Hey friends,
Quick question for you experts. What do you find to be the most common
root cause for reports of emails not being received by Office 365
domains, when you can confirm conclusively that Microsoft accepted the
email? Obviously spam folder delivery should rank high, but what else?
Hoping it’s not just me, looking for a sanity check. Our queues today
are packed with these responses from Microsoft’s mail servers:
451 4.7.500 Server busy. Please try again later
Hoping, surely, it’s not that they’re deferring email from us and just
experiencing normal issues.
I once had this problem with another company and I'm going to share it
here just in case it resonates with anyone:
Despite my NS records pointing to newer servers for years, one day this
company (of noteworthy size and fame) queried ns1.mydomain.tld and
insisted on using the values returned
While I agree with your points Laura (and generally anything you have to
say), I felt this right here warranted a secondary point worth making
public to the mailing list:
It’s more necessary - you need to warm up both your IP and your
domain AND the combination of IP and domain addresses.
I'm gonna be "that guy" though for a minute.
If there are any IPv6 only mail servers, they are hobbyists trying to
prove a point. There are a ton of IPv4 only mail servers. In short,
there is no benefit to sending mail over IPv6 beyond the ideological
preference some people have for feeling
Is it plausible that Google had a temporary issue reaching your DNS
servers?
On 2024-02-27 16:30, Rob Nagler via mailop wrote:
gmail.com [1] started failing messages from domains which are
correctly setup for SPF (and have been for some years):
550-5.7.26 Gmail requires all senders to
Microsoft has a very well known spam problem right now. If you have a
support contact for Office 365, please make sure to use that as well to
complain. They desperately need to hear from their customers that
sharing IPs with spammers, who appear (at least from our perspective) to
operate with
I think it's very situational. But Spamhaus seems to imply that it's
currently relevant, not just a one time mistake. It could be more than
just poor list hygiene. Well intentioned people creating systems that
are abused by spammers is something I come across daily. I'll give an
example:
Aside from the question in the subject, because I see this brought up a
lot on the mailing list in relation to email forwarding, would passing
ARC signatures even matter when the problem is that Google is
increasingly rejecting forwarded emails due to the DMARC policy of the
original sender
Thanks for helping me confirm this friends. To close the loop, I sent an
email to icloudad...@apple.com and the problems appear to have halted
very early this morning (US/Central).
On 2024-01-17 03:13, Dan Malm via mailop wrote:
On 2024-01-17 08:47, Jarland Donnell via mailop wrote:
Just
Just a quick sanity check, are others seeing intermittent failure to
reach iCloud servers? My logs are filled with:
450 Error connecting to 17.57.156.30. Unexpected socket close
I've been having trouble delivering mail to them for at least 12 hours.
I hope it's not just me, but it would help
Don't forget about Elon's New Heater!
We're seeing a bit of a reduction of complaints now from this. Are any
others seeing it start to slow down as well? I'm hoping MS is getting
better at fighting it, but it may just be that I have. I haven't quite
gone as far as blocking them but I have
I think we've finally reached the point where more spam comes from
Office 365 customers than legitimate and desirable email. Here's just
ONE spam campaign from Office 365 we pulled logs for today:
https://mxbin.io/piaQqm
Notice the different subdomains they send from:
of only sometimes being an actual IP based rate
limit. I just never sat down long enough to prove it.
On 2023-12-17 02:00, Marco Moock via mailop wrote:
Am 16.12.2023 um 16:07:19 Uhr schrieb Jarland Donnell via mailop:
Obligatory: We don't intend to send any email their way that could
Hey friends,
I just noticed that on November 22nd, Google started returning new
errors:
421-4.7.28 Gmail has detected an unusual rate of unsolicited mail
originating from your SPF domain [userdomain.tld 15]. To protect our
users from spam, mail sent from your domain has been temporarily
I never found anyone of consequence who would agree with me or admit
that it happens, but I will continue to swear that this is a feature of
Hotmail/Outlook. The first time I identified it I think was in 2013. A
customer reported the same behavior from their HostGator VPS (when I
worked
After the years of harassment I’ve endured by being subscribed to
hundreds of thousands of mailing lists that are not double opt in, I’d
say just casually toss my email into their mailing list and watch me
convince them by way of harassment. I’m so far beyond asking nicely, my
sanity wasn’t in
Anyone else seeing issues connecting to comcast.net MX servers today?
We've got emails piling up in queue and connection failures all over.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
I "feel" like there's been an increase but I'm not sure if the numbers
support my gut feeling. Here's some stats I just pulled if you want to
look at them:
https://docs.google.com/spreadsheets/d/14RfO9_RBnQBu4i2lzP4zYMGaQfTDGtNLmcC_E0xQeP4/edit?usp=sharing
On 2023-11-17 08:37, Philip Paeps
Another perspective might be “Why care?”
It’s their site that’s compromised, it’s up to them to care about it. If a host
is sending abusive traffic your way, block the host, devalue their IPs by
reducing the networks they can communicate with. Surely their website’s abuse
isn’t making it back
put this under the threshold. -KAM
On 11/9/2023 1:41 PM, Jarland Donnell via mailop wrote:
A score of 5.8 on SpamAssassin rules is fairly low. It would be more
advisable for you to consider adjusting your settings. SpamAssassin is
designed in such a way that it will always trigger a variety
A score of 5.8 on SpamAssassin rules is fairly low. It would be more
advisable for you to consider adjusting your settings. SpamAssassin is
designed in such a way that it will always trigger a variety of rules
for every email, legit or otherwise. It shouldn't be too strange to see
a legit
This is what I use: https://github.com/equk/spf_list/
I get as otherwise mentioned that SPF macros defeat this in theory, but
in practice I've not (to date) found myself attempting to extract the
IPs from an SPF record of a domain that uses macros. In practice, this
has saved me a lot of time
Thanks for the heads up on this. I've just set our mail servers to watch
out for this and treat it as a 5xx. I hadn't noticed, but if I'd ever
noticed a 4xx on "Relay access denied" I likely would have added this
logic immediately without even taking time to second guess it, as I
can't think
Thank you for this. I've taken steps to ensure that you will not meet
any problem sending these emails to customers of our platform.
On 2023-10-04 23:37, Justin Frechette via mailop wrote:
Attention Mailbox Providers:
As outlined in the "Sending Mandated Emails to Large Audiences" best
SRS is usually fairly trivial these days, but DMARC changes things.
While SRS is doing fine for our users when forwarding email to Gmail,
when auth fails and DMARC = reject Google will tell you pretty plainly
that they're probably not going to accept it:
https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme
On 2023-09-13 01:19, Atro Tossavainen via mailop wrote:
I'm sure I've had a long explanation on here in the past year, but the
short answer is if the message is not DKIM valid and you're
forwarding, you
should rewrite
the MAIL FROM to a
It's not at all unusual for FBL to be used to block recipients.
Transactional email providers quite often use feedback loop reports to
add recipients to their customer's suppression list. The reason you
specifically find it frustrating is because of this:
Most of the providers on the
That's been a lot of my finding as well. While I fully empathize with
efforts to tackle bias, spam from affiliates of the RNC is worse than
their counterparts. Mainstream bias is worse in the opposite direction,
spam is worse in this direction. It's quite fair to notice the flaws
from every
I usually reply and ask them to cancel the order/reservation. Maybe next
time the person won't be so careless writing down their email.
On 2023-08-24 07:12, Chris Adams via mailop wrote:
What do you do when legitimate mail (lately, DoorDash order info and
Delta Airlines tickets) is sent to
ontain any policies: https://datatracker.ietf.org/doc/html/rfc7208
On 2023-08-21 15:17, Gellner, Oliver via mailop wrote:
On 19.08.2023 at 19:01 Jarland Donnell via mailop wrote:
Is "-all" not indeed a policy in SPF, directed by the domain owner? I
would argue that it
ARC is where it's at
I haven't spent much time on ARC but if I understand correctly, isn't
that a 100% trust based system? Meaning I have to trust that when you
say you authenticated it, that you're trustworthy when saying it?
On 2023-08-21 04:30, Taavi Eomäe via mailop wrote:
On
Is "-all" not indeed a policy in SPF, directed by the domain owner? I
would argue that it is. Especially given that there are options there,
each one defining how the domain owner wishes SPF failure to be treated.
I would find it odd to say that should ignore domain owners when they
say
Reply and ask them to provide temporary mitigation to the IP range. If
they say they can't, just reply and ask for it again. Repeat as
necessary. I promise it's okay, this is an intended workflow.
On 2023-08-17 16:41, Dan Mahoney (Gushi) via mailop wrote:
Hey there all.
Dayjob (ISC --
Suppression lists. All the big transactional email providers have them.
