If you follow any of the white hat groups, or security researchers, you
will see a lot of them already doing it with little or no effect..
(Which means of course people stop bothering to report it)
However, a little birdie told me that certain government agencies are
finally waking up and gath
On 2019-04-29 7:58 a.m., Michael Rathbun via mailop wrote:
On Mon, 29 Apr 2019 07:26:23 -0700, Michael Peddemors via mailop
wrote:
PS, pgHammer went quiet yesterday.. either someone caught/killed his C&C
server, or the actor realized that there was too much attention on the
activity.
On 2019-04-29 8:18 a.m., Anne P. Mitchell, Esq. via mailop wrote:
I wonder if we should*all* tweet to them, including the hashtag
#DigitalOceanHostsBadGuys ?;-)
When Anne suggests something like this.. ;)
Done!
--
"Catch the Magic of Linux..."
--
On 2019-04-29 8:37 a.m., Michael Peddemors via mailop wrote:
On 2019-04-29 8:18 a.m., Anne P. Mitchell, Esq. via mailop wrote:
I wonder if we should*all* tweet to them, including the hashtag
#DigitalOceanHostsBadGuys ?;-)
When Anne suggests something like this.. ;)
Done!
Speaking of
ell them every email exists and is valid ;)
Just kidding, why let them use valuable resources..
PPS, You know the IP(s) can change at any time ;)
On 2019-04-29 3:40 p.m., Carl Byington via mailop wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2019-04-29 at 09:12 -0700, Michael Peddem
On 2019-05-10 4:21 a.m., Laura Atkins via mailop wrote:
You don’t need to separate your transactional and your marketing mail on
different IPs because the filters aren’t using IPs as the unique mail
identifier.
I would suggest that you 'might' have a point when it comes to the
bigger players,
Don't get me started on OVH IP Space.
Aside from all the blocks delegated with no rwhois, hiding behind GDPR
as an excuse not to provide information on the operator..
Aside from known spammers where the domains are so obviously used for fraud.
Aside from the poor OVH abuse handling.
Just mak
On 2019-05-28 12:00 p.m., Michael Wise via mailop wrote:
"Unsolicited Email is defined as email sent to persons other than (i) persons
with whom Customer has an existing business relationship, OR
(ii) persons who have consented to the receipt of such email, including publishing
or providing the
Hehehe.. how does that saying going about the "pot calling the kettle
black"? But aside from comments about what people are saying about
Azure
It really is when those /28's start firing up on your network.. I would
'like' to say it is a problem with vetting new customers, however I
can't
provements I'm trying to push through here, and if there are some easy
things I'm forgetting or overlooking, I'd like to know. I'd be happy to
take this off-list.
Kind regards
Bastiaan van den Berg
-
Hetzner Online GmbH
Am
Got several of these today..
Looks like a fairly easy fake Interac to detect.
Sending to stripped addresses off of web pages from the look of it..
Probably compromised accounts/computers, but still..
Try to squeek time this week to send a more friendly catch up email..
-- Michael --
Too many hats today. and too many hours sorry about that..
Still several hours of work in front of me..
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagi
Spot checking one bot net operating on compromised routers, one country
that really has a problem that needs to be addressed.. last 30 minutes
on ONE server.. All SMTP AUTH attacks against port 587..
The percentage of compromised routers on these networks is staggering..
91.76.100.131.in-addr.
Speaking about Facebook.. wish they standardized naming conventions ..
They seem to also have a real problem with sending to invalid email
addresses, of course with their size it could simply be thousands of ppl
with fat fingers but..
Would be nice to clearly know the behavioral differences be
Judging by the quick google, business been around since 2004, and
pushing secure DNS services now.. Seems's I have heard their name
around... Linked in shows about 56 employees..
Are the reasons related to the obvious ransom ware still leaking out
your network?
(Oh, just giving you a hard ti
Thanks Ann for sharing,
And you are right, this "could" be opening a scary can of worms for
'anyone' who is or has control or influence on delivering messages of
any type, (eg Twitter, Spam Filtering companies, etc).
During the last election this was a concern, Democrats complaining
Republic
On 2019-08-20 12:45 p.m., John Levine via mailop wrote:
In article <530230574.3626402.1566296780...@ss002889.tauri.ch> you write:
-=-=-=-=-=-
-=-=-=-=-=-
Not quite, RFC5322 section 2.2.3 explicitly states at the end of the paragraph:
"An unfolded header field has no length restriction and
the
Fake Account reactivation notices circulating..
Return-Path:
Subject: Mailjet - Re-Activate your account
They are hot linking to
https://app.mailjet.com/images/email/transac/fb.png
(Could always change that image to 'This is a Scam' ;)
http://gtpx.mjt.lu/lnk
https://farmforkitchen/m
My
+1
But now if we can ONLY get Amazon, GoogleCloud, and Azure to start doing
the same thing ;) Still far too many bad actors relying on the network
being 'too big to block' and very loose SWIP/rwhois.
On 2019-08-22 8:41 a.m., Laura Atkins via mailop wrote:
In my experience, when the bounce mes
On 2019-08-23 12:45 a.m., Benoit Panizzon via mailop wrote:
157.161.0.0/16 is a 'legacy', pre RIPE range which is exempt from the
RIPE requirement to register customer allocations.
Just because it is exempt, doesn't mean you can't take the opportunity
to be a good netizen, and operate a 'rwhoi
On 2019-08-27 10:07 a.m., Jay Hennigan via mailop wrote:
Don't use Spamcop then. Send your complaints directly to the abuse desk.
Let us know if it does any good.
While overall great comments, we all have to realize the frustration of
those involved in sending reports 'directly' as well..
To
https://portal.msrc.microsoft.com/en-us/engage/cars
By the time you finished filling all the fields out, and hit submit it
tells you the recaptcha has expired and to 'reload the page', and of
course with it all the information you just spent 10 minutes filling in..
*sigh*
Meh! just blacklist
Actually, what I like is those companies that show real time stats on
RBL's, you get to see who is the most accurate, not only who would block
the most..
If you get 'inaccuracies', then someone has done something wrong.
M3AAWG might be exactly the WRONG organization for this, given it's
close
Jul 11 08:20:04 be msd[1974542]: CONN: 52.96.233.45 -> 587 GeoIP = [US]
PTR = NXDOMAIN OS = Windows NT kernel
Jul 11 08:20:04 be msd[1974542]: EHLO command received, args:
SJ1PR84MB3115.NAMPRD84.PROD.OUTLOOK.COM
The fingerprint looks funky too.. trying to see if this is an actual
cloud outlook
On 2023-07-12 12:53, Jaroslaw Rafa via mailop wrote:
Most of regular consumer email users don't have any reason for this. As Bill
Cole, whom I was replying to, wrote - nobody would try to impersonate you or
me in a phishing campaign for financial gain, because there won't be any.
hehehe.. they
On 2023-07-14 09:20, Slavko via mailop wrote:
You all realize that the poor guy looking for a guide on how to set up
and email server long since left, you scared him to death with the
complexity..
We need to 'encourage' people to run their own mail servers, not scare
them away..
Suggest yo
All guardpost IPs, but again it would be nice if big ESP's used the
actual sender in the MAIL FROM's so that only the bad guys get blocked,
and not all their customers..
IMHO..
Sorry everyone, haven't had much time for our regularly scheduled 'state
of the union', working on getting other tea
And consider an RBL that tracks IPs used in authentication attacks, like
RATS-AUTH, RATS-NULL from SpamRats..
And you might consider your policies on allowing connections from open
proxies as well in the interm.. given the amount of hackers that use
that to bypass country authentication restri
On 2023-07-31 14:32, Ángel via mailop wrote:
On 2023-07-25 at 17:14 +0200, Sebastian Nielsen via mailop wrote:
Sadly not all MUAs implement ClientID either.
Easiest way to implement 2FA on email, is to have a webpage, where
you login with your 2FA token. When you have done that, the IP to
visit
castlemta-worker-6.usgovtexas.cloudapp.usgovcloudapi.net
MAIL FROM address: [f...@subscriptions.fbi.gov]
Hit me up off list, might be something wrong with your mailer..
FastTalker, trying to pipeline when not advertised?
