[mailop] Microsoft POP3 Troubles

Hi all, Not sure if this is the right list to post this to. I was reviewing my flow records and I can see in the last 24h we have started doing a much larger amount of POP3 traffic to Microsoft than usual. As an example, some of the IP's that are making the POP3 connections are:

Re: [mailop] Microsoft Junk Mail Reporting Program

On 27/07/2016 1:20 PM, Richelo Killian via mailop wrote: First and foremost, remove the complaining email address from your list. Depending on what list management software you use, it could be set to automatically remove the complaining address from your list. Along the same lines, I see

Re: [mailop] Microsoft Junk Mail Reporting Program

[OFFLIST] On 27/07/2016 2:56 PM, Craig Marchant wrote: That's an issue we have also, where customers set up forwarders on the cPanel "account / service" and then forward it off to hotmail as an example. They then mark the email(s) forwarded as junk and as a result in come the complaints for

Re: [mailop] Contact for BSB RHSBL ?

On 2020-04-17 16:02, Bill Cole via mailop wrote: On 17 Apr 2020, at 15:06, John Levine via mailop wrote: Well, it appears that spamlookup.net expired today and got picked up by a squatter. That was my initial thought too, but the IP for bsb.spamlookup.net is unreachable by browser.

Re: [mailop] contact at google

On 2020-04-13 15:00, Steven Champeon via mailop wrote: on Mon, Apr 13, 2020 at 11:54:17AM -0700, Brandon Long wrote: Are you sure this isn't just the Google Public DNS servers? Why would a DNS server be querying our mirrors? it's kinda the obvious use-case innit? I can guarantee that

Re: [mailop] [External] Re: Horrible week for email deliverability - Looking for help with RackSpace/Emailsrvr

Everybody is talking past each other with different scenarios in mind and each has different answers. How useful can that be? ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SendGrid Abuse unresponsive

On 2020-05-11 14:15, Brielle via mailop wrote: On 5/11/2020 11:45 AM, Matt V via mailop wrote: On 2020-05-05 11:09 p.m., Andy Smith via mailop wrote: I've been told by at least one Sendgrid person that they have requested membership to the list and are awaiting administrator approvals...

Re: [mailop] SendGrid Abuse unresponsive

On 2020-05-12 13:10, Melinda Plemel via mailop wrote: I can help with this issue.  Feel free to DM me and I'll get it taken care of. Hi Melinda, the email in question is Len Shneyder You know Len of course. He REALLY needs to get on here. I didn't realize that Len was now in the sendgrid

Re: [mailop] outlook.de all emails from a specific sender flagged as spam, triggering false positive feedback loop - no remedy?

The person with the problem could just get stubborn and consistently move the junkboxed emails from those sender[s] back into the regular inbox. I think outlook's spam thingie will figure it out you really do want it. On 2020-05-16 22:51, Ángel via mailop wrote: On 2020-05-14 at 11:33

Re: [mailop] Abusix Potentially Compromised Account Report

On 2020-03-22 16:20, Nick Stallman via mailop wrote: I got one of these the other day and I'm scratching my head about it as what's in the report cannot possibly be correct. The report was for a domain we host the website for, but the domain has no email at all. The account referenced is also

Re: [mailop] Abusix Potentially Compromised Account Report

On 2020-03-22 20:44, Rob McEwen via mailop wrote: On 3/22/2020 4:41 PM, Chris via mailop wrote: It's been my experience that MOST of them are going to be red-herrings +1 2 days ago, I got one of these for a domain for which I host email. I checked the SHA-1 hash against the current

Re: [mailop] Abusix Potentially Compromised Account Report

On 2020-03-24 06:36, Steve Freegard via mailop wrote: I have great respect for you, but I didn't spend a considerable amount of development time without actually being absolutely certain about what I was doing.  Your experience is not relevant because you do not have experience with

Re: [mailop] Abusix Potentially Compromised Account Report

On 2020-03-24 11:48, Steve Freegard via mailop wrote: thraxisp@:16472 Sure - that's a totally useless password and I'm happy to report I haven't seen that particular username, but without an IP - it's a bit meaningless as I can't tell you if we're seeing traffic on it or not. I checked.