We do it with feedback loops, if someone reports a legitimate and
desired email as spam then we block them from our entire platform. The
person who wants to send mail to them can try to reason with them and
get the
Mailgun has at least been pretty responsive to abuse complaints lately,
major props to them for that. That alone sets them several grades above
their marketed counterparts.
Now Shopify is becoming a problem over here. You can register people for
newsletters at Shopify stores and if the
Perhaps it's going off topic and apologies if so, but this makes me
wonder a second thing. Who is, and why are they, adding subdomains to
the PSL when subdomains above that in hierarchy are in the same zone
file?
On 2023-07-13 13:06, Robert L Mathews via mailop wrote:
On 7/13/23 10:44
Does anyone actually receive mail by their A record in 2023? I'd just
assume break the RFC and save the resources for retrying and eventually
bouncing every email that ends up attempting delivery to an A record.
On 2023-07-11 14:45, Michael Orlitzky via mailop wrote:
On Tue, 2023-07-11 at
I thought I was a wild one with testing in production with SpamAssassin
rules set to 0 score. That way I could determine the impact without
making the impact at all, or without adding resource overhead to other
parties just because I was playing around.
I think it's a good point here that
in to augment my spam fighting, UCE L1
probably generated the least complaints. Even spamrats generates more
user complaints, despite being fairly sane.
On 2023-05-22 14:29, Bill Cole via mailop wrote:
On 2023-05-22 at 12:01:52 UTC-0400 (Mon, 22 May 2023 11:01:52 -0500)
Jarland Donnell via mailop
May 2023, at 17:01, Jarland Donnell via mailop
wrote:
I have not personally run into anyone using L3 or L2 in my experiences
thus far. Their L1 list is what most, if anyone, would be subscribing
to I would think. Their L1 list is actually really, really good.
On 2023-05-14 05:47, Slavko via
and charges for delists...
This is a very commonly cited misconception. Delisting from their BL is
automated. If you are impatient and demand immediate intervention, you
can pay them to circumvent their automation and delist you early. This
is only beneficial if you have actually fixed
I have not personally run into anyone using L3 or L2 in my experiences
thus far. Their L1 list is what most, if anyone, would be subscribing to
I would think. Their L1 list is actually really, really good.
On 2023-05-14 05:47, Slavko via mailop wrote:
Hi,
i read multiple times, from
Curious if anyone else is seeing an event similar to this. Here's the
logs of 1 hour on one of our servers, for what I propose to be a botnet:
https://clbin.com/4khRA
I'm leaving the recipient domains in it because they're not actually
customer domains. Either they used to be, or they've
To be fair it sounds like they're providing fine customer service, their
customer is just trash.
On 2023-05-12 12:39, Mary via mailop wrote:
No they haven't, but I don't expect them to do so.
Don't they have the same zero-customer-support policy like every other
major tech company?
On
Curious if anyone else is seeing an increase in errors like this from
Google:
550-5.7.25 [136.175.108.212] The IP address sending this message does
not have a PTR record setup, or the corresponding forward DNS entry does
not point to the sending IP. As a policy, Gmail does not accept
On the chance that John's message here is read as "well that's just one
opinion" let me reiterate: If I find someone emailing my customers from
a list of scraped or purchased "leads" I will immediately and
permanently block them from my infrastructure, and refund every customer
that thinks
Hey friends,
I just wanted to offer a heads up for anyone doing research, watching
statistics, or that would be so kind as to add any
whitelistings/mitigations for it. We're about to spin up
136.175.109.0/24 for an event that starts on May 15th. A customer of
ours, who is very legitimate,
Relaying your domain email through your local ISP, is that a common
approach? It seems weird from my perspective. I’d route it through
mail.baby instead and call it a day. Interserver is doing great work
over there with a mailchannels fallback for pennies.
On 2023-04-28 10:11, Jay R. Ashworth
The age old problem: Hire a bunch of people to read it that aren't
skilled enough to do anything about it, or hire people who are skilled
to handle it but don't have the time or manpower to read it all.
I'm surprised they even have an abuse inbox. I just block spammy senders
from MS/O365
ess I just assume the
message is "Those people can't email Yahoo anymore." I'm fairly
confused.
On 2023-04-18 16:25, Marcel Becker via mailop wrote:
On Tue, Apr 18, 2023 at 12:16 PM Jarland Donnell via mailop
wrote:
id=<481770.862217189-sendEmail@srv4414> (554
A customer of ours has been seeing this lately for their emails:
Apr 17 21:19:12 zmta1 node[116029]: info Sender/default/116029[11]
1879115f156000becb.001 REJECTED[other] from={censored}
to={censored}@yahoo.dk src=136.175.108.211
mx=mx-eu.mail.am0.yahoodns.net[188.125.72.74]
On 2023-04-14 07:45, Taavi Eomäe via mailop wrote:
On 14/04/2023 15:22, Laura Atkins via mailop wrote:
Unless they’re rewriting the envelope, yes. This is part and parcel of
how SPF works. I’m somewhat surprised that those services are not
rewriting the envelope, though. Unfortunately, I don’t
Did you get any samples of the spam campaign? Most of the ones I've seen
in the last few weeks appear to be more computer viruses (stealing
credentials from the user's systems), and I've had all of zero
blacklistings for the ones that got past me even for several hours.
On 2023-04-13 18:16,
I've seen a slight increase of messages like this from Google recently:
550-5.7.25 [136.175.108.254] The IP address sending this message does
not have a PTR record setup, or the corresponding forward DNS entry does
not point to the sending IP. As a policy, Gmail does not accept messages
from
On 2023-04-08 01:20, Hans-Martin Mosner via mailop wrote:
And that's why I'm still in favor of blocking spammer-hosting providers
swiftly and broadly. It needs to affect the non-spamming customers,
too, to be a strong economic incentive for keeping spammers out. Of
course I also punch holes
appreciate
--srs
-
From: mailop on behalf of Jarland Donnell
via mailop
Sent: Saturday, April 8, 2023 9:47:23 AM
To: mailop@mailop.org
Subject: Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm
so done with you
To be clear they have an amazing abuse team
3-04-07 22:02, Neil Anuskiewicz via mailop wrote:
On Apr 4, 2023, at 12:42 PM, Jarland Donnell via mailop
wrote:
I feel like I've told this story before on the list, but I can't
recall. It always feels worth telling.
When I worked at DigitalOcean I took what felt like a year (may have
been l
I feel like I've told this story before on the list, but I can't recall.
It always feels worth telling.
When I worked at DigitalOcean I took what felt like a year (may have
been less) and I focused more energy than any one person probably ever
has at any cloud provider on tackling spammers
I'm curious if anyone else is seeing this trend today. I've gathered and
mildly censored some logs around this campaign I'm seeing today:
https://clbin.com/DkSDr
Getting a bit of it across the fleet but none more than that one server
I pulled those logs from. Just some counts from the fleet
I'd like to add a +1 to this for clarification, but in my case I'm
focused solely on SRS. Will Hotmail reject DMARC failures based on From
headers or envelope senders? I mean, Gmail already rejects a lot of
DMARC failures based on From headers (I assume, since rewriting envelope
sender doesn't
On the off chance that more data helps, here are my findings (with only
recipient domains censored) based on a log audit of those "senders."
Logs: https://clbin.com/RKWkN
Considering that everything before the @ looks to be generated by an
algorithm, it should be sufficiently redacted but
:
Jarland Donnell via mailop wrote:
A quick parse of my logs suggests that it's a spam-only operation, so
likely
won't correlate to any particular front-end mail service. I mean just
100%
correlation with spam in my logs, and not a small amount of logs
either.
Interesting that e.g., Spamhaus
A quick parse of my logs suggests that it's a spam-only operation, so
likely won't correlate to any particular front-end mail service. I mean
just 100% correlation with spam in my logs, and not a small amount of
logs either.
On 2023-03-03 17:12, Jan Schaumann via mailop wrote:
Hey,
Does
In defense of Google on that, Christine works for Shopify. Shopify is a
huge spam outlet. If you want to flood someone's inbox with junk, find
thousands of shopify sites and sign them up for their newsletters. Zero
double opt in procedures, and if you happen to get a response to abuse
On 2023-02-24 12:38, Andrew C Aitchison via mailop wrote:
On Fri, 24 Feb 2023, Alessandro Vesely via mailop wrote:
On Fri 24/Feb/2023 18:41:34 +0100 Christine Borgia via mailop wrote:
I also should have mentioned we use shared IPs so there is no issue
with volume from our servers, however
-detection-with-abusix-mail-intelligence-and-postfix/
It's based on Postfix, but adapting this for Exim shouldn't be
difficult.
Kind regards,
Steve.
On Wed, 8 Feb 2023 at 13:48, Jarland Donnell via mailop
wrote:
Hey everyone. I've been thinking about how I could add some more
value
to this list and t
://abusix.com/resources/blocklists/compromised-account-detection-with-abusix-mail-intelligence-and-postfix/
It's based on Postfix, but adapting this for Exim shouldn't be
difficult.
Kind regards,
Steve.
On Wed, 8 Feb 2023 at 13:48, Jarland Donnell via mailop
wrote:
Hey everyone. I've been thinking about
Same. In fact, if anyone wants it, I regularly update a list which is
mostly intended to help out my customers that receive a lot of fake
email signups on blogs, forums, etc. Feel free to take from it:
https://github.com/mxroute/da_server_updates/blob/master/exim/spam_recipients
On 2023-02-16
Hey everyone. I've been thinking about how I could add some more value
to this list and there's one thing I've been working on for a while that
I think will be really helpful to share.
Email accounts get compromised. It happens. Especially when using base
standards (IMAP/POP/SMTP) that
Ever been on the receiving end of a retaliatory abuse complaint? As a
Hetzner customer I expect some trust in the company I pay money to, that
they'll give me a chance to face my accuser and fix the problem if there
is one, or give a response as to why I shouldn't have to if there isn't
a
Take this:
v=spf1 a mx ip4:74.208.4.194 ~all
Change it to this:
v=spf1 include:_spf.perfora.net include:_spf.kundenserver.de ~all
Done :)
On 2023-02-05 18:13, H via mailop wrote:
I have a domain with multiple email addresses hosted by Ionos. I have
found that outgoing emails can come from a
Though it's possible that you may see this more with governments and
such, I've not noticed that anyone significant blocks their own traffic
outbound to OVH, except for a couple of military contractors (which
isn't my definition of significant to any average person). If they block
anything
-tester.com --I have never used it? Is it a website?
On Tue, 17 Jan 2023 18:20:09 -0500,
Jarland Donnell via mailop wrote:
On 2023-01-17 17:06, John Covici via mailop wrote:
> Still broke for me.
I believe your issue was different from the one in this thread
and best summarized by your mess
.
On 2023-01-17 18:03, John Covici via mailop wrote:
OK, well, now I can't send even to a single gmail address. What is
mail-tester.com --I have never used it? Is it a website?
On Tue, 17 Jan 2023 18:20:09 -0500,
Jarland Donnell via mailop wrote:
On 2023-01-17 17:06, John Covici via mailop wrote
On 2023-01-17 17:06, John Covici via mailop wrote:
Still broke for me.
I believe your issue was different from the one in this thread and best
summarized by your message in that separate thread:
On 2023-01-17 10:31, John Covici via mailop wrote:
Hi. For some reason this morning, I am
Just a +1 report for the sake of data. The only legitimate emails I have
in my spam folder at Gmail are from Inno Supps and healthcare.gov. Inno
Supps I get because of their products and, therefore, their language is
quite similar to standard spam campaigns. Healthcare.gov I get because,
Is there some kind of forwarding address or something that would end up
going through your mailgun account? The reason I ask is this header
right here:
Received: from reflectiv.net (os3-384-25366.vs.sakura.ne.jp
[133.167.109.120]) by db739d28cce8 with SMTP id ; Wed, 11 Jan
2023 00:26:59 GMT
Considering how easy it is to get IPs blocked from every Verizon-owned
brand, because one single person sent the wrong email to SMS and tripped
a filter, and that you have to escalate to the CEO's team to get
unblocked, I don't know why anyone even rolls these dice anymore. I tell
everyone to
Right here friend.
On 2023-01-03 14:07, Peter N. M. Hansteen via mailop wrote:
Does anyone have useful contact info for one or more of those (which I
am beginning to believe is in fact the same outfit)?
Some odd delivery problems with messages that are some of the least
useful I have seen.
not sure how much needs to be done after registration to gain the
feature but I imagine if you have a working login, you have the feature.
On 2022-12-28 12:55, Jaroslaw Rafa via mailop wrote:
Dnia 28.12.2022 o godz. 12:33:05 Jarland Donnell via mailop pisze:
It's a perfectly legitimate feature
It's a perfectly legitimate feature of PayPal that you can create an
invoice and send it to someone. Pretty much every invoice service that
exists allows similar. They just have a problem with malicious users
creating invoices for people that don't owe them any money.
On 2022-12-28 12:14,
Fairly certain that belongs to SpamExperts. I don't think they send
email from that domain, it could be spoofed in an effort to abuse
someone's poorly executed whitelist, since anyone using their service
has to ignore SPF for emails coming from their servers, whitelisting is
usually involved.
It's a simple matter of cost vs benefit. People sitting and responding
personally to abuse complaints all day do not, directly, generate
revenue. Given their size and adoption in the marketplace, personal
responses to abuse complaints are not going to increase their market
share.
On
Thanks for sharing this. I'm asking publicly as I'm curious if this
message spawns any conversation, but have you seen or heard a lot of
intentional abuse around using bsdly.net email addresses specifically to
attack website owners? I find that emails to these bsdly.net addresses
seem to
DO uses third-party services to send emails. If you want to block only
their cloud ranges, blocking all of their announcements is appropriate.
On 2022-11-25 14:16, Slavko via mailop wrote:
Dňa 25. novembra 2022 19:15:07 UTC používateľ Lukas Tribus via mailop
napísal:
Hello,
if we are
a tiny bit of clarity,
Gustavas D
IPXO Abuse Prevention Team
-Original Message-
From: mailop On Behalf Of Jarland Donnell
via mailop
Sent: Thursday, November 24, 2022 6:07 PM
To: mailop@mailop.org
Subject: Re: [mailop] Another interesting batch of suspicious activity
on an IPXO n
I have noticed that one of the most consistently rejected emails when
forwarded to Gmail, is an email from Google. I just rotate outbound IPs
on that message using ZoneMTA and it'll get through. Waiting for an IP
to clear a rate limit with Gmail just seems like bad business at this
point.
On
When I first tested the IPXO network they required me to pay them a
custom fee to exclude my services from their internal mail scanner. They
would otherwise downgrade connections from SSL and intercept the SMTP
traffic, then scan the contents of emails for spam. I can't imagine that
still
Assuming that doesn't pan out, can you file an abuse complaint with
their DNS provider? Sure can't hurt anything.
On 2022-11-23 13:12, Cyril - ImprovMX via mailop wrote:
Hi everyone ,
I'm hoping that someone will be able to put me in contact with someone
working at Outlook.
We are still
I would block the recipient domains at the MTA level and cut out the IP
rate limiting for a while. An MTA should be able to handle the rejection
for the domain fine. I do the same with exim when a user tries to give
me the job of mass forwarding bounces, I just won't do it. In my mind a
flood
Basically, you go here:
https://www.paypal.com/invoice/s/manage
Click the gear symbol, Business Information, fill out what you want and
add a logo. Then click Save, create an invoice for someone, and PayPal
will send it to them. There's not much of anything that any of us can do
to filter it
This is excellent news. I'm quite ready for some of these services to
move my way and try to pull off similar activities. I'd love to ruin
their day just a bit more.
On 2022-11-18 11:56, Anne Mitchell via mailop wrote:
It's about time, and to the extent that you were involved (if at all),
Someone probably named themselves "Walmart" on PayPal and issued an
invoice in their UI for your email, triggering PayPal to send you an
invoice for it.
On 2022-11-18 09:09, Zach Rose via mailop wrote:
https://www.screencast.com/t/dNPpByTSjrq
I rarely use paypal, if ever, and haven't shopped
Just to be sure because I didn't see you mention it, make sure you've
contacted them via the form I often see linked so many different ways
but I'll link as this:
https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us=636165504238569370
Make sure to
It's an interesting attack angle. Has anyone here seen any user fall for
anything similar? I want to say no one would fall for that but
experience tells me I should never underestimate what an end user will
fall prey to.
On 2022-11-10 13:22, MRob via mailop wrote:
Recent I saw a link in a
Isn't *.onmicrosoft.com actually valid? Though typically not used, I'm
fairly certain it's interchangeable for the user's domain on an Office
365 subscription. I was trying to find something to validate my memory
and I think this backs it:
Indeed they shouldn't. The most noteworthy implementation that seems to
treat these as false positives is cPanel, I believe. Every single day we
run into no less than 3-5 servers which reject emails from us, claiming
that we're listed on SH. They seem to almost always be cPanel boxes.
On
Because this topic appears to be generating so much interest, I'll toss
my data into the ring. Data helps everything. I'm typing this
progressively as I do the work, so that's why it doesn't read like
something in which I've already reached a conclusion before typing it.
I know I work my butt
tely not authorized.
On 2022-09-29 13:30, Bill Cole via mailop wrote:
On 2022-09-29 at 13:15:54 UTC-0400 (Thu, 29 Sep 2022 12:15:54 -0500)
Jarland Donnell via mailop
is rumored to have said:
That little ~ is the part that gets me and I think opens it up to any
IP more than the pa
1 - 100 of 231 matches
Mail list logo
