On 2025-06-17 at 22:35 +0200, Sebastian Nielsen via mailop wrote:
> The problem with your argument that firewalls shouldn't touch DNS
> response packets, is problematic,
> as DNS rebinding is a new threat,
I wouldn't call a 20071996 attack a "new threat" :)
> where a malicious actor on the in
On 2024-12-30 at 15:46 +, Serhii via mailop wrote:
> Has anyone ever encountered ascams.com RBL, should I worry about
> beinglisted there?
>
> I don't currently have an email server at IP listed, so can't judge
> ifit is used in wild as I have found it at multirbl.valli.org when
> doinginitial
On 2025-01-07 at 17:32 +0100, Jaroslaw Rafa wrote:
> Dnia 7.01.2025 o godz. 16:10:32 Louis via mailop pisze:
> > think that's the beauty of email. You do not have control over how a client
> > stores a password, this is just one of the reasons I enforce ASPs. Your
> > point 1
> > and 2 are also t
On 2025-01-06 at 09:03 +0100, Benoit Panizzon wrote:
> I can reproduce with any sender email address over our email
> platform.
> The Gandi Customer in Question states he receives emails sent via
> other ISP. Conclusion: Gandi might be blocking our IP Range.
>
> (...)
>
> I got in Contact with th
On 2024-12-29 at 21:23 -0500, postfix--- wrote:
> (B) MORE COMPREHENSIVE SOLUTION: destination-based Postfix relayhost
>
> The above is currently all or nothing. Eventually, I will want to
> improve, set up multiple relays with accounts on the too big to ignore
> balkanizing providers and autom
On 2024-12-30 at 10:11 +0100, Jaroslaw Rafa wrote:
> I also considered using a "more comprehensive solution" that you suggest,
> but similarly have no time to implement it. BTW, I have no problems with
> sending to Microsoft, or Yahoo, or any other big recipients, except Google.
> That's the only o
On 2024-09-05 at 14:53 +0100, Julian Bradfield via mailop wrote:
> I've had a bounce from a mimecast hosted domain that I don't
> understand, and should be grateful for any help. I'm redacting
> localparts, but nothing else.
>
(...)
>
> The help reference says that this means the SPF check in DMA
On 2024-09-01 at 10:45 +0300, Atro Tossavainen wrote:
> > The flaw for me is that TOTP involves using phone apps I don't know
> > the provenance of,
>
> https://github.com/freeotp
>
> is much lighterweight than Microsoft or Google Authenticator anyway.
>
> > that back up the data in a format I d
On 2024-08-28 at 12:03 -0700, Brandon Long wrote:
> On Mon, Aug 26, 2024 at 10:35 PM Viktor Dukhovni wrote:
> > It is a sad state of affairs that no opt-out is available for users
> > who manage strong per-site passwords, and prize long-term
> > availability over often dubious security advantages o
On 2024-08-27 at 12:25 +0200, Jaroslaw Rafa via mailop wrote:
> 2FA is not configured on this account and never was. Yet a few years
> ago it happened to me that when I logged in from an "unknown" device,
> Google FORCED me to add a phone number to my account to send the
> "verification code" to th
On 2024-08-28 at 14:48 -0400, Mark E. Mallett via mailop wrote:
> PS: I was just looking at the archive hosted at googlegroups on a
> couple of them, and I notice that the "show original" item on the
> message reading dropdown, which is what you would use in gmail to
> look at the headers, is graye
I too have seen such broken setups. In some occasion I have sent a hint
to the intermediate (probably proofpoint, not sure right now) to get
their client to fix their setup. Not sure if it was followed up or even
welcome.
The fact is, their email system is broken. And they are probably losing
lots
On 2024-02-06 at 15:55 +, Vitali wrote:
>
> Are they violating the RFC or is there a new DMARC report exception
> if both domains share the MX root domain?
>
> Thank you.
> Vitali
It would have been preferable that you shared that domain, but it does
seem to violate the RFC.
The only pecuiar
On 2024-02-06 at 21:52 +0100, Andreas Schamanek wrote:
> Thanks, that's the aspect my foggy brain missed. It only matters for
> those who check URIs, especially if found in the body, or more
> precisely the IPs of the hostnames of these URIs.
>
> (...)
>
> So, I still got questions :) like why
On 2024-01-15 at 16:03 -0800, Randolf Richardson, Postmaster wrote:
> > I have seen my share of MUAs that behave in weird ways when
> > encountering things larger than it can handle, so you have
> > to always cope for them in the mail server. Implementing different
> > types of restrictions, and f
On 2024-01-11 at 17:43 +0100, Jaroslaw Rafa wrote:
> And it's clearly visible from the Laurent's mail that if MUAs will display
> the unverified BIMI logos (and what would prohibit them from that?) the
> "authentication" factor can be even weaker than with no avatars at all -
> because user who is
On 2024-01-10 at 20:38 +, Gellner, Oliver wrote:
> > Its also may be yet another reader-engagement tracker. Why do those
> > things always have to be out of band.
>
> Well, there’s no automated way to connect a logo to a domain. The
> BIMI group has decided to build upon the work of trademark
On 2023-12-21 at 18:13 +0100, John R Levine wrote:
> > With the number of messages already arriving with multiple DKIM
> > signatures I can't imagine their reputation systems don't already handle
> > dual signing just fine. Granted this would be two signatures on the same
> > domain, but that se
On 2023-10-24 at 14:11 +, Gellner, Oliver via mailop wrote:
> As far as I know this feature is not new but exists since a long time
> (years). It treats all messages from senders which are not on your
> safe senders list as spam and looks something like this:
> https://filestore.community.supp
On 2023-09-15 at 10:26 +0200, Alessandro Vesely via mailop wrote:
> I get this language, on forwarding:
>
> Remote-MTA: dns; gmail-smtp-in.l.google.com [74.125.71.27]
> Diagnostic-Code: smtp; 550-5.7.26 Unauthenticated email from
> intesasanpaolo.com is not accepted due to
> 550-5.7.26 d
On 2023-08-24 at 14:29 -0400, postfix--- via mailop wrote:
> (...)
> Needless to say: I will avoid restaurants using OpenTable, whether
> while visiting destinations or at home. If they cannot choose a
> service provider that is respectful of my choices, they do not
> deserve my business.
Great
On 2023-07-25 at 17:14 +0200, Sebastian Nielsen via mailop wrote:
> Sadly not all MUAs implement ClientID either.
> Easiest way to implement 2FA on email, is to have a webpage, where
> you login with your 2FA token. When you have done that, the IP to
> visit that webpage is written to the account's
On 2023-06-19 at 07:01 +0100, Klaus Ethgen wrote:
> Am Mo den 19. Jun 2023 um 6:33 schrieb Hans-Martin Mosner:
> > I'm inclined to repeat what I said before: If your setup breaks
> > mail consistently, it's likely your setup that's to blame. Others
> > seem to be able
> > to receive Outlook mail
On 2023-06-18 at 17:53 +0100, Klaus Ethgen wrote:
> Hi,
>
> I have tighten my firewall a bit and seen many attacks from Microsoft
> (40.92.0.0/16). They contact once from a IP and then never again. If I
> greylist them, the will try to deliver from a different address which
> gets greylisted again
On 2023-05-30 at 15:13 -0700, Michael Peddemors wrote:
> At least mailgun.us has transparent whois..
>(oops, careful, they might have forgotten to hide that one)
.us tld does not allow the use of anonymous whois services.
Still, it's possible that their registrar enabled the anonymous option
On 2023-05-26 at 13:16 -0500, Scott Mutter via mailop wrote:
> If you ask me - a better solution would be to do away with forwarding
> completely and incorporate POP checks, like Gmail does. This
> alleviates all of the issues with forwarding mail in relation to SPF
> and DKIM.
>
> But I know tha
On 2023-05-13 at 14:09 -0500, Jarland Donnell wrote:
> Curious if anyone else is seeing an event similar to this. Here's the
> logs of 1 hour on one of our servers, for what I propose to be a
> botnet: https://clbin.com/4khRA
> I'm leaving the recipient domains in it because they're not actually
>
On 2023-05-06 at 18:44 +0200, Christian Seitz via mailop wrote:
> If I am not wrong a DNS zone can only have a single SOA record. Yahoo
> requests
> an SOA record per subdomain. That does not make any sense to me. We
> would have
> to create one DNS zone per subdomain, but that's not how DNS is
>
On 2023-03-08 at 11:24 +0100, Alessandro Vesely wrote:
> On Tue 07/Mar/2023 20:02:48 +0100 Slavko wrote:
> >
> > > Why do you sign Content-Type: since you know it is going to be
> > > changed?
> >
> > Do you mean exactly me, or it was generic question? If you mean me:
> >
> > Do you want change
On 2023-03-04 at 01:37 +0100, Tobias Fiebig via mailop wrote:
Heho,
>
> On Fri, 2023-03-03 at 17:02 +0100, Ángel via mailop wrote:
> > Note you could use a > for
> > a refresh-every-10-seconds functionality. (meta refresh could be
> > blocked as well, though)
> Br
On 2023-03-03 at 09:37 -0700, Alex Burch via mailop wrote:
> We are an ESP and we have a lot of customers who send with characters
> like ü or á, usually in the local part but occasionally in the
> domain. I think if we converted all from addresses to pure ascii
> punycode, we'd solve our problems
On 2023-03-03 at 17:55 +, Laura Atkins via mailop wrote:
> The message he sent to mailop had the selector I used and is also
> failing DKIM.
>
> laura
No, sorry.
I am afraid you seem to have mistyped it.
DKIM-Signature: v=1; a=rsa-sha256; d=warwickri.gov; s=1; c=relaxed/relaxed;
t=167785
On 2023-02-27 at 12:59 +0100, Tobias Fiebig via mailop wrote:
> Please note that setting up the tests (as we have to configure vhosts
> for some MTA-STS cases etc.) takes some time on our site. The test-
> site should periodically reload and provide the status. As we use JS
> for that part, please
On 2023-03-03 at 14:12 +, Salvatore Jr Walter P via mailop wrote:
> We are in the final stages of migrating our exchange server from 2013
> to 2019.
> I found out we had no SPF, DMARC, DKIM etc setup on our domains.
>
> Trying to get us setup properly and have SPF and DMARC working, DKIM
> is
On 2023-01-23 at 09:53 +0100, Alessandro Vesely wrote:
> On Sun 22/Jan/2023 23:23:06 +0100 Ángel wrote:
> > I should note that the user-is-in-bcc approach could be helpful wrt
> > dkim-replay attacks, since the attacker-controlled account they
> > used to
> > receiv
On 2023-01-18 at 16:52 -0800, Brandon Long wrote:
> Note that Gmail implements
> https://www.rfc-editor.org/rfc/rfc5322#section-3.6.3 option 2, notably:
>In the second
> attac case, recipients specified in the "To:" and "Cc:" lines each are sent
>a copy of the message with the "Bcc:" lin
On 2023-01-17 at 20:34 -0600, Alberto Abrao wrote:
> Still, it generates an error message to the sender. I was looking to
> "split" my server, having the MX (inbound) at a cloud provider (OVH),
> and keeping outbound SMTP on the IP provided by my ISP.
>
> I see many posts saying that e-mails fro
On 2023-01-14 at 17:33 +0200, Mary wrote:
> Thank you, I'll take a closer look, because Shellshock implies that
> somehow the SMTPD executes a bash script, which I find highly
> unlikely. That is why I thought they are trying to exploit something
> further down the pipeline (Logstash, Prometheus, e
On 2023-01-10 at 13:59 -0800, Dan Mahoney wrote:
> The way postfix handles these aliases, is that it preserves the
> original envelope sender and recipient (which we don’t want anyway),
> and o365 is rejecting on that envelope sender/recipient (that it’s
> not allowed to deliver to our internal env
On 2023-01-08 at 18:21 +, Andrew C Aitchison via mailop wrote:
> Once upon a time SMS had a reputation for stronger security and
> privacy than email. I don't know how much that reputation was
> or is deserved.
Well, a SMS:
- Is not encrypted at any point
- Could be dropped with no notificati
On 2022-12-19 at 13:49 -0700, Grant Taylor wrote:
> On 12/19/22 8:21 AM, Daniele Nicolodi wrote:
> > it seems that Nextdoor recently went on a mission to expand their
> > user base and are mailing former users with whatever crap.
>
> I assume that their excuse for why the contact is CAN-SPAM compl
On 2022-11-23 at 13:54 +0100, Tobias Fiebig wrote:
> But I am currently stuck at 'getting a /23', which is surprisingly
> difficult without $30k to blow... so if one of you has some spare v4,
> I wouldn't say no. ;-)
IPv4 addresses are scarce now, but universities and NRENs were assigned
large ran
On 2022-11-24 at 17:20 +0100, Martin Flygenring via mailop wrote:
> Is anyone else seeing similar issues when forwarding mails from
> gmail.com, back to other addresses at gmail.com?
Yes, it seems nitpicky again.
I recently received a report of one of those failing. Which are a pain
to figure out
On 2022-11-24 at 15:28 -0800, Michael Peddemors wrote:
> Every modern email client can check multiple email accounts.
> The day when remote forwarding was a necessity has now passed, and
> now with things like SPF and other email tests, forwarding simply
> breaks..
When trying to get some user in
On 2022-11-25 at 00:10 -0500, Dave Anderson wrote:
> And even when it's possible it's not always desirable. An
> organization
> I'm involved with has many @ email aliases
> which forward to the person(s) responsible for those functions. This
> is convenient for people who need to communicate with
On 2022-11-18 at 11:38 -0800, Ken Simpson wrote:
> Hi Michael,
>
> I've seen the raw email; it did come from PayPal. PayPal needs to get
> better at recognizing brand images so that this kind of impersonation
> is more difficult on their platform. No doubt they are already
> working on that.
>
>
On 2022-11-20 at 18:58 +, Slavko via mailop wrote:
> Dňa 20. novembra 2022 17:55:18 UTC používateľ Ken Simpson <
> ksimp...@mailchannels.com> napísal:
> > One-time passwords can always be man-in-the-middle'd, since there's
> > no way
> > for the user to determine whether or not there is someone
On 2022-10-30 at 15:17 -0700, Michael Peddemors via mailop wrote:
> Can anyone give insight into this company?
>
> They have an IMMENSE amount of IP space from PSI/Cogent..
>
> (Someone might like to look into this from Cogent's end)
>
> Their website (https://www.code200.global/contact) has no
On 2022-10-19 at 11:37 -0700, Michael Peddemors wrote:
> > I hear your message, but I can't believe the only way out is to dox
> > myself.
>
> I don't think it is 'doxing' unless you are trying to hide ;)
>
> I am not going to go into whether operating a service on the internet
> is a 'right' or
On 2022-10-19 at 21:28 +0200, Bernardo Reino via mailop wrote:
> Yup. I have another server for which I have to request whitelisting..
> but it's a bit more difficult because the front page of the domain is
> the webmail (roundcube), so I have to figure out how to inject the
> Impressum there.
Ass
On 2022-09-29 at 08:19 +0200, Alessio Cecchi wrote:
> if you can identify a message as unwanted why do you have to send it
> anyway? It does not seem to me a positive contribution to the cause
> of a better internet, but only a discharge of responsibility on the
> receiving server.
The tricky ques
On 2022-09-16 at 20:47 +, Gellner, Oliver wrote:
> I can’t provide real research and I believe as well that 99% is
> exaggerated, but in my experience it’s more likely that a given
> random person is NOT regularly checking his spam folder than he is
> checking it. That‘s why I only vaguely wrot
On 2022-09-13 at 11:48 -0700, Luke wrote:
> There's some serious irony throughout this thread. Out of one side of
> our mouths we despise "oligopolies" and service providers who get too
> big to block or, conversely, too big to care about their own spam
> footprint. And out of the other side of our
On 2022-08-27 at 17:09 -0500, Darrell Budic wrote:
> Anyone else seeing this? Customer of mine just got some bounces from
> gmail for invalid SPF/DKIM. He doesn’t have either, so I’m not sure
> what this is about?
>
> Mind you, I did send him to setup a valid SPF entry, and
> authentication is goo
On 2022-08-21 at 15:18 -0500, Chris Adams wrote:
> Also, I believe you can offer both RSA and EC certs, so shouldn't be
> a negative to getting an EC cert (you just need to have RSA too).
How would you do that?
You could use different certificates on different interfaces, based on
the hostname th
On 2022-08-13 at 18:46 -0400, John Levine wrote:
> Subject: IP address blacklisted(Child Pornography Act 1996 violated)
>
> Hello,
>
> We have found instances of child pornography accessed from your IP
> address. This is a punishable offence under The Child Pornography
> Prevention Act of 1996 .
On 2022-08-13 at 03:17 +0200, Tobias Fiebig wrote:
> Heho,
>
> > Brandon Long via mailop
> > https://developers.google.com/gmail/ampemail is the Google developer
> > information about dynamic email, that link was about controlling the
> > content with Google Workspace.
> Thanks for sharing, this
On 2022-08-11 at 10:55 +, Gellner, Oliver wrote:
> In other MUAs they display like normal emails, Id expect that Googles
> dynamic emails behave the same way.
They seem to be a text/x-amp-html, and require a text/html or
text/plain fallback, so other clients would simply use the fallback.
At l
On 2022-07-22 at 16:20 -0400, Luis E. Muñoz wrote:
> Going back to the example of an ESP, does the hash of the email
> address equate the email address as per GDPR?
IANAL, but...
GDPR is all about being able to identify someone, even if that would
require help from someone else.
So, the email
On 2022-06-19 at 12:22 -0700, Dave Crocker wrote:
> On 6/18/2022 3:40 PM, Noel Butler via mailop wrote:
>
> > I was a very early (even in testing) user of SPF, It's rather commical
> > reading these FUD sayers about SPF and mailing lists, it has never been
> > a problem with mailing lists, not
On 2022-06-17 at 09:12 +0200, Cyril - ImprovMX wrote:
> Obviously, this can't be it. One solution to this would be to set up
> a whitelist of services that you can rely on when you receive an ARC-
> Signed email, but this creates a two-way Internet and I prefer mine
> neutral, or at least optimisti
On 2022-06-15 at 23:53 +0200, Axel Rau wrote:
>
>
> > Am 15.06.2022 um 20:42 schrieb Ken O'Driscoll:
> >
> > This is incorrect. The return-path is the address used by receiving
> > the MTA to send bounce messages to when the recipient's 5322.From
> > is unreachable for whatever reason.
>
> Yes.
On 2022-06-13 at 18:18 +0200, Slavko wrote:
> There is better tool from Vienna
> University, which reports SPF, DKIM (both rsa & ed), DMARC and ARC
> results in similar simple txt response:
>
> e...@univie.ac.at
>
> regards
On this line, there is the MECSA tool
https://mecsa.jrc.ec.europa.eu
On 2022-05-05 at 13:09 -0700, Michael Peddemors wrote:
> Now, curious as to people's perspective on the requirement to use that
> header.. some email clients will render it even though that header is
> missing, and other ones absolutely will not render it, or see it as a
> valid attachment.
>
>
On 2022-04-29 at 10:28 -0700, Brandon Long wrote:
> There have been other reports on this list of Gmail requiring
> authenticated email.
>
> We don't require authenticated email... but we vastly prefer it, and
> that preference has only increased over time. And the dkim replay
> attacks have mean
On 2022-04-29 at 21:29 +0800, wilson wrote:
> h-email.net seems like a honeypot service who gets the expired
> domains
> and setup the MX for collecting spam messages.
>
> https://securitytrails.com/list/mx/mail.h-email.net
The nameservers {ns1,ns2}.parkingcrew.net return (5, mail.h-email.net)
That's an interesting attack.
I initially thought you were going to describe placing a victim as your
destination target which is something which is prevented by requiring
the receiver to authorize them:
https://www.rfc-editor.org/rfc/rfc7489.html#section-7.1
But this is getting a spamtrap to acc
On 2022-04-28 at 12:45 -0600, Geoff Mulligan via mailop wrote:
> I have a user on one of my servers that uses procmail to forward
> messages to their gmail account.
>
> Every once in a while messages sent to them are "bounced" to the
> sender with the error fro gmail:
>
> 550-5.7.26 This message
On 2022-04-25 at 10:19 +0100, Laura Atkins via mailop wrote:
> The most recent Spamhaus botnet update report addresses this very
> nicely and provides direct evidence that free domain registrations
> are heavily abused.
>
> https://www.spamhaus.com/custom-content/uploads/2022/04/Botnet-Report-Q1-
On 2022-04-18 at 19:32 +1000, Simon Wilson wrote:
> *Completely* and objectively not true.
>
> I've run Android phones for many years with a Google account based on
> my own personal non-Gmail email. I have never activated or used Gmail,
> and at no stage has an Android phone ever tried to for
On 2022-04-16 at 14:26 +0200, Jaroslaw Rafa via mailop wrote:
> Dnia 15.04.2022 o godz. 20:18:54 John Levine via mailop pisze:
> > > You quoted that. Eu.org is a *domain registrar*. Only. They don't
> > > offer any
> > > email service and never did. So how can they "police users for
> > > email"?
>
On 2022-04-24 at 00:44 +0200, Jaroslaw Rafa via mailop wrote:
> Dnia 23.04.2022 o godz. 14:48:05 Dan Mahoney via mailop pisze:
> > I would LOVE there to be legal structure to say “Gee, Equifax, you failed
> > to demonstrate the basic opsec of paying some junior admin to type `yum
> > upgrade apache
On 2022-04-24 at 00:55 +0200, Jean-François Bachelet wrote:
> Hello ^^)
>
> Haven't read the full EU stuff yet, but question :
>
> How can we be possibly become aware of such possible threats without
> SPYING -read it all- the email passing by our mail servers ???
Well, it only applies *when* y
On 2022-04-22 at 17:30 -0500, Faisal Misle via mailop wrote:
> Note the trailing dot on the second policy. Is that a valid MX for the
> policies of the file? I could not find anything about it on RFC 8461 and
> most validators were flagging it as an invalid MX.
>
> Looking forward to hearing you
On 2022-04-21 at 10:04 +0800, Henrik S via mailop wrote:
> Hello
>
> My mail is sent by the third party smtp server, and the dkim
> signature
> is made for the third party domain (for this case, it's pobox.com).
>
> does this DKIM have helps to the authorization of my outgoing
> messages?
>
> T
On 2022-04-10 at 18:35 +0100, Andrew C Aitchison via mailop wrote:
> On Sun, 10 Apr 2022, Byron Lunz via mailop wrote:
>
> > I don't recall seeing any discussion in this thread about how to
> > migrate
> > old email messages from a Google Workspace account to a different
> > host.
> > Anyone have
On 2022-03-10 at 15:28 -0500, John Levine via mailop wrote:
> If you really want to stop mail loops, use a Delivered-To header like
> qmail, Postfix, and Courier do:
>
> https://datatracker.ietf.org/doc/draft-duklev-deliveredto/
You still need to stop at *some* hop-count. This approach stops
deli
On 2022-02-23 at 17:49 +0100, Jaroslaw Rafa via mailop wrote:
> Why are you looking for a webmail close to Gmail? Gmail's webmail
> interface is one of the worst possible. It is very inefficient to
> operate,
> counter-intuitive, hides many important information from the user
> etc., not mentioning
On 2022-01-31 at 10:43 -0700, Geoff Mulligan wrote:
> 1. If a recipient on an email message is both in the To: or Cc: and
> on the mailing list, should the listserver send the message to the
> recipient:
> a) By default
> b) Not by default (but configurable)
> c) Never
Yes, it sh
On 2022-02-02 at 21:31 -0600, Scott Mutter wrote:
> Email - as we know it - should have been dead years ago. But instead
> we keep adding band-aid after band-aid after band-aid to the system.
Maybe what you call a band-aid was actually preferable?
> Why is it impossible to take a look at what I
On 2022-01-30 at 14:09 +0200, Edgaras | SENDER wrote:
> Hello,
>
> We noticed in Google Postmaster Tools a lot of bad reputation IPs
> which do not belong to us, and are actually forbidden from sending
> emails on our behalf via SPF -all, yet Gmail thinks the messages
> from these IPs were fully
On 2022-01-20 at 20:33 +0100, Klaus Ethgen via mailop wrote:.
> > Scroll down to the relay pool subheader and read up more about it.
>
> That means, Microsoft ist intentional breaking mail.
>
> > Hope this helps.
>
> Well, as I am not the sender than the recipient, no, it does not.
>
> When it
On 2022-01-12 at 17:51 +0100, Alessandro Vesely via mailop wrote:
> Mailman asks a password to set email preferences, but no password to
> unsubscribe. So it is also possible that someone else unsubscribes your
> address for you. In fact I myself did unsubscribe someone else a few times:
> aft
On 2021-12-23 at 21:02 -0700, Dave Warren via mailop wrote:
> Even just verifying a phone number adds a real world cost to
> switching identities which makes blocking far more effective.
There is certainly a cost for casual users wishing to switch
identities. Both for wannabe trolls & spammers and
On 2021-10-16 at 02:52 +, John Levine wrote:
> According to John :
> > Which contemporary languages and infrastructures have a problem
> > with long lines? Old school used small buffers to handle
> > consecutive portions, the method
> > is not much different to line based handling. Today, buffe
On 2021-07-19 at 23:27 +0200, Slavko wrote:
> Hi,
>
> Dňa Sun, 18 Jul 2021 13:56:18 -0400 Bill Cole:
>
> > > The only usable way seems to be GoiIP blocking countries, but i
> > > afraid that it is wrong way.
> >
> > Why?
>
> Hard to describe it in English for me, but i will try.
>
> I consid
On 2021-07-18 at 22:29 -0400, John Levine via mailop wrote:
>
> I do wish it were easier to report and kill the drop boxes, though.
>
> It would be nice if regasignsd...@yahoo.com went away.
I was only visited by that on July 9th.
Others like mx-server.org are much more persistent here.
Here ar
On 2021-05-21 at 11:48 -0400, John Lightfoot via mailop wrote:
> That option doesn’t seem to exist in Outlook for Mac. I can go to
> Preferences/AutoCorrect/Text Completion and turn off Show
> AutoComplete tip for AutoText and dates, but that doesn’t seem to
> affect autocomplete for email address
On 2021-05-04 at 18:05 +0200, Raymond Dijkxhoorn wrote:
> Have fun patching!
>
> Bye, Raymond
Thanks Raymond
See as well
https://blog.qualys.com/vulnerabilities-research/2021/05/04/21nails-multiple-vulnerabilities-in-exim-mail-server
This has been a coordinated disclosure, hopefully those runn
On 2021-04-01 at 07:36 -0700, Marcel Becker wrote:
> On Thu, Apr 1, 2021 at 12:43 AM Hans-Martin Mosner wrote:
> > One option that you should consider to mitigate the effects for
> > recipients is to allow per-recipient DMARC exceptions, because the
> > recipient is the one who ultimately decides w
Am 27.03.21 um 15:29 schrieb Hans-Martin Mosner:
> Forwarding is most often used by recipients to achieve their
> preferred way of handling mail, so rejecting mails that they want to
> receive would mean you ignore their wishes as recipients in
> favor of the wishes of the senders who often don't t
On 2021-03-10 at 08:36 +, Hans-Martin Mosner via mailop wrote:
>
> Hello,
>
> does anyone have a pointer to technical details about the recently
> surfaced Exchange vulnerabilities? I would specifically be interested
> whether the exploit(s) depends on the server being exposed to the
> intern
On 2021-02-25 at 20:10 +0100, Jaroslaw Rafa wrote:
> I'm not a lawyer, and of course law may differ in different countries, but I
> guess that at least in my country it can have something to do whether you are
> selling something that can be classified as "consumer goods" or not.
> Selling groceri
On 2021-01-29 at 14:36 -0800, Dave Crocker via mailop wrote:
> Although I showed some restraint in my earlier note, I will now point
> to
> two specifications I put together, seeking a less hacky way of
> dealing
> with this DMARC-generated issue:
>
> Author Header Field
> https://datatracker.ie
On 2021-01-24 at 12:52 -0500, John Levine via mailop wrote:
> In article <6b96f527-0f53-494f-bb65-3e450a386...@wordtothewise.com>
> you write:
> > > Note: Some people will vehemently oppose to not placing filters,
> > > though. Some threads at RIPE anti-abuse-wg show that.
> >
> > There are extrem
On 2021-01-23 at 23:56 +0100, Ángel wrote:
> If any, you would want to define some kind of rejection message that
> provided the equivalent of a "HTTP 301" so that the MTA itself could
> redirect it to the right mailbox.
And just minutes after sending this, I notice tha
On 2021-01-21 at 12:47 +0200, Mary via mailop wrote:
> The victim of a subscription bombing attack can't do much, they
> should be careful to shift through the garbage and find the real
> threat (password changes, bank transfers, etc).
>
> Email admins can only do manual work, because I haven't se
an be included under the securitytxt umbrella.
The relevant draft is at
https://tools.ietf.org/html/draft-foudil-securitytxt-10
Best regards
Ángel
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
On 2021-01-16 at 19:05 +0100, Jaroslaw Rafa via mailop wrote:
> Dnia 16.01.2021 o godz. 11:48:56 Tom Sommer via mailop pisze:
> > The user IS informed that "The message has been reported
> > as Junk" as they click the button.
>
> If they have no idea what "Junk" means, they won't understand this
>
SMTP uses _opportunistic_ encryption. It fails open.*
This has the unfortunate consequence that strengthening the encryption
often means to actually use no encryption at all. ☹
The client mta attempts to negotiate TLS1.2, is unable to and ends up
sending the email in plaintext, when it could have b
1 - 100 of 156 matches
Mail list logo
