Hello
Since about one week I notice higher load on my spamtraps.
http://blacklist.woody.ch/rbltop.php
Aeh, yes, nearly exclusively .xyz domains hitting my spamtraps at the
moment.
Anyone else noticing this? Worth notifying the registrar? Has anyone a
good contact to nic.xyz?
-Benoît Panizzon-
seeing the same here.
.xyz domains went from almost zero to more than 200k uniq domains per
day. therefore no more ransomware right now...
the question is what's behind those domains? i didn't have the time to
analyze it, yet.
Cheers,
Stefan
On 10/13/2016 01:12 PM, Benoit Panizzon wrote:
> Hell
On Oct 13, 2016 07:46, "Stefan Haunß" wrote:
>
> the question is what's behind those domains? i didn't have the time to
> analyze it, yet.
>
Super cheap, and further discounted first-year, registration fees.
-Jim P.
___
mailop mailing list
mailop@mailo
* to correct this:
200k uniq subdomains
based on a few hundreds of domains
On 10/13/2016 01:41 PM, Stefan Haunß wrote:
> seeing the same here.
>
> .xyz domains went from almost zero to more than 200k uniq domains per
> day. therefore no more ransomware right now...
>
> the question is what's beh
Hi Stefan
> the question is what's behind those domains? i didn't have the time to
> analyze it, yet.
I had a bit a deeper look into it.
The Emails them self come from various IP Addresses. It's obviously a
botnet.
Almost all those xyz domains resolve to an IP within a /24 from AS41122.
So I s
I've seen this IP range you are talking about in cerber/ransomware
variants doing scans on 6892/udp
On 10/13/2016 02:37 PM, Benoit Panizzon wrote:
> Hi Stefan
>
>> the question is what's behind those domains? i didn't have the time to
>> analyze it, yet.
>
> I had a bit a deeper look into it.
>
I feel as if I'm overlooking something and hoping someone could provide
some clarity.
Receiving these NDRs for a client:
smtp;550 5.7.0 (SNT004-MC4F47) Unfortunately, messages from
(207.254.213.206) on behalf of (kuspit.com) could not be delivered due to
domain owner policy restrictions.
This ap
Does anyone have a contact at Proof point? Surprise listing for one of
$dayjob's email servers. I received notification of delisting, but mail
queues do not reflect this. I was told to contact Mizuho Sejimo
directly, but he did not include any direct contact information.
Thanks in advance,
--d
Hi Dave - Ill answer you offline, I have two contacts I can relay
*ANTHONY CHIULLI*
Senior Consultant, Deliverability Services
Salesforce
Mobile: 303.817.6506
On Thu, Oct 13, 2016 at 9:44 AM, Dave Brockman wrote:
> Does anyone have a contact at Proof point? Surprise listing for one of
> $da
We saw this over noon hour yesterday (Wednesday), and now again today, since
6:19 am U.S. Central:
421 4.2.1 "Service unavailable. Please try again later."
We're seeing this on multiple IPs, such as 152.163.0.68, 152.163.0.99,
152.163.0.100, and 64.12.88.163.
The last email that we deliver
It's probably due to -all in SPF
kuspit.com descriptive text "v=spf1 ip4:200.53.152.189/32
ip4:200.53.152.185/32
ip4:200.53.152.182/32 include:icpbounce.com -all"
BTW: DMARC (RFC 7489) recommends to use 'DMARC' as a keyword to indicate
reject reason in in 550 message text.
Justin Frechette пиш
Well, there is a mismatch of the SPF records, the root for the domain says
-all, but the included one that actually has the relevant /26 says ~all, but
aside from that, I’d suggest that you open a ticket with Hotmail Support and
ask what the issue is.
Aloha,
Michael.
--
Michael J Wise | Micro
Hi Frank,
It would seem that you are not alone. We received word form AOL about some
issues they were dealing with this morning and that they were working through
them.
Regards,
Andrew
-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
Sent: Th
Seems to have tailed off from a peak around 8am eastern this morning, but we're
still seeing a few percent failure like the below
error from remote mail server after initial connection: host
mailin-01.mx.aol.com [64.12.88.131]: 421 mtaiw-mae07.mx.aol.com Service
unavailable - try again later
In article
you write:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>I feel as if I'm overlooking something and hoping someone could provide
>some clarity.
I agree that the -all is a poor idea. Change it to ~all or ?all.
Unless your name is paypal and you have real phishing problems, strict
SPF causes more prob
For what it's worth, we are also seeing the issues described along with a
spike in hard bounces due to non-existent address, e.g.: "550 5.1.1 <%@
aol.com>: Recipient address rejected: aol.com". I suspect it to be related
to the other issues, as the volume of these bounces is significantly higher
t
We are working on some issues here and some improvement should be coming
soon. If you are having persistent issues that are not improving you can
email me directly here.
Thanks.
Lili
Lili Crowley
AOL Postmaster
On Thu, Oct 13, 2016 at 1:27 PM, David Landers via mailop wrote:
> For what it's
Responding off list. Thanks.
--Jaren
On Thu, Oct 13, 2016 at 9:44 AM, Dave Brockman wrote:
> Does anyone have a contact at Proof point? Surprise listing for one of
> $dayjob's email servers. I received notification of delisting, but mail
> queues do not reflect this. I was told to contact
Contact at Edward Jones or Alliance Data? A user reports email not
received, but nothing in my exim logs to show a delivery attempt.
Edward Jones Technical Assistance confirms the from email addresses (nope,
not in the exim logs) and provided the IP addresses of the sending servers
-- not in the
Thanks – we saw most of it cleared up by 2:30 pm U.S. Central.
Frank
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Lili Crowley
Sent: Thursday, October 13, 2016 12:36 PM
To: mailop@mailop.org
Subject: Re: [mailop] Anyone else seeing AOL delivery issues today?
We are worki
Hi Ken,
Have you verified that your secondary can actually resolve their outbound
IP properly? I only say this because your situation reminds me of a very
similar incident many years ago where a legacy firewall rule was assuming
that query ports *had* to be 53.
Just a wild hunch, I still remember
I keep getting surveys sent to addresses of local mailing lists that
for obvious reasons do not want them and should never get them.
Each time I complain and tell them to send no more mail to that
address, they send me what looks like a form reply saying that the
addresses are chosen by their user
22 matches
Mail list logo
