Re: [mailop] DMARC processing

On Tue, Dec 19, 2023, at 7:20 PM, Tara Natanson via mailop wrote: > On Tue, Dec 19, 2023 at 3:29 PM Eduardo Diaz Comellas via mailop > wrote: >> Hi all, >> >> Thanks all for the suggestions. I will give a try to some of them to >> see if they are a good fit for our usage case. >> >> We handle

Re: [mailop] scam prevention

On 12/8/20 11:26 AM, mailop@mailop.org wrote: > But if it did happen - be ready for the chorus of... "But it used to show the > person's name, why did it change?  Can you change it back?" That what I assumed too. However, the complaints are extremely low for us (we do employ a nuanced approach

Re: [mailop] scam prevention

On 12/8/20 10:41 AM, mailop@mailop.org wrote: > On 12/8/20 5:13 AM, Tim Bray via mailop wrote: > I *REALLY* dislike the idea.  I think it is fundamentally flawed, in a mostly > non-technical way. ... > This one of the reasons why I hate the idea of not showing the full email > address in email c

Re: [mailop] Effeciveness (or not) of SPF

On 12/8/20 1:02 AM, Hans-Martin Mosner via mailop wrote: > Am 07.12.20 um 23:51 schrieb Thomas Walter via mailop: >> >> I fully agree, but gmail is a bad example, because they actually support >> importing remote mailboxes with pop3 which does not require forwarding. >> We never tried that, but it

Re: [mailop] O365 contact (or suggestions)

It's more about Azure AD, so getting the case routed to that team is probably best. Typically, you need premier support to get decent engagement from Microsoft. I'm not sure what kind of process they have to prove tenant ownership in that situation, but I imagine it's a manual sort of verifica

Re: [mailop] sendgrid.net

On 10/5/20 6:02 PM, Eric Tykwinski via mailop wrote: > I’m not sure about SendGrid per say, but Twilio is mainly an API provider, so > full OAUTH, private keys, et al, as I’m a customer of their SMS, phone > service, et al. > As far as I know SendGrid is the same, but not saying that hacked websi

Re: [mailop] sendgrid.net

On 9/25/20 11:26 AM, Jay Hennigan via mailop wrote: > Even before the phishing became overwhelming they were a significant source > of spam, primarily "targeted" via purchased lists. For at least the past six > months the phishing has been overwhelming. While they claim to be working on > the pr

Re: [mailop] [External] Re: How to do Outbound Relay from M365 previously O365

On 9/18/20 9:49 AM, Kevin A. McGrail via mailop wrote: > On 9/18/2020 10:18 AM, Ken O'Driscoll via mailop wrote: >> You need to set up mail flow connectors in Exchange Online. Authentication >> is certificate and/or IP based. >> >> I think this explains it fairly well:  >> https://docs.microsoft.c

Re: [mailop] Just how does SendGrid fail this badly?

Most ESPs allow forging of arbitrary domains (usually requiring just an email loop verification *to* any address in the domain).  It's good for business.  Their customers don't understand SPF/DKIM/DMARC, in their defense.   Plus, it's technically a misdeployment for any domain to publish DMARC i

Re: [mailop] Microsoft Outlook "Modern Authentication"?

On 6/17/20 11:15 PM, Dave Warren via mailop wrote: > A bit late, sorry. > > On Tue, Jun 2, 2020, at 04:55, Ken O'Driscoll via mailop wrote: >> On Thu, 2020-05-28 at 13:35 -0600, Daniele Nicolodi via mailop wrote: >>> Does anyone know if there is any alternative to Outlook to access >>> >>> Exchang

Re: [mailop] Sendgrid and phishing

On 6/17/20 1:50 PM, Robert L Mathews via mailop wrote: > Several months ago I suggested (among other things) that SendGrid block > "From" headers matching prominent domain names until the messages have > been manually reviewed. The fact that "don't let random customers send > mail saying it's from

Re: [mailop] Abusix Potentially Compromised Account Report

On 5/19/20 5:51 AM, Thomas Walter via mailop wrote: > On 19.05.20 12:01, Jaroslaw Rafa via mailop wrote: >> A shared account by itself is a security loophole. > Why is that? You can perfectly share an account with IMAP4 Access > Control Lists. > > The issue is not the shared account, the issue is

Re: [mailop] Abusix Potentially Compromised Account Report

Finally got one! I expect these reports to be largely a lagging indicator of 3rd party password dumps, reflecting a certain subset of credential stuffing scenarios. I don't think anyone in our organization is comparing all available breached password hashes to local hashes, so it's nice to s

Re: [mailop] mailbox auth for system integration

On 2/10/20 2:24 PM, Brandon Long wrote: On Mon, Feb 10, 2020 at 11:56 AM Jesse Thompson via mailop mailto:mailop@mailop.org>> wrote: On 2/7/20 6:31 PM, Brandon Long via mailop wrote: > > > On Fri, Feb 7, 2020 at 4:07 PM Philip Paeps via mailop

Re: [mailop] mailbox auth for system integration

On 2/7/20 6:31 PM, Brandon Long via mailop wrote: On Fri, Feb 7, 2020 at 4:07 PM Philip Paeps via mailop mailto:mailop@mailop.org>> wrote: __ On 2020-02-07 15:51:22 (-0800), Philip Paeps wrote: On 2020-02-07 14:32:50 (-0800), Stuart Henderson wrote: On 2020/02/

[mailop] mailbox auth for system integration

Microsoft O365 and Google G Suite are both retiring basic authentication for client access to mailboxes. As a result, ALL clients will need to support OAuth on a very short timeline. End-user MUAs aside, I'm worried about systems that rely on a mailbox for integration (RT, and the like). I su

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

On 1/6/20 2:04 PM, John Johnstone via mailop wrote: > It is interesting how quiet it is on this topic. IMO, that's because it falls into the "I know it when I see it, but I can't realistically prevent it" category. Legitimate marketers (for example, some people within my own institution) have a

Re: [mailop] IMAP clients that support OAUTH

Looks like Office 365 is about to implement it https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Improving-Security-Together/bc-p/870818#M27214 Jesse From: mailop on behalf of Jesse Thompson via mailop Sent: Saturday, August 24, 2019 11:37 PM

Re: [mailop] seeking Samsung contact

Somewhat related: we had a similar problem with Gmail's "send mail as" autoconfig for our SMTP MSA. The wrong info wasn't coming from our SRV records, our autoconfig service, our autodiscover service, and it wasn't using mail. or any other well-known. IIRC Google front-line support claimed t

Re: [mailop] IMAP clients that support OAUTH

hink someone wrote a sasl module for it, but I didn't pursue that one Brandon On Sat, Aug 24, 2019, 6:59 PM Jesse Thompson via mailop mailto:mailop@mailop.org> > wrote: Is the list of IMAP clients that support OAUTH here https://en.m.wikipedia.org/wiki/Compari

[mailop] IMAP clients that support OAUTH

Is the list of IMAP clients that support OAUTH here https://en.m.wikipedia.org/wiki/Comparison_of_email_clients up to date?   ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Block spam at smtp time, but then still forward to users spam box

After much internal debate (about a year ago) we started rejecting high rated spam for a variety of motivations, and we do not also deliver to the recipient like your colleague proposes. We make one-off exceptions, and the only general exception is if the message is sent from a list, since we d

Re: [mailop] Mailing list with From header munging... and Outlook

ith From header munging... and Outlook To: Brandon Long, Jesse Thompson Cc: mailop@mailop.org On Fri 15/Mar/2019 23:46:13 +0100 Brandon Long via mailop wrote: > On Fri, Mar 15, 2019 at 2:54 PM Jesse Thompson via mailop wrote: >> >> As it stands now, these "conditional" is

Re: [mailop] Mailing list with From header munging... and Outlook

On 3/13/2019 10:53 PM, Paul Gear via mailop wrote: > On 12/3/19 11:48 pm, Jesse Thompson via mailop wrote: >> On 3/12/2019 1:50 AM, Benjamin BILLON wrote: >>> So, the question is rather why Jesse and Michael's messages contain a >>> Reply-To: header, and not your

Re: [mailop] Mailing list with From header munging... and Outlook

d > > Aloha, > > Michael. > > -- > > *Michael J Wise* > MicrosoftCorporation| Spam Analysis > > "Your Spam Specimen Has Been Processed." > > Got the Junk Mail Reporting Tool > <http://www.microsoft.com/en-us/download/details.aspx?id=18275

Re: [mailop] Mailing list with From header munging... and Outlook

On 3/12/2019 3:36 AM, Alessandro Vesely wrote: > On Tue 12/Mar/2019 02:43:38 +0100 Neil Jenkins wrote: >> On Tue, 12 Mar 2019, at 09:26, Jesse Thompson via mailop wrote: >>> When someone reply-alls to a munged message it only composes a message to >>> the >>>

Re: [mailop] Mailing list with From header munging... and Outlook

On 3/12/2019 1:50 AM, Benjamin BILLON wrote: > So, the question is rather why Jesse and Michael's messages contain a > Reply-To: header, and not yours. > > (What will my contain? Surprise surprise! Using Outlook) Well, splio.com publishes p=none, so this list isn't munging it, as expected. Thi

[mailop] Mailing list with From header munging... and Outlook

Hi all, We're making a push to get mailing lists to implement header munging because of gov domains adopting DMARC p=reject. Does anyone know what's up with Outlook (Office 365 Pro Plus) when "Reply All" is used? When someone reply-alls to a munged message it only composes a message to the Re

Re: [mailop] Microsoft SPF failing our email internally against their own servers

Microsoft is rewriting the MAIL FROM to the primary address of the mailbox for forwarded mail, which allows SPF to pass (and also works with hybrid outbound routing, assuming your outbound MTAs are listed in SPF for all of your domains). But they don't rewrite the From header, so that breaks DM

Re: [mailop] Microsoft SPF failing our email internally against their own servers

I would bet it has to do with the way you set up your inbound and outbound connectors in your Exchange Online tenant. You should not need to include EOP in your SPF (although IIRC there is no way to set up hybrid routing for OOFs) We had some tenant-tenant routing issues in 2015 due to the way

Re: [mailop] Business justification for DNSSEC?

On 10/16/18 7:08 AM, Patrick Ben Koetter wrote: > * Brotman, Alexander : >> OPENPGPKEY and SMIME/A also use DNSSEC, if you're interested in those >> protections for your users. > > Though either, OPENPGPKEY and SMIMEA, have seen wide adoption yet. And > allthough we wrote smilla

[mailop] Business justification for DNSSEC?

Is there a good summary of current and emerging email technologies that depend on DNSSEC that can be referenced for building a business justification for prioritizing DNSSEC within an organization? From my knowledge/understanding (Disclaimer: I might be wrong) the list is: 1) SMTP Security via O