[mailop] anyone from HostUS on the list

[Stefan Haunß]

Hey,

I tried to contact them via webform and abuse@ address without success.

Cheers,
Stefan



signature.asc
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] zero-day word exploit

[Dave Lugo]

Does anyone have a copy (or copies of) of the initial doc that
this exploit uses?

http://thehackernews.com/2017/04/microsoft-word-zero-day.html

Thanks,

Dave

--

Dave Lugo   dl...@etherboy.comLC Unit #260   TINLC
Have you hugged your firewall today?   No spam, thanks.

Are you the police?  . . . .  No ma'am, we're sysadmins.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] zero-day word exploit

[Ken O'Driscoll via mailop]

On Mon, 2017-04-10 at 11:31 -0400, Dave Lugo wrote:
> Does anyone have a copy (or copies of) of the initial doc that
> this exploit uses?

Wrong list perhaps?!

Ken.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Laura Atkins]

> On Apr 9, 2017, at 11:00 AM, Jim Popovitch  wrote:
> 
> On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq."  > wrote:
> This brings up a good point...back in 'the day' folks would report spam on 
> NANAE;  is there a managed, moderated mailing list to report spam, that has 
> the main ESPs and such on it?
> 
> SDLU ?

Reporting spam in public just makes it harder for the abuse desks to handle 
thing. If there is a working abuse desk, then abuse@ is fine. If there’s not, 
reporting in public is performance art at best.

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Anne P. Mitchell, Esq.]

>> On Apr 9, 2017, at 11:00 AM, Jim Popovitch  wrote:
>> 
>> On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq."  wrote:
>> This brings up a good point...back in 'the day' folks would report spam on 
>> NANAE;  is there a managed, moderated mailing list to report spam, that has 
>> the main ESPs and such on it?
>> 
>> SDLU ?
> 
> Reporting spam in public just makes it harder for the abuse desks to handle 
> thing. If there is a working abuse desk, then abuse@ is fine. If there’s not, 
> reporting in public is performance art at best.
> 

Agreed 100%.

I was envisioning a closed, managed list of trusted reporters and their ESP/ISP 
counterparts.

Anne

Anne P. Mitchell, 
Attorney at Law
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Member, California Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop Member, Board of 
Directors, Greenwood Wildlife Rehabilitation Center
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Michael Ellis]

> Reporting spam in public just makes it harder for the abuse desks to
> handle thing. If there is a working abuse desk, then abuse@ is fine. If
> there’s not, reporting in public is performance art at best.
>
> laura

A very big +1 to this

Its a self pleasing act that does nothing

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Dave Warren]

On Mon, Apr 10, 2017, at 09:15, Laura Atkins wrote:

> 

>> On Apr 9, 2017, at 11:00 AM, Jim Popovitch  wrote:
>> 

>> On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq."
>>  wrote:
>>> This brings up a good point...back in 'the day' folks would report
>>> spam on NANAE;  is there a managed, moderated mailing list to report
>>> spam, that has the main ESPs and such on it?
>> 

>> SDLU ?

> 

> Reporting spam in public just makes it harder for the abuse desks to
> handle thing. If there is a working abuse desk, then abuse@ is fine.
> If there’s not, reporting in public is performance art at best.


As a counterpoint, transparency also makes it harder to dodge a failure
to address ongoing problems. I'm not suggesting this list is the place,
but it would be nice if there was some formal way to deliver public spam
reports and include the ESP's response.


Not that Twitter is appropriate as a replacement, but an example: when
I interact with a company's support team on Twitter I check to see if
they respond, and if their responses are useful. I'm left with a very
different feeling when they respond publicly and address issues vs
when 100% of their responses is "Contact us privately, don't air our
dirty laundry in public". I feel like abuse handling could benefit
from similar.


I understand issues of scale, I really do, but maybe senders shouldn't
be sending more mail than they're able to handle with their existing
staff, or they should staff up before making their abuse problem into my
abuse problem.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Laura Atkins]

> On Apr 10, 2017, at 9:28 AM, Anne P. Mitchell, Esq.  
> wrote:
> 
> 
> 
>>> On Apr 9, 2017, at 11:00 AM, Jim Popovitch  wrote:
>>> 
>>> On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq."  wrote:
>>> This brings up a good point...back in 'the day' folks would report spam on 
>>> NANAE;  is there a managed, moderated mailing list to report spam, that has 
>>> the main ESPs and such on it?
>>> 
>>> SDLU ?
>> 
>> Reporting spam in public just makes it harder for the abuse desks to handle 
>> thing. If there is a working abuse desk, then abuse@ is fine. If there’s 
>> not, reporting in public is performance art at best.
>> 
> 
> Agreed 100%.
> 
> I was envisioning a closed, managed list of trusted reporters and their 
> ESP/ISP counterparts.

I don’t see the need, perhaps because I’m on about 5 of those types of lists, 
and I’m absolutely sure there are more that I’m not invited to. 

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Michael Wise via mailop]

ARF.
And a way to establish contacts automatically.

Biggest issue in some places (*cough*) is getting the traffic sent OUT.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Laura Atkins
Sent: Monday, April 10, 2017 9:34 AM
To: Anne P. Mitchell, Esq. 
Cc: mailop@mailop.org
Subject: Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: 
This is not a place to report Spam. )


On Apr 10, 2017, at 9:28 AM, Anne P. Mitchell, Esq. 
mailto:amitch...@isipp.com>> wrote:




On Apr 9, 2017, at 11:00 AM, Jim Popovitch 
mailto:jim...@gmail.com>> wrote:

On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq." 
mailto:amitch...@isipp.com>> wrote:
This brings up a good point...back in 'the day' folks would report spam on 
NANAE;  is there a managed, moderated mailing list to report spam, that has the 
main ESPs and such on it?

SDLU ?

Reporting spam in public just makes it harder for the abuse desks to handle 
thing. If there is a working abuse desk, then abuse@ is fine. If there’s not, 
reporting in public is performance art at best.

Agreed 100%.

I was envisioning a closed, managed list of trusted reporters and their ESP/ISP 
counterparts.

I don’t see the need, perhaps because I’m on about 5 of those types of lists, 
and I’m absolutely sure there are more that I’m not invited to.

laura

--
Having an Email Crisis?  800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: 
http://wordtothewise.com/blog





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[ComKal Networks]

Hi Anne,

> This brings up a good point...back in 'the day' folks would
> report spam on NANAE;  is there a managed, moderated
> mailing list to report spam, that has the main ESPs and such
> on it?

I cant see the need for one, abuse@ (or whatever is listed in
whois) works fine most of the time to report spam problems.

Why make it public?

When I cant report a spam problem, I simply add the IP, or
range to my RBL. Simple :)

I have been on some email 'spam' lists over the years, now
I'm on none, just seems pointless and they seem to end up
like NANAE.

Cheers



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Anne P. Mitchell, Esq.]

> Hi Anne,
> 
>> This brings up a good point...back in 'the day' folks would
>> report spam on NANAE;  is there a managed, moderated
>> mailing list to report spam, that has the main ESPs and such
>> on it?
> 
> I cant see the need for one, abuse@ (or whatever is listed in
> whois) works fine most of the time to report spam problems.
> 
> Why make it public?

Nobody is talking about making it publicI was asking about a closed, 
managed list of trusted reporters/ISPs/ESPs... Laura has mentioned that she is 
on 5 such lists..so it sounds like there isn't a need unless lots of folks here 
*aren't* on such a list and don't have access to those lists.

Anne

Anne P. Mitchell, 
Attorney at Law
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Member, California Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop Member, Board of 
Directors, Greenwood Wildlife Rehabilitation Center
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Jim Popovitch]

On Apr 10, 2017 12:15, "Laura Atkins"  wrote:


On Apr 9, 2017, at 11:00 AM, Jim Popovitch  wrote:

On Apr 9, 2017 13:07, "Anne P. Mitchell, Esq."  wrote:

This brings up a good point...back in 'the day' folks would report spam on
NANAE;  is there a managed, moderated mailing list to report spam, that has
the main ESPs and such on it?