--
"Catch the Magic of Linux..."
-
Just ONE ?? Hehehe.. Block and Forget.. Lot's of active affiliate
spammers, malware senders, BEC actors, phishing, and throw away domains..
Sorry, but OVH team's are completely uncaring on this matter it appears.
It's a sad trend, those hosting providers who's 'in-use' IP count is
more importa
On 2023-08-09 08:55, Mark Alley via mailop wrote:
On 8/9/2023 3:31 AM, Jaroslaw Rafa via mailop wrote:
Dnia 9.08.2023 o godz. 11:00:12 Otto J. Makela via mailop pisze:
Unless the situation has dramatically changed in the last year,
OVH has no functioning abuse team. I block a majority of thei
Having a few customers reporting a REAL strange case.. they are being
overwhelmed by what looks like backscatter, but a very broken backscatter.
All IPs in the 40.92.NNN.NNN block.
The backscatter message coming from postmas...@outlook.com as NDR"s but
not a normal NDR. Being delivered to ser
host ns-73.awsdns-09.com
205.251.192.73
Seems seeing an increased 'backscatter' from these servers, used maybe
as a method to spread phishing materials..
Shows them as Exim servers, but no idea what those servers are meant to
be doing? the dns reflection in the names suggest it isn't really m
First of all, would be nice it you break up your header injected by your
Spam protection..
X-Alimail-AntiSpam:AC=CONTINUE;BC=0.5623653|-1;BR=01201311R341S52rulernew998_84748_200224;CH=blue;DM=|SUSPECT|false|;DS=EDM|edm_business_exp|0.992675-0.000166775-0.00715851;FP=9971652179302129152|168|1|150
It's been a bit, but this week with so many of the team on holidays, I
guess it is on me to post an update.. Things that we are seeing..
* Increase of Japanese servers with Email compromises
* Zimbra BEC continues to rise, and with the latest CVE, will expect
more but it is of course sad to s
Nothing at either ..
http://rbl.serverko.net or http://serverko.net, and whois is privacy
protected CloudFlare..
Hosted at:
JoneSolutions Internet Services (JIS-45)
--
"Catch the Magic of Linux..."
Michael Peddemors,
7;t spam, then email
security at jonesolutions dot com. If you spam again, good bye forever!
Seems very professional.
Louis
Op maandag 11 september 2023 om 17:41, schreef Michael Peddemors via mailop:
Nothing at either ..
http://rbl.serverko.net <http://rbl.serverko.net> or
Curious about the construction of your Received Headers, from local user...
Received: from Airwheel0508(mailfrom:herb...@electricluggage.net
fp:SMTPD_---.V2eL5mH_1697693488)
by smtp.aliyun-inc.com;
Thu, 19 Oct 2023 13:31:29 +0800
Notice that there is no information, such as
On 2023-10-24 05:38, Benoît Panizzon via mailop wrote:
Hi Team
One of our customer is forwarding his emails on our platform to his
hotmail email address.
Today, we started getting a Microsoft Spam complaint for almost every
email that was being forwarded to his hotmail account.
I contacted the
This spammer or mail to hire company, spams through Gmail services..
Return-Path:
Received: from mail-io1-f50.google.com (HELO mail-io1-f50.google.com)
(209.85.166.50)
...
However..
X-Google-Smtp-Source:
AGHT+IF+YQj10sXzr631pp0MqKBzywMKwgMR40jKetDYeAC5No/cCx2lD4x7tB7lheld3srQrM8NAQ==
X-Rece
Not to be 'snide' Atro, but that part is pretty obvious..
It was the technical details I was searching for, on HOW it is able to
relay from those IPs.. please review the original post again.. I thought
I was clear on that..
This doesn't appear to be the standard relay path/source/methods..
O
IMHO there are reasons for the EHLO or HELO to use the internal server
name, which may not be associated with a public IP Address, so expecting
the EHLO to match the PTR can and will get you into trouble.
It is more important to make sure that the domain in the PTR record, has
a URL associated
7;s all.
So, what do you mean by having a valid URL associated?
Thanks !