Re: [mailop] SendGrid Abuse unresponsive

I'm seeing a very significant drop off of sendgrid-originated spam. Couple of minor phish/419 in the past 24 hours. Anybody else? ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop Digest, Vol 151, Issue 41

That was one of the ones I reported to Len. Given the problems I heard sendgrid was having (I'll leave it up to Len to say anything detailed about it), I *do* expect to see small numbers of light weight things continuing to happen for a little while some residuals pop up, get identified, and

Re: [mailop] MTA Server IP "Warm Up" Reputation Recommended Best Practices

On 2020-09-03 10:41, Laura Atkins via mailop wrote: What “other block lists” are you on? Knowing that may help identify what you did wrong. It’s unusual for IPs to be blocked outright after 3 days of mail. What were you sending and to whom were you sending it? Who owns the IP? Where is it

Re: [mailop] Deutsche Telekom rejects connections because of missing "provider identification"

On 2020-08-26 13:36, flo via mailop wrote: Hi there Have any of you had any bad experiences with Deutsche Telekom lately? They put one of my servers on their blacklist after an IP change with the reason that I have to provide an imprint on that machine. Have I missed something? Is this how it

Re: [mailop] Mailman confirmation email denial of service

On 2020-08-21 03:23, Norbert Bollow via mailop wrote: Maybe the idea behind that bot is that filling in the "email" field with a real-looking email address might lead to being granted read access to mailing list archives which could then be scraped for email addresses to increase the target

Re: [mailop] ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

Belay that, it appears to have been received by google twice - different timestamps on the X-Received. On 2020-08-21 22:03, Michael Rathbun via mailop wrote: On Sat, 22 Aug 2020 00:52:10 +0200, Bjoern Franke via mailop wrote: Did you send this mail two times or is something wrong again with

Re: [mailop] ANNOUNCEMENT: The NEW invaluement "Service Provider DNSBLs" - 1st one for Sendgrid-spams!

On 2020-08-22 10:08, Jaroslaw Rafa via mailop wrote: Dnia 21.08.2020 o godz. 23:00:23 Chris via mailop pisze: Belay that, it appears to have been received by google twice - different timestamps on the X-Received. I compared the two messages I received. Right, this is the first thing I

Re: [mailop] Deutsche Telekom rejects connections because of missing "provider identification"

On 2020-08-26 15:50, ml+mailop--- via mailop wrote: On Wed, Aug 26, 2020, Michael Peddemors via mailop wrote: There SHOULD be a URL associated with the domain ('mydomain.com') in the PTR.. Ah, the stuff you suggested on ietf-smtp and which got "rejected" by pretty one every one who replied?

Re: [mailop] Digital Ocean Broken Bot attack, just in case it's you and not me..

Lots of attacks coming from this block I'm only seeing non-SMTP attacks however. Things like attempted SMB breakins, telnet password probing (likely IoT), VOIP attacks, a variety of botnets. This could be a badly infected netblock or a dynamic segment with no method to prevent IP hopping.

Re: [mailop] [E] Yahoo - Emails going to Spam

On 2020-09-25 20:15, Andre Mascak via mailop wrote: Hey good to know! Thanks for the information there. We'll see what we can do =) As a FYI, as a way to focus on this: at least some major ISPs take the position that "the recipient is always right", and they're simply not going to try

Re: [mailop] The 'DNS only requires UDP' misconception vs SPF et al -- historical reasons?

