Re: [mailop] Request for contact at honeypot project

On Wed, Feb 04, 2015 at 06:27:16PM +0200, Gil Bahat wrote: Also, if anyone knows of additional blocklists which can suit this usage (blocking users/registrations), I'd appreciate a tipoff (considering Spamhaus DROP/EDROP, too) Yes, the DROP/EDROP lists are very helpful. I drop all packets

Re: [mailop] AOL SCOMP messages

Be prepared for a reality where nearly all of the SCOMP reports you will ever get are false positives generated by careless, ignorant, clueless AOL users. I've had a feedback loop there since March 2004, and easily, *easily*, well over 99% of the reports I've ever gotten were from people on

Re: [mailop] Sourcing an email related quote

On Tue, May 05, 2015 at 03:15:16PM +1000, Ted Cooper wrote: Mail server in question is an EC2 instance, generic PTR, greeting with .internal version, sending from different hostname level domain which doesn't accept bounces, no SPF/DKIM, a from address that is NXDOMAIN, with malformed

[mailop] Paging postmaster at gmx.net/gmx.de et.al.

I've noticed that one of my servers has been unable to establish port 25 connections to hosts such as mx00.emig.gmx.net for over a week...and I'm entirely puzzled as to why, since it only sends a trickle of traffic to a handful of users @gmx.net/@gmx.de etc. (They're on a couple of small,

[mailop] Possible sendmail name resolution issues triggered by hotmail.com zone change

I've started seeing this in my sendmail logs in the past 24-36 hours: May 23 15:26:14 to=examp...@msn.com,examp...@msn.com,exam...@msn.com, mailer=esmtp, relay=mx1.hotmail.com., dsn=5.1.2, stat=Host unknown (Unknown error: 275) I would expect to see something like this: May 23

Re: [mailop] Possible sendmail name resolution issues triggered by hotmail.com zone change

On Sat, May 23, 2015 at 08:55:26PM -, John Levine wrote: Yes. A little googlage finds this thread earlier today that reports the same problem. [snip] Thanks! I'd done some searching around but didn't turn up anything that looked relevant. This is exactly what I needed and I really

Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk

On Thu, Sep 10, 2015 at 09:45:40PM +1000, Robert Mueller wrote: > IMHO everything about SPF and SRS borders on somewhere between pointless > and craziness. Is there any evidence it's been useful in any way to help > stop or identify spam? No. SPF was announced by an ignorant newbie with this

Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk

On Mon, Sep 14, 2015 at 01:05:28PM -0400, Rich Kulawiec wrote: > That's part of it, sure. But having working RFC 2152 role addresses, RFC 2142, sorry for the typo. ---rsk ___ mailop mailing list mailop@mailop.org http://chilli.nosignal.org/mail

Re: [mailop] Protection Outlook..

On Mon, Sep 14, 2015 at 12:00:01PM -0700, Michael Peddemors wrote: > Monitoring from ISP's and Telco's has always shown a lot of leakage > from the servers called.. > > mail-pu1apc01hn0200.outbound.protection.outlook.com I've seen a noticeable uptick in (obvious) spam from the following

Re: [mailop] Ex-post-facto spam complaints, a possible UI problem / other mitigation

On Thu, Sep 24, 2015 at 06:04:11PM +0300, Gil Bahat wrote: > I have good reason to believe this does not represent actual spam > reporting [...] Of course it doesn't. Users are...well they're not at all competent. Not even remotely close. They routinely mark ordinary mailing list traffic (such

Re: [mailop] Microsoft/Hotmail discards mails

On Thu, Jun 09, 2016 at 09:25:00AM +0100, Paul Smith wrote: > I'd have thought that even if you do decide to just throw "extreme" > junk away (which I think is a very bad idea, BTW), then you should > tell the user that you've done so - either in a daily/weekly summary > email or an online list or

Re: [mailop] signup form abuse

On Fri, May 27, 2016 at 11:07:44AM -0700, Jay Hennigan wrote: > CAPTCHA could potentially fix it, but that is sure to raise > objections as being too inconvenient for list operators playing the > numbers game. Captchas are also not a valid anti-abuse mechanism: they have been quite thoroughly

Re: [mailop] why "not comply with best practices" on SpamRats?

On Wed, Jun 15, 2016 at 10:47:07AM +0300, Gil Bahat via mailop wrote: > Your users will pay a price and netease will pay a price. There's always a price. The costs associated with both FP and FN are non-zero -- although they might be negligibly small -- for either sender or recipient or both.

Re: [mailop] Help - Anyone know a GitHub People

On Thu, Feb 25, 2016 at 11:25:57AM -0800, Franck Martin via mailop wrote: > Please you have an opportunity to engage and get things fixed, so don't > throw a ton of bricks on the first email. I didn't throw *any* bricks. I gave a candid assessment of the situation. And while it would be nice to

Re: [mailop] Help - Anyone know a GitHub People

On Thu, Feb 25, 2016 at 07:17:56PM +0800, ?? wrote: > I am a postmaster of Netease Inc.(NASDAQ: NTES), we are a professional > email service provider in China with domains 163.com, 126.com, yeah.net > and etc. I can't speak for GitHub, but I've had most of those domains blacklisted for over a

Re: [mailop] I have developed a new method of blocking spam that's a game changer

On Mon, Jan 18, 2016 at 10:19:50PM +0100, Michelle Sullivan quoted: > I invented Domain Validation back in 2007. It works by introducing MS records > in DNS, which act as the reverse of MX records. No, he didn't. I proposed "XM" records, to denote mail sources (as opposed to MX records, which

Re: [mailop] VERP generating syntactically invalid return-path?

On Wed, Feb 03, 2016 at 10:52:43AM -0800, Brandon Long wrote: > We rolled out a RFC 5321 compliant parser to smtp in Aug/Sept of last year, > to much gnashing of teeth for a small set of users with some crappy > software. We rolled it back for MSA (just silently replace with the > auth-user),

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

On Tue, Mar 29, 2016 at 07:37:11PM -0700, Aaron C. de Bruyn wrote: > Ok, I'll jump on that grenade. Have the engineers heard of Linux or BSD? ;) Thank you for taking one for the team. It is indeed hard to say that one's seriously competing in the Indy 500 when one shows up at the starting line

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

On Wed, Mar 23, 2016 at 10:16:11AM -0700, Michael Peddemors wrote: > For instance, if it believes > the message is spam, and the recipient has requested that 'all' > email be forwarded to a remote account, forwarding that email could > make it appear that the forwarder is the source of spam.

Re: [mailop] Mail accepted by outlook.com/hotmail.com disappears.

On Wed, Mar 30, 2016 at 01:21:17AM +, Michael Wise wrote: > Oh wait, that means we have to get 10x the number of servers ... and data > centers. Actually, the measures I outlined require *fewer* servers, less storage, and (in most cases) less network bandwidth. That's one of the reasons I

Re: [mailop] automated looking mailchimp opt-ins (confused by)

On Thu, Jun 30, 2016 at 02:19:20AM +, Michael Wise via mailop wrote: > This ... is an attack for which I have become rather familiar. As have I. Various countermeasures deployed singly and in combination have sufficed to cut it down to a dull roar, but the distributed nature of the attack

Re: [mailop] Large increase of spam/connections from snowshoe ranges

On Thu, Feb 23, 2017 at 02:57:07PM -0600, Shaun wrote: > I'm getting 3 different patterns of SASL auth lately. The most aggressive > one is (still) trying accounts from the MySpace leak. The second is a > dictionary attack of common English first names. One of the often-observed attacks at some

[mailop] Enforcement of RFCs [was: GoDaddy Email admins' in the house?]

On Wed, Jan 11, 2017 at 12:33:47PM -0800, Michael Peddemors wrote: > More and more, if you want to deliver email in today's environments, you > have to ensure your email servers are correctly configured. I think there's considerable value in slowly enforcing this in stepwise, announced fashion.

Re: [mailop] Enforcement of RFCs [was: GoDaddy Email admins' in the house?]

On Mon, Feb 13, 2017 at 01:06:49PM -0500, valdis.kletni...@vt.edu wrote: > And where do you announce it where all the mail system administrators who > don't read the *current* BCPs will see it and act on it? I got nothin'. Seriously, I thought about this for a while, and every idea that I have

Re: [mailop] problems sending to gmail

On Fri, Jan 27, 2017 at 04:20:40PM +, Wosotowsky, Adam wrote: > Assuming everything structural is working correctly as you indicated > below, the problem might be with your domain name. .cc is perhaps > the most abused TLD there is, so much so that google doesn't even > return search results

Re: [mailop] Forwarding issues, was Mails to microsoft

On Fri, Feb 10, 2017 at 12:14:05PM +0100, Klaus Ethgen wrote: > We teach people to not give their passwords away and now you want them > to give them to google? WTF? Emphatic agreement here. Not only does this instill worst practices in users, but in *many* places, it's variously (a) against the

Re: [mailop] domaincop247.com service?

Curious. domaincop247.net and domaincops.net were registered at the same same time as domaincop247.com. (There's also a domaincops.com that's been around since 2007 and appears unrelated.) The name servers for domaincops.net are currently set (by Enom, I presume) as follows: Name

Re: [mailop] AOL FBL

On Mon, Jan 09, 2017 at 03:18:06PM -0500, Lili Crowley via mailop wrote: > This went live on the blog a couple of months ago. Just in case, here it is > below. I suggest that you send this out to all of the registered feedback loop addresses, since (a) not everyone reads your blog and (b) not

Re: [mailop] SORBS help

On Wed, Jan 04, 2017 at 08:49:47AM -0500, Vick Khera wrote: > SORBS does not seem interested in > solving problems, but in punishing people. It is impossible for SORBS (or any other DNSBL/RHSBL) to punish anyone. Even if they wanted to -- and I see no evidence that they do -- they can't. The same

[mailop] Fwd: [p...@eff.org: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal] -- time sensitive

[ Forwarded from the NANOG list. Please note the deadline is today. ---rsk ] - Forwarded message from Peter Eckersley - > Date: Sun, 26 Mar 2017 16:05:34 -0700 > From: Peter Eckersley > To: na...@nanog.org > Subject: EFF Call for sign-ons: ISPs, networking

Re: [mailop] Spammers mining SPF records (of all things)

On Sat, Mar 11, 2017 at 10:52:21AM +0800, ComKal Networks wrote: > I have noticed the scrapping of whois and dns records > appears to have increased dramatically over the past > 2 years. Both of those are poor sources of email addresses, though: the duplication across many domains and the

Re: [mailop] Restricted email address UIDs for public email domains

On Wed, Jul 26, 2017 at 04:22:55PM -0700, Michael wrote: > You might be going too stringent in that case.. I don't think so. This would allow fred.amazon@ and things that meet those kinds of use cases, while disallowing amazon@ and amazon.com@. Note that I don't particularly like this -- years

Re: [mailop] Restricted email address UIDs for public email domains

On Tue, Jul 25, 2017 at 04:59:39PM +, Kirk MacDonald wrote: > In addition to what is mentioned in RFC2142, can anyone offer any > resources (or "best practices") for what can be considered "restricted" > email addresses/UIDs for a domain which offers mailbox service to the > general public?

Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?

On Thu, Nov 16, 2017 at 03:12:00PM -0800, Michael Peddemors wrote: > Seems both Spammers and Email Marketers are all jumping on the Amazon > bandwagon.. (Personally, I never thought the price point would make it worth > it) Their cloud operation emits things far worse than spam. Check your logs.

Re: [mailop] rescam.org experiences?

I think that setting up a system that accepts input which can be forged/fabricated at will in any desired quantity by nearly any attacker and then generates email output to arbitrary destinations of that attacker's choosing is a seriously bad idea. This is an abuse magnet -- perhaps one that's

Re: [mailop] spamalarm.org

Might be legit. But: - does not know the difference between "spam" and "SPAM" - gets the definition of spam wrong - it's not clear how they plan to conduct message analysis on the basis of the information they collect - purports to be able to

Re: [mailop] Heads Up

On Sat, Jan 20, 2018 at 02:00:17PM +0800, ComKal Networks wrote: > You have been around long enough to know that a > secured commercial entity simply means it will take > longer for that their data to be leaked Vs a non secured > commercial entity :) I have been running experiments in this area

Re: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs

On Fri, Feb 09, 2018 at 09:56:43AM +0100, Dan Malm wrote: > I'm seeing an extreme amount of SMTP authentications (over 600/s) [snip] I wouldn't characterize what I've seen as "extreme" at any of the observation points I'm monitoring, but I have seen a moderate number of repeated attempts to

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

On Fri, Feb 09, 2018 at 03:01:41PM +0100, Philip Paeps wrote: > It would be nice if the Google Groups would "confirm opt-in" like other > mailing lists. It's been a best practice since before Google (and many of its employees) existed, so: yes. Having run all kinds of mailing lists of all sizes

Re: [mailop] The "goo.gl" shortner is OUT OF CONTROL (+ invaluement's response)

On Tue, Feb 20, 2018 at 10:47:00AM -0500, Rob McEwen wrote: > Keep in mind that, if a marketer is doing things the right way, they should > have no need to obfuscate their own domain name. They should instead > proudly use it and not feel the need to hide behind Google's shortner. Or behind

Re: [mailop] Tell me about survey monkey

On Tue, Dec 26, 2017 at 06:14:34PM -0500, John Levine wrote: > They have a bizarre policy that when you send a spam report in > response to one of their survey invitations, they reply and say it's > been suppressed *for that user only*. I have also noted -- repeatedly, with different spamtraps

Re: [mailop] reject because of helo / hostname mismatch?

On Tue, Jan 02, 2018 at 09:18:32AM +0100, Benoit Panizzon wrote: > So what is your opinion, is it legit to reject email because the ehlo > domain does not match the connection ip's PTR record? No, but (a) the HELO/EHLO should be a name that resolves and (b) the easiest way to avoid this entire

Re: [mailop] Is outlook.com blocking the Linode IP ranges?

On Tue, Jul 10, 2018 at 11:14:59PM -0400, John Levine wrote: > I'm not very surprised. Linode does a poor job of keeping their > customers from sending spam. They respond when you complain, but > you shouldn't have to complain. Concur. On most of the servers that I run, *.members.linode.com is

Re: [mailop] Is BitBounce for real?

I've permanently blacklisted bitbounce.com and bitbounce.io. Any others that I should be deep-sixing? ---rsk ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Heads-up if you're running exim

400k servers may be at risk of serious code-execution attacks. Patch now https://arstechnica.com/information-technology/2018/03/code-execution-flaw-in-exim-imperils-400k-machines-have-you-patched/ ---rsk ___ mailop mailing list

Re: [mailop] Anyone from Gmail ?

On Tue, Mar 06, 2018 at 12:02:55PM -0500, Bill Cole wrote: > If bulk senders routinely detect when a user opens messages, that user is not > following basic email safety principles. Correct. It also means that the sender is abusive: even *attempting* to discern when users open/read messages is

Re: [mailop] Are there any de facto standards around no-reply@ addresses?

On Wed, Apr 10, 2019 at 07:11:26PM -0700, Jay Hennigan wrote: > Even if it's a notification I've requested, the concept of write-only email > smacks of poor customer service IMHO. This (and the elided portion) are spot-on. "Noreply" is used exclusively by the ignorant, the incompetent, and the

Re: [mailop] Digital Ocean Sextortion Spammers..

On Mon, Apr 08, 2019 at 02:13:51PM -0700, Dennis Glatting wrote: > I got tired of the SSH/SMTP attacks from DO and zero effective response > to abuse reports, so I've been slowly adding their net blocks for the > last six months. I've been doing this for quite some time, for the same reason:

Re: [mailop] Our customers e-mail constantly going to outlook.com junkmail (any Microsoft people around?)

On Thu, Apr 18, 2019 at 11:48:29PM +0100, Chris Woods wrote: > I operate web services and mail servers for a small number of commercial > clients, and the opaque (and seemingly erratic) classification criteria for > emails is causing me sleepless nights at the moment. [ My comments are generic.

Re: [mailop] DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..)

On Mon, Apr 29, 2019 at 03:54:41PM +0200, Benoit Panizzon via mailop wrote: > I wonder if DigitalOcean is running for some social media related > wake-up call. It would be far easier and much more effective if everyone on this mailing list caused every mail server that they run to refuse all mail

Re: [mailop] Howto be a good mailop (best practice / insights wanted)

I'll have more to say on this (of course I will ;) ) but I'll mention that I'm attempting to assemble what I'll call, for lack of a better term, a roadmap of RFCs that mail system operators should be familiar with. I'm doing this because I'm trying to (a) train some junior people and (b) fill in

Re: [mailop] Howto be a good mailop (best practice / insights wanted)

On Thu, May 09, 2019 at 09:26:50AM -0400, Rob McEwen via mailop wrote: > you should strongly encourage your customers to > captcha-protect their signup forms to prevent bots from signing up spamtrap > addresses. No, you shouldn't. I'm going to quote something that I just sent elsewhere, so my

Re: [mailop] Admin: Gmail users of mailop suspended due to bounces.

On Sun, Apr 28, 2019 at 11:33:07AM -0600, Brielle Bruns via mailop wrote: > A slack channel would be cool regardless [...] No, it wouldn't. You might find it instructive to read their S-1 filing, referenced here: Slack Warns Investors It's a Target for Nation-State Hacking

Re: [mailop] forwarding failure, Admin: Gmail users of mailop suspended due to bounces.

On Thu, May 02, 2019 at 11:50:12AM +0100, Andrew C Aitchison via mailop wrote: > With single-sign-on I need to make it easy for users not to give the > alternate mail service (and their hackers :-) access to all the > services I provide, along with POP retrieval. In addition: thanks to password

Re: [mailop] Reasons to add plain text alternative to email?

I've said this many times and many places, so I'm going to apologize to everyone who's already read it and knows where this is about to go. HTML markup in email is used by three groups of people: 1. Ignorant newbies who don't know any better 2. Ineducable morons who refuse to

Re: [mailop] Effeciveness (or not) of SPF

SPF is just about entirely useless, which should surprise nobody. This was obvious on inspection when it was announced. - It's no help with spam: almost without exception, every message that hits my spamtraps passes SPF. - It's no help with phishing: thanks to ICANN, registrars, and the

Re: [mailop] Effeciveness (or not) of SPF

On Tue, Dec 08, 2020 at 10:58:22AM +, Paul Smith via mailop wrote: > "Typographically similar" is not "identical". Yes, many people will be > fooled by "typographically similar", but not everyone. SPF (and DKIM) allow > you to verify to some level of certainty that the sender is who they say >

Re: [mailop] emailage.com ?

On Mon, Apr 24, 2023 at 10:44:47AM +0200, Jasper Spaans via mailop wrote: > We're seeing quite some postfix PREGREET errors in incoming smtp traffic > from hosts claiming to be emailage.com (by lexisnexis). Does anyone know > whether this is just a dressed up list washing service, or would it be >

Re: [mailop] IP to country?

On Mon, Apr 24, 2023 at 06:44:45PM +0300, Mary via mailop wrote: > Is there a place that provides IP to country location information for free? Yes. Here's a (Python) script you can download and run for yourself, if you wish: Generating country IP ranges lists