SDLU ?


Reporting spam in public just makes it harder for the abuse desks to handle
thing. If there is a working abuse desk, then abuse@ is fine. If there’s
not, reporting in public is performance art at best.


Pfft.

SDLU is somewhere between public and private.  Limiting reporting to one of
the many walled gardens makes it easier for consultants to protect revenue
streams

-Jim P.  (I know how bread is buttered)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Laura Atkins]

> On Apr 10, 2017, at 10:15 AM, Michael Wise via mailop  
> wrote:
> 
>   <>
> ARF.
> And a way to establish contacts automatically.

I KNOW! Let’s put it in DNS! 

_abusecontact.example.com  TXT 3600 abuse
_abusecontact.example.net  TXT 3600 
ab...@example.com 

That will solve EVERYTHING!

>  Biggest issue in some places (*cough*) is getting the traffic sent OUT.

Isn’t that part of what X-ARF is supposed to address?

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Ryan Harris via mailop]

It might be helpful to understand why people want to post on email forums
rather than an abuse desk. Is it to gain public attention on the matter? Is
there a bit of shaming going on and the reporter wants the community to
know they are fed up with the ESP? Are people reporting on public forums
b/c they want to know if others are experiencing the same problem?

I think there are good reasons to post spam on a forum, though the ones I
see seem to be more about shaming and wanting quick action, rather than
something more overarching and community reaching.

It almost sounds like a community FBL should be set up rather than an email
forum. I suppose people could use spamcop, though they provide very limited
information to ESPs.

I really like the idea of using DNS to inform the community where to send
abuse reports. Sometimes I see issues Ops teams needing to receive reports
from those querying whois records. This can cause routing issues sometimes.
Also there isn't typically an abuse only contact in whois records. Seems
Tech, Admin, Registrant are what crops up in a whois lookup.


Ryan

On Mon, Apr 10, 2017 at 12:13 PM, Laura Atkins 
wrote:

>
> On Apr 10, 2017, at 10:15 AM, Michael Wise via mailop 
> wrote:
>
>
> ARF.
> And a way to establish contacts automatically.
>
>
> I KNOW! Let’s put it in DNS!
>
> _abusecontact.example.com  TXT 3600 abuse
> _abusecontact.example.net TXT 3600 ab...@example.com
>
> That will solve EVERYTHING!
>
>  Biggest issue in some places (*cough*) is getting the traffic sent OUT.
>
>
> Isn’t that part of what X-ARF is supposed to address?
>
> laura
>
> --
> Having an Email Crisis?  800 823-9674 <(800)%20823-9674>
>
> Laura Atkins
> Word to the Wise
> la...@wordtothewise.com
> (650) 437-0741
>
> Email Delivery Blog: http://wordtothewise.com/blog
>
>
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Jay Hennigan]

On 4/10/17 11:21 AM, Ryan Harris via mailop wrote:

It might be helpful to understand why people want to post on email
forums rather than an abuse desk.


To get community feedback. In far too many cases, abuse desk responses 
are automated "Thank you for your report, don't expect a personal 
response" type of thing, then crickets. When the spam continues, an 
out-of-band feedback loop would help to evaluate Hanlon's Razor.



Is it to gain public attention on the matter?


Not necessarily public, but community.


Is there a bit of shaming going on and the reporter wants the community to know 
they are fed up with the ESP?


Not exactly, more to help the community differentiate between an ESP and 
a spammer-for-hire.



Are people reporting on public forums b/c they want to know if others are 
experiencing the same problem?


Yes. For example, I'm seeing a bizarre spam pattern being directed to 
abuse@[domain] to many domains we host. This has been going on for 
several days. Payload concerns bitcoin. It certainly seems to be a 
joe-job but it would be interesting to see if it's just me or if anyone 
has an idea of the rationale is behind it.


--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service  -  http://www.impulse.net/
Your local telephone and internet company - 805 884-6323 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Philip Paeps]

On 2017-04-10 17:15:38 (+), Michael Wise via mailop  
wrote:

And a way to establish contacts automatically.


What's wrong with the well-known abuse@ address?  Or postmaster@?

If abuse@ bounces, I try postmaster@.  If that bounces, I'm not 
interested in receiving mail from that network.


Quoth RFC 5321: 


 "Any system that includes an SMTP server supporting mail relaying or
 delivery MUST support the reserved mailbox "postmaster" as a case-
 insensitive local name." 

 "SMTP systems are expected to make every reasonable effort to accept 
 mail directed to Postmaster from any other system on the Internet."


I find this list quite helpful in prodding ESPs out of band when abuse@ 
seems to be defective in some way.  If abuse@ isn't so much 'defective' 
as 'hopeless' ... tough?


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Michael Wise via mailop]

Would need a touch more than that, though.
There’d have to be some kind of signup process, and the handing out of Plus 
Addresses so rogue traffic could be blocked at the edge.
But with a touch more thought, I suspect this would work nicely.

All except the actual getting legal to bless outbound.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?

From: Laura Atkins [mailto:la...@wordtothewise.com]
Sent: Monday, April 10, 2017 11:14 AM
To: Michael Wise 
Cc: mailop@mailop.org
Subject: Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: 
This is not a place to report Spam. )


On Apr 10, 2017, at 10:15 AM, Michael Wise via mailop 
mailto:mailop@mailop.org>> wrote:


ARF.
And a way to establish contacts automatically.

I KNOW! Let’s put it in DNS!

_abusecontact.example.com
 TXT 3600 abuse
_abusecontact.example.net
 TXT 3600 ab...@example.com

That will solve EVERYTHING!


 Biggest issue in some places (*cough*) is getting the traffic sent OUT.

Isn’t that part of what X-ARF is supposed to address?

laura

--
Having an Email Crisis?  800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: 
http://wordtothewise.com/blog





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Michael Wise via mailop]

You're missing the larger issue of having abuse and postmaster flooded with 
spam.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting Tool ?

-Original Message-
From: Philip Paeps [mailto:phi...@trouble.is] 
Sent: Monday, April 10, 2017 11:51 AM
To: Michael Wise 
Cc: Laura Atkins ; Anne P. Mitchell, Esq. 
; mailop@mailop.org
Subject: Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: 
This is not a place to report Spam. )

On 2017-04-10 17:15:38 (+), Michael Wise via mailop  
wrote:
>And a way to establish contacts automatically.

What's wrong with the well-known abuse@ address?  Or postmaster@?

If abuse@ bounces, I try postmaster@.  If that bounces, I'm not interested in 
receiving mail from that network.

Quoth RFC 5321: 

  "Any system that includes an SMTP server supporting mail relaying or
  delivery MUST support the reserved mailbox "postmaster" as a case-
  insensitive local name." 

  "SMTP systems are expected to make every reasonable effort to accept
  mail directed to Postmaster from any other system on the Internet."

I find this list quite helpful in prodding ESPs out of band when abuse@ seems 
to be defective in some way.  If abuse@ isn't so much 'defective' 
as 'hopeless' ... tough?

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Philip Paeps]

On 2017-04-10 19:01:34 (+), Michael Wise  wrote:

Philip Paeps  wrote:

On 2017-04-10 17:15:38 (+), Michael Wise via mailop  
wrote:

And a way to establish contacts automatically.


What's wrong with the well-known abuse@ address?  Or postmaster@?


You're missing the larger issue of having abuse and postmaster flooded with 
spam.


I'm sympathetic to that issue but:

1) Networks should ensure that their users can't abuse them.
  Obviously that will never be perfect but if you're in the
  business of relaying a huge amount of email for customers,
  you'd better be prepared to make sure your customers don't
  abuse that.