On 2020-09-30 10:25, Tim Bray via mailop wrote: Blocking TCP a way to block zone transfers, but a rubbish one. It may also be seen as a method by which to reduce the impact of DNS amplification attacks. But also a poor one. I'd suggest they probably just have a default deny policy and

Re: [mailop] SendGrid Abuse unresponsive

Atro, what was Y axis? Individual emails? 10's? 100's? And you just seemed to say that it was all sendgrid, not taking into account whether it was spam or not. Correct? Um. On 2020-05-21 05:01, Atro Tossavainen via mailop wrote: Hey Ray, I checked again this morning and its 'back on

Re: [mailop] harassment/death threat detection/filtering/prosecution

On 2020-07-15 16:09, Jaroslaw Rafa via mailop wrote: Dnia 15.07.2020 o godz. 12:59:39 Grant Taylor via mailop pisze: On 7/12/20 11:28 AM, Paul Ebersman via mailop wrote: But in these tense times, lots of PoC/non-white/non-cis get hate emails, death threats, etc. Death threats seem like the

Re: [mailop] It there an "official" test domain for testing zrd.dql.spamhaus.com?

dbltest.com does work for dbl. Does it not work for zrd? I think you meant ..zrd.dqs.spamhaus.net, right? On 2020-07-20 10:57, Heiko Schlittermann via mailop wrote: Hi, I think, that queries for theses (A, TXT) records can be used to find if the blacklist is working:

Re: [mailop] OVH Bulk Mailer? Anyone know this one?

On 2020-08-07 13:14, Alain Gaudreau via mailop wrote: Perhaps the time has come to change how we have all been doing it for decades with the current hundreds of RBL’s and local block lists and put in place a low cost or no cost to mailops neutral world wide “governing body” built on fast

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

On 2020-08-04 05:32, Laura Atkins via mailop wrote: It was Mr. Charles Benn who, according to the service of process affidavit, was authorized to receive process on their behalf. https://www.courtlistener.com/docket/16243626/6/databaseusacom-llc-v-the-spamhaus-project/ It's my impression

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

On 2020-08-04 09:38, Laura Atkins via mailop wrote: On 4 Aug 2020, at 14:07, Chris via mailop It's my impression that nobody has the slightest idea who this is, or why anyone would think this person is "authorized”. Which means the process server committed perjury as this was a

Re: [mailop] Is DNS-over-HTTPS bad? Sure. (was: Happy Holidays Everyone!)

On 2020-07-06 06:39, Jaroslaw Rafa via mailop wrote: Dnia 5.07.2020 o godz. 14:13:03 Chris via mailop pisze: Not to mention DNS over HTTPS breaks or renders ineffective most types of content filtering. That's a secondary concern perhaps. I'm betting 99% of users don't have content filtering

Re: [mailop] Is DNS-over-HTTPS bad? Sure. (was: Happy Holidays Everyone!)

On 2020-07-05 15:19, Jay R. Ashworth via mailop wrote: An argument I could tolerate -- corporate IT types can be expected to diagnose smartly enough to deal with it... though it will still make things more difficult for them. Impossible for them, short of blocking HTTPS for everything.

Re: [mailop] Which ESP forces double opt in?

On 2020-06-08 06:02, Laura Atkins via mailop wrote: … it was whitehat.com  but the website isn’t loading for me. https://web.archive.org/web/20010609000944/http://www.whitehat.com/interactive/bestpractices.cfm is a copy of content from back in 2001. The current text on

Re: [mailop] CutWail infections growing again, all China based..

I can confirm that this is cutwail. I'm showing 100% agreement in spot checking of your list of IPs. This particular cutwail variant, unlike the others, has been percolating at low volumes for a long time. The other more sophisticated versions have all pretty much gone away. It is

Re: [mailop] Is DNS-over-HTTPS bad? Sure. (was: Happy Holidays Everyone!)

On 2020-07-05 07:00, Adam Moffett via mailop wrote: Not to mention DNS over HTTPS breaks or renders ineffective most types of content filtering. That's a secondary concern perhaps. I'm betting 99% of users don't have content filtering and don't want it. Corporates need it. Not all

Re: [mailop] On the Bright side.. IoT SpamBot Traffic on the decline..

On 2020-12-17 11:12, Michael Peddemors via mailop wrote: I don't know if they are giving up, finally realizing that generating spam for IoT devices isn't getting through, but it seems that we are at a 12 month low for that form of attack. Don't get me wrong, still averaging 25% of all inbound

Re: [mailop] What's the point of secondary MX servers?

Caution brain bending ahead: Secondary MXes have a role as your main mail server. Long experience with spambotnets reveals that most of them are pretty stupid, because their MX capabilities are limited. In fact, many spambots infections don't do any DNS lookups at all, and rely on

Re: [mailop] What's the point of secondary MX servers?

On 2020-12-17 18:21, Grant Taylor via mailop wrote: [paraphrased] > I'd think the best way to deliver spam is via a properly configured > > mail server. Well yeah, but including a copy of, say, Exchange or Sendmail in a traditional bit of Desktop or Server malware is easier said than done.

Re: [mailop] What's the point of secondary MX servers?

On 2020-12-17 18:17, L. Mark Stone via mailop wrote: Hi John, Unfortunately, many sending clients (newsletters, announcements, etc.) do not retry if the initial delivery fails. So if your primary MX has network issues, doesn't comprise a load balancer in front of multiple MTAs and you are

Re: [mailop] Why 5xx? (was: GMail 550 5.1.1)

On 2020-12-15 18:04, Chris Wedgwood via mailop wrote: things break, it happens... but why 5xx (vs 4xx) in this case? this means means emails are being lost, some of won't/can't be resent and recovered with 4xx most of them would be delivered once things come right the confidence in a

Re: [mailop] nolisting, was What's the point of secondary MX servers?

On 2020-12-19 16:43, John Levine via mailop wrote: In article <12329a9a-11a7-eda4-c88a-3dc352aea...@spamtrap.tnetconsulting.net> you write: On 12/18/20 12:29 PM, John Levine via mailop wrote: As I recall some sites were getting stuck on the nolist host for every message. Odd. Perhaps it

Re: [mailop] GMail 550 5.1.1?

For a couple of years, the Usenet link to/from Australia were magtape exchanges on a routine NASA flight out of, if I remember right, NASA Ames. It was piggybacked on the shipment of data to/from joint NASA-Australia projects. I used to correspond occasionally with the guy involved in doing

Re: [mailop] Gosh, I love sendgrid

On 2020-12-21 22:15, Jay Hennigan via mailop wrote: On 12/21/20 18:55, John Levine via mailop wrote: The politest term I have for Sendgrid's actions here is deeply irresponsible. Agreed, but not solely because of the content of the message. It, like much of what comes from Sendgrid, is

Re: [mailop] GMail 550 5.1.1?

On 2020-12-20 14:00, Lyndon Nerenberg wrote: The original quote, IIRC, was talking about Henry Spencer at UT Zoology, who got Usenet that way for a while. More likely it was in relation to Australia's Usenet "feed" which was a daily FedEx air shipment of 9-track tapes. At the time, FedEx Air

Re: [mailop] Google bounce after accept

On 2020-10-30 04:43, Hans-Martin Mosner via mailop wrote: The mail server ingress needs to decide whether to accept a mail message based on criteria that are relatively fast to evaluate. DNSBL lookups, SPF-checks etc can be done fast. Part of this is applying heuristics do reject mails with

[mailop] Anyone getting complaints from spamhaus.me?

If anyone is receiving abuse complaints from "spamhaus.me", could you fling me a verbatim copy of a couple of them? It isn't Spamhaus - I somehow doubt it has operations in Russia. It doesn't even have a web site. ___ mailop mailing list

Re: [mailop] Is it something to worry about?

On 2021-01-20 05:10, Hans-Martin Mosner via mailop wrote: On one hand, UCEPROTECT is relatively aggressive, and their unlisting policy is at least questionable. However, running a blacklist incurs costs in terms of server time and admin time, so if they provide access for free, how should

Re: [mailop] Is it something to worry about?

On 2021-01-21 07:26, Jim Popovitch via mailop wrote: On Thu, 2021-01-21 at 13:08 +0100, Alessandro Vesely via mailop wrote: So yes, perhaps it's not extortion. We may call it demanding money with menaces, exaction, extraction, blackmail... Lot's of things in life require payment(s), or

Re: [mailop] Spamcop

As per the RFCs, DNSBLs should only be returning 127/8 values, anything else must be considered an error by the filter and ignored instead of being a listing. This is how you avoid DNSBLs blowing up on you when their domains accidentally expire and are wild-carding with fixed advertising IPs.

Re: [mailop] Spamcop

? If you got caught by spamcop returning random A records outside of 127/8 treated as positive (or indeed, any of the published return values), you need a better DNSBL client/configure it properly. On 2021-02-02 05:28, Jaroslaw Rafa via mailop wrote: Dnia 1.02.2021 o godz. 23:54:47 Chris via ma

Re: [mailop] Haraka status? Exim the only choice? (v Postfix)

On 2021-05-01 3:34 a.m., Heiko Schlittermann via mailop wrote: > I forgot the "selling point" that hooked me: The specification. > >http://exim.org/exim-html-current/doc/html/spec_html/index.html > > It simply contains everything you need. But the reader has to > understand, that

Re: [mailop] Haraka status? Exim the only choice? (v Postfix)

Heh. You've never used Qpsmtpd or Haraka, I can tell. Haraka and qpsmtpd are basically skeletons where you can insert plugins to do/redefine anything you want pre/during/post any step of SMTP. Want to extend/redefine SMTP? Sure. Parallelize queries to any kind of database? Fine. Regexp

Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..

On 2021-02-08 21:09, Dave Warren via mailop wrote: \ You could always turn on + addressing on M365... https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online Admittedly it is fairly new, and opt-in for reasons described on the link above,

Re: [mailop] Spamcop

On 2021-02-02 12:12, John Levine wrote: Me neither. Wanna issue an addenda? ;-) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop

Re: [mailop] Greylisting never passing on retry

Aside from the possibility that the message is simply wrong, or the implementation broken, is your mail server acting like most other servers when presented with a failure (soft or hard)? Your posting seems to be that you give up after the second try. Most servers will try at least 5 times for

Re: [mailop] Greylisting never passing on retry

Retrying from a different IP is exactly the wrong thing to do to a greylisting implementation. Despite the fact that I know a number of ESPs do this. Basic greylisting is to tempfail the first attempt from a given IP of the "same email", because almost all spambots try once and give up. The

Re: [mailop] [INFORMATIONAL] Larger than normal spam outbreak from web.de

Someone inside web.de land got infected with a variant of Gamut spewing bitcoin extortion scams, and for one reason or other, they routed thru web.de's mail servers INSTEAD of going MX-direct (perhaps a port 25 redirector). The raw emails have all the fingerprints of gamut, except that it

Re: [mailop] google at spamhaus

Not an FP, that IP has been caught attempting to break into POP accounts on a trap server. On 2021-08-31 10:52 a.m., Suresh Ramasubramanian via mailop wrote: It is an xbl listing and that usually catches bot spam traffic. So unless some botnet found a way to abuse farmed or infected gmail

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

There's also the notion of Canspam Act. Where *both* the notion of spamming, and no unsubscribe options are illegal. A few years ago, I constructed a complaint that resulted in a fairly large company receiving a fine. I've got lots of samples in domains defunct for 20+ years, and others

Re: [mailop] Feasibility of a private DNSBL

I've checked. The Spamhaus publicly distributed version of rbldnsd does not support multiple DQS-style keys. But, like any other DNS server, you *can* implement a single key by putting your DNSBL zone under a name like ".example.com", and as long as the mail servers that are supposed to

Re: [mailop] spamhaus blocking Linode IPv6 (2a01:7e01)

The /128 issue with Linode (insofar as it relates to Spamhaus) has been percolating for at least 5 years if I recall correctly, but no shorter than the strong RFC-level guidelines of /64. Linode will allocate at /64 on request, and has being doing so for about just as long. On 2021-11-25

Re: [mailop] Feasibility of a private DNSBL

On 2021-11-10 10:09 p.m., Collider via mailop wrote: Wait - Spamhaus dnsd is in C++? No. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop

Re: [mailop] Feasibility of a private DNSBL

On 2021-11-10 9:58 p.m., Michael Peddemors via mailop wrote: On 2021-11-10 11:47 a.m., Rob McEwen via mailop wrote: Already, the source/git are in too many multiple places. Whatever happened to giving back to opensource?  I think you are building on other's 'hard-earned expertise' as well.

Re: [mailop] Feasibility of a private DNSBL

The spamhaus supported version of rbldnsd may understand the use of keys in this fashion. If an ordinary DNS server is configured correctly, it should return NXDOMAIN for those who don't know the key (the DNS server is SOA'd to the base name, not the base+key. But this will be a problem if

[mailop] myshopify.com

Mailops, is the listing of myshopify.com on AbuseIPDB a cause for concern? Many small firms use links to x.myshopify.com & asking if the AbuseIPDB listing impacts on email delivery. https://www.abuseipdb.com/check/myshopify.com Thanks Chris https://sensorpro.eu

Re: [mailop] Privacy research spam apparently from a grad student at Princeton

On 2021-12-15 10:53 a.m., Grant Taylor via mailop wrote: On 12/15/21 6:27 AM, Larry M. Smith via mailop wrote: The list of domains being used appears to be here; https://measurement.cs.princeton.edu/privacystudy/ I don't have a dog in this fight, but I feel like the student and the professor

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

On 2021-12-16 10:59 a.m., Al Iverson via mailop wrote: Well, I'm sure this'll be a popular opinion, but I'm giving it anyway. Maybe let's try not to do something that'll screw up that college kid's life forever over their bit of stupidity. It's wrong, they shouldn't be doing it, but it's not

Re: [mailop] Gmail rejects multiple From:'s. Who else?

I'm pretty sure I've seen some negative scoring in for multiple Froms in spamassassin both as multiple From: headers or just values. I also think I saw it in Lyris Mailshield. Multiple From: headers was(/is?) was relatively common in email spambots. On 2021-12-13 12:19 p.m., Alessandro Vesely

Re: [mailop] SMTP AUTH harassment

On 2021-07-18 9:46 p.m., Patrick via mailop wrote: Wow. A fake auth module would seem to invite spam storms. Which for some might be handle-able and a good way to learn interactively with botnets? Has anyone implemented such a thing? Thanks! I've been doing it for at least 5 years. When a

Re: [mailop] [External] Info on deluxe.com

On 2022-02-28 10:06, Laura Atkins via mailop wrote: It strikes me this is really a question you should be asking the bank. It’s very likely that the bank did pass the address along, for whatever reason, but they are the only group that’s going to be able to answer “why did this check

Re: [mailop] FTC Report on Feasibility of Creating a 'Do Not Email' List

On 2022-05-19 05:41, Alessandro Vesely via mailop wrote: Couldn't the Do Not Email Registry also be domain-based?... It could. Rodney Joffe (if my memory serves me right), implemented that very thing and offered it up for domain owners to use. AOL and several other majors, including very

Re: [mailop] Spamhaus "open resolver" errors

The policy was implemented in March 2021 over a year ago. The 127.255.255.254 is the return code, not the IP queried. From https://www.spamhaus.org/news/article/807/using-our-public-mirrors-check-your-return-codes-now. A reminder As of March 2021, we will begin the implementation of the

Re: [mailop] Spamhaus "open resolver" errors

On 2022-05-13 12:57, Grant Taylor via mailop wrote: I suspect that their $BLOCKING method has progressed to false positives as a way to get email administrator's attention. It's progressed to false positives because some people run mail servers who aren't parsing DNSBL return codes right.

Re: [mailop] verizon email-to-text gateway mail deferred evening and night

Yep this is intentional to coerce into pay to play On Fri, Jan 6, 2023, 10:07 AM Osborne, Richard via mailop wrote: > We have been seeing this also for about the last week. Our Verizon reps > are telling us we need to pay for their EMAG (Enterprise Messaging) service > to not get blocked. > >