Re: [mailop] Invalid address ratio?
On 2018-02-02 10:47, Chris wrote: On Fri, 02 Feb 2018 16:52:16 + Ken O'Driscoll via mailop wrote: On Fri, 2018-02-02 at 17:26 +0100, Chris wrote: I'm a bit surprised, that on a small mail server, 77 % of the rejected mails are rejected because of invalid recipient adresses. 22 % because of DNSBL. Is this ratio normal? Assuming you're talking about inbound emails and wondering why more mails aren't being caught by RBLs. Yes, inbound. I'm wondering why there are so many mails to not-existing recipients. Are they real messages or bounces? I'm currently seeing a few domains receiving massive floods of bounces, some spammer seems to be using $firstname$randomnumber@$variousdomain forged addresses to send tons and tons of spam. Nothing of the outbound message touches anything I control, it seems to be bot originated. I own a couple domains that are being hit, one I can guarantee that I've never used addresses in that format and the other was used by various throwaway email addresses generated by multiple people. Both are domains I have owned for 10-15+ years, and I'm moderately comfortable saying that I am the first registrant in both cases. It's been on and off for a few months but it seems to hit the same domains when it happens. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
On Fri, 2 Feb 2018 20:29:29 + Michael Wise via mailop wrote: > Anything more than 5% bad recipients in mail sent by a given IP > address will land you in hot water with ... certain ISPs. Good idea. Maybe I should collect them. But as John wrote, they're probably already on the black lists. - Chris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
> Yes, inbound. I'm wondering why there are so many mails to not-existing > recipients. ... > Anything more than 5% bad recipients in mail sent by a given IP address will > land you in hot water with ... certain ISPs. Here's the explanation I give when I have to explain why high hard bounce rate = bad: once upon a time, spammers thought that maybe they'll manage to reach an existing email address if they tried to contact every combination of accepted characters in the user part of email addresses. Starting with a@, aa@, aaa@ to z@, with numbers or without. At some point they thought that using a dictionary of firstnames and/or lastnames could spare some time, as a lot of email addresses are built this way. That was spam. That generated a lot of hard bounces. Receivers started to consider that lot of hard bounces = spam. -- Benjamin From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise via mailop Sent: Saturday, 3 February, 2018 04:29 To: ComKal Networks <ad...@comkal.com.au>; mailop@mailop.org Subject: Re: [mailop] Invalid address ratio? Anything more than 5% bad recipients in mail sent by a given IP address will land you in hot water with ... certain ISPs. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? -Original Message- From: mailop <mailop-boun...@mailop.org<mailto:mailop-boun...@mailop.org>> On Behalf Of ComKal Networks Sent: Friday, February 2, 2018 9:02 AM To: mailop@mailop.org<mailto:mailop@mailop.org> Subject: Re: [mailop] Invalid address ratio? > I'm a bit surprised, that on a small mail server, 77 % of the rejected > mails are rejected because of invalid recipient adresses. 22 % because > of DNSBL. > Is this ratio normal? There abouts, email is free, for a certain class, so adding a lot of names to the left of the @ is very old school but also a lot of the scrappers end up with all those weird usernames like 4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net<mailto:4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net> that appear in email headers as part of references in mailing lists etc. The ratio does vary depending on age and usage a domain has had so I'm serious when I say it could vary as much as +10 -50%. ___ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cffc6c6cc14b5457f9bab08d56a5f8aa8%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636531880955379727=bKGga8FuHuTWEXSkkYnAvJ%2BHhCuAfMrlXyh7OEdzDTM%3D=0 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
In article <20180202172637.30063632@cd>, Chriswrote: >I'm a bit surprised, that on a small mail server, 77 % of the rejected >mails are rejected because of invalid recipient adresses. 22 % because >of DNSBL. > >Is this ratio normal? As others have said, in the world of e-mail, anything can be normal or abnormal. On a few of the domains I host, notably telecom-digest.org, about 99.99% of the mail is spam to bogus addresses. You can easily recognize them as old message-IDs, harvested from usenet long ago by broken scrapeware. If you have old domains without a lot of real users, a lot of bogus addresses would have accreted onto spam lists through a combination of broken scrapeware using message IDs and truncated addresses along with typos and ancient dictionary attacks. I would also be fairly confident that if you did the DNSBL checks first, you'd find that pretty much all of them were caught by the DNSBLs. R's, John -- Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
Speaking of which.. (can you tell it is Friday, everyone has time to be helpful)... Our Spam Auditors noticed a fairly new 'email verification' network, at least the IP range.. majority of the 31.129.32.0 - 31.129.63.255 network used, and triggering various rate limiters.. Coming out of the Ukraine.. Someone is probably washing an old list using that 'service'. #31.129.33.22 1 qzzqwwazrpi.my-addr.com #31.129.33.163 1 aewqwwazrpi.my-addr.com That is the naming pattern.. That kind of large scale process can throw your invalid recip logs a loop pretty quick.. and skew your stats.. Course, it is probably better than the list washing services using Amazon IP space.. at least they clearly identify what they do.. On 18-02-02 12:29 PM, Michael Wise via mailop wrote: Anything more than 5% bad recipients in mail sent by a given IP address will land you in hot water with ... certain ISPs. Aloha, Michael. -- *Michael J Wise* MicrosoftCorporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool <http://www.microsoft.com/en-us/download/details.aspx?id=18275>? -Original Message- From: mailop <mailop-boun...@mailop.org> On Behalf Of ComKal Networks Sent: Friday, February 2, 2018 9:02 AM To: mailop@mailop.org Subject: Re: [mailop] Invalid address ratio? > I'm a bit surprised, that on a small mail server, 77 % of the rejected > mails are rejected because of invalid recipient adresses. 22 % because > of DNSBL. > Is this ratio normal? There abouts, email is free, for a certain class, so adding a lot of names to the left of the @ is very old school but also a lot of the scrappers end up with all those weird usernames like 4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net <mailto:4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net> that appear in email headers as part of references in mailing lists etc. The ratio does vary depending on age and usage a domain has had so I'm serious when I say it could vary as much as +10 -50%. ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cffc6c6cc14b5457f9bab08d56a5f8aa8%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636531880955379727=bKGga8FuHuTWEXSkkYnAvJ%2BHhCuAfMrlXyh7OEdzDTM%3D=0 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
Anything more than 5% bad recipients in mail sent by a given IP address will land you in hot water with ... certain ISPs. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? -Original Message- From: mailop <mailop-boun...@mailop.org> On Behalf Of ComKal Networks Sent: Friday, February 2, 2018 9:02 AM To: mailop@mailop.org Subject: Re: [mailop] Invalid address ratio? > I'm a bit surprised, that on a small mail server, 77 % of the rejected > mails are rejected because of invalid recipient adresses. 22 % because > of DNSBL. > Is this ratio normal? There abouts, email is free, for a certain class, so adding a lot of names to the left of the @ is very old school but also a lot of the scrappers end up with all those weird usernames like 4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net<mailto:4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net> that appear in email headers as part of references in mailing lists etc. The ratio does vary depending on age and usage a domain has had so I'm serious when I say it could vary as much as +10 -50%. ___ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cffc6c6cc14b5457f9bab08d56a5f8aa8%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636531880955379727=bKGga8FuHuTWEXSkkYnAvJ%2BHhCuAfMrlXyh7OEdzDTM%3D=0 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
On Fri, 2 Feb 2018 08:50:01 -0800 Michael Peddemors wrote: > Invalid users should be less than 10% typically, if good bot net > protection in place before the RCPT TO stage.. Recipient verification is one of the first tests. Maybe I should enable postscreen. Is this sufficient for bots? > And simple 'Best Practices' policies and spam rules should get about > 50% of the rest.. before handing it off to advanced content > filtering.. Yes, DNSBL are getting a lot more than the content filter afterwards. > Without full bot protection, RBL's and rate limiters BEFORE RCPT TO, > you can expect MUCH higher rates.. Ok, I'll have a look again at rate limiters. They're enabled, but could probably filter more. - Chris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
On Fri, 02 Feb 2018 16:52:16 + Ken O'Driscoll via mailop wrote: > On Fri, 2018-02-02 at 17:26 +0100, Chris wrote: > > I'm a bit surprised, that on a small mail server, 77 % of the > > rejected mails are rejected because of invalid recipient adresses. > > 22 % because of DNSBL. > > > > Is this ratio normal? > > Assuming you're talking about inbound emails and wondering why more > mails aren't being caught by RBLs. Yes, inbound. I'm wondering why there are so many mails to not-existing recipients. > It depends on the domains hosted on the box (age and overall > exposure), what RBLs you employ and, crucially, the order in which > your MTA processes things - i.e. does the address check occur before > the RBL tests etc. Yes, address check is before RBL. The domain is probably in use since 1998. RBL is mostly spamhaus. - Chris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
> I'm a bit surprised, that on a small mail server, 77 % of the rejected > mails are rejected because of invalid recipient adresses. 22 % because > of DNSBL. > Is this ratio normal? There abouts, email is free, for a certain class, so adding a lot of names to the left of the @ is very old school but also a lot of the scrappers end up with all those weird usernames like 4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net that appear in email headers as part of references in mailing lists etc. The ratio does vary depending on age and usage a domain has had so I'm serious when I say it could vary as much as +10 -50%. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
On Fri, 2018-02-02 at 17:26 +0100, Chris wrote: > I'm a bit surprised, that on a small mail server, 77 % of the rejected > mails are rejected because of invalid recipient adresses. 22 % because > of DNSBL. > > Is this ratio normal? Assuming you're talking about inbound emails and wondering why more mails aren't being caught by RBLs. It depends on the domains hosted on the box (age and overall exposure), what RBLs you employ and, crucially, the order in which your MTA processes things - i.e. does the address check occur before the RBL tests etc. If you could provide more details, I'm sure the answers will be more specific. Ken. -- Ken O'Driscoll / We Monitor Email t: +353 1 254 9400 | w: www.wemonitoremail.com Need to understand deliverability? Now there's a book: www.wemonitoremail.com/book ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invalid address ratio?
That is REALLY hard to gauge.. While lots of rejected email addresses is expected behavior.. * Spammers using old lists * Dictionary Attacks * Email Address verification Systems It REALLY depends how your system is configured, what RBL's you are using, what is the email platform, do you employ rate limiters.. All of these factors affect percentages.. And it can change from day to day, week to week.. depending on the BOT activity at that time.. For instance, in todays stats.. we see a higher than normal rate of early detection (botnet activity) which results in the stats showing 98.4% of all email detected as spam (pre-filter). Typically, DUL style RBL's and standard RBL's should be picking up at least 50% (a lot more if you don't have good inbound rate limiters) More sensitive or special purpose RBL's can detect from 40-60% of what gets past those.. Invalid users should be less than 10% typically, if good bot net protection in place before the RCPT TO stage.. And simple 'Best Practices' policies and spam rules should get about 50% of the rest.. before handing it off to advanced content filtering.. Without full bot protection, RBL's and rate limiters BEFORE RCPT TO, you can expect MUCH higher rates.. Also, the stats will greatly vary, based on the number of domains whose MX points to your server. A server with only one domain will have a lot different stats than one with thousands of domains, even if they have an equal number of email addresses. On 18-02-02 08:26 AM, Chris wrote: All, I'm a bit surprised, that on a small mail server, 77 % of the rejected mails are rejected because of invalid recipient adresses. 22 % because of DNSBL. Is this ratio normal? Thank you in advance. - Chris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop