Hi
If you could contact me offlist would be great.
I'm playing Cat and Mouse with one of your fraud email sending
customers who, as I see it, just registers a new domain and opens a
new email hosting with namecheap as soon as he is being disconnected by
the namecheap abuse desk.
Sometime within
Hi Jeff
> Maybe give a try on this one?
> admin.exter...@timbrasil.com.br
>
> But I doubt they will answer you.
I'm not even able to send them emails, same as with their abuse desk.
- The following addresses had permanent fatal errors -
(reason: 550 5.4.1 Recipient address rejec
Hi Team
In the last days, we got a significant number of spamtrap hits and
customer spam reports about this image link being spamvertized:
https://s-install.avcdn.net/ipm/preview/icons/icon-envelope-tick-green-avg-v1.png
When looking at the evidences, those are in one part, clearly spambot
gener
Dear Microsoft Abuse Desk
(PS: Mailop list, feel free to forward this to your personal contacts @
microsoft).
Since months, I am trying to contact Microsoft regarding the increasing
number of spam incidents we observe and how Microsoft handles them.
The various Microsoft email addresses I was in
Hi Team
One of our customer is forwarding his emails on our platform to his
hotmail email address.
Today, we started getting a Microsoft Spam complaint for almost every
email that was being forwarded to his hotmail account.
I contacted the customer and asked, why he was reporting so many emails
Hi John
> If you don't care enough to publish a valid SPF record, why should
> we think you care whether we deliver your mail?
The customer in question used an ESP to send marketing emails.
That ESP told him what host to include in his SPF record.
Probably some years later, that ESP changed doma
Next one...
Our SMTP Server rejects an email with:
554 5.7.1 Spamassassin-Score: 4.011 >= 2.0 :Content indicates SPAM:
Guess, what is the error displayed to the sender?
If you guessed a lengthy text regarding misconfigured DNS PTR, backed
by links to https://go.microsoft.com/fwlink/p/?LinkId=71
Hi
> My recommendation is to recognize that 1-bit binary blocklistings
> aren't granular enough to account for shared environments without
> causing false positives.
Agreed, the blacklist scores adds to the SpamAssassin score.
That is why not every email sent from that IP is rejected as spam but
Hi Team
I am involved in a large non profit organisation in Switzerland.
A couple of years ago, that organisation got persuaded to switch to
Office365 as they got a good offer for non profit organisations. One of
the promises at that time: Everyone could continue working as before as
all clients
Hi List
Privacy Policies make it hard for us to solve the email issue of one of
our customers.
schlageropenair.ch mail is handled by 5 mail.h-email.net.
It looks like the MX was recently changed.
Our customer has an email account on that domain that was 'sponsored'
for an event. Unfortunately t
Hi
Trying via this list as I had no success, with BT Customer Service or
via BT Switzerland.
Hopefully a BT mail admin is reading this, or somebody is able to
forward to the right person.
For certain technical telephony issues regarding international
interconnection, BT Customer Service requires
Hi List
I subscribed to the Yahoo FBL on after we got some 'low volume' phished
account abused for spam and staying under our radar, targetting yahoo
recipients which now tempfails our smtp outbound ip range for 'user
complaints'.
https://io.help.yahoo.com/contact/index?page=contactform&locale=en
Hi List
We see a massive increase of phishing emails from various ip addresses
all over the world, targetting post.ch customers.
Common thing is the envelope sender mostly looks like:
supp...@wordpress-703124-2326824.cloudwaysapps.com
Digits varying and sometimes 'wordpress' is also not present
Hi List
We have an Email / DNS issue with a Domain whose DNS are hosted
(according to whois) @ dnsowl.com but the zone not being present there
thus request rejected because recursion is disallowed.
dnsowl.com has SOA record ns1.dnsowl.com. hostmaster.dnsowl.com.
1636895957 7200 1800 1209600 600
> Just wondering if others saw the same.
Definitely. Feeding them to our spamtrap.
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G-Leiter Commerce Kunden
__
Zurlindenstrasse
> Anyone here from Google who can unplug GPT and plug it back in?
> It seems to have stopped working on October 4th.
We have similar, VERY nasty problems in August/September.
Google downgraded our @imp.ch domain reputation form 'high' to 'bad'
from one day to the other effectively shutting down o
Dear Mailops!
We have a customer who orders software licenses via paddle.com
He should get keys via Email. But they never arrive. I also don't see
any trace of those emails in our logs.
He got in contact with the Vendor he orders the licenses with. The
vendor double checked the email address of
Hi List
I have come across some email pretending to be from a Swiss grocery
store chain, claiming you could fill a survey to participate to a
drawing for some fancy mobile phones. The survey is hosted @
nofatsurvery.com
Those are not legit emails. That store chain never organised such a
drawing.
Update, feed the last PDF to Virustotal.
https://www.virustotal.com/gui/file/ad860365c07794fd64c6368db884faa495508b03826422eaa1cdb0d5266f5f42/detection
Yes, 6 Hits for 'Phishing Malware'. I suppose Adobe PDF reader is
vulnerable to this.
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffi
Hi List
Today, we are getting strange emails from various
outbound.protection.outlook.com ip addresses to all kind of
destination email addresses.
Strange thing is:
The have a HUGE list of recipients in the To: Header
They have nonsense 5 letter (3 and 2) Subjects.
The have nonsense content of
Hi List
Constant spam observed since about February. Their website does not
provide any contact or privacy information (stating: coming soon).
Hosted @ OVH Germany.
http://multirbl.valli.org/lookup/54.38.218.61.html hints to that
problem.
Does anyone perhaps has a contact to them to make them a
Hi List
One of our customers way desperately trying to reach company hosting
it's email services namecheaphosting.com
eforward1.registrar-servers.com[162.255.118.51] was constantly
rejecting our customers emails as spam. We wanted to find the cause.
Maybe some weird email forwarding problem? Mayb
Hi
> Replying to my own message. Went back and looked at the exim log from
> OP... seems the ordering was correct - so that means exim is screwing
> it up. I'd still recommend disabling pipelining on the client side.
I have added:
smtpd_discard_ehlo_keywords = pipelining
To our postfix to preven
Hi List
We managed to reproduce the issue while sniffing the SMTP connection.
From my observation, I suppose it's a bug in EXIM as it encounters a
situation which probably is somehow unique with our spamfilter.
So how to reproduce... The focus is on the MAIL FROM / RCPT TO lines in
the SMTP dial
Hi Paul and Gang
I have been testing with our Exim and Postfix.
Everything works as expected. If Postfix rejects a recipient with 452
Exim is immediately re-sending that recipient with a new SMTP session.
But the customer affected can 100% reproduce the issue.
What I observed is that EXIM keeps
Hi Graeme
> Given that Exim logs what the far end gives back to it, I suspect
> you're looking at the Postfix end.
Yes, that sounds reasonable... So I started digging in our MIMEDefang
code and added more debug information to see what might go wrong. If we
somehow silently return 'CONTINUE' from
Hi Gang
We see a constant stream of spam mails advertising erotica websites
run by DigiByte Media B.V. Utrecht, NL and hosted @ Goole Could.
Despite DigiByte Media B.V. stating, they react to every complaint
within a couple of work days I have NEVER EVER got a reply from them o
an incident.
Now
Come on Google, that is a joke, isn't it?
That email was correctly signed with DKIM. The SPF entry is correct.
Google requested that email:
_DMARC.google.ch descriptive text "v=DMARC1; p=reject;
rua=mailto:mailauth-repo...@google.com";
And this is not the only one. All DMARC reports I send to r
Hi List
In the last couple of week I have seen several spam mails that look
like they are related to Alphainfo INC.
Common part: There is a redirector running under the same directory as
the domain name. So if 'example.com' was the domain name, the URI would
be https://example.com/example/[sometr
Hi
A larger Swiss company operates a newsletter on the emarsys platform.
If a customer subscribes to a newsletter the website confirms:
verification email sent.
We watch the log on the MX: No attempt is made to send that email from
the IP ranges the other emarsys emails originate.
If we try aga
Hi Team
I was made aware that a Google IP is listed in one of the blacklists we
operate.
Strangely this hinted that Google was attempting to send an email to an
IP address which is running a spamtrap/honeypot and for sure is not
used as MX.
Normally this is only being hit by bots scanning for op
Hi Michael
> And when you say 'only one PTR per RR' is "allowed", could you
> explain that further? "allowed" by whom, or what policy.
I recall we ran into some problems with systems that attempt to match A
and PTR records and only considered the first PTR returned and that
while looking if that
> Allow your customers to set an additional PTR.
AFAIK only one PTR per RR is allowed, even if most DNS allow to set
multiple ones.
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G-Leiter Commerce Kunden
___
Hi
> Anybody else seeing increase phishing through sendgrid? They look
> fairly convincing.
>
> A few paypals, and a few amazons.
Add Netflix
Add Joe-Jobs
> I thought sendgrid were ok? Has somebody leaked a big pile of
> sendgrid usernames and passwords or something?
Yes, I contacted the
Hi Gang
After some more valuable feedback I got on that topic, it is now
pretty obvious how I destroyed the google reputation of that 'sending
domain'.
I learned that Google:
IPv4: Works with IP Reputation.
IPv6: Works with 'sender domain' Reputation.
Sender Domain is not just the 'domain' of t
> Using DMARC p=reject without DKIM is broken anyway. You cannot control
> how or where your recipients forward their email (and I promise you
> many of them forward it to Gmail from IP addresses that are not in
> your SPF record).
Yes this is why SRS is being used to re-write the envelope sender.
Hi Laura
> It is possible, if you are signing with a DKIM d= of the domain in
> the 5321.from address.
We use only SPF at the moment. There are many systems which send emails
to 'external' recipients with the @imp.ch domain. It would take some
time to find ways to deploy DKIM in this very mixed
Hi Gang
Tanks for the various feedback, learning a log :-) I found one issue
caused by domain alignment in DMARC.
We use two domains:
imp.ch (our company)
breitband.ch (our service brand)
Our Support Case System (RT/3) uses a global configured envelope sender:
but depending on the Queue, a dif
Hi Gang
I once more need help. It looks like some IP Addresses of our email
Plattform are on a blacklist @ Microsoft.
Yes, some customers again gave their credentials to phishers who
subsequently abused the accounts. They were mostly blocked
automatically, throttled and the rest of them manually
Dear List
A teacher is customer on our email platform and with covid-19
homeschool, she is sending daily email to her class.
Each and every emails she is sending to a student with an outlook.de
email address, causes a spam complaint to be sent to our abuse desk.
I asked the teacher multiple time
Hi List
We got one of the IP addresses from our email plattform listed @
UCEPROTECT for sending email to spamtraps.
Unfortunately UCEPROTECT only reveals a time-window of 3 minutes and
the IP address as hint to the issue. 3 Minutes is a long time period on
a busy server.
Anyway, I filtered out t
> which MTA, if any, would have been vulnerable to this? Exim?
yes:
https://www.cisecurity.org/advisory/a-vulnerability-in-exim-could-allow-for-remote-command-execution_2019-061/
--
Mit freundlichen Grüssen
-Benoît Panizzon- @ HomeOffice und normal erreichbar
--
I m p r o W a r e A G-
42 matches
Mail list logo
