Hi,
Like to hear more about this, even if you choose to do it off list. We
all know how bad the Contabo IP space can be, but it would be
interesting to know if the COntabo IP used recently updated credentials,
eg just before you used BlueMail. Otherwise it might be some other form
of compromis
Dnia 13.11.2023 o godz. 19:13:50 Jaroslaw Rafa via mailop pisze:
> > What if users travel abroad?
> >
> > IMHO, it is better to monitor login IPs using services like
> > AbuseIPDB which provide an abuse score.
>
> Or just fail2ban :)
Nevermind, I didn't notice that we're talking about a case whe
Dnia 13.11.2023 o godz. 14:04:29 Alessandro Vesely via mailop pisze:
> >My boss wants to block access from abroad but that will block several
> >people, I'm afraid.
>
> What if users travel abroad?
>
> IMHO, it is better to monitor login IPs using services like
> AbuseIPDB which provide an abuse
On Sat 11/Nov/2023 10:52:26 +0100 hg user wrote:
Do you have a list of IPs that are known to be used for this legit service ?
A user of mine used to have logins from my.com (NL), which looks particularly
suspect as it is a subsidiary of mail.ru. Mymail behaves similarly to what
Luis and oth
On 2023-11-11 03:30, Bjoern Franke via mailop wrote:
Hi,
... I have not been aware of the fact that *ALL* apps actually might be
doing this.
It was just recently that I looked for alternative iOS mail apps - and
"phoning home" credentials got noted only for the Spark app.
This seems to be not
On 2023-11-10 09:00, Francois Petillon via mailop wrote:
What we have seen here is Microsoft IPs connecting to mailboxes using
IMAP. These connections seemed to be uncorrelated from real users
connections (graphs looked mostly flat) and Microsoft did not really
care about credentials validity.
> I don't understand, why the push notifications cannot work independently of
> IMAP?
They could, but there are a couple of reasons why people don't do that except
for critical alerts. Perhaps we just have different expectations of email
notifications:
* When I click on a notification, I want it
> This seems to be not restricted to iOS apps
Yup! Blue mail for example is cross-platform, so they had to implement cloud
notifications anyway. Might as well use it on android and avoid negative reviews
because people can't find the 50 hidden settings they need to set to stop
android from killing
Hi Andrew,
> Am 11.11.2023 um 14:25 schrieb Andrew C Aitchison via mailop
> :
>
> […]
>
> I guess we need to look at ClientID
> https://datatracker.ietf.org/doc/draft-storey-smtp-client-id/ (SMTP)
> https://datatracker.ietf.org/doc/draft-yu-imap-client-id/ (IMAP)
> and OAuthBearer RFC7628
> to
On Sat, 11 Nov 2023, Bjoern Franke via mailop wrote:
Hi,
... I have not been aware of the fact that *ALL* apps actually might be
doing this.
It was just recently that I looked for alternative iOS mail apps - and
"phoning home" credentials got noted only for the Spark app.
This seems to be no
Hi,
... I have not been aware of the fact that *ALL* apps actually might be
doing this.
It was just recently that I looked for alternative iOS mail apps - and
"phoning home" credentials got noted only for the Spark app.
This seems to be not restricted to iOS apps. Recently I tried "Blue
Mail"
Am 11.11.2023 um 10:52:26 Uhr schrieb hg user via mailop:
> Do you have a list of IPs that are known to be used for this legit
> service ?
No, but you can create test accounts and then intentionally use the MS
service to find the networks. The block the entire ASN for login via
SMTP/IMAP.
> My b
We just setup a report to list countries our users connect from. We
discovered that a lot of them were connect from our country, Italy, and
from abroad, usually Ireland.
We were able to link most of the connections from abroad to several
services, like microsoft, or other mail clients that need to
Am 10.11.2023 22:27 schrieb Jaroslaw Rafa via mailop:
> Dnia 10.11.2023 o godz. 21:09:31 Louis Laureys via mailop pisze:
> > You can probably tell from my wording how I feel about this. I get
> > the battery efficiency part. Not the part where ActiveSync has an
> > exception to it, and their own b
Dnia 10.11.2023 o godz. 21:09:31 Louis Laureys via mailop pisze:
> You can probably tell from my wording how I feel about this. I get the battery
> efficiency part. Not the part where ActiveSync has an exception to it, and
> their
> own battery efficient IDLE alternative is not accessible to most.
Yeah, on iOS if it has instant notifications, and it's not the built-in Mail app
or a first party app of your service, it has to have phoned home the
credentials. There isn't really any way around it, the only long living
connection they allow is their own notification system. For some reason they
Interesting, Louis - ...
On 10.11.2023 20:30, Louis Laureys via mailop wrote:
The fact that it transfers all of your messages is new (to me), the
whole transferring of credentials has been the standard for almost all
mobile email clients as on ios you can't keep an imap connection open
for ins
The fact that it transfers all of your messages is new (to me), the whole
transferring of credentials has been the standard for almost all mobile email
clients as on ios you can't keep an imap connection open for instant
notifications. On android you can, but only after hunting for all the battery
Am 10.11.2023 um 17:08:33 Uhr schrieb Andrew C Aitchison via mailop:
> Is this new Microsoft version significantly different ?
It is because it isn't that clear like the "import" feature of gmail
for the user.
___
mailop mailing list
mailop@mailop.org
h
Hi Andrea & all -
On 10.11.2023 18:08, Andrew C Aitchison via mailop wrote:
Microsoft lays hands on login data: Beware of the new Outlook
https://www.heise.de/news/Microsoft-lays-hands-on-login-data-Beware-of-the-new-Outlook-9358925.html
with you.
... ...
So, your account got hacked and you
On Fri, 10 Nov 2023, Carsten Schiefner via mailop wrote:
Folks,
sort of triggered by Benoit's recent and absolutely
spot-hitting rant about Microsoft's inability resp.
unwillingness to appropriately deal with spam complaints, I
thought I should share this article:
Microsoft lays hands on l
On 11/10/23 16:54, Carsten Schiefner via mailop wrote:
sort of triggered by Benoit's recent and absolutely spot-hitting rant about
Microsoft's inability resp. unwillingness to appropriately deal with spam
complaints, I thought I should share this article:
Microsoft lays hands on login data: Bew
Am 10.11.2023 um 16:54:00 Uhr schrieb Carsten Schiefner via mailop:
> So, your account got hacked and you happen to use such an Outlook
> version: where was the leak? On your end? Or on Microsoft's?
I really don't know how people who are working in IT security can
use software form such a compan
Folks,
sort of triggered by Benoit's recent and absolutely spot-hitting rant
about Microsoft's inability resp. unwillingness to appropriately deal
with spam complaints, I thought I should share this article:
Microsoft lays hands on login data: Beware of the new Outlook
https://www.heise.de/ne
24 matches
Mail list logo
