Re: [mailop] Invalid address ratio?

2018-02-06 Thread Dave Warren via mailop 

On 2018-02-02 10:47, Chris wrote:

On Fri, 02 Feb 2018 16:52:16 +
Ken O'Driscoll via mailop wrote:


On Fri, 2018-02-02 at 17:26 +0100, Chris wrote:

I'm a bit surprised, that on a small mail server, 77 % of the
rejected mails are rejected because of invalid recipient adresses.
22 % because of DNSBL.

Is this ratio normal?


Assuming you're talking about inbound emails and wondering why more
mails aren't being caught by RBLs.


Yes, inbound. I'm wondering why there are so many mails to
not-existing recipients.


Are they real messages or bounces? I'm currently seeing a few domains 
receiving massive floods of bounces, some spammer seems to be using 
$firstname$randomnumber@$variousdomain forged addresses to send tons and 
tons of spam. Nothing of the outbound message touches anything I 
control, it seems to be bot originated.


I own a couple domains that are being hit, one I can guarantee that I've 
never used addresses in that format and the other was used by various 
throwaway email addresses generated by multiple people. Both are domains 
I have owned for 10-15+ years, and I'm moderately comfortable saying 
that I am the first registrant in both cases.


It's been on and off for a few months but it seems to hit the same 
domains when it happens.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Chris 
On Fri, 2 Feb 2018 20:29:29 +
Michael Wise via mailop wrote:

> Anything more than 5% bad recipients in mail sent by a given IP
> address will land you in hot water with ... certain ISPs. 

Good idea. Maybe I should collect them. But as John wrote, they're
probably already on the black lists.

- Chris

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Benjamin BILLON 
> Yes, inbound. I'm wondering why there are so many mails to not-existing 
> recipients.
...
> Anything more than 5% bad recipients in mail sent by a given IP address will 
> land you in hot water with ... certain ISPs. 

Here's the explanation I give when I have to explain why high hard bounce rate 
= bad: once upon a time, spammers thought that maybe they'll manage to reach an 
existing email address if they tried to contact every combination of accepted 
characters in the user part of email addresses. Starting with a@, aa@, aaa@ to 
z@, with numbers or without. At some point they thought that 
using a dictionary of firstnames and/or lastnames could spare some time, as a 
lot of email addresses are built this way.
That was spam.
That generated a lot of hard bounces.
Receivers started to consider that lot of hard bounces = spam.


--
Benjamin

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise via 
mailop
Sent: Saturday, 3 February, 2018 04:29
To: ComKal Networks <ad...@comkal.com.au>; mailop@mailop.org
Subject: Re: [mailop] Invalid address ratio?




Anything more than 5% bad recipients in mail sent by a given IP address will 
land you in hot water with ... certain ISPs. 

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?



-Original Message-
From: mailop <mailop-boun...@mailop.org<mailto:mailop-boun...@mailop.org>> On 
Behalf Of ComKal Networks
Sent: Friday, February 2, 2018 9:02 AM
To: mailop@mailop.org<mailto:mailop@mailop.org>
Subject: Re: [mailop] Invalid address ratio?



> I'm a bit surprised, that on a small mail server, 77 % of the rejected

> mails are rejected because of invalid recipient adresses. 22 % because

> of DNSBL.



> Is this ratio normal?



There abouts, email is free, for a certain class, so adding a lot of names to 
the left of the @ is very old school but also a lot of the scrappers end up 
with all those weird usernames like 
4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net<mailto:4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net>

that appear in email headers as part of references in mailing lists etc.



The ratio does vary depending on age and usage a domain has had so I'm serious 
when I say it could vary as much as +10 -50%.







___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cffc6c6cc14b5457f9bab08d56a5f8aa8%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636531880955379727=bKGga8FuHuTWEXSkkYnAvJ%2BHhCuAfMrlXyh7OEdzDTM%3D=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread John Levine 
In article <20180202172637.30063632@cd>, Chris   wrote:
>I'm a bit surprised, that on a small mail server, 77 % of the rejected
>mails are rejected because of invalid recipient adresses. 22 % because
>of DNSBL.
>
>Is this ratio normal?

As others have said, in the world of e-mail, anything can be normal or
abnormal.

On a few of the domains I host, notably telecom-digest.org, about
99.99% of the mail is spam to bogus addresses.  You can easily
recognize them as old message-IDs, harvested from usenet long ago by
broken scrapeware.  If you have old domains without a lot of real
users, a lot of bogus addresses would have accreted onto spam lists
through a combination of broken scrapeware using message IDs and
truncated addresses along with typos and ancient dictionary attacks.

I would also be fairly confident that if you did the DNSBL checks
first, you'd find that pretty much all of them were caught by the
DNSBLs.

R's,
John


-- 
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Michael Peddemors 
Speaking of which.. (can you tell it is Friday, everyone has time to be 
helpful)...


Our Spam Auditors noticed a fairly new 'email verification' network, at 
least the IP range.. majority of the 31.129.32.0 - 31.129.63.255 network 
used, and triggering various rate limiters..


Coming out of the Ukraine..

Someone is probably washing an old list using that 'service'.

#31.129.33.22  1   qzzqwwazrpi.my-addr.com
#31.129.33.163 1   aewqwwazrpi.my-addr.com

That is the naming pattern..

That kind of large scale process can throw your invalid recip logs a 
loop pretty quick.. and skew your stats..


Course, it is probably better than the list washing services using 
Amazon IP space.. at least they clearly identify what they do..





On 18-02-02 12:29 PM, Michael Wise via mailop wrote:
Anything more than 5% bad recipients in mail sent by a given IP address 
will land you in hot water with ... certain ISPs. 


Aloha,

Michael.

--

*Michael J Wise*
MicrosoftCorporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Got the Junk Mail Reporting Tool 
<http://www.microsoft.com/en-us/download/details.aspx?id=18275>?


-Original Message-
From: mailop <mailop-boun...@mailop.org> On Behalf Of ComKal Networks
Sent: Friday, February 2, 2018 9:02 AM
To: mailop@mailop.org
Subject: Re: [mailop] Invalid address ratio?

 > I'm a bit surprised, that on a small mail server, 77 % of the rejected

 > mails are rejected because of invalid recipient adresses. 22 % because

 > of DNSBL.

 > Is this ratio normal?

There abouts, email is free, for a certain class, so adding a lot of 
names to the left of the @ is very old school but also a lot of the 
scrappers end up with all those weird usernames like 
4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net 
<mailto:4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net>


that appear in email headers as part of references in mailing lists etc.

The ratio does vary depending on age and usage a domain has had so I'm 
serious when I say it could vary as much as +10 -50%.


___

mailop mailing list

mailop@mailop.org <mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cffc6c6cc14b5457f9bab08d56a5f8aa8%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636531880955379727=bKGga8FuHuTWEXSkkYnAvJ%2BHhCuAfMrlXyh7OEdzDTM%3D=0



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Michael Wise via mailop 


Anything more than 5% bad recipients in mail sent by a given IP address will 
land you in hot water with ... certain ISPs. 

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?



-Original Message-
From: mailop <mailop-boun...@mailop.org> On Behalf Of ComKal Networks
Sent: Friday, February 2, 2018 9:02 AM
To: mailop@mailop.org
Subject: Re: [mailop] Invalid address ratio?



> I'm a bit surprised, that on a small mail server, 77 % of the rejected

> mails are rejected because of invalid recipient adresses. 22 % because

> of DNSBL.



> Is this ratio normal?



There abouts, email is free, for a certain class, so adding a lot of names to 
the left of the @ is very old school but also a lot of the scrappers end up 
with all those weird usernames like 
4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net<mailto:4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net>

that appear in email headers as part of references in mailing lists etc.



The ratio does vary depending on age and usage a domain has had so I'm serious 
when I say it could vary as much as +10 -50%.







___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cffc6c6cc14b5457f9bab08d56a5f8aa8%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636531880955379727=bKGga8FuHuTWEXSkkYnAvJ%2BHhCuAfMrlXyh7OEdzDTM%3D=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Chris 
On Fri, 2 Feb 2018 08:50:01 -0800
Michael Peddemors wrote:

> Invalid users should be less than 10% typically, if good bot net 
> protection in place before the RCPT TO stage..

Recipient verification is one of the first tests. Maybe I should enable
postscreen. Is this sufficient for bots?
 
> And simple 'Best Practices' policies and spam rules should get about
> 50% of the rest.. before handing it off to advanced content
> filtering..

Yes, DNSBL are getting a lot more than the content filter afterwards.

> Without full bot protection, RBL's and rate limiters BEFORE RCPT TO,
> you can expect MUCH higher rates..

Ok, I'll have a look again at rate limiters. They're enabled, but could
probably filter more.
 
- Chris

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Chris 
On Fri, 02 Feb 2018 16:52:16 +
Ken O'Driscoll via mailop wrote:

> On Fri, 2018-02-02 at 17:26 +0100, Chris wrote:
> > I'm a bit surprised, that on a small mail server, 77 % of the
> > rejected mails are rejected because of invalid recipient adresses.
> > 22 % because of DNSBL.
> > 
> > Is this ratio normal?  
> 
> Assuming you're talking about inbound emails and wondering why more
> mails aren't being caught by RBLs.

Yes, inbound. I'm wondering why there are so many mails to
not-existing recipients.

> It depends on the domains hosted on the box (age and overall
> exposure), what RBLs you employ and, crucially, the order in which
> your MTA processes things - i.e. does the address check occur before
> the RBL tests etc.

Yes, address check is before RBL. The domain is probably in use since
1998. RBL is mostly spamhaus.


- Chris

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread ComKal Networks 
> I'm a bit surprised, that on a small mail server, 77 % of the rejected
> mails are rejected because of invalid recipient adresses. 22 % because
> of DNSBL.

> Is this ratio normal?

There abouts, email is free, for a certain class, so adding a lot
of names to the left of the @ is very old school but also
a lot of the scrappers end up with all those weird usernames
like 4ffb8ac-a0a-3cc0-e87c-65a3df124...@example.net
that appear in email headers as part of references in mailing
lists etc.

The ratio does vary depending on age and usage a domain
has had so I'm serious when I say it could vary as much
as +10 -50%.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Ken O'Driscoll via mailop 
On Fri, 2018-02-02 at 17:26 +0100, Chris wrote:
> I'm a bit surprised, that on a small mail server, 77 % of the rejected
> mails are rejected because of invalid recipient adresses. 22 % because
> of DNSBL.
> 
> Is this ratio normal?

Assuming you're talking about inbound emails and wondering why more mails
aren't being caught by RBLs.

It depends on the domains hosted on the box (age and overall exposure),
what RBLs you employ and, crucially, the order in which your MTA processes
things - i.e. does the address check occur before the RBL tests etc.

If you could provide more details, I'm sure the answers will be more
specific.

Ken.


-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400 | w: www.wemonitoremail.com

Need to understand deliverability? Now there's a book:
www.wemonitoremail.com/book


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

2018-02-02 Thread Michael Peddemors 

That is REALLY hard to gauge..

While lots of rejected email addresses is expected behavior..
 * Spammers using old lists
 * Dictionary Attacks
 * Email Address verification Systems

It REALLY depends how your system is configured, what RBL's you are 
using, what is the email platform, do you employ rate limiters..


All of these factors affect percentages..

And it can change from day to day, week to week..
depending on the BOT activity at that time..

For instance, in todays stats.. we see a higher than normal rate of 
early detection (botnet activity) which results in the stats showing 
98.4% of all email detected as spam (pre-filter).


Typically, DUL style RBL's and standard RBL's should be picking up at 
least 50% (a lot more if you don't have good inbound rate limiters)


More sensitive or special purpose RBL's can detect from 40-60% of what 
gets past those..


Invalid users should be less than 10% typically, if good bot net 
protection in place before the RCPT TO stage..


And simple 'Best Practices' policies and spam rules should get about 50% 
of the rest.. before handing it off to advanced content filtering..


Without full bot protection, RBL's and rate limiters BEFORE RCPT TO, you 
can expect MUCH higher rates..


Also, the stats will greatly vary, based on the number of domains whose 
MX points to your server.  A server with only one domain will have a lot 
different stats than one with thousands of domains, even if they have an 
equal number of email addresses.




On 18-02-02 08:26 AM, Chris wrote:

All,

I'm a bit surprised, that on a small mail server, 77 % of the rejected
mails are rejected because of invalid recipient adresses. 22 % because
of DNSBL.

Is this ratio normal?

Thank you in advance.

- Chris

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop