On 2019-05-28 12:00 p.m., Michael Wise via mailop wrote:
"Unsolicited Email is defined as email sent to persons other than (i) persons
with whom Customer has an existing business relationship, OR
(ii) persons who have consented to the receipt of such email, including publishing
or providing
ppy to
take this off-list.
Kind regards
Bastiaan van den Berg
-
Hetzner Online GmbH
Am 05.06.2019 um 16:37 schrieb Michael Peddemors via mailop:
> Hehehe.. how does that saying going about the "pot calling the kettle
> black&qu
Hehehe.. how does that saying going about the "pot calling the kettle
black"? But aside from comments about what people are saying about
Azure
It really is when those /28's start firing up on your network.. I would
'like' to say it is a problem with vetting new customers, however I
Got several of these today..
Looks like a fairly easy fake Interac to detect.
Sending to stripped addresses off of web pages from the look of it..
Probably compromised accounts/computers, but still..
Try to squeek time this week to send a more friendly catch up email..
-- Michael --
Too many hats today. and too many hours sorry about that..
Still several hours of work in front of me..
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at
On 2019-05-10 4:21 a.m., Laura Atkins via mailop wrote:
You don’t need to separate your transactional and your marketing mail on
different IPs because the filters aren’t using IPs as the unique mail
identifier.
I would suggest that you 'might' have a point when it comes to the
bigger
Don't get me started on OVH IP Space.
Aside from all the blocks delegated with no rwhois, hiding behind GDPR
as an excuse not to provide information on the operator..
Aside from known spammers where the domains are so obviously used for fraud.
Aside from the poor OVH abuse handling.
Just
If you follow any of the white hat groups, or security researchers, you
will see a lot of them already doing it with little or no effect..
(Which means of course people stop bothering to report it)
However, a little birdie told me that certain government agencies are
finally waking up and
On 2019-04-29 8:18 a.m., Anne P. Mitchell, Esq. via mailop wrote:
I wonder if we should*all* tweet to them, including the hashtag
#DigitalOceanHostsBadGuys ?;-)
When Anne suggests something like this.. ;)
Done!
--
"Catch the Magic of Linux..."
On 2019-04-29 7:58 a.m., Michael Rathbun via mailop wrote:
On Mon, 29 Apr 2019 07:26:23 -0700, Michael Peddemors via mailop
wrote:
PS, pgHammer went quiet yesterday.. either someone caught/killed his C
server, or the actor realized that there was too much attention on the
activity
On 2019-04-29 8:37 a.m., Michael Peddemors via mailop wrote:
On 2019-04-29 8:18 a.m., Anne P. Mitchell, Esq. via mailop wrote:
I wonder if we should*all* tweet to them, including the hashtag
#DigitalOceanHostsBadGuys ?;-)
When Anne suggests something like this.. ;)
Done!
Speaking
very email exists and is valid ;)
Just kidding, why let them use valuable resources..
PPS, You know the IP(s) can change at any time ;)
On 2019-04-29 3:40 p.m., Carl Byington via mailop wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2019-04-29 at 09:12 -0700, Michael Peddemors via ma
Spot checking one bot net operating on compromised routers, one country
that really has a problem that needs to be addressed.. last 30 minutes
on ONE server.. All SMTP AUTH attacks against port 587..
The percentage of compromised routers on these networks is staggering..
On 2019-08-20 12:45 p.m., John Levine via mailop wrote:
In article <530230574.3626402.1566296780...@ss002889.tauri.ch> you write:
-=-=-=-=-=-
-=-=-=-=-=-
Not quite, RFC5322 section 2.2.3 explicitly states at the end of the paragraph:
"An unfolded header field has no length restriction and
+1
But now if we can ONLY get Amazon, GoogleCloud, and Azure to start doing
the same thing ;) Still far too many bad actors relying on the network
being 'too big to block' and very loose SWIP/rwhois.
On 2019-08-22 8:41 a.m., Laura Atkins via mailop wrote:
In my experience, when the bounce
https://portal.msrc.microsoft.com/en-us/engage/cars
By the time you finished filling all the fields out, and hit submit it
tells you the recaptcha has expired and to 'reload the page', and of
course with it all the information you just spent 10 minutes filling in..
*sigh*
Meh! just
On 2019-08-23 12:45 a.m., Benoit Panizzon via mailop wrote:
157.161.0.0/16 is a 'legacy', pre RIPE range which is exempt from the
RIPE requirement to register customer allocations.
Just because it is exempt, doesn't mean you can't take the opportunity
to be a good netizen, and operate a
Fake Account reactivation notices circulating..
Return-Path:
Subject: Mailjet - Re-Activate your account
They are hot linking to
https://app.mailjet.com/images/email/transac/fb.png
(Could always change that image to 'This is a Scam' ;)
http://gtpx.mjt.lu/lnk
https://farmforkitchen/m
My
On 2019-08-27 10:07 a.m., Jay Hennigan via mailop wrote:
Don't use Spamcop then. Send your complaints directly to the abuse desk.
Let us know if it does any good.
While overall great comments, we all have to realize the frustration of
those involved in sending reports 'directly' as well..
Speaking about Facebook.. wish they standardized naming conventions ..
They seem to also have a real problem with sending to invalid email
addresses, of course with their size it could simply be thousands of ppl
with fat fingers but..
Would be nice to clearly know the behavioral differences
Judging by the quick google, business been around since 2004, and
pushing secure DNS services now.. Seems's I have heard their name
around... Linked in shows about 56 employees..
Are the reasons related to the obvious ransom ware still leaking out
your network?
(Oh, just giving you a hard
Thanks Ann for sharing,
And you are right, this "could" be opening a scary can of worms for
'anyone' who is or has control or influence on delivering messages of
any type, (eg Twitter, Spam Filtering companies, etc).
During the last election this was a concern, Democrats complaining
On 2019-09-19 8:35 a.m., Al Iverson via mailop wrote:
Thus there are three categories of subscriber responses:
- Clicked on unsub link or "no" button. Stop mailing.
- Clicked on opt-in link or "yes" button. Continue mailing.
- Did nothing. Send one reminder mail asking them again to opt-in in
Seeing reports dated as of Aug 31, purportedly from our IP(s), however
the attachments show obviously that the source was not from our IP(s).
Headers look totally messed up, but for instance getting reports to us,
that originated from A2 Hosting through MailChannels.. back on Aug 31..
Yet
to the bottom of this.
One of my colleagues will reach out to you off list.
Regards,
Adrian
On 24 Sep 2019, at 15:12, Michael Peddemors via mailop
wrote:
Seeing reports dated as of Aug 31, purportedly from our IP(s), however the
attachments show obviously that the source was not from our
Quiet Holiday Monday.. Lest We Forgot..
Compromise IoT devices:
But it seems that the Emotet guys went into full gear on a spam run this
weekend, unlikely to affect most people other than adding load to the
servers, or perform list washing.. but the big jump is noticable.. this
one report
Just thought I would pass on the nature of a spam outbreak we are seeing
from them... Please reach out off list..
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at
On 2019-12-02 4:53 p.m., Steve Holdoway via mailop wrote:
December 3, 2019 1:46 PM, "Luis E. Muñoz via mailop" wrote:
On 2 Dec 2019, at 15:59, John Levine via mailop wrote:
I warned a guy away from Hetzner and OVH if he wants to send mail so > he
reasonably asked what VPS provider in Europe
Anyone know if there is any value in the X-HM-Spam-Status values?
It isn't a base64 string, so it must be a proprietary string, but
wondering if it actually has any value for receivers, to see if 163.com
has already flagged the outgoing message as likely spam..
Received: from
Thanks Al for posting this..
As a rule, everyone should be deprecating port 110/143 for
authentication and using the SSL/TLS versions..
Hopefully, this will help convince all other ISP's to at least do that.
-- Michael --
And of course, a quick pitch on email clients should consider
Speaking of Hetzner, any comments on the recent spat of widespread usage
of the amazon.com, 163.com, jobs.com on your networks?
Are these compromises, bad sign-ups, or some actual other usage patterns?
On 2019-10-21 6:51 a.m., Hetzner Blacklist via mailop wrote:
My job involves (trying to)
On 2019-10-22 8:26 a.m., Hetzner Blacklist via mailop wrote:
Bad sign-ups, there's been an uptick of that in the past ~2 weeks.
We usually find and kick them out within a few hours, but if you see
anything showing up in your logs for more than 24 hours, you're very
welcome to contact me.
Am
Just in case you are wondering about a large increase in DUL sourced
spam overnight, (and of course, most systems probably stop the bulk of
it), it appears to be a Windows based bot, that is sending..
MAIL FROM: @marketplace.amazon.in
Interestingly, no SPF records for "marketplace.amazon.in"
While it is a wonderful long weekend for our friends in the US, the rest
of us have probably been working, instead of shopping and often that
work is dealing with the increase in both spam and bulk marketing, and
often phishing hiding in both.. usually long weekends are favorite times
for the
On 2019-11-23 11:05 a.m., Tom Ivar Helbekkmo via mailop wrote:
"Rolf E. Sonneveld via mailop" writes:
What would be a good strategy for this customer to update his list of
contacts?
In the olden days, one would simply write a script, using expect(1) or
similar, to go through the addresses,
On 2019-10-07 8:18 a.m., Paul Smith via mailop wrote:
On 07/10/2019 15:47, Graeme Fowler via mailop wrote:
Also you're on OVH, about which a quick look through the list's
archives will possibly prove instructive. It's reasonably likely (as
likely as not) that you're running on an IP in a
Hehe.. don't feel bad, we have even seen receipts for our Spam
Protection product(s) end up in their spam folders sometimes..
If it isn't because you are missing an SPF record for your domain, it is
likely content.. we can send the same message with a few lines stripped
and it will get
On 2019-10-07 8:43 a.m., Scott Techlist via mailop wrote:
I'm watching this thread with a lot of interest. I believe I saw where the OP
was referred here on the Postfix list where those guys expected the OP to get
some more technical help instead of get a better rep :)
Recently my server has
Either it is a 'bounce' attack, or extensive compromises across their
networks..
EHLO command received, args: li195-97.members.linode.com
MAIL command received, args: FROM:<> BODY=8BITMIME
Doesn't really bother us, nothing getting to in boxes, but pretty
extensive. You might want to be a
On 2020-02-10 11:47 a.m., Jesse Thompson via mailop wrote:
On 2/7/20 6:31 PM, Brandon Long via mailop wrote:
On Fri, Feb 7, 2020 at 4:07 PM Philip Paeps via mailop
mailto:mailop@mailop.org>> wrote:
__
On 2020-02-07 15:51:22 (-0800), Philip Paeps wrote:
On 2020-02-07
On 2020-02-25 3:12 a.m., Simon Lyall via mailop wrote:
Thank you for all the suggestions. I've put together a couple of pages:
https://www.mailop.org/faq/
https://www.mailop.org/best-practices/
as a start. What do people think needs to be added or changed?
Simon.
Mailop Admin Team.
Thanks
No, but that is a valuable list that can show the 'why' of real
fines/levies. Be nice if they included a few Canadian examples
https://www.theglobeandmail.com/business/article-crtc-levies-fines-against-two-companies-under-canadas-anti-spam-law/
https://crtc.gc.ca/eng/DNCL/dnclc_2019.htm
host 192.158.224.5
5.224.158.192.in-addr.ARPA domain name pointer server.divebums.com
host -t TXT divebums.com
divebums.com descriptive text "v=spf1 ip4:192.158.224.5
ip4:174.36.50.170 ip4:192.110.160.37 +ip4:168.235.104.229
ip4:192.158.224.5 a mx -all"
NetRange: 192.158.224.0 -
Hehe.. another one.. (You think it would be self obvious)
When you talk about transparency, the idea is that the domain in the PTR
should have a URL, where contact information related to abuse for/from
that domain can be found..
97.107.24.93x1 1.outbound1.email-aeg.com
97.107.24.95
But yes, in general... SendGrid is letting a lot more obvious spam slip
out..
Received: by filter1485p1las1.sendgrid.net with SMTP id
filter1485p1las1-8217-5E5BDA86-2
2020-03-01 15:53:42.040986297 + UTC m=+2053389.093756661
Received: from [23.83.134.244] (unknown [23.83.134.244])
On 2020-01-27 10:04 a.m., John Levine via mailop wrote:
In article <20200127101751.ga2...@rafa.eu.org>,
Jaroslaw Rafa via mailop wrote:
If we are at this topic, I wonder since long time why none, literally none
publicly available Internet service where users' private data is stored and
needs
And of course I TOTALLY forgot to discuss the implications of credential
phishing...
Um.. SendGrid..
Return-Path: @sendgrid.net>
Received: from xvfrqpfv.outbound-mail.sendgrid.net (HELO
xvfrqpfv.outbound-mail.sendgrid.net) (168.245.67.248)
From: "Mailbox"
Subject: Action Required: Important
UCE-PROTECT-2 and UCE-PROTECT-3 to be more precise..
It might be that you have bad 'neighbours'.
inetnum: 190.8.32/20
status: allocated
aut-num: N/A
owner: Trilogy Dominicana, S.A.
ownerid: DO-CEDO-LACNIC
responsible: Packet Core
address: 30 de marzo, 30, -
address:
Well, as usual the only thing you can say is that it is not usual.
Interestingly, a strong drop in the number of spam emails sent from
botnets on IoT devices, compromised routers, etc.
In general, it reflects a growing trend for spammers to move to
alternative methods.
This week, in a
Interestingly,
(And yes, it has been happening a long time)
We just engaged on this issue (and others) with senior members of their
abuse team.
First reported to Amazon on November 27th, but this is a great example
why we escalated to senior members responsible.
Aside from slow take down
Too bad so many email client softwares have developed a bad reputation
for when they ask for 'Access to your contacts', doing far too much with
that information..
Even me, accidentally have posted a message to the mailing list, when
meant to send to an individual.
But it is helpful, whether
I often speak on this topic to ISP's, and I remind them, never argue
with your customer on what is spam, and what isn't spam..
Sure, block/mark the 99% that is pretty obvious and fits everyone's
definition of spam, by let your USERS decide on the fringe cases..
"If a message is in the spam
On 2020-01-30 6:50 a.m., rps462 via mailop wrote:
"Please contact your Internet service provider since part of their
network is on our blocklist (S3140). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.;
I have an ISP based out of AWS that has been
On 2020-01-23 3:26 p.m., Michael Wise via mailop wrote:
Or at the very least, hover over should show all the details.
And yeah, never take the Friendly From, 822 From, or 821 Mail From for
Granite.
Aloha,
Michael.
How long do I have to hover my finger over the screen before it shows
the
For the record, (just back from M3AAWG, what a great event) AUTH attacks
from Tor networks ARE a thing.
While it might seem that the number of attacks from Tor Nodes, vs
legitimate AUTH requests from people that like using Tor for everything
is really one sided..
(Don't get me wrong, even
A new round of Digital Ocean badness appears to be starting up...
Thought it worth the heads up.. (Eg, SendGrid)
Of course, these are probably phishing attempts.. Fake Bounce mails..
Fake Pill Spammer, really spammy format..
Malformed headers etc..
But might affect your reputations.. ongoing
Oh, and forgot to mention the payload..
https://storage.googleapis.com/rr-m/insta%20oth%20o.html;>
On 2020-01-16 8:32 a.m., Michael Peddemors via mailop wrote:
A new round of Digital Ocean badness appears to be starting up...
Thought it worth the heads up.. (Eg, SendGrid)
Of cou
On 2020-01-16 2:39 p.m., Frank Bulk via mailop wrote:
We and our customers occasionally get email from netoworksolutions.com as it
pertains to their services. I noticed that their domain name has two
different kinds of SPF errors -- anyone know anyone in their mail or DNS
operations that can
On 2020-01-16 11:16 p.m., M. Omer GOLGELI via mailop wrote:
Guess that is exactly why I don't add a whitelist rule to Facebook mails
and let them rot in Quarantine boxes.
If they send to unverified, non-existing users without content, no
matter where it is from, they are spam.
Especially when
Our team received an alert message, but that ended up in the spam
folder.. Out of curiosity had them look at it, originally assumed is was
the attached message that triggered it.. but ended up being the FBL
message itself.
The header from is :feedbackl...@rackspacefbl.senderscore.net",
Our team is discussing this internally, and curious about others
position on addressing list washing services.. Some are better than
others of course, identifying themselves correctly..
But then there are those on Digital Ocean or AWS that use throwaway
domains, or no clear identifiers..
Hi All,
This is my last friendly post for 2019, as you know I like to
occasionally remark on the state of things and what we see as emerging
trends that our Spam Auditing team picks up..
For those who don't want to read the whole thing, this is my chance to
wish EVERYONE a very prosperous
It is a shame that even the IETF has fallen victim to the threats of
CORVID-19, and had to cancel their in-person meetings in Vancouver, but
in the spirit, wanted to remind everyone that we can still help move
discussions around email security forward, without meeting in person.
On that note,
About to go into another weekend, so a good time to post an update on
what our spam auditing team is seeing in the wild this week.
* SendGrid compromised accounts sending phishing
Seeing a lot more cases of this occurring again, mostly phishing attacks.
* Amazon forged domain spam.. seeing
Understand your frustration, especially when the big guys don't SWIP (or
rwhois) very clearly...
NetRange: 172.253.0.0 - 172.253.255.255
CIDR: 172.253.0.0/16
NetName:GOOGLE
NetHandle: NET-172-253-0-0-1
Parent: NET172 (NET-172-0-0-0-0)
NetType:Direct
I notice that you are using an AWS address..
NetRange: 52.0.0.0 - 52.31.255.255
CIDR: 52.0.0.0/11
NetName:AT-88-Z
NetHandle: NET-52-0-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType:Direct Allocation
OriginAS:
Organization: Amazon Technologies Inc.
Once again, always best to include an ACTUAL IP address in your first
email, so it can be addressed in the most timely manner.
For the record, one thing is that we hear about mailchimp customers
saying that they have a 'dedicated' IP address, however they still have
the generic PTR records..
Just so everyone is aware, bad guys operating on Amazon?
Recent new activity, all from EC2 space, forging gmail, msn,
marketwatch, legacy, and many other brands.. Wide Spread, hundreds of
IP(s)..
Unless of course they all moved to Amazon ;)
Nmap scan report for
Hi All,
A short form version of my weekly 'lay of the land' email, and might be
a little quiet the next two weeks
Early reports show a huge increase in compromised email account spam,
and from first appearances it looks like a well know control panel
(cPanel) was targeted for this one..
Just another update, on what our spam auditing team is seeing as trends
This week, notable activity that our teams are seeing...
* Amazon AWS abuse continues, pretty obvious spammers
You would think that when 500-1000 IP(s) are detected each day that
Amazon would worry about running out of
On 2020-04-30 3:07 p.m., Andrew C Aitchison wrote:
On Thu, 30 Apr 2020, Michael Peddemors via mailop wrote:
Just another update, on what our spam auditing team is seeing as trends
...
* o265 leakage
Have they lost a century ?
Naw, according to the recent US CERT notice, since people
Since on the topic of SendGrid..
Received: from dhl.com (unknown)
by geopod-ismtpd-2-1 (SG) with ESMTP
id yXjQUIVNTmWUp86G27YZTw
for ;
Tue, 05 May 2020 10:02:57.886 + (UTC)
From: DHL Express
Subject: Shipment Arrival Notice.
Date: Tue, 05 May 2020 10:02:57
Not strictly email related..
Our networks are under a 'little' attack right now, not really a
traditional DDOS attacks, but pretty sure our spam auditing team has
riled up a group out of Russia..
However, mixed in with some known questionable networks over there...
80.82.65.253
8SlXhMCPQICHWXv4c4UPqo4BYpwT6WdoB1GFSwuwd6mNC9sCJf1r
5PzIFZRABSj7gKeokjHm7Lnl8QkLAKEXf2JojGJnXeyze4NC/w39UhwzU/ki7FK6ScIgZx+gfhUQEe
W/8/g7BcHCE1Lc+BnEOTTL+ZjLy6xWcHvoTOvSwKTV5H7YXMjUPnsbijhXY/GG1vgjjAfJT228fgF5
JgGA5Yu0hMI46ZfVGtVOMh
On 5/5/2020 9:48 AM, Michael Peddemors via mailop wrote:
Sinc
Hi all,
Hoping to get out of the office early today, start of the long weekend,
but remember, that's when the 'bad guys' like working.. but wanted to
get an update out before I go...
This week, it has still been about the really bad problem over at
SendGrid/Twilio shared senders..
While you are at it, ask gmx if they can stop leaking obvious Mitre
attack emails, via their webmail(s) ;)
SanMar Order Confirmation for Order #759086
From: "Perla Orelia"
Curious, how many companies do a virus check in WebMail when uploading
an attachment?
On 2020-03-18 7:30 a.m., Udeme
This should be a FAQ for the mailing list. For questions like this,
regarding an IP or email server, always provide the IP Address in the
initial report to the mailing list.
On 2020-03-18 7:00 a.m., Kotlikov, Anna via mailop wrote:
Hi all,
A client of mine has been consistently seeing
On 2020-03-18 3:18 p.m., Grant Taylor via mailop wrote:
n 3/18/20 3:10 PM, Miles Fidelman via mailop wrote:
Is that definitive that Comcast reported spam to senderscore? Or
is that supposition on your part.
I suspect that it was Comcast themselves. I don't think it's likely
that one
Seeing a larger than normal bot net, coming from Chinese IP(s), performs
an email sending check to a qq.com address.
Windows 7 Botnet by appearances.
A quick grep in your logs for any account trying to send to
165043...@qq.com will tell you if you are being targeted today.
Once compromised,
Amazing times, streets are near empty in Vancouver, but that's a good
thing. It means we are working together. And while our offices are
virtually empty, work goes on..
One thing we see out of this, is of course an increase in mailings from
all companies, advising their customers of the
On 2020-03-24 9:35 a.m., micah anderson via mailop wrote:
Steve Freegard via mailop writes:
I included the partial SHA-1 to be compatible with automation and
tooling around the HaveIBeenPwned API - see
https://haveibeenpwned.com/API/v3#PwnedPasswords
I understand that desire, but I wish the
On 2020-05-07 10:19 a.m., Nick via mailop wrote:
On 2020-05-07 18:07 BST, John Levine via mailop wrote:
My users have lots of addresses and my mail system lets them use
whatever From: address they want.
Interesting. That seems liberal, and also risky isn't it? What's the
advantage that
Glad to hear something is being done on it, but...
(Quickly checks the spam folder.. )
Still coming in.. Netflix Phish for instance.. Seems like they are now
just using the same method, but with slightly more obfuscated From
friendly names..
Always nice when the spammers add email addresses
Still seeing the phishing attempts.. Only reason there is less, is some
of the older IP(s) still in blacklists ;)
Just kidding, but volume high enough to show that they don't have the
issue handled as of yet..
On 2020-05-19 12:48 p.m., Chris via mailop wrote:
I'm seeing a very significant
It's been a while since I did one of these, planning on having the team
members prepare these and start posting the bi-weekly updates.
This week, has seen an overall increase of spam from many sources, and
of course phishing attempts in general are a large part of it. Emotet
is leading the
Sounds like some script kiddies were busy targeting a couple of
reputation services with a DDOS attack overnight, ICMP and NTP
amplification attack..
On 2020-10-08 12:27 a.m., Hetzner Blacklist via mailop wrote:
Just a quick heads-up: the 0spam blacklist is down.
The website (0spam.org)
On 2020-10-14 3:18 p.m., Christian Huber via mailop wrote:
Hello,
it seems like microsoft/office/hotmail has blacklisted our complete ASN
(AS34549). I tried to get in touch with every opportunity they gave but no
reply since 48 hours. We haven't seen any mail abuse since weeks and I don't
Yeah, it's still happening, thankfully the volume is getting a lot
lower, but probably because they keep getting themselves listed, and
more and more filtering rules are targeting SendGrid phishing specifically..
I stopped getting numbers, when we started seeing less than 10 new IP(s)
in a
Too early yet.. (to enforce globally)
But start selectively forcing it for the bigger players known to support
this..
On 2020-08-26 9:50 a.m., Scott Mutter via mailop wrote:
How many mail operators out there are forcing outbound SMTP
communications to use TLS? Is this a common practice
Return-Path:
Received: from wrqvcdpk.outbound-mail.sendgrid.net (HELO
wrqvcdpk.outbound-mail.sendgrid.net) (149.72.205.49)
Subject: Your attention is urgently required.
From: Verizon
--
"Catch the Magic of Linux..."
More and more companies are requiring transparency.
mail.mydomain.com
There SHOULD be a URL associated with the domain ('mydomain.com') in the
PTR.. And that URL should reflect the organization that is responsible
for activity related to that domain.. I will have to dig up that M3AAWG
Nest
Speaking of SendGrid.. (Again)
BTW, our guys policy, on detection of 'phishing' the IP is posted to
RBL's.. otherwise it is probably just scored a little higher..
But does anyone know these guys? Looks like they have bought or used a
bad mailing list, or they have a sign process being abused
Your iPhone should be connecting to port 587/465 and don't block
localhost.localdomain there.. clients should be able to send almost any
EHLO, just block localhost.localdomain on port 25. IMHO
On 2020-10-02 1:34 p.m., John Devine via mailop wrote:
I think IOS v14 changed to sending using that
By default we still distribute with a 10MG maximum size, but frankly
almost all of our customers has bumped it to the maximum we recommend,
which is 20MG. (the odd one even went to 30, but we don't recommend that)
Too bad this isnt' escalated to a recommended standard.
How about we use this
On 2020-07-21 9:15 a.m., Bill Cole via mailop wrote:
On 19 Jul 2020, at 22:38, Chris via mailop wrote:
It is particularly bizarre that it infests one ISP like this. I'm
wondering if someone managed to force the infection to do IP
reallocations frequently to IP-hop. Cutwail normally has
Bit of a strange week this week, seems almost like the spammer groups
are taking turns. Emotet's new email templates, being sent from
compromised accounts has been increasing, with some of it sneaking
through current filtering methods, so the spam auditors have been busy
tweaking filtering
While there are unfortunately good email operators on the OVH network,
unfortunately our data shows a lot more abuse than good..
BTW, speaking of OVH, anyone know these guys?
167.114.98.1512 guesser8.wdemg4.com
167.114.98.2273 guesser1.wdemg.com
On 2020-08-11 9:39 a.m., Michael Peddemors via mailop wrote:
Hi Len,
DOH! Sorry about that Len.. and list..
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit
Volume picking up, not decreasing..
149.72.37.171 x3 wrqvnrxb.outbound-mail.sendgrid.net
149.72.58.197 x6 wrqvpxcr.outbound-mail.sendgrid.net
149.72.64.32x3 wrqvqhnh.outbound-email.sendgrid.net
149.72.73.203 x7 wrqvqwcb.outbound-mail.sendgrid.net
149.72.90.203 x1
for what leaves your network.. IMHO
On 2020-08-12 2:16 p.m., Richard W via mailop wrote:
When I checked this morning there was like 662 different Sendgrid IPs
hit our traps in the previous 24 hours.
Richard
On 2020-08-12 2:47 p.m., Michael Peddemors via mailop wrote:
Volume picking up
1 - 100 of 475 matches
Mail list logo