2) I'm not advocating that there must be humans reading abuse@
  or postmaster@ (groan!) but it would be nice if there's a way
  to contact the humans.  I do appreciate the way that works at
  e.g.  hotmail / outlook.com: the auto-reply contains clear
  instructions on how to get in touch with a human if the
  robots are unhelpful.

The real larger issue I see is that there are too many networks who 
don't have their users under control and are not prepared to get them 
under control.  The fact that their abuse@/postmaster@ mailboxes get 
flooded with spam is a symptom of the larger problem.  I have little 
sympathy for those networks.


In a better world, where networks have their users under control, we 
wouldn't have to forward so much mail to abuse@.  But in the imperfect 
world we live in, "network incapable of dealing with abuse reports" 
works pretty well as a filter for networks I don't want to receive mail 
from.


This (sub-)thread is about "do we need another place we can 
automatically report spam" - I don't think we do.  And "do we need 
another way of hassling already overwhelmed abuse contacts" - I don't 
think we need that either.  Not automatically anyway.  That would make 
an already bad situation worse.


Messages like "does anyone know how to get in touch with network X" 
should be the exception rather than the rule.  The fact that there's not 
a lot more traffic on this list means it's probably working reasonably 
well?


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Michael Wise via mailop]

There certainly needs to be operator to operator contact.
But unless the pipes are secured, which the idea of dedicated +addresses for 
both sender and recipient accomplishes at a light-weight level ...

Separating the wheat from the chaff will get way out of hand ... instantly.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting Tool ?

-Original Message-
From: Philip Paeps [mailto:phi...@trouble.is] 
Sent: Monday, April 10, 2017 12:17 PM
To: Michael Wise 
Cc: Laura Atkins ; Anne P. Mitchell, Esq. 
; mailop@mailop.org
Subject: Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: 
This is not a place to report Spam. )

On 2017-04-10 19:01:34 (+), Michael Wise  wrote:
>Philip Paeps  wrote:
>>On 2017-04-10 17:15:38 (+), Michael Wise via mailop  
>>wrote:
>>>And a way to establish contacts automatically.
>>
>>What's wrong with the well-known abuse@ address?  Or postmaster@?
>
>You're missing the larger issue of having abuse and postmaster flooded with 
>spam.

I'm sympathetic to that issue but:

1) Networks should ensure that their users can't abuse them.
   Obviously that will never be perfect but if you're in the
   business of relaying a huge amount of email for customers,
   you'd better be prepared to make sure your customers don't
   abuse that.

2) I'm not advocating that there must be humans reading abuse@
   or postmaster@ (groan!) but it would be nice if there's a way
   to contact the humans.  I do appreciate the way that works at
   e.g.  hotmail / outlook.com: the auto-reply contains clear
   instructions on how to get in touch with a human if the
   robots are unhelpful.

The real larger issue I see is that there are too many networks who don't have 
their users under control and are not prepared to get them under control.  The 
fact that their abuse@/postmaster@ mailboxes get flooded with spam is a symptom 
of the larger problem.  I have little sympathy for those networks.

In a better world, where networks have their users under control, we wouldn't 
have to forward so much mail to abuse@.  But in the imperfect world we live in, 
"network incapable of dealing with abuse reports" 
works pretty well as a filter for networks I don't want to receive mail from.

This (sub-)thread is about "do we need another place we can automatically 
report spam" - I don't think we do.  And "do we need another way of hassling 
already overwhelmed abuse contacts" - I don't think we need that either.  Not 
automatically anyway.  That would make an already bad situation worse.

Messages like "does anyone know how to get in touch with network X" 
should be the exception rather than the rule.  The fact that there's not a lot 
more traffic on this list means it's probably working reasonably well?

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Philip Paeps]

On 2017-04-10 19:24:39 (+), Michael Wise  wrote:

Philip Paeps  wrote:

On 2017-04-10 19:01:34 (+), Michael Wise  wrote:

Philip Paeps  wrote:

On 2017-04-10 17:15:38 (+), Michael Wise via mailop  
wrote:

And a way to establish contacts automatically.


What's wrong with the well-known abuse@ address?  Or postmaster@?


You're missing the larger issue of having abuse and postmaster flooded with 
spam.


[...]

In a better world, where networks have their users under control, we 
wouldn't have to forward so much mail to abuse@.  But in the imperfect world 
we live in, "network incapable of dealing with abuse reports" works pretty 
well as a filter for networks I don't want to receive mail from.


Messages like "does anyone know how to get in touch with network X" should 
be the exception rather than the rule.  The fact that there's not a lot more 
traffic on this list means it's probably working reasonably well?


There certainly needs to be operator to operator contact.


I agree with that.  But...

But unless the pipes are secured, which the idea of dedicated 
+addresses for both sender and recipient accomplishes at a light-weight 
level ...


My view is that operator to operator contact should be the exception 
rather than the rule.  Under normal circumstances robots deal with 
whatever gets sent to abuse@ and postmaster@.  They can acknowledge this 
with an auto-reply that indicates how one can attract the attention of 
human operators.


Again under normal circumstances, attracting the attention of humans 
will have to happen rarely enough.  Humans' attention is actually 
attracted when someone follows the instructions in the auto-reply.


When that fails ... operators reach out on mailop@ (or exercise their 
networks in other ways).  But that should really not happen often.


If that does have to happen often and/or if it turns out that the robots 
never (or barely ever) work and the humans are overwhelmed, the network 
has a larger problem with its users and should not be surprised that 
other networks refuse to accept their email.


Separating the wheat from the chaff will get way out of hand ... 
instantly.


Maybe I'm just not cynical enough. :)  Or I have too much faith in 
robots.


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[valdis . kletnieks]

On Mon, 10 Apr 2017 12:21:45 -0600, Ryan Harris via mailop said:

> It might be helpful to understand why people want to post on email forums
> rather than an abuse desk. Is it to gain public attention on the matter? Is
> there a bit of shaming going on and the reporter wants the community to
> know they are fed up with the ESP? Are people reporting on public forums
> b/c they want to know if others are experiencing the same problem?

Posting the spam itself on forums is pretty much pointless.

On the other hand, having a forum where you can ask "Are the guys who
are supposed to be dealing with ab...@robot-penguins.xyz merely clueless
or actively rogue?" or "Does anybody have a contact at helium-filled-cows.com?"
does have value

Cue somebody saying "in 2017, being clueless *IS* actively rogue" in 5..4..3 :)


pgp1pfV05N4c5.pgp
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Philip Paeps]

On 2017-04-10 21:50:01 (+0200), valdis.kletni...@vt.edu wrote:

On Mon, 10 Apr 2017 12:21:45 -0600, Ryan Harris via mailop said:
It might be helpful to understand why people want to post on email 
forums rather than an abuse desk. Is it to gain public attention on 
the matter? Is there a bit of shaming going on and the reporter wants 
the community to know they are fed up with the ESP? Are people 
reporting on public forums b/c they want to know if others are 
experiencing the same problem?


Posting the spam itself on forums is pretty much pointless.

On the other hand, having a forum where you can ask "Are the guys who 
are supposed to be dealing with ab...@robot-penguins.xyz merely 
clueless or actively rogue?" or "Does anybody have a contact at 
helium-filled-cows.com?" does have value


I think this mailing list serves that purpose quite well. :)

Cue somebody saying "in 2017, being clueless *IS* actively rogue" in 
5..4..3 :)


Never attribute to malice what can adequately be explained by
incompetence?

Is Hanlon's law (razor) the new Godwin? :)

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Anne P. Mitchell, Esq.]

> Posting the spam itself on forums is pretty much pointless.

And to be clear, nobody was suggesting that (and if my original note seemed to 
suggest that, I apologize).

> 
> On the other hand, having a forum where you can ask "Are the guys who
> are supposed to be dealing with ab...@robot-penguins.xyz merely clueless
> or actively rogue?" or "Does anybody have a contact at 
> helium-filled-cows.com?"
> does have value

That's *exactly* what I was asking/suggesting
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Michael Wise via mailop]

Sufficiently advanced Incompetence is indistinguishable from Malice.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting Tool ?

-Original Message-
From: Philip Paeps [mailto:phi...@trouble.is] 
Sent: Monday, April 10, 2017 1:01 PM
To: valdis.kletni...@vt.edu
Cc: Ryan Harris ; mailop@mailop.org; Michael Wise 
; Laura Atkins 
Subject: Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: 
This is not a place to report Spam. )

On 2017-04-10 21:50:01 (+0200), valdis.kletni...@vt.edu wrote:
> On Mon, 10 Apr 2017 12:21:45 -0600, Ryan Harris via mailop said:
>> It might be helpful to understand why people want to post on email 
>> forums rather than an abuse desk. Is it to gain public attention on 
>> the matter? Is there a bit of shaming going on and the reporter wants 
>> the community to know they are fed up with the ESP? Are people 
>> reporting on public forums b/c they want to know if others are 
>> experiencing the same problem?
>
> Posting the spam itself on forums is pretty much pointless.
>
> On the other hand, having a forum where you can ask "Are the guys who 
> are supposed to be dealing with ab...@robot-penguins.xyz merely 
> clueless or actively rogue?" or "Does anybody have a contact at 
> helium-filled-cows.com?" does have value

I think this mailing list serves that purpose quite well. :)

> Cue somebody saying "in 2017, being clueless *IS* actively rogue" in
> 5..4..3 :)

Never attribute to malice what can adequately be explained by incompetence?

Is Hanlon's law (razor) the new Godwin? :)

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Steve Atkins]

> On Apr 10, 2017, at 1:01 PM, Philip Paeps  wrote:
> 
> On 2017-04-10 21:50:01 (+0200), valdis.kletni...@vt.edu wrote:
>> On Mon, 10 Apr 2017 12:21:45 -0600, Ryan Harris via mailop said:
>>> It might be helpful to understand why people want to post on email forums 
>>> rather than an abuse desk. Is it to gain public attention on the matter? Is 
>>> there a bit of shaming going on and the reporter wants the community to 
>>> know they are fed up with the ESP? Are people reporting on public forums 
>>> b/c they want to know if others are experiencing the same problem?
>> 
>> Posting the spam itself on forums is pretty much pointless.
>> 
>> On the other hand, having a forum where you can ask "Are the guys who are 
>> supposed to be dealing with ab...@robot-penguins.xyz merely clueless or 
>> actively rogue?" or "Does anybody have a contact at helium-filled-cows.com?" 
>> does have value
> 
> I think this mailing list serves that purpose quite well. :)

That's not what it's for.

It is (was?) for operational email issues. Discussion of spam was off-topic 
unless it had operational relevance. "I got spam from production.outlook.com, 
did anyone else?" is not that.

It was lower volume and more useful when that was policed.

Cheers,
  Steve

(also, all y'all don't get to have any legitimate opinion about email until 
you've learned to trim your damn Cc: lines)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Steve Atkins]

> On Apr 10, 2017, at 1:11 PM, Steve Atkins  wrote:
> 
>> 
>> On Apr 10, 2017, at 1:01 PM, Philip Paeps  wrote:
>> 
>> On 2017-04-10 21:50:01 (+0200), valdis.kletni...@vt.edu wrote:
>>> 
>>> 
>>> On the other hand, having a forum where you can ask "Are the guys who are 
>>> supposed to be dealing with ab...@robot-penguins.xyz merely clueless or 
>>> actively rogue?" or "Does anybody have a contact at 
>>> helium-filled-cows.com?" does have value
>> 
>> I think this mailing list serves that purpose quite well. :)
> 
> That's not what it's for.
> 
> It is (was?) for operational email issues. Discussion of spam was off-topic 
> unless it had operational relevance. "I got spam from production.outlook.com, 
> did anyone else?" is not that.
> 
> It was lower volume and more useful when that was policed.

(I'm not suggesting that the list owners aren't policing it - points at Subject 
line - just that the current subscriber base is perhaps less compliant than 
they could be).

Cheers,
  Steve
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Philip Paeps]

On 2017-04-10 13:11:51 (-0700), Steve Atkins  wrote:

On Apr 10, 2017, at 1:01 PM, Philip Paeps  wrote:

On 2017-04-10 21:50:01 (+0200), valdis.kletni...@vt.edu wrote:

On Mon, 10 Apr 2017 12:21:45 -0600, Ryan Harris via mailop said:
It might be helpful to understand why people want to post on email 
forums rather than an abuse desk. Is it to gain public attention on 
the matter? Is there a bit of shaming going on and the reporter 
wants the community to know they are fed up with the ESP? Are people 
reporting on public forums b/c they want to know if others are 
experiencing the same problem?


Posting the spam itself on forums is pretty much pointless.

On the other hand, having a forum where you can ask "Are the guys who 
are supposed to be dealing with ab...@robot-penguins.xyz merely 
clueless or actively rogue?" or "Does anybody have a contact at 
helium-filled-cows.com?" does have value


I think this mailing list serves that purpose quite well. :)


That's not what it's for.

It is (was?) for operational email issues. Discussion of spam was 
off-topic unless it had operational relevance. "I got spam from 
production.outlook.com, did anyone else?" is not that.


I haven't found the occasional "does anyone know how to get in touch 
with X out of band?" messages too distracting.  In fact, I quite 
appreciate the later followups like "I got in touch and the problem 
turned out to be foo".



It was lower volume and more useful when that was policed.


The "I got spam from ..." messages that spawned this thread we could do 
without though.  The moderator *did* in fact step in to police that...


SDLU is probably a better venue for that.

(also, all y'all don't get to have any legitimate opinion about email 
until you've learned to trim your damn Cc: lines)


Sorry!  Must remember to 'l' instead of 'g' in this mailbox.

Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Shaun]

On Mon, 10 Apr 2017 15:50:01 -0400
valdis.kletni...@vt.edu wrote:

> On the other hand, having a forum where you can ask "Are the guys who
> are supposed to be dealing with ab...@robot-penguins.xyz merely clueless
> or actively rogue?" or "Does anybody have a contact at 
> helium-filled-cows.com?"
> does have value
> 
> Cue somebody saying "in 2017, being clueless *IS* actively rogue" in 5..4..3 
> :)

This type of inquiry is relatively common on the SDLU list, hat checks
are one of their suggested topics.



-s

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Fwd: Obsolete NSA exploit for Postfix 2.0 - 2.2

[Doug Barton]

FYI


 Forwarded Message 
Subject: Obsolete NSA exploit for Postfix 2.0 - 2.2
Date: Sun, 9 Apr 2017 16:18:06 -0400 (EDT)
From: Wietse Venema 
To: Postfix users 
CC: Postfix announce 

A recent twitter post reveals the existence of an exploit for Postfix,
in a collection of what appear to be NSA tools.

https://twitter.com/JulianAssange/status/850870683831648256

This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
11 years ago in Postfix 2.2.11 and later.

There was a memory corruption bug in a Postfix workaround for a
Sendmail bug (CERT advisory CA-2003-07, remote buffer overflow when
message headers contain lots of comment text before an email address).

Technical details: the Postfix strip_address() function, which
removes large comments from a mail header, called the printable()
function on a string that wasn't null-terminated. This caused the
printable() function to scribble past the end of malloc()ed memory,
corrupting the memory heap.

Running the exploit against Postfix versions less than 11 years old
results in odd-looking email messages in the super-user's mailbox,
and warning messages in the maillog file (warning: stripping too
many comments from address: ).

Wietse

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop