Hello Ted,
On 22/03/2020 04:11, Ted Cooper via mailop wrote:
Has anyone run into "Abusix" /potentially/ compromised account
notification emails before?
Their website "abusix.ai" looks to be about a week old based on the age
of all of the articles. I would have guessed they'd have been around
Hi Luis,
On 22/03/2020 04:59, Luis E. Muñoz via mailop wrote:
I got three in the last 48 hours at different sites. All referenced
real user accounts – no clue about the password. The warning seemed
legit so I passed the info to the potentially affected users, with the
recommendation to
Hi Thomas,
On 22/03/2020 09:03, Thomas Walter via mailop wrote:
I got the same email with some of our local accounts and aliases.
Interestingly enough it included the same IP address 185.234.219.89.
That will happen, one IP usually goes absolutely crazy and sends most of
the traffic, other
Hi Atro,
On 22/03/2020 11:23, Atro Tossavainen via mailop wrote:
On Sun, Mar 22, 2020 at 02:11:45PM +1000, Ted Cooper via mailop wrote:
Has anyone run into "Abusix" /potentially/ compromised account
notification emails before?
Not before, but now that you say, yes.
I have a few dozen samples
Hi Andrew,
On 22/03/2020 16:05, Andrew C Aitchison wrote:
On Sun, 22 Mar 2020, Steve Freegard via mailop wrote:
I didn't design this to annoy people, I did it because it's useful
for the internet in general because compromised accounts are a huge
issue, and one that causes issues
Chris,
On 22/03/2020 20:41, Chris via mailop wrote:
> On 2020-03-22 16:20, Nick Stallman via mailop wrote:
>> I got one of these the other day and I'm scratching my head about it
as what's in the report cannot possibly be correct.
>>
>> The report was for a domain we host the website for, but
Hi Micah,
On 24/03/2020 16:10, micah anderson wrote:
FWIW, we got a couple of these Abusix reports, checked them out and
determined they were all false positives. Every single one of them was
either an account that hasn't existed for years, or wasn't even a valid
account (like mailing list
On 24/03/2020 15:10, Chris via mailop wrote:
On 2020-03-24 06:36, Steve Freegard via mailop wrote:
I have great respect for you, but I didn't spend a considerable
amount of development time without actually being absolutely certain
about what I was doing. Your experience is not relevant
Hi Al,
On 24/03/2020 15:58, Al Iverson via mailop wrote:
I'm not understanding how this intersects with spamtraps. What does
this alert actually notify a network owner of?
Failed SMTP auth attempt from my IP space?
Or a failed SMTP auth attempt from someplace else TO my IP space?
Or door #3?
I've just checked our traps and we also saw a big spike in traffic from
this range but has been tapering off throughout the day.
Based on all the samples that I've looked at, they're all showing
authenticated SMTP along with some other tell-tale signs, so maybe
they've had a massive breach of
On 14/08/2020 02:14, Ángel via mailop wrote:
I don't think it's rocket science.
As an ESP, you have a series of customers.
For each customer, you should have a table of their validated domains
(you do have a process for validating domains, right?).
Each customer must place and shall only
On 15/02/2021 15:43, Matthew Stith via mailop wrote:
MailOP Folks,
Wanted to get this out to you all for awareness for anyone who is using
the Spamhaus public mirrors to query our DNSBLs. Beginning in March
Spamhaus will start enforcing the follow error return codes for these
news codes
Hi Alessio,
You could try our Authentication Blocklist:
https://docs.abusix.com/ami-production-zones/authbl
This doesn't pre-emptively list cloud IPs, it only lists IPs where we've
seen evidence of compromise/abuse and these come from a variety of
sources, some of them I believe to be novel
One thing that I think we can do to "help" in this instance is actually
list which addresses traffic has been seen from, rather than just
reporting the /64 being listed.
For this range - I'm only seeing 3 IPv6 addresses hitting traps
2a01:7e01::f03c:92ff:fed4:25b5 "YourBud " -
abuseable web
As the manager of a blocklist, I find myself strongly agreeing with
Larry and Keith.
Autoresponders are a nightmare - I see lots of brokenness every single
week. Including auto-responders with no headers that indicate the
message was an automated response at all. I had one last week that
Just saw this thread; I published this earlier today and we're likely going
to discuss it at M3AAWG: https://abusix.com/feedback-loops/
TLDR; Abusix is willing to take this on and provide it as a free service
from any mailbox provider that wishes to participate, but we'll do it based
on the
tion, and we're
> back at a single vendor.
>
> Mike
> --
> *From:* mailop on behalf of Steve Freegard
> via mailop
> *Sent:* Thursday, September 21, 2023 12:05 PM
> *To:* Support 3Hound
> *Cc:* mailop@mailop.org
> *Subject:* Re: [mailop]
Gah - sorry, my work email address changed recently and I forgot to update
it here, so my post to the mailing list bounced and I only just noticed as
I'm at M3AAWG.
This was the blog post that I posted to Jarland that didn't make it to the
list:
Don't get me started on this one.
I'm not aware of anyone other than zealots that use it. I can't imagine
that it's useful for anything other than scoring a very small amount in
something like SA/rspamd or for use in some meta/composite rules, but IMHO
it's a waste of DNS lookups.
It's so
Feel free to use our Global Reporting Service:
https://docs.abusix.com/global-reporting/ecp6Z7oJuQoCLnUYN4oK1w/getting-started-with-the-abusix-global-reporting-service/1Kb8CHgAju4UfGqZkCoX9Z
Unlike some mentioned here, we'll actually report the Abuse to the relevant
abuse desk on your behalf
20 matches
Mail list logo