Re: [mailop] Need contact at Apple

2025-08-06 Thread Michael Peddemors via mailop
This is a common issue.. Apple REALLY takes pains not to reveal who the development team members are.. Too bad, would be nice if they worked more with the community. On 2025-08-06 02:25, Jarland Donnell via mailop wrote: Apologies but this may be one of my best angles for finding this. I'm loo

[mailop] Can I get a CenturyLink/Level 3 representative lurking on here to reach out?

2025-07-16 Thread Michael Peddemors via mailop
Chasing down strange activity from a range on their networks, with no PTR's and trying to validate what these systems are used for.. Please reach out off list. -- "Catch the Magic of Linux..." Michael Peddemors, President/

Re: [mailop] Outlook.com: intermittent DKIM failures

2025-06-23 Thread Michael Peddemors via mailop
If the Message-ID is missing, Microsoft is doing the right thing adding it, that takes precedence over breaking the DKIM signature.. I guess this is a good way to let you know that you should be including that header ;) On 2025-06-23 03:22, Paulo Pinto via mailop wrote: Hi all. Maybe this c

Re: [mailop] Weird junk emails via Google Groups

2025-06-05 Thread Michael Peddemors via mailop
Which is why we give Google Groups a negative reputation.. (Aside from the long standing obvious abuse of it) You should NEVER have to log in to 'unsubscribe', let alone have to get a google account to remove yourself.. Spam folders are full of those.. actually, majority of what is in my per

Re: [mailop] Anyone from OVH around?

2025-05-30 Thread Michael Peddemors via mailop
Just one? There are several /24's engaged in #phishing as we speak ;) Received: from controle29t.shadowgate.pics (HELO controle29t.shadowgate.pics) (51.161.131.112) Portugese Phishing? Same actor as was on Hetzner, Selectel etc.. On 2025-05-30 05:32, Juan Manavella via mailop wrote: Hi,

Re: [mailop] Anybody know how to get off a blocklist at Proofpoint Dynamic Reputation

2025-05-26 Thread Michael Peddemors via mailop
On 2025-05-23 09:16, Ken Robinson via mailop wrote: I just started getting bounces from this service.     host mx1-us1.ppe-hosted.com [67.231.154.162]     SMTP error from remote mail server after RCPT TO:mailto:review...@publishersweekly.com>>:     550 5.7.1

Re: [mailop] Is there a way to block domains registered at a specific registrar with SpamAssassin or similar

2025-05-23 Thread Michael Peddemors via mailop
On 2025-05-23 05:49, Benoît Panizzon via mailop wrote: Hi List We get bombarded with loads of spam mails advertising .my domains to redirect traffic. As soon as one domain is listed, another one is used. Source ip changes all the time. Only common characteristic is: .my domain registered @ na

Re: [mailop] Icewarp and "New" Outlook

2025-05-23 Thread Michael Peddemors via mailop
On 2025-05-23 02:49, Peter Corlett via mailop wrote: [...] As a result, clients and servers SHOULD implement both STARTTLS on port 587 and Implicit TLS on port 465 for this transition period. Which is pretty clear. I think it is important that consideration is given to how the 'big pl

Re: [mailop] Cisco IronPort (iphmx.com) contact

2025-05-15 Thread Michael Peddemors via mailop
ty good alone, IMO. Scott Q:  not sure if you're aware, but there's a very coarse reputation check you can do here for your sending IP: https://talosintelligence.com/reputation_center/ You won't get the raw SBRS score, but it will give you an idea. Robert On 5/14/2025 at 17

Re: [mailop] Cisco IronPort (iphmx.com) contact

2025-05-14 Thread Michael Peddemors via mailop
The only thing is .. I believe Cisco devices all use the Cisco DNS servers for all RBL lookups, rather than their own DNS servers.. Is this a correct assumption? This can cause problems for some people with some RBL's. On 2025-05-14 14:43, Gellner, Oliver via mailop wrote: On 14.05.2025 at

Re: [mailop] Deutsche Telekom

2025-04-17 Thread Michael Peddemors via mailop
y could add ​to their own private database, I don't see the need to make this info public. Scott​ On Monday, 14/04/2025 at 16:18 Michael Peddemors via mailop wrote: On 2025-04-14 08:02, Scott Q. via mailop wrote: > Anyone dealt/dealing with them in getting IPs unblocked ? &

Re: [mailop] Deutsche Telekom

2025-04-15 Thread Michael Peddemors via mailop
On 2025-04-14 08:02, Scott Q. via mailop wrote: Anyone dealt/dealing with them in getting IPs unblocked ? It seems they have a new internal regulation where they want the sending domain to be explicitly linked to the actual owner that sends the e-mails. Which makes sense in theory but there's

Re: [mailop] Email-Friendly B2B Infrastructure Hosting

2025-04-09 Thread Michael Peddemors via mailop
Ouch.. not sure if you want to recommend them ;) However Mark.. that isn't a very good description of what you are looking for? 'aws-like'.. You mean SES, or just cloud .. You can get redunduncy/resiliency in many ways. But for only 10k users, for mail that isn't a very big load.. Do they

Re: [mailop] Outbound IP ranges for iCloud

2025-04-08 Thread Michael Peddemors via mailop
On 2025-04-08 10:20, Suresh Ramasubramanian via mailop wrote: Hi folks, we are deploying a new set of outbounds for iCloud alongside our existing ranges.Please update any filtering that you might have.Additionally, please note that mail from iCloud might ALSO originate from hosts with a *.appl

[mailop] Anyone from Vocus (New Zealand) on the list?

