Re: [mailop] And just after I spoke up for Linode being not bad ;)

[Faisal Misle via mailop]

They do. Those servers then forward to Google Workspace, likely a spam 
filter or similar.


On 1/18/22 9:06 PM, John Levine via mailop wrote:

It appears that Michael Peddemors via mailop  said:

Serious?

: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] said:
Why do they have their abuse email address at gmail..

They don't:

$ host -t mx linode.com
linode.com mail is handled by 2 inbound-mail1.linode.com.
linode.com mail is handled by 2 inbound-mail3.linode.com.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] And just after I spoke up for Linode being not bad ;)

[John Levine via mailop]

It appears that Michael Peddemors via mailop  said:
>Serious?
>
>: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] said:

>Why do they have their abuse email address at gmail..

They don't:

$ host -t mx linode.com
linode.com mail is handled by 2 inbound-mail1.linode.com.
linode.com mail is handled by 2 inbound-mail3.linode.com.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Dave Brockman via mailop]

On 1/17/2022 2:09 PM, John Levine via mailop wrote:

It appears that Scott Mutter via mailop  said:

-=-=-=-=-=-
-=-=-=-=-=-

On Mon, Jan 17, 2022 at 12:06 PM Grant Taylor via mailop 
wrote:


Drive by comment:

What if we had something like an MX record published for the IP
address(es) in reverse DNS / in-addr.arpa for
... and configure those MX records to route to a mail server
of the owners / administrators of the IP (space) in question?



Do reverse DNS entries support the TXT structure?  Why not just create a
special, specific TXT record for a contact email address?


This might be a good time to review the RP DNS record.  See RFC 1183.

As far as I can tell, I am the only person in the world that still
publishes them.


I agree with this assessment.

Regards,

--dtb

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] And just after I spoke up for Linode being not bad ;)

[Jarland Donnell via mailop]

Same thing happened at a similar cloud when I worked at it, we had 
Gsuite email and no one saw it coming. Most companies seem to be using 
abuse forms to make up for it and to some degree I get it, forms require 
intentional input where as people dumping fail2ban logs (and similar) at 
abuse@ emails renders them so terribly difficult to process at scale.


On 2022-01-18 10:22, Michael Peddemors via mailop wrote:

Serious?

: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] 
said:
550-5.2.1 The user you are trying to contact is receiving mail at a 
rate
that 550-5.2.1 prevents additional messages from being delivered. 
For more

550-5.2.1 information, please visit 550 5.2.1
https://support.google.com/mail/?p=ReceivingRatePerm 
k9si1297959vsh.481 -

gsmtp (in reply to RCPT TO command)

Why do they have their abuse email address at gmail..

If a person gets that once, do you think they will try to report again?

--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and 
intended
solely for the use of the individual or entity to which they are 
addressed.
Please note that any views or opinions presented in this email are 
solely
those of the author and are not intended to represent those of the 
company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] And just after I spoke up for Linode being not bad ;)

[Grant Taylor via mailop]

On 1/18/22 9:22 AM, Michael Peddemors via mailop wrote:

Serious?


: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] said:
   550-5.2.1 The user you are trying to contact is receiving mail at a 
rate that

   550-5.2.1 prevents additional messages from being delivered. For more
   550-5.2.1 information, please visit
   550 5.2.1 
https://support.google.com/mail/?p=ReceivingRatePermk9si1297959vsh.481 - 
gsmtp (in reply to RCPT TO command)


*facePALM*


Why do they have their abuse email address at gmail..


_shrug_

I suppose because they have outsourced email for $REASONS.


If a person gets that once, do you think they will try to report again?


Probably not.

I'm happy to open a support ticket as Linode customer.  Email me more 
details (preferably the full DSN in all of it's gory details) and I'll 
do so.




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft/Lindo - junked,not blocked

[Michael Rathbun via mailop]

On Mon, 17 Jan 2022 18:04:30 -0600, John Gateley via mailop
 wrote:

>The IP address in question is not currently blocked in our system. 
>Please refer to the email message you received from Microsoft and follow 
>the steps it suggests.

I have no detailed knowledge of what the current system structure is, but
seven years back I was one of the people maintaining blocking lists  for
O365.  

At that time, there was a variety of lists that the system consulted, some of
which were maintained by somebody with root access and vi (or emacs, according
to taste).  At least two of those could result in a "banned sender" response.
The humans responding to delist request would have no idea that these lists
even existed, let alone how to check them.

Adding that to the generally stochastic response of the architecture as it was
back then made diagnosing some delivery failures an adventure.  I imagine it
still is, but in new and different ways.

mdr
-- 
Fail-safe systems fail by failing to fail safe.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] And just after I spoke up for Linode being not bad ;)

[Michael Peddemors via mailop]

Serious?

: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] said:
550-5.2.1 The user you are trying to contact is receiving mail at a 
rate
that 550-5.2.1 prevents additional messages from being delivered. 
For more

550-5.2.1 information, please visit 550 5.2.1
https://support.google.com/mail/?p=ReceivingRatePerm 
k9si1297959vsh.481 -

gsmtp (in reply to RCPT TO command)

Why do they have their abuse email address at gmail..

If a person gets that once, do you think they will try to report again?

--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] still not a good way to publish contact info, was What am I supposed to do

[Alessandro Vesely via mailop]

On Tue 18/Jan/2022 00:47:53 +0100 Scott Mutter via mailop wrote:
I feel like the abuse contact that's being suggested in RDAP, RP, rWhois, etc - 
are all intended to be manually sent by a human, i.e. someone from one of these 
big name email service providers (Microsoft/Yahoo/Gmail).



It is much easier to send reports automatically.

Personally, I still don't trust to include message headers in reports, so when 
reporting spam I just write "X-Spam-Flag: YES".  However, most reports are 
failed authentications or scanning for PHP scripts, which are typical bot 
actions.  I supply IPs and timestamps, which should be enough to determine the 
culprit.  On request, I send the full header of a spammy message, but this 
happens almost never.



Best
Ale
--





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] still not a good way to publish contact info, was What am I supposed to do

[Alessandro Vesely via mailop]

On Tue 18/Jan/2022 00:34:51 +0100 Grant Taylor via mailop wrote:

On 1/17/22 4:08 PM, John Levine via mailop wrote:
See my previous message about RDAP.  If people want to publish contact info 
for their IP ranges, they can do it now in the RIR WHOIS. The problem is that 
they don't want to.


In theory, maybe.

However in my experience, many small operators who want to publish information 
to have their systems appear as proper as possible often can't for one reason 
or another.  Usually because they are small operators they are dependent on 
their provider to support RWhoIs / SWIP / etc.  As such they usually /can't/ 
publish information even if they want to because of the lack of flexibility / 
support from their providers.



That's right.  As a small operator, I can confirm I'm unable to get a copy of 
abuse messages.  Since, at last, RDAP for numbers works reliably, I consider 
it's the Plan-A tool for abuse reporting.


What it is still missing is the possibility to publish your address.  Since the 
RIRs run powerful databases, they could afford to publish an additional abuse 
mailbox of the IP "user", besides the one(s) provided by the IP "owner".



Smaller operators will likely have more success getting an RP record added than 
getting their provider to implement support for more proper solutions.  
Granted, the RP will likely require a support ticket for the record to be 
created manually.



There must be a reason why RP is not used.  Perhaps the fact that expressing 
mailboxes as domain names is a bit difficult —e.g. john@noc.example.com— or 
the fact that the referred TXT record has an unknown format (who sends reports 
to a PO Box?)


RDAP is as straightforward as this:

ale@pcale:~/tmp$ abuserdap -s 2600:3c00:e000:1e9::8849
ab...@linode.com
https://rdap.arin.net/registry/ip/2600:3c00:e000:1e9::8849


Best
Ale
--






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] hosteurope anybody? PRVS not working?

[Heiko Schlittermann via mailop]

Hi,

I'm seeking for somebody from hosteurope.

For a client of us, the sender verification callout (<> -> prvs…) back
to hosteurope doesn't seem to work as expected.

Please contact me by private mail: h...@schlittermann.de

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
 SCHLITTERMANN.de  internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --- key ID: F69376CE -


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [SUBJECT CHANGE] Feedback loops

[Laura Atkins via mailop]

> On 18 Jan 2022, at 02:32, Scott Mutter via mailop  wrote:
> 
> On Mon, Jan 17, 2022 at 6:06 PM Grant Taylor via mailop  > wrote:
> Why can't automated and manual reports go to the same address?  Isn't
> that what recipient side filtering is for?  E.g. separating RFC standard
> DSNs / MDNs from human generated messages, each handled by different teams.
> 
> My problem with FBLs is that I have to know to sign up for FBLs.
> Conversely, mailbox operators can probably more easily send push
> notifications to published addresses, whatever the industry accepted
> method is.
> 
> 
> I keep going back to the AOL Feedback Loop of yesteryear.  I didn't actually 
> READ every message in that mailbox.  But I could run a script through a 
> procmail recipe to increment counts by IP that AOL was sending back to that 
> FBL.  So that when an IP got 10 or so messages within a certain period it 
> would alert me at another email address that I watched.

The AOL FBL worked the way it did for a number of reasons. The big one is 
because AOL controlled the MUA. They managed the actions behind the “this is 
spam” button, and thus they could send mail when it was pushed.

When the provider doesn’t control the MUA they can’t provide the same FBL that 
AOL did because they do not have the ability to identify when the user clicks 
the TiS button. 

> Gmail and Yahoo all base their feedback loops on DomainKeys or something, 
> it's not IP based.  I know Comcast and some of the other ReturnPath customers 
> have feedback loops, but traffic on those are low too.

Right, because in most cases the provider doesn’t control the MUA. 

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [SUBJECT CHANGE] Feedback loops

[Jaroslaw Rafa via mailop]

Dnia 17.01.2022 o godz. 16:41:26 Michael Peddemors via mailop pisze:
> 
> So, while there are many companies with terrible or no abuse
> handlers, the problem maybe is now that the other way, where noone
> reports it.

Speaking for myself, I don't get a lot of spam, but when I do, I don't
bother reporting it. Spam is so omnipresent today that I have the impression
that noone actually cares about spam reports. I just update my spam filter
to avoid receiving similar messages in the future. Spamassassin plus a few
RBLs plus a bunch of my custom filtering rules are doing a pretty good job.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop