.com%7Ca82a254b023a4115a34008d9d535d45a%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637775249461291307%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000sdata=SsSPkf%2F8xy69ZiMqFwURADwYtzuCDTELJvyvTByfKS4%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] blocked by microsoft -- support procedure?

[John Gateley via mailop]

On 1/11/22 2:21 PM, Michael Peddemors via mailop wrote:

On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:

Here's an example from one ticket, however I'm more looking for whether
there is anything I can do to facilitate improving this overall, then
starting trying to intervene about (many!) specific tickets and IPs. I
would be happy to help with more details off-list, if so requested. I
also could relay suggestions or procedural instructions to our support
group.

    redac...@enlogic.gr: host 
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
    said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. 
To request

    removal from this list please forward this message to
    del...@messaging.microsoft.com. For more information please go to
    http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
    [DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply 
to RCPT TO command)


Mark


No comments on Linode spamming, but looking at this, have to comment.

host enlogic.gr
enlogic.gr has address 172.105.85.167
enlogic.gr mail is handled by 0 enlogic-gr.mail.protection.outlook.com

host 172.104.233.127
127.233.104.172.in-addr.arpa domain name pointer extmail.enlogic.gr

If microsoft thinks that the email server for that domain is their 
infrastructure, why would they accept any email from outside MS with 
that domain, if it isn't authenticated.


The rejection message looks pretty clear.. banned sender.

What is the address in the MAIL FROM, it looks liek @enlogic.gr?


The mail is being sent by 172.104.233.127, enlogic.gr is the recipient.


I too am having this issue, (also a linode customer, but no support 
tickets from me). I'll be posting more details later.


John

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] blocked by microsoft -- support procedure?

[Mark G Thomas via mailop]

Hi,

On Tue, Jan 11, 2022 at 11:21:47AM -0800, Michael Peddemors via mailop wrote:
> On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:
> >Here's an example from one ticket, however I'm more looking for whether
> >there is anything I can do to facilitate improving this overall, then
> >starting trying to intervene about (many!) specific tickets and IPs. I
> >would be happy to help with more details off-list, if so requested. I
> >also could relay suggestions or procedural instructions to our support
> >group.
> >
> >redac...@enlogic.gr: host 
> > enlogic-gr.mail.protection.outlook.com[104.47.17.74]
> >said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To 
> > request
> >removal from this list please forward this message to
> >del...@messaging.microsoft.com. For more information please go to
> >http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
> >[DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT 
> > TO command)
> >
> >Mark
> 
> No comments on Linode spamming, but looking at this, have to comment.
> 
> host enlogic.gr
> enlogic.gr has address 172.105.85.167
> enlogic.gr mail is handled by 0 enlogic-gr.mail.protection.outlook.com
> 
> host 172.104.233.127
> 127.233.104.172.in-addr.arpa domain name pointer extmail.enlogic.gr
> 
> If microsoft thinks that the email server for that domain is their
> infrastructure, why would they accept any email from outside MS with
> that domain, if it isn't authenticated.
> 
> The rejection message looks pretty clear.. banned sender.
> 
> What is the address in the MAIL FROM, it looks liek @enlogic.gr?

In this specific case, the sender was reported to be an address @kentia.gr.

> I don't think you would get a response quickly from MS, if they
> think they are authoritive for the email domain.  Anyone can put up
> a PTR record or MAIL FROM forging a domain on their networks.  I get
...

Got it. I can look at other cases, which may have other issues. This was 
an example I snagged, but I'm sure there are other different scenarios.

Something changed and now we have this flood of tickets, many from 
people who have been e-mailing successfully to MS recipients for a long 
time, until a few weeks ago when something changed.

Is there anything I can do to help our support people in handling this?

Mark

-- 
Mark G. Thomas , KC3DRE
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Dave Warren via mailop]

On 2022-01-11 03:29, Jaroslaw Rafa via mailop wrote:

Dnia 10.01.2022 o godz. 19:30:02 Dave Warren via mailop pisze:

How would it know the difference if it was Thunderbird, or the user?

You can guess by timing.

If the message is moved to spam folder immediately after being fetched by
client, then it is an automated filter action. If there is at least a few
seconds delay, then it is probably the user manually moving the message into
spam folder (the user needs some time to look at least at the subject of
the message and click the appropriate button).


It's a start. But I don't think it can be particularly reliable since 
IMAP allows multiple connections to a mailbox and can't link a 
particular connection to a particular client.


For example, it is quite reasonable to make connections that check a 
folder and use IDLE in that folder while other connections service 
explicit user actions (regardless of folder).


And I suspect most users use more than one client at the same time 
(mobile clients don't magically disconnect when you start your 
desktop/laptop client). Plus all the server-based "assists" that so many 
mobile clients use.


I suspect one could study enough mail clients to figure it out, and I 
don't really even know how many behave poorly out of the box or can be 
configured to perform automated actions.




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Dave Warren via mailop]

On 2022-01-11 09:11, Lukas Tribus via mailop wrote:

in my opinion Office 365 does it right (in the browser).

When marking an email as Junk, it will ask the user whether the
message should*ALSO*  be reported. This hints at the possibility that
this will land at a human person (can be true for abuse reports),
which makes this a good UI choice, in my opinion.


I very much like this implementation, and it seems to be reasonably 
clear to the user that "something" is happening. In a simple 
sender-to-recipient or spammer-to-recipient situation it's great!


But once you get mailboxes that are forwarded, mailing lists, and all 
the other things people do to/with email... I'm not even sure I could 
make any sort of decision tree for what is the right place, let alone 
start to implement such a thing in code.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] blocked by microsoft -- support procedure?

[Michael Peddemors via mailop]

On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:

Here's an example from one ticket, however I'm more looking for whether
there is anything I can do to facilitate improving this overall, then
starting trying to intervene about (many!) specific tickets and IPs. I
would be happy to help with more details off-list, if so requested. I
also could relay suggestions or procedural instructions to our support
group.

redac...@enlogic.gr: host 
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To request
removal from this list please forward this message to
del...@messaging.microsoft.com. For more information please go to
http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
[DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT TO 
command)

Mark


No comments on Linode spamming, but looking at this, have to comment.

host enlogic.gr
enlogic.gr has address 172.105.85.167
enlogic.gr mail is handled by 0 enlogic-gr.mail.protection.outlook.com

host 172.104.233.127
127.233.104.172.in-addr.arpa domain name pointer extmail.enlogic.gr

If microsoft thinks that the email server for that domain is their 
infrastructure, why would they accept any email from outside MS with 
that domain, if it isn't authenticated.


The rejection message looks pretty clear.. banned sender.

What is the address in the MAIL FROM, it looks liek @enlogic.gr?

host -t TXT enlogic.gr
enlogic.gr descriptive text "v=spf1 include:_spf.google.com 
ip4:37.99.196.61 ip4:62.38.2.0/24 ip4:172.104.233.127 
include:spf.protection.outlook.com -all"

enlogic.gr descriptive text "MS=EB2F0AF170CC8CEB57C60C387F3DEA591B9B84F0"

I don't think you would get a response quickly from MS, if they think 
they are authoritive for the email domain.  Anyone can put up a PTR 
record or MAIL FROM forging a domain on their networks.  I get it that 
you think the SPF record indicates that mail should be accepted from 
that IP, but SPF saying it is okay, isn't the same thing as it being 
okay.  There are many other checks that can take precedence.


(Since they basically allow SPF from any of the Google IP's, easy to run 
forgeries on those google cloud IPs ;)





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Dave Warren via mailop]

On 2022-01-11 03:29, Jaroslaw Rafa via mailop wrote:

Dnia 10.01.2022 o godz. 19:30:02 Dave Warren via mailop pisze:


How would it know the difference if it was Thunderbird, or the user?


You can guess by timing.

If the message is moved to spam folder immediately after being fetched by
client, then it is an automated filter action. If there is at least a few
seconds delay, then it is probably the user manually moving the message into
spam folder (the user needs some time to look at least at the subject of
the message and click the appropriate button).


Or conversely, what steps should an IMAP user take to report spam
properly?


Maybe set up an address like spamrep...@your-provider.com where users should
forward all messages they consider to be spam?


Over the last 1-2 decades I implemented just this! A spam/non-spam 
address that users could forward mail to, plus dedicated shared 
#ReportAsSpam #ReportAsNotSpam folders that users could use.


I don't think I managed to get a single person to forward an EML file to 
the spam/non-spam addresses even once in over a decade.


Teaching users to forward spam is just bad for a whole number of reasons 
and I wouldn't do it today. Even though the intent is only an internal 
"send your spam to spam@localdomain or spam@provider-name", good luck 
getting users to understand that forwarding spam is otherwise bad. The 
"we hacked your email and watched you do private things" are especially 
bad because users legitimately get worried and forward these to their 
partners or others to get advice.


Forwarded non-spam without the EML was useful if their client bothered 
to forward enough of the original From header that I could toss the 
address on a "User wants this mail" list, although that wasn't 
particularly scalable, and didn't actually give me anything that webmail 
address books and whitelisting outbound mail didn't also give me.


User's "Archive" folders seem to be a good proxy for not-spam, if a user 
had a lot of messages over a reasonable period of time in their Archive 
folder I'd point SA's bayesian learning at it.


A few used the #ReportAs shared folders. This was safer because it 
didn't use their mailbox's own Junk folder so it required explicit 
action. These got used by the webmail interface too so it is hard to 
judge if users explicitly used the folders. If we were to redesign 
protocols from scratch, having an explicit "The user marked this as junk 
and wants to unsubscribe, or have it blocked, or file a report" would 
all be excellent things, but outside of webmail providers who control 
their servers and interface, this won't be a thing.


(EML, meaning anything that attached the original message with headers 
and at least some body).


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Andrew C Aitchison via mailop]

On Tue, 11 Jan 2022, Matthias Leisi via mailop wrote:


How would it know the difference if it was Thunderbird, or the user?


You can guess by timing.

If the message is moved to spam folder immediately after being fetched by
client, then it is an automated filter action. If there is at least a few
seconds delay, then it is probably the user manually moving the message into
spam folder (the user needs some time to look at least at the subject of
the message and click the appropriate button).


The mail client with its local spam filter may not be connected at
the time the message arrives in the inbox. It may come online at a
later point and move messages to the spam folder with considerable
delay.


Delay relative to arrival in inbox, yes.
Delay relative to message being fetched by mail client, no.

But yes, if the user downloads the message with something like fetchmail,
then uses thunderbird to read the *local* inbox.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] blocked by microsoft -- support procedure?

[Mark G Thomas via mailop]

Hi,

I'm not generally involved in our support issues, but a coworker at 
my work (Linode) reached out to me about what looks to be a new problem 
involving hosting customers being blocked by by Microsoft. We have 
150-200 new support tickets about this, starting on December 21, 2021. 
Our support goes back and forth with the customers and tries to help, 
typically 4 responses, but up to 48, per ticket, and both support and 
customers are growing increasingly frustrated.

Customers and our support team have been reaching out to 
del...@messaging.microsoft.com, but are concluding this is non-monitored.

Linode doesn't provide any e-mail services for the customers, so all 
these involve different customer-allocated IPs and different hosting 
customers. While the ones I'm spot checking, looking at these tickets, 
have DNS, SPF, and other mechanisms set up appropriately, of course 
the situation varies. At least some of these customers and/or our support 
has confirmed their Linode IPs are not listed on any public DNSBLS they 
can find.

Linode has by default blocked all outbound SMTP for all accounts starting 
November 2019, until customers have met certain criteria. I have not
become aware of any recent large or not-promptly addressed spamming 
problems, nor seen recent mention of spammers from Linode IP space on 
here or other e-mail hosting related lists since I started here in 
January, 2020.

I saw the December thread on this list from a listmember who is (or was?) 
Linode hosted, and ran into this MS blocking Linode trouble.

Here's an example from one ticket, however I'm more looking for whether 
there is anything I can do to facilitate improving this overall, then 
starting trying to intervene about (many!) specific tickets and IPs. I 
would be happy to help with more details off-list, if so requested. I 
also could relay suggestions or procedural instructions to our support 
group.

   redac...@enlogic.gr: host 
enlogic-gr.mail.protection.outlook.com[104.47.17.74]
   said: 550 5.7.511 Access denied, banned sender[172.104.233.127]. To request
   removal from this list please forward this message to
   del...@messaging.microsoft.com. For more information please go to
   http://go.microsoft.com/fwlink/?LinkId=526653. AS(1410)
   [DB8EUR05FT065.eop-eur05.prod.protection.outlook.com] (in reply to RCPT TO 
command)

Mark

-- 
Mark G. Thomas , KC3DRE
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Matthias Leisi via mailop]

>> How would it know the difference if it was Thunderbird, or the user?
> 
> You can guess by timing.
> 
> If the message is moved to spam folder immediately after being fetched by
> client, then it is an automated filter action. If there is at least a few
> seconds delay, then it is probably the user manually moving the message into
> spam folder (the user needs some time to look at least at the subject of
> the message and click the appropriate button).

The mail client with its local spam filter may not be connected at the time the 
message arrives in the inbox. It may come online at a later point and move 
messages to the spam folder with considerable delay.

— Matthias

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Florian.Kunkel--- via mailop]

/
> Maybe set up an address like mailto:spamrep...@your-provider.com where users 
> should
> forward all messages they consider to be spam?
Not helpful. And please don't encourage regular users to forward spam to abuse 
addresses. Forwarded mails are usually missing most relevant information which 
might be helpful to do anything.
- Marcel
\

FULLACK

and even worse, we (@t-online.de) will suspend your account for (forward) 
sending SPAM/PHISH/... if you do so.

Florian

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from @t-online.de or @laposte.net on list?

[Benjamin BILLON via mailop]

Well, they're not =)

They also have an extensive Postmaster page 
https://postmaster.laposte.net/categories/j-ai-un-message-d-erreur/mes-envois-sont-bloques
Did you try postmaster@ and ab...@laposte.net already?

--
Benjamin

From: mailop  On Behalf Of Xavier Beaudouin via 
mailop
Sent: mardi 11 janvier 2022 17:15
To: o...@duck.com
Cc: mailop 
Subject: Re: [mailop] Anyone from @t-online.de or @laposte.net on list?

Hello,

About @laposte.net, afaik this thing is more or less in abandonware with french 
post.
Maybe you can try reach some french administrators on frnog mailing list.

Regards,
Xavier


De: "mailop" mailto:mailop@mailop.org>>
À: "mailop" mailto:mailop@mailop.org>>
Envoyé: Mardi 11 Janvier 2022 02:05:09
Objet: [mailop] Anyone from @t-online.de or @laposte.net on list?
Looking for anyone on list (or a contact) for t-online.de and lapost.net. 
Experiencing some deliveries blocked that I’d like to resolve.

Thanks!

Omid Majdi
Product Lead
DuckDuckGo, Inc.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Hans-Martin Mosner via mailop]

11. Januar 2022 17:11, "Lukas Tribus via mailop"  schrieb:

> 
> Not hiding your actions in front of your own users would be a great
> start, that doesn't mean you need to explain ARF reporting to Jennice
> in Accounting, as the Office 365 implementation shows. It's as simple
> as "Do you want to report this email: REPORT, DONT REPORT".

While this is a major step forward, IMHO it still does not communicate clearly 
enough who the report is going to.
Do I report to my mail provider, to the sender's mail provider, or to the 
sender?
Depending on the circumstances, each of those choices could be right (maybe not 
the sender though, unless the mail recipient wants to express "I don't want 
that mail anymore" after legitimately subscribing some time ago).

There's no internet mail police that would be the natural recipient of such 
reports :-)

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: What am I supposed to do with abuse complaints on legit mail?

[Marcel Becker via mailop]

On Tue, Jan 11, 2022 at 2:39 AM Jaroslaw Rafa via mailop 
wrote:

>
> Maybe set up an address like spamrep...@your-provider.com where users
> should
> forward all messages they consider to be spam?
>

Not helpful. And please don't encourage regular users to forward spam to
abuse addresses. Forwarded mails are usually missing most relevant
information which might be helpful to do anything.

- Marcel
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from @t-online.de or @laposte.net on list?

[Xavier Beaudouin via mailop]

Hello, 

About @laposte.net, afaik this thing is more or less in abandonware with french 
post. 
Maybe you can try reach some french administrators on frnog mailing list. 

Regards, 
Xavier 

> De: "mailop" 
> À: "mailop" 
> Envoyé: Mardi 11 Janvier 2022 02:05:09
> Objet: [mailop] Anyone from @t-online.de or @laposte.net on list?

> Looking for anyone on list (or a contact) for t-online.de and lapost.net.
> Experiencing some deliveries blocked that I’d like to resolve.

> Thanks!

> Omid Majdi
> Product Lead
> DuckDuckGo, Inc.

> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Lukas Tribus via mailop]

Hello,


in my opinion Office 365 does it right (in the browser).

When marking an email as Junk, it will ask the user whether the
message should *ALSO* be reported. This hints at the possibility that
this will land at a human person (can be true for abuse reports),
which makes this a good UI choice, in my opinion.


Instead when the UI suggests that nothing will happen by marking a
message as SPAM other than maybe local SPAM filter tuning, but then
unbeknownst to the user abuse reports start flying around, then of
course this will lead to problems down the road.


Not hiding your actions in front of your own users would be a great
start, that doesn't mean you need to explain ARF reporting to Jennice
in Accounting, as the Office 365 implementation shows. It's as simple
as "Do you want to report this email: REPORT, DONT REPORT".

And as always it is very much unclear to a lot of users what Trash and
Junk actually means, I'm sure this gets even more complicated in other
languages and cultures. IMAP adds another piece of complexity here of
course, but this is, in my opinion, primarily a UI problem.



Lukas
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from @t-online.de or @laposte.net on list?

[Florian.Kunkel--- via mailop]

Hey Omid,

what's wrong with our postmaster site 
https://postmaster.t-online.de/index.en.html
or just contacting the address named in each and every single reject message?

Cheers

Florian


Von: mailop  Im Auftrag von Omid Majdi via mailop
Gesendet: Dienstag, 11. Januar 2022 02:05
An: mailop@mailop.org
Betreff: [mailop] Anyone from @t-online.de or @laposte.net on list?

Looking for anyone on list (or a contact) for t-online.de and lapost.net. 
Experiencing some deliveries blocked that I'd like to resolve.

Thanks!

Omid Majdi
Product Lead
DuckDuckGo, Inc.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Laura Atkins via mailop]

> On 11 Jan 2022, at 10:25, Alessandro Vesely via mailop  
> wrote:
> 
> On Tue 11/Jan/2022 07:40:31 +0100 Hans-Martin Mosner via mailop wrote:
>> As a list admin, you're between a rock and a hard place. In some cases, 
>> unsubscribing the user who unknowingly caused the spam report is indeed the 
>> easiest way out. If you find that your interest in keeping the subscriber on 
>> the list weighs more than their interest in staying on the list you should 
>> question the motivation of that list. Of course, there are valid reasons, 
>> such as when you're contractually or legally required to regularly inform 
>> customers. But when the subscription to your list is entirely optional, I'd 
>> say out with them.
> 
> 
> On the opposite, lists seem to me to be the easiest case.  Like in the usual 
> behavior of web interface, to unsubscribe send a confirmation request whereby 
> the user can confirm unsub or just forget it.  That way, users can solve by 
> themselves the question, for both automatic and manually generated spam 
> reports.

There are few things users hate more than getting a “did you really mean to 
unsubscribe” email from companies they unsubscribed from. I’m pretty sure I can 
point to multiple rants and examples and companies being treated horribly on 
this mailing list when senders do that. I can see “did you really mean to 
report our mail as spam” generating similar negative feelings. 

laura 


-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Alessandro Vesely via mailop]

On Tue 11/Jan/2022 07:40:31 +0100 Hans-Martin Mosner via mailop wrote:
As a list admin, you're between a rock and a hard place. In some cases, 
unsubscribing the user who unknowingly caused the spam report is indeed the 
easiest way out. If you find that your interest in keeping the subscriber on 
the list weighs more than their interest in staying on the list you should 
question the motivation of that list. Of course, there are valid reasons, such 
as when you're contractually or legally required to regularly inform customers. 
But when the subscription to your list is entirely optional, I'd say out with them.



On the opposite, lists seem to me to be the easiest case.  Like in the usual 
behavior of web interface, to unsubscribe send a confirmation request whereby 
the user can confirm unsub or just forget it.  That way, users can solve by 
themselves the question, for both automatic and manually generated spam reports.



Best
Ale
--






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop