[mailop] "Spammer TLDs" and IP addresses without a reverse?
Would we actually miss any real emails if our mail server started rejecting all emails from .top, .win and .xyz TLDs? I'm sure there are also some others you can name :-) Also, what is the current consensus on rejecting messages from "bare" IP addresses without a name in DNS? -- /* * * Otto J. Makela * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 0100 01001011 * * * * * * */ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On Mon Apr 18 13:41:55 2016, Otto J. Makela wrote: > Also, what is the current consensus on rejecting messages > from "bare" IP addresses without a name in DNS? Hi, About everybody is dropping mails coming from a reverseless IP. -- alarig signature.asc Description: Digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On Mon, Apr 18, 2016 at 01:41:55PM +0300, Otto J. Makela wrote: > Would we actually miss any real emails if our mail server > started rejecting all emails from .top, .win and .xyz TLDs? I don't think it's a good idea to reject any TLDs with open registration. BTW, Alphabet is at abc.xyz.. > Also, what is the current consensus on rejecting messages > from "bare" IP addresses without a name in DNS? Rather tempfail than reject. You never know if one of the parties involved is having DNS issues. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
Otto J. Makela wrote: Would we actually miss any real emails if our mail server started rejecting all emails from .top, .win and .xyz TLDs? I'm sure there are also some others you can name :-) Dunno about .top, but not seen anything legit coming from .xyz and the other one... well has to be a win win ... :P (sorry couldn't resist!) Also, what is the current consensus on rejecting messages from "bare" IP addresses without a name in DNS? THe only servers I operate or have setup that accept 'bare ips' are servers that collect spam ;-) Michelle -- Michelle Sullivan http://www.mhix.org/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
Petar Bogdanovic wrote: On Mon, Apr 18, 2016 at 01:41:55PM +0300, Otto J. Makela wrote: Would we actually miss any real emails if our mail server started rejecting all emails from .top, .win and .xyz TLDs? I don't think it's a good idea to reject any TLDs with open registration. BTW, Alphabet is at abc.xyz.. Also, what is the current consensus on rejecting messages from "bare" IP addresses without a name in DNS? Rather tempfail than reject. You never know if one of the parties involved is having DNS issues. (3) NXDOMAIN = No Records = Hard Fail (2) SERVFAIL = DNS issues = Temp Fail Connection timeout/Refused = DNS issues = Temp Fail -- Michelle Sullivan http://www.mhix.org/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
Hi On Mon, 18 Apr 2016 13:41:55 +0300 "Otto J. Makela" wrote: > Would we actually miss any real emails if our mail server > started rejecting all emails from .top, .win and .xyz TLDs? > I'm sure there are also some others you can name :-) Maybe not at the moment. Doing that would make sure they will be unusable for mail in the future though. I don’t think that should be intended. > Also, what is the current consensus on rejecting messages > from "bare" IP addresses without a name in DNS? AFAICT most people think it ok. I don’t follow their reasoning, though, so I don’t let that (inconsistent reverse-forward DNS in general) affect the decision what to do with the message. Cheers henk -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? pgp55W71vvivw.pgp Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On 18 Apr 2016, at 8:28, Michelle Sullivan wrote: Petar Bogdanovic wrote: On Mon, Apr 18, 2016 at 01:41:55PM +0300, Otto J. Makela wrote: Would we actually miss any real emails if our mail server started rejecting all emails from .top, .win and .xyz TLDs? I don't think it's a good idea to reject any TLDs with open registration. BTW, Alphabet is at abc.xyz.. Also, what is the current consensus on rejecting messages from "bare" IP addresses without a name in DNS? Rather tempfail than reject. You never know if one of the parties involved is having DNS issues. (3) NXDOMAIN = No Records = Hard Fail With the things I’ve learned over the last few years, I wouldn’t 5xx in this case. There are scenarios where this happens due to misconfiguration (or allowing domains to expire by mistake), 4xx is always a safe choice, Best regards -lem ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On 16-04-18 08:28 AM, Michelle Sullivan wrote: (3) NXDOMAIN = No Records = Hard Fail (2) SERVFAIL = DNS issues = Temp Fail Connection timeout/Refused = DNS issues = Temp Fail +1 As to the issues of the worst tld's for spamming, eg.. .xyz .win .download .space .review .faith .. and on and on .. (even .eu has been suggested ;) This argument used to be used for .info as well, and while we do get a lot of requests from clients interested en blocking a TLD, and while they are really aggressive, the issue is throw away domains in general, and of course the spammer will want to use the cheapest domains they can buy, since they only expect a couple of days use out of them. But with bulk pricing, and the amount of money a spammer can make, they can get .com domains cheap enough as well. The issue is with the hosting companies that allow throwaway domains to be used on their networks, not the TLD itself. Registrars paid a lot of money to be able to offer TLD's and they shouldn't really be punished just because they are cheaper than other domains. Of course, making sure that the owner information used to purchase the domains is accurate is very important, and not validating that information or allowing that information to be hidden, is not appropriate for a name meant to offer 'public' services. Statistically, we don't think that the TLD is important (% of total spam volume), but 'eyeball mark one' might suggest that they are simply more noticeable, and while the percentage of domains under a TLD might be high (spam vs ham) and it is tempting to block those, it is just using a shotgun when a gun will do. (Would you apply the same method to a country TLD?) You can 'score' a TLD as being more likely to be the source of spam, but there are better alternatives. The responsibility will end up on the providers shoulder, eg the one that allows such activity. Eventually, I expect that certain hosting providers will be seen as 'colluding' with those that allow their big pipe and IP ranges to be used for this activity, no matter what the TLD of choice, and it will be the provider that will end up being penalized for this. (oh, and accurate 'rwhois' for customer allocations, still far too many fake entries, when the spammer behavior shows that they are all related to the same operator) Our studies show that throwaway .com domains are just as prevalent as other TLD's on the providers that allow such activity. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
We do send mail from abc.xyz, though it's pretty minimal... some investor stuff, I think. Otherwise, I tend to think that blanket bans like this or banning all Chinese IPs tend to be fine for really small servers (ie, personal servers), but unlikely to be what you want for larger servers. There's plenty of other spam sources, your spam handling needs to catch them all, and those types of blocks tend to be on blatant stuff that should be easy enough to catch anyways. Brandon On Apr 18, 2016 6:37 AM, "Petar Bogdanovic" wrote: > On Mon, Apr 18, 2016 at 01:41:55PM +0300, Otto J. Makela wrote: > > Would we actually miss any real emails if our mail server > > started rejecting all emails from .top, .win and .xyz TLDs? > > I don't think it's a good idea to reject any TLDs with open registration. > > BTW, Alphabet is at abc.xyz.. > > > > Also, what is the current consensus on rejecting messages > > from "bare" IP addresses without a name in DNS? > > Rather tempfail than reject. You never know if one of the parties > involved is having DNS issues. > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Daily Insight RepMan 4/18 Weekly Report
I've shared an item with you: Daily Insight RepMan 4/18 Weekly Report https://drive.google.com/file/d/0B5uXLOoVt66DdDVXaUZ1Q3otRW8/view?usp=sharing&invite=CK6Siv0M&ts=571516f0 It's not an attachment -- it's stored online. To open this item, just click the link above. Hey Team, Here's your Weekly placement report. Let us know if you have any further questions. Thanks, Dickie LaFlamme ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-04-18 at 17:28 +0200, Michelle Sullivan wrote: > (3) NXDOMAIN = No Records = Hard Fail > (2) SERVFAIL = DNS issues = Temp Fail > Connection timeout/Refused = DNS issues = Temp Fail I agree. But some providers seem to have trouble with the concept of setting up proper reverse dns for all their outbound servers. Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- 250-ns1.five- ten-sg.com Hello [65.55.234.213], pleased to meet you Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL FROM: SIZE=12109 BODY=7BIT -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlcVOw8ACgkQL6j7milTFsFyuACfUaWa9YPUmgr7N7ANsLpwYRDP bBwAoITLxQdgrnEzlIqhY3SqcajXbd1d =ZIts -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
/facepalm /facepalm type=double ... um, yeah. I'll poke someone with a (very sharp) stick over that directly, thanks! Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington Sent: Monday, April 18, 2016 12:53 PM To: mailop@mailop.org Subject: Re: [mailop] "Spammer TLDs" and IP addresses without a reverse? -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-04-18 at 17:28 +0200, Michelle Sullivan wrote: > (3) NXDOMAIN = No Records = Hard Fail > (2) SERVFAIL = DNS issues = Temp Fail > Connection timeout/Refused = DNS issues = Temp Fail I agree. But some providers seem to have trouble with the concept of setting up proper reverse dns for all their outbound servers. Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- 250-ns1.five- ten-sg.com Hello [65.55.234.213], pleased to meet you Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL FROM: SIZE=12109 BODY=7BIT -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlcVOw8ACgkQL6j7milTFsFyuACfUaWa9YPUmgr7N7ANsLpwYRDP bBwAoITLxQdgrnEzlIqhY3SqcajXbd1d =ZIts -END PGP SIGNATURE- ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
I'm about ready to reject anything from or even mentioning .top. I am getting tons of .top spam recently. It appears to be all from one certain spammer, who is rotating through .top domain names. Example domains from the last hour include serag.top, sopicasdws.top, tolaw.top, tumie.top, wrazz.top and more. -- Al Iverson www.aliverson.com (312)725-0130 On Mon, Apr 18, 2016 at 8:31 AM, Petar Bogdanovic wrote: > On Mon, Apr 18, 2016 at 01:41:55PM +0300, Otto J. Makela wrote: >> Would we actually miss any real emails if our mail server >> started rejecting all emails from .top, .win and .xyz TLDs? > > I don't think it's a good idea to reject any TLDs with open registration. > > BTW, Alphabet is at abc.xyz.. > > >> Also, what is the current consensus on rejecting messages >> from "bare" IP addresses without a name in DNS? > > Rather tempfail than reject. You never know if one of the parties > involved is having DNS issues. > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Errant Send
Sorry group ignore my last post, as I errantly sent a message to the wrong "mailops"! My apologies. Thanks, Dickie LaFlamme / Deliverability Specialist ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On Mon Apr 18 12:53:07 2016, Carl Byington wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Mon, 2016-04-18 at 17:28 +0200, Michelle Sullivan wrote: > > (3) NXDOMAIN = No Records = Hard Fail > > (2) SERVFAIL = DNS issues = Temp Fail > > Connection timeout/Refused = DNS issues = Temp Fail > > I agree. But some providers seem to have trouble with the concept of > setting up proper reverse dns for all their outbound servers. > > Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- 250-ns1.five- > ten-sg.com Hello [65.55.234.213], pleased to meet you > > Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL > FROM: SIZE=12109 BODY=7BIT I don’t see what’s wrong with that reverse. -- alarig signature.asc Description: Digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On 4/18/16 2:31 PM, Alarig Le Lay wrote: On Mon Apr 18 12:53:07 2016, Carl Byington wrote: I agree. But some providers seem to have trouble with the concept of setting up proper reverse dns for all their outbound servers. Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- 250-ns1.five- ten-sg.com Hello [65.55.234.213], pleased to meet you Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL FROM: SIZE=12109 BODY=7BIT I don’t see what’s wrong with that reverse. What reverse? I see no reverse here. $ dig -x 65.55.234.213 ;; QUESTION SECTION: ;213.234.55.65.in-addr.arpa.IN PTR ;; AUTHORITY SECTION: 234.55.65.in-addr.arpa. 2456 IN SOA ns1.msft.net. msnhst.microsoft.com. 2016040802 7200 900 2419200 3600 -- -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
It's possible that the issue has been corrected already. -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Monday, April 18, 2016 4:44 PM To: mailop@mailop.org Subject: Re: [mailop] "Spammer TLDs" and IP addresses without a reverse? On 4/18/16 2:31 PM, Alarig Le Lay wrote: > On Mon Apr 18 12:53:07 2016, Carl Byington wrote: >> I agree. But some providers seem to have trouble with the concept of >> setting up proper reverse dns for all their outbound servers. >> >> Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- >> 250-ns1.five- ten-sg.com Hello [65.55.234.213], pleased to meet you >> >> Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL >> FROM: SIZE=12109 BODY=7BIT > > I don’t see what’s wrong with that reverse. What reverse? I see no reverse here. $ dig -x 65.55.234.213 ;; QUESTION SECTION: ;213.234.55.65.in-addr.arpa.IN PTR ;; AUTHORITY SECTION: 234.55.65.in-addr.arpa. 2456IN SOA ns1.msft.net. msnhst.microsoft.com. 2016040802 7200 900 2419200 3600 -- -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
It hasn't. I'm still trying to bring it to the attention of the responsible parties. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Eric Henson Sent: Monday, April 18, 2016 2:57 PM To: mailop@mailop.org Subject: Re: [mailop] "Spammer TLDs" and IP addresses without a reverse? It's possible that the issue has been corrected already. -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Monday, April 18, 2016 4:44 PM To: mailop@mailop.org Subject: Re: [mailop] "Spammer TLDs" and IP addresses without a reverse? On 4/18/16 2:31 PM, Alarig Le Lay wrote: > On Mon Apr 18 12:53:07 2016, Carl Byington wrote: >> I agree. But some providers seem to have trouble with the concept of >> setting up proper reverse dns for all their outbound servers. >> >> Apr 18 12:23:23 ns1 sendmail[23389]: u3IJNMG3023389: --- >> 250-ns1.five- ten-sg.com Hello [65.55.234.213], pleased to meet you >> >> Apr 18 12:23:24 ns1 sendmail[23389]: u3IJNMG3023389: <-- MAIL >> FROM: SIZE=12109 BODY=7BIT > > I don’t see what’s wrong with that reverse. What reverse? I see no reverse here. $ dig -x 65.55.234.213 ;; QUESTION SECTION: ;213.234.55.65.in-addr.arpa.IN PTR ;; AUTHORITY SECTION: 234.55.65.in-addr.arpa. 2456IN SOA ns1.msft.net. msnhst.microsoft.com. 2016040802 7200 900 2419200 3600 -- -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.impulse.net%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c7bbbc155cd284e24bb3e08d367d52fb9%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Gf%2bP5AvMNQvgooetvKvRsIfE21PtP6UunG4VFJeBNOo%3d Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c7bbbc155cd284e24bb3e08d367d52fb9%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=pkV%2b92ClAdelar2TavsFJ2%2fd7MKZUWlA3enPAGYHWFU%3d ___ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c7bbbc155cd284e24bb3e08d367d52fb9%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=pkV%2b92ClAdelar2TavsFJ2%2fd7MKZUWlA3enPAGYHWFU%3d ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?
On 2016-04-18 10:38, Michael Peddemors wrote: Registrars paid a lot of money to be able to offer TLD's and they shouldn't really be punished just because they are cheaper than other domains. Personally, I'm going to start adding points to any TLD that offers first-year-cheap discounts as these attract spammers and other rats who want disposable domains but don't care about generating long-term domains. .biz and .info poisoned their respective wells doing this, and now others are following. I understand your point, but I disagree: Their success with a poorly selected business model is not my problem. I'm not saying a TLD can't run promotions, but rather, that the upfront cost shouldn't be it, I'd be fine with a TLD doing second-year-free or similar. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
