On Wed, Feb 04, 2015 at 06:27:16PM +0200, Gil Bahat wrote:
Also, if anyone knows of additional blocklists which can suit this usage
(blocking users/registrations), I'd appreciate a tipoff (considering
Spamhaus DROP/EDROP, too)
Yes, the DROP/EDROP lists are very helpful. I drop all packets
Be prepared for a reality where nearly all of the SCOMP reports you
will ever get are false positives generated by careless, ignorant,
clueless AOL users.
I've had a feedback loop there since March 2004, and easily, *easily*,
well over 99% of the reports I've ever gotten were from people on
On Tue, May 05, 2015 at 03:15:16PM +1000, Ted Cooper wrote:
Mail server in question is an EC2 instance, generic PTR, greeting with
.internal version, sending from different hostname level domain which
doesn't accept bounces, no SPF/DKIM, a from address that is NXDOMAIN,
with malformed
I've noticed that one of my servers has been unable to establish port 25
connections to hosts such as mx00.emig.gmx.net for over a week...and I'm
entirely puzzled as to why, since it only sends a trickle of traffic
to a handful of users @gmx.net/@gmx.de etc. (They're on a couple of
small,
I've started seeing this in my sendmail logs in the past 24-36 hours:
May 23 15:26:14
to=examp...@msn.com,examp...@msn.com,exam...@msn.com, mailer=esmtp,
relay=mx1.hotmail.com., dsn=5.1.2, stat=Host unknown (Unknown error: 275)
I would expect to see something like this:
May 23
On Sat, May 23, 2015 at 08:55:26PM -, John Levine wrote:
Yes. A little googlage finds this thread earlier today that reports
the same problem. [snip]
Thanks! I'd done some searching around but didn't turn up anything
that looked relevant. This is exactly what I needed and I really
On Thu, Sep 10, 2015 at 09:45:40PM +1000, Robert Mueller wrote:
> IMHO everything about SPF and SRS borders on somewhere between pointless
> and craziness. Is there any evidence it's been useful in any way to help
> stop or identify spam?
No. SPF was announced by an ignorant newbie with this
On Mon, Sep 14, 2015 at 01:05:28PM -0400, Rich Kulawiec wrote:
> That's part of it, sure. But having working RFC 2152 role addresses,
RFC 2142, sorry for the typo.
---rsk
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mail
On Mon, Sep 14, 2015 at 12:00:01PM -0700, Michael Peddemors wrote:
> Monitoring from ISP's and Telco's has always shown a lot of leakage
> from the servers called..
>
> mail-pu1apc01hn0200.outbound.protection.outlook.com
I've seen a noticeable uptick in (obvious) spam from the following
On Thu, Sep 24, 2015 at 06:04:11PM +0300, Gil Bahat wrote:
> I have good reason to believe this does not represent actual spam
> reporting [...]
Of course it doesn't. Users are...well they're not at all competent.
Not even remotely close. They routinely mark ordinary mailing list
traffic (such
On Thu, Jun 09, 2016 at 09:25:00AM +0100, Paul Smith wrote:
> I'd have thought that even if you do decide to just throw "extreme"
> junk away (which I think is a very bad idea, BTW), then you should
> tell the user that you've done so - either in a daily/weekly summary
> email or an online list or
On Fri, May 27, 2016 at 11:07:44AM -0700, Jay Hennigan wrote:
> CAPTCHA could potentially fix it, but that is sure to raise
> objections as being too inconvenient for list operators playing the
> numbers game.
Captchas are also not a valid anti-abuse mechanism: they have been quite
thoroughly
On Wed, Jun 15, 2016 at 10:47:07AM +0300, Gil Bahat via mailop wrote:
> Your users will pay a price and netease will pay a price.
There's always a price. The costs associated with both FP and FN
are non-zero -- although they might be negligibly small -- for either
sender or recipient or both.
On Thu, Feb 25, 2016 at 11:25:57AM -0800, Franck Martin via mailop wrote:
> Please you have an opportunity to engage and get things fixed, so don't
> throw a ton of bricks on the first email.
I didn't throw *any* bricks. I gave a candid assessment of the situation.
And while it would be nice to
On Thu, Feb 25, 2016 at 07:17:56PM +0800, ?? wrote:
> I am a postmaster of Netease Inc.(NASDAQ: NTES), we are a professional
> email service provider in China with domains 163.com, 126.com, yeah.net
> and etc.
I can't speak for GitHub, but I've had most of those domains blacklisted
for over a
On Mon, Jan 18, 2016 at 10:19:50PM +0100, Michelle Sullivan quoted:
> I invented Domain Validation back in 2007. It works by introducing MS records
> in DNS, which act as the reverse of MX records.
No, he didn't. I proposed "XM" records, to denote mail sources (as opposed
to MX records, which
On Wed, Feb 03, 2016 at 10:52:43AM -0800, Brandon Long wrote:
> We rolled out a RFC 5321 compliant parser to smtp in Aug/Sept of last year,
> to much gnashing of teeth for a small set of users with some crappy
> software. We rolled it back for MSA (just silently replace with the
> auth-user),
On Tue, Mar 29, 2016 at 07:37:11PM -0700, Aaron C. de Bruyn wrote:
> Ok, I'll jump on that grenade. Have the engineers heard of Linux or BSD? ;)
Thank you for taking one for the team. It is indeed hard to say that
one's seriously competing in the Indy 500 when one shows up at the
starting line
On Wed, Mar 23, 2016 at 10:16:11AM -0700, Michael Peddemors wrote:
> For instance, if it believes
> the message is spam, and the recipient has requested that 'all'
> email be forwarded to a remote account, forwarding that email could
> make it appear that the forwarder is the source of spam.
On Wed, Mar 30, 2016 at 01:21:17AM +, Michael Wise wrote:
> Oh wait, that means we have to get 10x the number of servers ... and data
> centers.
Actually, the measures I outlined require *fewer* servers, less storage,
and (in most cases) less network bandwidth. That's one of the reasons
I
On Thu, Jun 30, 2016 at 02:19:20AM +, Michael Wise via mailop wrote:
> This ... is an attack for which I have become rather familiar.
As have I. Various countermeasures deployed singly and in combination
have sufficed to cut it down to a dull roar, but the distributed nature
of the attack
On Thu, Feb 23, 2017 at 02:57:07PM -0600, Shaun wrote:
> I'm getting 3 different patterns of SASL auth lately. The most aggressive
> one is (still) trying accounts from the MySpace leak. The second is a
> dictionary attack of common English first names.
One of the often-observed attacks at some
On Wed, Jan 11, 2017 at 12:33:47PM -0800, Michael Peddemors wrote:
> More and more, if you want to deliver email in today's environments, you
> have to ensure your email servers are correctly configured.
I think there's considerable value in slowly enforcing this in stepwise,
announced fashion.
On Mon, Feb 13, 2017 at 01:06:49PM -0500, valdis.kletni...@vt.edu wrote:
> And where do you announce it where all the mail system administrators who
> don't read the *current* BCPs will see it and act on it?
I got nothin'. Seriously, I thought about this for a while, and every idea
that I have
On Fri, Jan 27, 2017 at 04:20:40PM +, Wosotowsky, Adam wrote:
> Assuming everything structural is working correctly as you indicated
> below, the problem might be with your domain name. .cc is perhaps
> the most abused TLD there is, so much so that google doesn't even
> return search results
On Fri, Feb 10, 2017 at 12:14:05PM +0100, Klaus Ethgen wrote:
> We teach people to not give their passwords away and now you want them
> to give them to google? WTF?
Emphatic agreement here. Not only does this instill worst practices
in users, but in *many* places, it's variously (a) against the
Curious. domaincop247.net and domaincops.net were registered at the
same same time as domaincop247.com. (There's also a domaincops.com
that's been around since 2007 and appears unrelated.) The name servers
for domaincops.net are currently set (by Enom, I presume) as follows:
Name
On Mon, Jan 09, 2017 at 03:18:06PM -0500, Lili Crowley via mailop wrote:
> This went live on the blog a couple of months ago. Just in case, here it is
> below.
I suggest that you send this out to all of the registered feedback
loop addresses, since (a) not everyone reads your blog and (b) not
On Wed, Jan 04, 2017 at 08:49:47AM -0500, Vick Khera wrote:
> SORBS does not seem interested in
> solving problems, but in punishing people.
It is impossible for SORBS (or any other DNSBL/RHSBL) to punish anyone.
Even if they wanted to -- and I see no evidence that they do -- they can't.
The same
[ Forwarded from the NANOG list. Please note the deadline is today. ---rsk ]
- Forwarded message from Peter Eckersley -
> Date: Sun, 26 Mar 2017 16:05:34 -0700
> From: Peter Eckersley
> To: na...@nanog.org
> Subject: EFF Call for sign-ons: ISPs, networking
On Sat, Mar 11, 2017 at 10:52:21AM +0800, ComKal Networks wrote:
> I have noticed the scrapping of whois and dns records
> appears to have increased dramatically over the past
> 2 years.
Both of those are poor sources of email addresses, though: the duplication
across many domains and the
On Wed, Jul 26, 2017 at 04:22:55PM -0700, Michael wrote:
> You might be going too stringent in that case..
I don't think so. This would allow fred.amazon@ and things that meet
those kinds of use cases, while disallowing amazon@ and amazon.com@.
Note that I don't particularly like this -- years
On Tue, Jul 25, 2017 at 04:59:39PM +, Kirk MacDonald wrote:
> In addition to what is mentioned in RFC2142, can anyone offer any
> resources (or "best practices") for what can be considered "restricted"
> email addresses/UIDs for a domain which offers mailbox service to the
> general public?
On Thu, Nov 16, 2017 at 03:12:00PM -0800, Michael Peddemors wrote:
> Seems both Spammers and Email Marketers are all jumping on the Amazon
> bandwagon.. (Personally, I never thought the price point would make it worth
> it)
Their cloud operation emits things far worse than spam. Check your logs.
I think that setting up a system that accepts input which can be
forged/fabricated at will in any desired quantity by nearly any
attacker and then generates email output to arbitrary destinations of that
attacker's choosing is a seriously bad idea. This is an abuse magnet --
perhaps one that's
Might be legit. But:
- does not know the difference between "spam" and "SPAM"
- gets the definition of spam wrong
- it's not clear how they plan to conduct message analysis
on the basis of the information they collect
- purports to be able to
On Sat, Jan 20, 2018 at 02:00:17PM +0800, ComKal Networks wrote:
> You have been around long enough to know that a
> secured commercial entity simply means it will take
> longer for that their data to be leaked Vs a non secured
> commercial entity :)
I have been running experiments in this area
On Fri, Feb 09, 2018 at 09:56:43AM +0100, Dan Malm wrote:
> I'm seeing an extreme amount of SMTP authentications (over 600/s) [snip]
I wouldn't characterize what I've seen as "extreme" at any of the
observation points I'm monitoring, but I have seen a moderate number of
repeated attempts to
On Fri, Feb 09, 2018 at 03:01:41PM +0100, Philip Paeps wrote:
> It would be nice if the Google Groups would "confirm opt-in" like other
> mailing lists.
It's been a best practice since before Google (and many of its employees)
existed, so: yes. Having run all kinds of mailing lists of all sizes
On Tue, Feb 20, 2018 at 10:47:00AM -0500, Rob McEwen wrote:
> Keep in mind that, if a marketer is doing things the right way, they should
> have no need to obfuscate their own domain name. They should instead
> proudly use it and not feel the need to hide behind Google's shortner.
Or behind
On Tue, Dec 26, 2017 at 06:14:34PM -0500, John Levine wrote:
> They have a bizarre policy that when you send a spam report in
> response to one of their survey invitations, they reply and say it's
> been suppressed *for that user only*.
I have also noted -- repeatedly, with different spamtraps
On Tue, Jan 02, 2018 at 09:18:32AM +0100, Benoit Panizzon wrote:
> So what is your opinion, is it legit to reject email because the ehlo
> domain does not match the connection ip's PTR record?
No, but (a) the HELO/EHLO should be a name that resolves and (b) the
easiest way to avoid this entire
On Tue, Jul 10, 2018 at 11:14:59PM -0400, John Levine wrote:
> I'm not very surprised. Linode does a poor job of keeping their
> customers from sending spam. They respond when you complain, but
> you shouldn't have to complain.
Concur. On most of the servers that I run, *.members.linode.com
is
I've permanently blacklisted bitbounce.com and bitbounce.io. Any others
that I should be deep-sixing?
---rsk
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
400k servers may be at risk of serious code-execution attacks. Patch now
https://arstechnica.com/information-technology/2018/03/code-execution-flaw-in-exim-imperils-400k-machines-have-you-patched/
---rsk
___
mailop mailing list
On Tue, Mar 06, 2018 at 12:02:55PM -0500, Bill Cole wrote:
> If bulk senders routinely detect when a user opens messages, that user is not
> following basic email safety principles.
Correct. It also means that the sender is abusive: even *attempting* to discern
when users open/read messages is
On Wed, Apr 10, 2019 at 07:11:26PM -0700, Jay Hennigan wrote:
> Even if it's a notification I've requested, the concept of write-only email
> smacks of poor customer service IMHO.
This (and the elided portion) are spot-on. "Noreply" is used exclusively
by the ignorant, the incompetent, and the
On Mon, Apr 08, 2019 at 02:13:51PM -0700, Dennis Glatting wrote:
> I got tired of the SSH/SMTP attacks from DO and zero effective response
> to abuse reports, so I've been slowly adding their net blocks for the
> last six months.
I've been doing this for quite some time, for the same reason:
On Thu, Apr 18, 2019 at 11:48:29PM +0100, Chris Woods wrote:
> I operate web services and mail servers for a small number of commercial
> clients, and the opaque (and seemingly erratic) classification criteria for
> emails is causing me sleepless nights at the moment.
[ My comments are generic.
On Mon, Apr 29, 2019 at 03:54:41PM +0200, Benoit Panizzon via mailop wrote:
> I wonder if DigitalOcean is running for some social media related
> wake-up call.
It would be far easier and much more effective if everyone on this
mailing list caused every mail server that they run to refuse all
mail
I'll have more to say on this (of course I will ;) ) but I'll mention
that I'm attempting to assemble what I'll call, for lack of a better
term, a roadmap of RFCs that mail system operators should be familiar
with. I'm doing this because I'm trying to (a) train some junior
people and (b) fill in
On Thu, May 09, 2019 at 09:26:50AM -0400, Rob McEwen via mailop wrote:
> you should strongly encourage your customers to
> captcha-protect their signup forms to prevent bots from signing up spamtrap
> addresses.
No, you shouldn't. I'm going to quote something that I just sent
elsewhere, so my
On Sun, Apr 28, 2019 at 11:33:07AM -0600, Brielle Bruns via mailop wrote:
> A slack channel would be cool regardless [...]
No, it wouldn't. You might find it instructive to read their S-1 filing,
referenced here:
Slack Warns Investors It's a Target for Nation-State Hacking
On Thu, May 02, 2019 at 11:50:12AM +0100, Andrew C Aitchison via mailop wrote:
> With single-sign-on I need to make it easy for users not to give the
> alternate mail service (and their hackers :-) access to all the
> services I provide, along with POP retrieval.
In addition: thanks to password
I've said this many times and many places, so I'm going to apologize
to everyone who's already read it and knows where this is about to go.
HTML markup in email is used by three groups of people:
1. Ignorant newbies who don't know any better
2. Ineducable morons who refuse to
SPF is just about entirely useless, which should surprise nobody.
This was obvious on inspection when it was announced.
- It's no help with spam: almost without exception, every message that
hits my spamtraps passes SPF.
- It's no help with phishing: thanks to ICANN, registrars, and
the
On Tue, Dec 08, 2020 at 10:58:22AM +, Paul Smith via mailop wrote:
> "Typographically similar" is not "identical". Yes, many people will be
> fooled by "typographically similar", but not everyone. SPF (and DKIM) allow
> you to verify to some level of certainty that the sender is who they say
>
On Mon, Apr 24, 2023 at 10:44:47AM +0200, Jasper Spaans via mailop wrote:
> We're seeing quite some postfix PREGREET errors in incoming smtp traffic
> from hosts claiming to be emailage.com (by lexisnexis). Does anyone know
> whether this is just a dressed up list washing service, or would it be
>
On Mon, Apr 24, 2023 at 06:44:45PM +0300, Mary via mailop wrote:
> Is there a place that provides IP to country location information for free?
Yes. Here's a (Python) script you can download and run for yourself, if you
wish:
Generating country IP ranges lists
59 matches
Mail list logo