Re: [mailop] signup form abuse

Are your customers using confirmed opt-in mailing lists? If not, they should not be running mailing lists. matthew From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Vick Khera Sent: Tuesday, May 24, 2016 10:18 AM To: mailop@mailop.org Subject: [mailop] signup form abuse As an ESP, w

Re: [mailop] signup form abuse

On Wed, May 25, 2016 at 10:45 AM, Matthew Black wrote: > Are your customers using confirmed opt-in mailing lists? If not, they > should not be running mailing lists. > > Yes, the only effect is to send a confirmation message, which is quite generic and at most contains the customer's logo and nam

Re: [mailop] signup form abuse

Matthew, Which ESPs operate that way? (Hint: none. Most ESPs offer COI, few or none require it.) So since that's not happening... -- Al Iverson www.aliverson.com (312)725-0130 On Wed, May 25, 2016 at 9:45 AM, Matthew Black wrote: > Are your customers using confirmed opt-in mailing lists?

Re: [mailop] signup form abuse

On Tue, May 24, 2016 at 3:07 PM, Jay Hennigan wrote: > The appearance of the confirmation email makes a big difference. If it > looks like an advertisement with lots of graphics, hidden tracking bugs, > etc. it's likely to be viewed as abuse and used by bad guys to harass > innocents. > > I'm ver

Re: [mailop] signup form abuse

On Wed, May 25, 2016 at 11:02 AM, Al Iverson wrote: > Which ESPs operate that way? (Hint: none. Most ESPs offer COI, few or > none require it.) > All our direct signup forms are only COI. We do permit customers to import existing lists, which may or may not have been COI previously, though we su

Re: [mailop] signup form abuse

On Tue, May 24, 2016 at 2:18 PM, Michael Wise wrote: > Are these IP addresses on CBL? > I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it got signed up to 12 lists during May 17 and 18. Amazingly, whoever is on the other end of that address clicked

Re: [mailop] signup form abuse

On 5/25/16 10:36 AM, Vick Khera wrote: On Tue, May 24, 2016 at 2:18 PM, Michael Wise mailto:michael.w...@microsoft.com>> wrote: Are these IP addresses on CBL? I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com an

[mailop] Connection failures to Hotmail domains

I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' and other Hotmail domains (mx[1-4].hotmail.com) are either timing out (30s) or getting connection refused since ~11:00am PDT. Anyone else seeing this? I've tested from a few off-net points and am seeing the same. Mail is s

Re: [mailop] Connection failures to Hotmail domains

You're not alone. It's quite widespread. Multiple folks have talked to Microsoft people about the issue, they are aware. Regards, Al -- Al Iverson www.aliverson.com (312)725-0130 On Wed, May 25, 2016 at 3:08 PM, Keenan Tims wrote: > I'm seeing 90+% of our connection attempts to the MXes for 'h

Re: [mailop] Connection failures to Hotmail domains

On 25/05/16 21:08, Keenan Tims wrote: > I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' > and other Hotmail domains (mx[1-4].hotmail.com) are either timing out > (30s) or getting connection refused since ~11:00am PDT. Anyone else > seeing this? Yup. -- Jeremy _

Re: [mailop] Connection failures to Hotmail domains

On 5/25/2016 3:08 PM, Keenan Tims wrote: I'm seeing 90+% of our connection attempts to the MXes for 'hotmail.com' and other Hotmail domains (mx[1-4].hotmail.com) are either timing out (30s) or getting connection refused since ~11:00am PDT. Anyone else seeing this? I've tested from a few off-net

Re: [mailop] Connection failures to Hotmail domains

Oh yeah, we're aware. Hearing some reports that the issue may have been mitigated, but until I hear anything from Inside the House, can't really comment except to say ... PRI:0, being worked on as I type. But not by me, as I have no insight into the inner workings. Aloha, Michael. -- Michael

Re: [mailop] Connection failures to Hotmail domains

We saw the same thing too, just too busy dealing with the fallout of a lightning strike. Frank -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Keenan Tims Sent: Wednesday, May 25, 2016 3:09 PM To: mailop@mailop.org Subject: [mailop] Connection failures to

Re: [mailop] Connection failures to Hotmail domains

As soon as I have something external-facing-worthy, I will let y’all know. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? From: Jaren Ang

Re: [mailop] Connection failures to Hotmail domains

Thanks Mike. If you can, any update you receive (and can disclose) would be greatly appreciated. --Jaren On Wed, May 25, 2016 at 2:29 PM, Michael Wise via mailop wrote: > > Oh yeah, we're aware. > Hearing some reports that the issue may have been mitigated, but until I > hear anything from I

Re: [mailop] signup form abuse

On Wed, May 25, 2016 at 3:02 PM, Erwin Harte wrote: > I did a spot check of a recent attack. The email address was > jabradb...@kanawhascales.com and it got signed up to 12 lists during May > 17 and 18. Amazingly, whoever is on the other end of that address clicked > to confirm every one of those

Re: [mailop] signup form abuse

Vick Khera wrote: On Wed, May 25, 2016 at 3:02 PM, Erwin Harte > wrote: I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it got signed up to 12 lists during May 17 a

Re: [mailop] signup form abuse

When you say, “Confirmation Clicks”, do you mean on a link provided via email, or a confirmation button of a web form? Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool

Re: [mailop] signup form abuse

On 5/25/16 4:40 PM, Michelle Sullivan wrote: Vick Khera wrote: On Wed, May 25, 2016 at 3:02 PM, Erwin Harte mailto:eha...@barracuda.com>> wrote: I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it

Re: [mailop] signup form abuse

The classical response to that is a "Hidden" URL that, if "clicked" by the scanning software, gives "Insight" into the fact that the recipient is doing that, yes? Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Report

Re: [mailop] Connection failures to Hotmail domains

Finally has a chance to look at my logs … looking at error count over time (all U.S. Central) I see the following: Server 1: 1 25 12:3 1 25 12:4 4 25 13:1 22 25 13:2 22 25 13:3 24 25 13:4 31 25 13:5 18 25 14:0 8 25 14:1 16 25 14:2

Re: [mailop] signup form abuse

I've heard John Levine propose the "hidden link to catch scanning robots" solution but I've never heard of an email system implementing it. Similarly, senders have often suggested that spamtrap systems shouldn't follow links. (Security systems, sure, but don't do that with spamtrap addresses.) And

Re: [mailop] signup form abuse

Michael Wise wrote: The classical response to that is a "Hidden" URL that, if "clicked" by the scanning software, gives "Insight" into the fact that the recipient is doing that, yes? Aloha, Michael. That is the best solution - I'd hate for people to stop single click unsubscribes because they

Re: [mailop] signup form abuse

On 5/25/16 7:59 AM, Vick Khera wrote: On Wed, May 25, 2016 at 10:45 AM, Matthew Black mailto:matthew.bl...@csulb.edu>> wrote: Are your customers using confirmed opt-in mailing lists? If not, they should not be running mailing lists. Yes, the only effect is to send a confirmation m

Re: [mailop] signup form abuse

On 5/25/16 7:45 AM, Matthew Black wrote: Are your customers using confirmed opt-in mailing lists? If not, they should not be running mailing lists. The monetary compensation of ESPs is directly proportional to the volume of promotional messages that they send. Let that sink in. -- -- Jay Hen

Re: [mailop] signup form abuse

On 5/25/16 8:36 AM, Vick Khera wrote: I did a spot check of a recent attack. The email address was jabradb...@kanawhascales.com and it got signed up to 12 lists during May 17 and 18. Amazingly, whoever is on the other end of that address clicked to confirm e

Re: [mailop] signup form abuse

Oh heck yeah. And if nothing else, it's Rule Fodder. Subject =~ /confirm [\da-f]{32}/ Body =~ /\bxx.yy.zz.\d+\b/ ... you know the drill. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original

Re: [mailop] signup form abuse

> On May 25, 2016, at 4:03 PM, Jay Hennigan wrote: > > On 5/25/16 8:36 AM, Vick Khera wrote: > >> I did a spot check of a recent attack. The email address >> was jabradb...@kanawhascales.com >> and it got signed up to 12 lists during May 17 and 18. Amazingl

Re: [mailop] signup form abuse

That may or may not be a good metric, since if I just signed up for a legit mailing-list, I may be anxiously awaiting the confirmation mail, or if I'm a robot, I might be backlogged a few tens of seconds. So the Venn Diagram circles just might overlap more than you would wish. Aloha, Michael. -

Re: [mailop] signup form abuse

[ lightbulb / ] I've been thinking about this for a while, and just had a flash of brilliance (or madness, hard to tell at times...) You know what might be a good solution? Just occurred to me. The mailing list software displays a clickable link that will send an email address with a

Re: [mailop] signup form abuse

On 5/25/16 4:11 PM, Michael Wise wrote: That may or may not be a good metric, since if I just signed up for a legit mailing-list, I may be anxiously awaiting the confirmation mail, or if I'm a robot, I might be backlogged a few tens of seconds. So, "Click here to subscribe", "Click here if yo

Re: [mailop] signup form abuse

Yeah, pretty much. :) Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Jay Hennigan Sent: Wednesday, May 25, 2016