2025-04-05 Thread Michael Peddemors via mailop
They are suffering from a large scale compromise sending phishing out.. If they reach off list we can give a clue on the sources.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at

[mailop] Anyone from the klaviyomail.com group on here?

2025-04-01 Thread Michael Peddemors via mailop
Please reach out to me offlist.. You got a problematic customer.. In a giving mood today, if you want details on this one.. prolific.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visi

Re: [mailop] OVH: RIPE listed abuse address sends automated reply to use form

2025-03-28 Thread Michael Peddemors via mailop
Don't get me started on OVH.. Aside from allowing widespread obvious spammers and phishing operations, their support team appears to care very little about it, or their reputation.. What is it with companies, when a trusted industry person sends them evidence on those actors, but they want you

Re: [mailop] Strange attack - what do they want?

2025-03-27 Thread Michael Peddemors via mailop
On 2025-03-27 13:55, Jaroslaw Rafa via mailop wrote: Hello, a few days ago someone managed to abuse an account registration form on my personal website and a few dozens of random recipients at different domains (mostly at Yahoo) got registration confirmation emails from my address. The scale of t

[mailop] Requesting Feedback from the community.. Compromised Email Account reporting.

2025-03-13 Thread Michael Peddemors via mailop
Background: Compromised email accounts are on the rise, from almost every sector, and often it is the same actors and infrastructures that are being used as a source to send out their malware and phishing from these compromised accounts. Historically, while we identify these threats, we have

[mailop] Who would be handling how Microsoft emails their Sign-In notifications?

2025-03-04 Thread Michael Peddemors via mailop
I know we have lurkers, but Michael has been long silent on the list.. So hoping for a reach out from someone on their email delivery team... Aside from of course the broken use of double Return-Path, have some other concerns given the similarities of those notifications, with a know phishing g

Re: [mailop] M365 SPF Validation issue where "exists" mechanism is used

2025-02-06 Thread Michael Peddemors via mailop
Pet Peeve.. *grr* why use Macro's when you can hard code the value? The more explicit you can be, the safer you are.. Not to mention, easier for the rest of the world to see what your intentions are.. On 2025-02-06 07:18, Chris Spencer via mailop wrote: I'm a Technical Product Manager at Fortr

[mailop] I know there is some 1 and 1 (IONOS) kundenserver.de people lurking on this list..

2025-01-10 Thread Michael Peddemors via mailop
Your systems are being abused right now by a well known attacker.. Sending email replay attacks, and your systems also generate back scatter.. First of all.. (And this goes to all email operators) only allow domains in the MAIL FROM, that are actually served by your servers. Second, don't gen

Re: [mailop] Minimum Viable IP Reputation Check for a new IP?

2024-12-28 Thread Michael Peddemors via mailop
Better to check http://mxtoolbox.com and http://hetrixtools.com And 'wellknown' VPS providers can be bad too.. check their overall reputation as well as your own IP address. On 2024-12-27 17:17, Sabahattin Gucukoglu via mailop wrote: Hi guys, Subject says it all, really: what's the minimum y

Re: [mailop] DNSBL List

2024-12-18 Thread Michael Peddemors via mailop
the spamtrap address. How does this make any sort of sense ? You are supposed to monitor logs anyways.. aren't you? Scott​ On Wednesday, 18/12/2024 at 16:53 Michael Peddemors via mailop wrote: IF you can't adequately monitor your own outbound mail queues, and track reject

Re: [mailop] DNSBL List

2024-12-18 Thread Michael Peddemors via mailop
IF you can't adequately monitor your own outbound mail queues, and track rejections, and want someone else to do your job for you, you might like to offer the RBL operators some money to do your job for you. *Sheesh* Eg, Twilio is a billion dollar company, and can't get a handle on those phis

Re: [mailop] PayPal Phishing from Paypal servers.. Now coming through o365 as well

2024-12-12 Thread Michael Peddemors via mailop
-Tag: is-invoice Umm.. MailGun, that isn't an invoice.. It's Phishing.. On 2024-12-11 01:33, Alessandro Vesely via mailop wrote: On Tue 10/Dec/2024 23:23:51 +0100 Andrew C Aitchison wrote: On Tue, 10 Dec 2024, Michael Peddemors via mailop wrote: Ouch.. getting even harder for reci

Re: [mailop] The "NEW" Outlook

2024-12-11 Thread Michael Peddemors via mailop
On 2024-12-11 11:20, Scott Q. via mailop wrote: I find that beyond the : - security risks - privacy concerns​ - inability to troubleshoot connection issues - being exposed to MS outages - inability to optimize routing for global customers there is also the glaring fact that MS is a competitor i

Re: [mailop] Docusign Phishing from .. Now coming through o365 as well

2024-12-10 Thread Michael Peddemors via mailop
Docusign" On 2024-12-10 14:34, Michael Peddemors via mailop wrote: For the record, this has been going on for some months now.. We have been even keeping track of the phone numbers used in this scam, but we already notice that they are attempting to obfuscate the phone numbers.. As Louis p

Re: [mailop] PayPal Phishing from Paypal servers.. Now coming through o365 as well

2024-12-10 Thread Michael Peddemors via mailop
For the record, this has been going on for some months now.. We have been even keeping track of the phone numbers used in this scam, but we already notice that they are attempting to obfuscate the phone numbers.. As Louis pointed out, it's the 'sellers note' that is being abused.. as well as

[mailop] PayPal Phishing from Paypal servers.. Now coming through o365 as well

2024-12-10 Thread Michael Peddemors via mailop
Ouch.. getting even harder for recipient spam protections to catch this guy, given that o365 is also a 'too big to block'.. Standard Paypal Phone Scam we have seen coming from PayPal's own infrastructure.. But now via o365.. redaccted headers below.. (PayPal should have stopped this at the so

Re: [mailop] How much mail is spam?

2024-12-09 Thread Michael Peddemors via mailop
That's the problem with 'statistics'.. Used to be almost every spam protection vendor claimed ridiculously high numbers, but that is because they processed 'every' attempt. Since most email servers utilize thing like RBL's and rate limiters, the SMTP layer doesn't need to process so much.. A

Re: [mailop] Is there a standard for how many RCPT to accept?

2024-12-05 Thread Michael Peddemors via mailop
You are right Victor of course... And for the record, ESP's and senders should NEVER assume that they can send even 100 recipients.. In our MagicMail SMTP we apply a penalty for invalid users.. each invalid user is the equivalent of 15 legitimate recipients.. so if you send 10 invalid recipien

Re: [mailop] Email delivery issue

2024-11-26 Thread Michael Peddemors via mailop
For the record, they are located on OVH IP space.. give all the problems from that IP space, many vendors could be blocking traffic from them.. NetRange: 135.148.130.0 - 135.148.130.127 CIDR: 135.148.130.0/25 NetName:OVH-DEDICATED-FO NetHandle: NET-135-148-130-0-1 Pa

Re: [mailop] Yahoo/AOL Delivery Issues as of November 11th.

2024-11-17 Thread Michael Peddemors via mailop
Aside from your issue reaching a 'human' response, and that to you the error messages and support responses are cryptic.. Yahoo is usually pretty good, and usually starts flowing again once a reduction in the triggering events is seen.. However, not sure you should use pipelining .. Given that

Re: [mailop] Spam/scam from salud.pr.gov (via O365/Microsoft)

2024-11-15 Thread Michael Peddemors via mailop
We're monitoring these government compromises, and yes.. it does appear to be the same actors.. but it isn't what you think.. it is a bot operator, and I don't think they really realize the power they have in those compromised email accounts.. Just using them for either standard spamming.. scr

[mailop] Hate when Banks use loose SPF (macros) records..

2024-11-04 Thread Michael Peddemors via mailop
chase.com. 3590 IN TXT "v=spf1 exists:%{i}.spf.chase.com exists:%{i}.spf.hc4673-96.iphmx.com exists:%{i}.spf.hc4698-8.iphmx.com include:tpo.chase.com ip4:207.162.228.0/24 ip4:207.162.229.0/24 ip4:207.162.225.0/24 ip4:196.37.232.50 ip4:159.53.46.0/24 ip4:159.53.36.0/24 ip4:159.53" ".110.0/2

Re: [mailop] New IPs

2024-10-25 Thread Michael Peddemors via mailop
Suggestion Luc? NetRange: 67.69.168.0 - 67.69.168.255 CIDR: 67.69.168.0/24 NetName:BELL-OPS-20121029-CA NetHandle: NET-67-69-168-0-1 Parent: BELLNEXXIA-11 (NET-67-68-0-0-1) NetType:Reassigned OriginAS: AS577 Customer: Bell Canada ICN (C0319

Re: [mailop] Google Rejecting Mails as Spam

2024-10-25 Thread Michael Peddemors via mailop
On 2024-10-25 11:59, Matus UHLAR - fantomas via mailop wrote: Requiring "hostname must poing back to sending IP" violates the RFC. That's why I asked about the rDNS matching - I don't remember seeing such server on the net yet. There are many reasons for HELO (Server Name) to be an internal na

Re: [mailop] Google Rejecting Mails as Spam

2024-10-25 Thread Michael Peddemors via mailop
On 2024-10-25 11:00, Matus UHLAR - fantomas via mailop wrote: Am 25.10.2024 um 15:39:15 Uhr schrieb Pete Long via mailop: Unfortunately, Google is still rejecting emails from valar.uk.net. I guess I'll wait a bit longer. Tobias described it properly, there's more what you can and should do. O

Re: [mailop] Huge increase in SASL brute force

2024-10-21 Thread Michael Peddemors via mailop
Nothing to see here folks.. let's move along.. Well, to be truthful you asked for advice.. so .. first of all, this appears to be standard botnet activity, probably from compromised IoT and CPE equipment.. there are many similar attempts, eg if it was from Chinese telecoms, a lot is actually c

Re: [mailop] Unsolicited messages from *.outbound-mail.sendgrid.net

2024-10-14 Thread Michael Peddemors via mailop
Don't even get me started on SendGrid.. two years on and the same actors are still abusing their systems.. We attempted to reach out to help them with this problem, and ended up with them not able to do anything .. upper level didn't want the change.. So much phishing from their IPs.. this i

Re: [mailop] Unsolicited messages from *.outbound-mail.sendgrid.net

2024-10-14 Thread Michael Peddemors via mailop
On 2024-10-14 06:05, Renaud Allard via mailop wrote: On 10/14/24 2:17 PM, Marco Moock via mailop wrote: Am 14.10.2024 um 12:31:30 Uhr schrieb Paul Menzel via mailop: Is there something else I can do despite forwarding messages to ab...@sendgrid.net? Should SendGrid do better? They simply i

Re: [mailop] Unsolicited messages from *.outbound-mail.sendgrid.net

2024-10-14 Thread Michael Peddemors via mailop
You are right, far too many companies big enough to at least get a dedicated IP, instead of a shared IP, they should have custom PTR's, and *shudder* their SPF records included all of SendGrid, so needless to say they are very vulnerable to spoofing and phishing.. Someone should write a small

Re: [mailop] Does anyone have a real human contact at unifiedlayer/hostgator/bluehost?

2024-10-07 Thread Michael Peddemors via mailop
Share the IP, or a sample one.. ;) Different segments have different sending histories.. and different levels of concern.. Even on some of the really bad segments, still some good guys buried in the mix.. But lot's of their space safely on reputation lists with little or no complaints. The

Re: [mailop] Sudden drop of frenzied login attempts

2024-10-04 Thread Michael Peddemors via mailop
On 2024-10-04 03:45, Alessandro Vesely via mailop wrote: Hi, this is the second day that illegal login attempts to IMAP/SMTP accounts are down by almost an order of magnitude (thousands to hundreds on my tiny server).  Has there been some mayor clearance? Best Ale A bot stopped running? A

[mailop] Any PayPal people on here? See an ongoing threat sent directly from PayPal servers.

2024-10-02 Thread Michael Peddemors via mailop
Please reach out to me off list, this threat has been going on for some time.. people gaming the paypal system to send fake notices, using the invoice system, trying to steal paypal credentials.. -- "Catch the Magic of Linux..."

[mailop] Anyone on ZenLayer lurking on the list?

2024-09-26 Thread Michael Peddemors via mailop
Hit me up off list, curious about some traffic patterns from the 98.98.108.0/24 block to port 25.. (It could be they assigned this range to someone else, just no SWIP update) -- "Catch the Magic of Linux..." Michael Peddem

Re: [mailop] Trend Micro Contact

2024-09-23 Thread Michael Peddemors via mailop
On 2024-09-23 14:52, Brotman, Alex via mailop wrote: Hello, It appears as though TM has a segment of our network incorrectly listed as "dial-up". I'm looking for a contact over there who might be able to resolve that, and who I can supply with a list of what is currently "dynamic". Thank you

[mailop] Made me Giggle...

2024-09-18 Thread Michael Peddemors via mailop
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning gmail.com discourages use of 52.172.161.255 as permitted sender) -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Vi

[mailop] What Kind of Return-Path's are these? (A1 Telekom)

2024-08-27 Thread Michael Peddemors via mailop
Return-Path: Received: from smtpout06.a1.net (HELO smtpout06.a1.net) (80.75.33.6) ... From: "myGov-alert" Anyone know the A1 People? They should restrict MAIL FROM to only addresses on their email server? (IP sending this was on their own networks as well) Should be a reminder to everyon

Re: [mailop] Uptick in Google Groups spam?

2024-08-27 Thread Michael Peddemors via mailop
Uptick no.. It's been crazy levels for over a year now... The team has a whole slew of custom filters for this type of spam, it would be easier of course if Google took care of them but.. And there has been several discussions on this and other lists about this type of spam.. You might want t

Re: [mailop] oauth2 for mail clients

2024-07-31 Thread Michael Peddemors via mailop
On 2024-07-31 07:49, Andrew C Aitchison via mailop wrote: On Sun, 14 Jul 2024, Scott Q. via mailop wrote: My question wasn't geared in that direction. It's up to each provider to create their own custom interfaces for integrating all that. It's not rocket science. My question was geared toward

Re: [mailop] Domains discrimination ... and Gmail

2024-07-11 Thread Michael Peddemors via mailop
Yes, as we all know.. threat teams and spam filtering teams spend a LOT of resources on those.. but when you see exactly the same samples year after year, you have to question their motivation.. (right now 'their' meaning specifically Gmail and o265) And 'rejecting' the messages IS possible, b

Re: [mailop] Help with handling backscatter

2024-07-11 Thread Michael Peddemors via mailop
There are SO many things wrong with this don't know even where to start.. Received: from shopify.com ([89.190.156.188]) Duplicate Return-Path X-Original-Message-ID: <668ef133.170a0220.9c6db.ca0esmtpin_added_bro...@mx.google.com> (google.com: domain abaimiddle.school.test-google-a.com configure

Re: [mailop] Cloud hosts for responsible mail servers?

2024-07-09 Thread Michael Peddemors via mailop
On 2024-07-09 07:58, Michael Breuer via mailop wrote: On 9. Jul 2024, at 03:41, John Levine via mailop wrote: So for this inquiry I really am asking about reliable hosts - anywhere in the world. That may or may not include names like Hetzner, Vultr, or AWS - Take a look at Amazon SES. It'

Re: [mailop] Why an SPF hard bounce on ~all ?

2024-06-27 Thread Michael Peddemors via mailop
Slightly 'off-thread' but want to point out that the idea of 'soft-fail' is not universal.. Personally, we believe that if someone advertises a HARD FAIL, it should be rejected in the SMTP transaction.. And SOFT FAIL, if from a source that especially vulnerable to forgeries, and/or targeted in

Re: [mailop] Another 'Verified Email' service on AWS EC2

2024-06-25 Thread Michael Peddemors via mailop
at's a good idea, except when you have to deal with companies like Everbridge Inc or Tencent QQ, which apparently think it's a good idea to rent VMs at various cloud providers and run them with their default config. ----- Original Message - | From: "Michael Peddemors via mailo

Re: [mailop] AT&T Blocklist

2024-06-18 Thread Michael Peddemors via mailop
https://wznoc.com/ With a obscure page like that, you are asking for trouble.. Just like the pages many of the bullet proof hosters throw up.. Why not use amscomputer.com in the PTR records, if these are your servers? https://www.amscomputer.com/ Inquiring minds would like to know. CIDR:

Re: [mailop] t-online.de spam

2024-06-18 Thread Michael Peddemors via mailop
Hey Benny, Just an FYI, the list admin's prefer NOT to have the list used for reporting spam.. It's okay to report generic trends, or misconfigurations, or visibility into something new.. (And of course, you are welcome to provide evidence of that.. ) but the list can quickly get consumed if

[mailop] Another 'Verified Email' service on AWS EC2

2024-06-18 Thread Michael Peddemors via mailop
Jun 18 09:58:03 be msd[1959712]: CONN: 34.229.185.73 -> 25 GeoIP = [US] PTR = ec2-34-229-185-73.compute-1.amazonaws.com OS = Linux 2.2.x-3.x Jun 18 09:58:04 be msd[1959712]: HELO command received, args: [127.0.0.1] Jun 18 09:58:04 be msd[1959712]: RSET command received, args: Jun 18 09:58:04 be m

Re: [mailop] salesforce phishing emails

2024-06-13 Thread Michael Peddemors via mailop
On 2024-06-13 08:28, Anne P. Mitchell, Esq. via mailop wrote: On Jun 12, 2024, at 11:40 PM, Hans-Martin Mosner via mailop wrote: Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop: I've also always found abuse@ to be responsive there, and it's peopled by a real person, who

Re: [mailop] [STATE OF THE UNION] Tales from the Trenches..

2024-05-30 Thread Michael Peddemors via mailop
great'.. Thanks for sharing.. On 2024-05-30 12:32, Slavko via mailop wrote: Dňa 30. mája 2024 18:23:25 UTC používateľ Michael Peddemors via mailop napísal: I am sure there are many others that are dedicated to strictly AUTHentication abuse.. The key is to be able to do the check at all

Re: [mailop] [STATE OF THE UNION] Tales from the Trenches..

2024-05-30 Thread Michael Peddemors via mailop
On 2024-05-30 10:46, Richard Laager via mailop wrote: On May 30, 2024, at 12:35, Michael Peddemors via mailop wrote: They do know there is RBL's that list known abusive BEC Attackers? I’m new to the list (though not email admin). What RBL are you saying I should be looking at? I al

[mailop] [STATE OF THE UNION] Tales from the Trenches..

2024-05-30 Thread Michael Peddemors via mailop
Both life and Business have been very active, so it's been a bit since I posted one of these.. It's about time again.. * SendGrid continues to allow the same common threats from escaping * Increase in threat actors from Thailand/Vietnam region, but probably proxies for Chinese actors * Digital

Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

2024-04-30 Thread Michael Peddemors via mailop
On 2024-04-30 04:44, Mendel Kucharzeck via mailop wrote: Laura, Thanks for your reply! Highly appreciated. Inline: - Anyone else seeing this behaviour from gmail recently? - Could the newly created, custom MAIL-FROM-domain cause a behaviour like this? The MAIL-FROM-Domain has not yet been use

Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

2024-04-29 Thread Michael Peddemors via mailop
On 2024-04-29 08:02, Mendel Kucharzeck via mailop wrote: Hi, During my last email campaign, I’ve encountered issues with gmail – and after investigating this for a few days, I cannot make heads or tails of the results. Maybe anyone can shed any light on what is happening. Environment: Mailin

Re: [mailop] Reason for being listed at Spamhaus CSS and XBL unclear

2024-04-18 Thread Michael Peddemors via mailop
On 2024-04-18 06:01, Sebastian Arcus via mailop wrote: In that case I think I am back to square one. If an infected device connecting to 587/465 to various servers on the internet, from our network, to try and guess passwords/break into accounts wouldn't have used the FQDN of our public IP as H

Re: [mailop] Reason for being listed at Spamhaus CSS and XBL unclear

2024-04-18 Thread Michael Peddemors via mailop
It's REALLY hard to give you good advice, if you don't include the actual IP Address that is listed.. However, if it is the same email server you sent from, it's on Contabo which has it's own problems with reputation.. And I don't think they really care to help the innocent operators on their

[mailop] Aruba Email Servers getting Authenticated SMTP sessions from Google?

2024-04-09 Thread Michael Peddemors via mailop
Aruba's email systems do have a lot of issues, but this one was a little new to me.. Received: from mail-lf1-f48.google.com ([209.85.167.48]) by Aruba Outgoing Smtp with ESMTPSA id uDJ6rtNJEjUFfuDJ6rzmku; Tue, 09 Apr 2024 17:22:44 +0200 It could be that they simply record ESMTP

Re: [mailop] Amazon SES [Was: is warming IPs still necessary?]

2024-03-27 Thread Michael Peddemors via mailop
On 2024-03-26 15:14, Ken Johnson via mailop wrote: Here, I have seen a gradual improvement in the quality of mail (now seeing a few legitimate users) coming from Amazon SES (based on headers containing amazonses.com), and now only add +3 in our local SpamAssassin filters. Of course, other peo

Re: [mailop] is warming IPs still necessary?

2024-03-25 Thread Michael Peddemors via mailop
Your biggest threat is hosting on AWS.. Given the nature of EC2, you want to ensure that the IPs you are using are not in the midst of some abusive IPs, and AWS is still not providing public 'rwhois' delegation to our knowledge. Make sure that you have a correct PTR record of course, the gene

Re: [mailop] Debt Collection Client Email Servers

2024-03-22 Thread Michael Peddemors via mailop
If they are 'dedicated', doesn't matter if they are coming from SendGrid, the PTR should reflect your clients domain. host 149.72.234.90 90.234.72.149.in-addr.arpa domain name pointer wrqvzxrx.outbound-mail.sendgrid.net. And given the amount of abuse of SendGrid servers, anything you can do

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

2024-03-12 Thread Michael Peddemors via mailop
Tobias, This does sound like a typical 'mail bomb', and there are even services you can rent to mail bomb an enemy.. Used to only see it in the gamer community, kid stuff.. but it is more rare than you think.. sometimes it can go on for several days.. Usually, someone has p**'ed off someone

[mailop] Love how people use SPF records.. Just for a chuckle..

2024-03-11 Thread Michael Peddemors via mailop
host -t TXT save.ca save.ca descriptive text "v=spf1 ip4:70.33.236.0/25 mx a include:sendgrid.net include:thestar.ca include:thestar.com include:spf.google.com include:spf.protection.outlook.com include:spf.yahoo.com include:spf.aol.com include:amazonses.com -all" ... so.. basically hard bl

[mailop] Any Apple guys, with knowledge of their networks shed some light on this IP Space?

2024-03-04 Thread Michael Peddemors via mailop
Does anyone know what this IP space is assigned for in general? Tracking some new threats.. inetnum:144.178.0.0 - 144.178.63.255 descr: Apple Inc status: LEGACY remarks:Cupertino admin-c:JD9555-RIPE tech-c: JD9555-RIPE netname:Apple-144-17

Re: [mailop] Gmail.com SPF false negatives?

2024-02-27 Thread Michael Peddemors via mailop
On 2024-02-27 15:01, Tim C via mailop wrote: On 28/2/24 09:30, Rob Nagler via mailop wrote: a mx ip4:139.177.203.52 You could try removing the redundant A/MX as they all point to 139.177.203.52. ___ mailop mailing list mailop@mailop.org https://lis

Re: [mailop] Outgoing Spam from Microsoft IPs

2024-02-19 Thread Michael Peddemors via mailop
On 2024-02-19 04:46, Gellner, Oliver via mailop wrote: On 16.02.2024 at 03:38 Matt Palmer via mailop wrote: Although I must say that without reverse DNS would seem to be the easier blocking option -- when was the last time you saw legitimate mail from an IP without rDNS? Unfortunately

[mailop] Gmail Affiliate Marketers.. getting stupid excessive... Yahoo/ATT

2024-02-14 Thread Michael Peddemors via mailop
All throw away domains, .xyz, .shop, .online, they are using ATT/Yahoo addresses, the emails are obvious.. Been reported a couple months back to the Yahoo people, no change to volumes.. (Note, it's all going to spam folders of course) Return-Path: Received: from mail-oo1-f78.google.com (HELO

Re: [mailop] Outgoing Spam from Microsoft IPs

2024-02-14 Thread Michael Peddemors via mailop
On 2024-02-13 22:57, Hans-Martin Mosner via mailop wrote: We've been seeing runs of spam mails from Microsoft IP addresses without reverse DNS (possibly cloud servers). One is sending with addresses , starting on February 8. The other (same or different spammer?) uses and started just yester

Re: [mailop] Is forwarding to Gmail basically dead?

2024-02-09 Thread Michael Peddemors via mailop
On 2024-02-08 22:11, Marco Moock via mailop wrote: Am Thu, 8 Feb 2024 10:46:51 -0800 schrieb Michael Peddemors via mailop : The only way this will stop, is when the network operators are forced to be accountable for outbound traffic dnsbl exists and some lists (e.g. uceprotect L3) entirely

Re: [mailop] Is forwarding to Gmail basically dead?

2024-02-08 Thread Michael Peddemors via mailop
On 2024-02-08 10:20, Randolf Richardson, Postmaster via mailop wrote: My opinion: Get rid of forwarding to external sites whenever possible. Some universities don't even provide a forwarding option for the eMail accounts they set up for their students, and this trend will probably contin

Re: [mailop] [EXTERNAL] It's almost getting funny out there now..

2024-02-06 Thread Michael Peddemors via mailop
06 16:19, Michael Wise wrote: 103.143.76.89 is not a Microsoft IP. At all. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail ? -Original Message- From: mailop On Behalf Of Michael Peddemors v

Re: [mailop] problem setting up open-dmarc

2024-02-06 Thread Michael Peddemors via mailop
Some days.. it's like F* DMARC.. hehehe.. Anything that created a multi-million dollar industry of consultants on how to set up DMARC, well.. email should NOT be that difficult.. I still remember when email administrators didn't know how to set up DNS correctly.. (oh wait, some still do) Yo

[mailop] It's almost getting funny out there now..

2024-02-06 Thread Michael Peddemors via mailop
For the record, looking at the 'too big to block' stats, and definitely the o365 spam is leading the pack.. IPs that are temporarily rate limited because of too many invalid recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs) Of course, not 100% relative, as their retry algo

[mailop] For the record, anyone tell me what specific Gmail email flows allows duplicate Return-Path as shown below?

2024-01-31 Thread Michael Peddemors via mailop
X-Gm-Message-State: AOJu0Yygtd3O5YdS/rWj45vxya0hwrYa/BjQf5JxGSCWzAx9RXR9bryH LpU0oZbfEz95pt1aYhcAMT1+ArGYrI6GtRLuJdtIEEHgVc36TLiys7kql09B4icWlFB6/0HAW7R L84tjrA== X-Google-Smtp-Source: AGHT+IHJ80+WwCu4hMgvckgAPlSHw5qrXfLxQgaNiEfLv7pnjJvoeHyju4z8pvBZv1ELBkh6pusbJQ== X-Received: by

Re: [mailop] ebay postmaster contact

2024-01-29 Thread Michael Peddemors via mailop
And of course, this 'could' be caused by backscatter on their servers, if the emails originated from your server ;) Ensure your domains have SPF records of course, but we need more information on the list to determine if this is forgeries, or an eBay inherent problem. Suggest you send more h

Re: [mailop] [External] seeking a spamtrap milter

2024-01-23 Thread Michael Peddemors via mailop
On 2024-01-23 12:35, Randolf Richardson, Postmaster via mailop wrote: Hi folks, I suspect this exists, but can't come up with the right search. I have domains that should never receive mail. I'd like a milter that looks for mail to those domains and feeds the IP of the sender to an outside prog

Re: [mailop] Ping Microsoft / MSN

2024-01-22 Thread Michael Peddemors via mailop
On 2024-01-22 06:58, Benoit Panizzon via mailop wrote: https://blacklist.imp.ch/entry.php?id=1.0.8.0.0.0.0.0.0.0.0.0.0.0.0.0.2.1.e.2.3.0.4.f.1.1.1.0.1.0.a.2 no further comment needed... Mit freundlichen Grüssen -Benoît Panizzon- We don't typically use IPv6, but the pattern matches a large ou

Re: [mailop] Spamhaus contact?

2024-01-19 Thread Michael Peddemors via mailop
On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote: On 2024-01-19 06:47, Atro Tossavainen via mailop wrote: On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote: Ok sorry not "most" but "some may"... My checkpoint rep said that they get their reputation lists from other co

Re: [mailop] Spamhaus contact?

2024-01-19 Thread Michael Peddemors via mailop
On 2024-01-19 06:47, Atro Tossavainen via mailop wrote: On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote: Ok sorry not "most" but "some may"... My checkpoint rep said that they get their reputation lists from other companies... is it wrong ? It's possible that Check Point are just an a

Re: [mailop] Spamhaus contact?

2024-01-18 Thread Michael Peddemors via mailop
Examples? On 2024-01-18 13:33, hg user via mailop wrote: I also saw a spike in IP reported as malicious by spamhaus: IPs that have been sending emails for years: standard, business emails from personal accounts of people in airlines and hotels are now triggering spamhaus IP rbl... those IPs ar

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

2024-01-16 Thread Michael Peddemors via mailop
I think you have to start blocking them earlier that in Spam Assassin, if you want to make a difference.. If you block them at the SMTP layer, then maybe they give up.. or if you reject with a 4XX, maybe Microsoft might notice an increase in the queues (wishful thinking) Also, if you check e

Re: [mailop] o365 outbound senders.. Strange Failures sending .. widespread reports

2023-12-18 Thread Michael Peddemors via mailop
On 2023-12-18 14:20, Benny Pedersen via mailop wrote: Michael Peddemors via mailop skrev den 2023-12-18 22:45: Strange rewriting mechanism, but this kind of volume should be restricted from the o365 side, no? What about the usage of non-existant FQDN name in the MAIL FROM? what mta ? what

Re: [mailop] 451-Reject due to policy restrictions from web.de and gmx.de

2023-12-17 Thread Michael Peddemors via mailop
Wow! Just got back from a week in the sun, and the mailing list has been busy.. A bit off topic, but it is always amazing.. rejecting based on no DKIM? It's like most new requirements, ever notice that the spammers are implementing these requirements sooner/faster than the real email operator

Re: [mailop] Another very strange microsoft originated email??

2023-12-07 Thread Michael Peddemors via mailop
-HM last-modified: 2019-09-23T04:53:33Z source: APNIC % This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4) Free trial account on Microsoft 365 being relayed through Microsoft 365 outbounds by a Hetzner IP --srs From: mailop

[mailop] Another very strange microsoft originated email??

2023-12-06 Thread Michael Peddemors via mailop
Take a look at the headers for this one.. Appears to come from an sender IP on Hetzner, but related to Microsoft?? Some headers snipped for brevity, but something sure appears rotten in denmark.. love the boundary.. Any takers on explained how this is being allowed or performed? Return-Path:

Re: [mailop] Email deliverability issues to Outlook

2023-12-06 Thread Michael Peddemors via mailop
On 2023-12-06 10:34, Anne Mitchell via mailop wrote: On Dec 5, 2023, at 11:49 PM, Grant Gordon via mailop wrote: A friend brought to my attention the following blog post which seems to have started around the same time we started experiencing issues and seems to be the same issue, though it

Re: [mailop] Orange ISP - New outbound IP ranges

2023-12-01 Thread Michael Peddemors via mailop
Jeremy, do note that there is 'history' on some of the 193.252.22.0/23 range.. I believe that previously there was Mail Essentials Project? Notice the SWIP is currently: inetnum:193.252.22.0 - 193.252.22.127 netname:MAIL-NEWMTA-FRANCE Suggest this be updated to reflect what you

Re: [mailop] Cox.net contact

2023-11-30 Thread Michael Peddemors via mailop
On 2023-11-30 12:39, Philip Paeps via mailop wrote: On 2023-12-01 06:59:21 (+1300), Mamidi, Sandeep via mailop wrote: We need cox.net post master details . Any one from cox.net ? Instead of going through bounces weekly, and contacting mailbox providers in alphabetical order asking for mitigat

Re: [mailop] Convincing clients of the importance of eMail recipient consent for mailing list subscriptions

2023-11-27 Thread Michael Peddemors via mailop
Wasnt' there an article on how engagement rates for confirmed double opt-in vs unconfirmed were a LOT higher.. a few years back? I think if you can point to the higher engagement rates, that even with lower total subscribers you are more effective in your email marketing. Anyone have a link t

  1   2   3   4   5   6   >