Le sam. 28 oct. 2023 à 01:03, Michael Peddemors via mailop
mailto:mailop@mailop.org>> a écrit :
IMHO there are reasons for the EHLO or HELO to use the internal server
name, which may not be associated with a
On 2023-11-10 09:00, Francois Petillon via mailop wrote:
What we have seen here is Microsoft IPs connecting to mailboxes using
IMAP. These connections seemed to be uncorrelated from real users
connections (graphs looked mostly flat) and Microsoft did not really
care about credentials validity.
On 2023-11-11 03:30, Bjoern Franke via mailop wrote:
Hi,
... I have not been aware of the fact that *ALL* apps actually might be
doing this.
It was just recently that I looked for alternative iOS mail apps - and
"phoning home" credentials got noted only for the Spark app.
This seems to be not
Re Confirm CLIENTID usage, all MagicMail customers have CLIENTID support
enabled.. Not all are 'locking' customer email accounts yet..
Like insurance.. it's often 'lock the doors AFTER you have been robbed',
but it is a simple way to lock down email accounts.
And we are still working on buy-i
Of course, Google never SWIP's their segments very well, but with no PTR
records, not much to go on.. large DNS Queries coming from this range,
anyone know if it has legit usage?
- 192.178.65.2 = 10357
- 192.178.65.5 = 10327
- 192.178.65.8 = 99
:35 skrev Michael Peddemors via mailop:
Of course, Google never SWIP's their segments very well, but with no
PTR records, not much to go on..
Not much to go on, hmm ...
... Have you tried the Google Public DNS documentation? :)
large DNS Queries coming from this range, anyone know if it has
And Laura,
This is ONLY the tip of the iceberg.. as long as businesses find they
can get away with things, they will keep pushing the boundaries..
Whether it is Digital Ocean turning a blind eye, or even facilitating
criminal activity, encouraging other hosters to do the same, or putting
up
Wasnt' there an article on how engagement rates for confirmed double
opt-in vs unconfirmed were a LOT higher.. a few years back?
I think if you can point to the higher engagement rates, that even with
lower total subscribers you are more effective in your email marketing.
Anyone have a link t
On 2023-11-30 12:39, Philip Paeps via mailop wrote:
On 2023-12-01 06:59:21 (+1300), Mamidi, Sandeep via mailop wrote:
We need cox.net post master details . Any one from cox.net ?
Instead of going through bounces weekly, and contacting mailbox
providers in alphabetical order asking for mitigat
Jeremy, do note that there is 'history' on some of the 193.252.22.0/23
range.. I believe that previously there was Mail Essentials Project?
Notice the SWIP is currently:
inetnum:193.252.22.0 - 193.252.22.127
netname:MAIL-NEWMTA-FRANCE
Suggest this be updated to reflect what you
On 2023-12-06 10:34, Anne Mitchell via mailop wrote:
On Dec 5, 2023, at 11:49 PM, Grant Gordon via mailop wrote:
A friend brought to my attention the following blog post which seems to have
started around the same time we started experiencing issues and seems to be the
same issue, though it
Take a look at the headers for this one..
Appears to come from an sender IP on Hetzner, but related to Microsoft??
Some headers snipped for brevity, but something sure appears rotten in
denmark.. love the boundary.. Any takers on explained how this is being
allowed or performed?
Return-Path:
-HM
last-modified: 2019-09-23T04:53:33Z
source: APNIC
% This query was served by the APNIC Whois Service version 1.88.25 (WHOIS-US4)
Free trial account on Microsoft 365 being relayed through Microsoft 365
outbounds by a Hetzner IP
--srs
From: mailop
Wow! Just got back from a week in the sun, and the mailing list has been
busy..
A bit off topic, but it is always amazing.. rejecting based on no DKIM?
It's like most new requirements, ever notice that the spammers are
implementing these requirements sooner/faster than the real email
operator
On 2023-12-18 14:20, Benny Pedersen via mailop wrote:
Michael Peddemors via mailop skrev den 2023-12-18 22:45:
Strange rewriting mechanism, but this kind of volume should be
restricted from the o365 side, no? What about the usage of
non-existant FQDN name in the MAIL FROM?
what mta ?
what
I think you have to start blocking them earlier that in Spam Assassin,
if you want to make a difference..
If you block them at the SMTP layer, then maybe they give up.. or if you
reject with a 4XX, maybe Microsoft might notice an increase in the
queues (wishful thinking)
Also, if you check e
Examples?
On 2024-01-18 13:33, hg user via mailop wrote:
I also saw a spike in IP reported as malicious by spamhaus: IPs that
have been sending emails for years: standard, business emails from
personal accounts of people in airlines and hotels are now triggering
spamhaus IP rbl... those IPs ar
On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
Ok sorry not "most" but "some may"...
My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?
It's possible that Check Point are just an a
On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote:
On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
Ok sorry not "most" but "some may"...
My checkpoint rep said that they get their reputation lists from other
co
On 2024-01-22 06:58, Benoit Panizzon via mailop wrote:
https://blacklist.imp.ch/entry.php?id=1.0.8.0.0.0.0.0.0.0.0.0.0.0.0.0.2.1.e.2.3.0.4.f.1.1.1.0.1.0.a.2
no further comment needed...
Mit freundlichen Grüssen
-Benoît Panizzon-
We don't typically use IPv6, but the pattern matches a large ou
On 2024-01-23 12:35, Randolf Richardson, Postmaster via mailop wrote:
Hi folks,
I suspect this exists, but can't come up with the right search.
I have domains that should never receive mail. I'd like a milter that
looks for mail to those domains and feeds the IP of the sender to an
outside prog
And of course, this 'could' be caused by backscatter on their servers,
if the emails originated from your server ;)
Ensure your domains have SPF records of course, but we need more
information on the list to determine if this is forgeries, or an eBay
inherent problem.
Suggest you send more h
X-Gm-Message-State: AOJu0Yygtd3O5YdS/rWj45vxya0hwrYa/BjQf5JxGSCWzAx9RXR9bryH
LpU0oZbfEz95pt1aYhcAMT1+ArGYrI6GtRLuJdtIEEHgVc36TLiys7kql09B4icWlFB6/0HAW7R
L84tjrA==
X-Google-Smtp-Source:
AGHT+IHJ80+WwCu4hMgvckgAPlSHw5qrXfLxQgaNiEfLv7pnjJvoeHyju4z8pvBZv1ELBkh6pusbJQ==
X-Received: by
For the record, looking at the 'too big to block' stats, and definitely
the o365 spam is leading the pack..
IPs that are temporarily rate limited because of too many invalid
recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs)
Of course, not 100% relative, as their retry algo
Some days.. it's like F* DMARC.. hehehe..
Anything that created a multi-million dollar industry of consultants on
how to set up DMARC, well.. email should NOT be that difficult..
I still remember when email administrators didn't know how to set up DNS
correctly.. (oh wait, some still do)
Yo
06 16:19, Michael Wise wrote:
103.143.76.89 is not a Microsoft IP.
At all.
Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?
-Original Message-
From: mailop On Behalf Of Michael Peddemors v
On 2024-02-08 10:20, Randolf Richardson, Postmaster via mailop wrote:
My opinion: Get rid of forwarding to external sites whenever possible.
Some universities don't even provide a forwarding option for the
eMail accounts they set up for their students, and this trend will
probably contin
On 2024-02-08 22:11, Marco Moock via mailop wrote:
Am Thu, 8 Feb 2024 10:46:51 -0800
schrieb Michael Peddemors via mailop :
The only way this will stop, is when the network operators are forced
to be accountable for outbound traffic
dnsbl exists and some lists (e.g. uceprotect L3) entirely
On 2024-02-13 22:57, Hans-Martin Mosner via mailop wrote:
We've been seeing runs of spam mails from Microsoft IP addresses without
reverse DNS (possibly cloud servers).
One is sending with addresses , starting on February 8.
The other (same or different spammer?) uses and
started just yester
All throw away domains, .xyz, .shop, .online, they are using ATT/Yahoo
addresses, the emails are obvious.. Been reported a couple months back
to the Yahoo people, no change to volumes..
(Note, it's all going to spam folders of course)
Return-Path:
Received: from mail-oo1-f78.google.com (HELO
On 2024-02-19 04:46, Gellner, Oliver via mailop wrote:
On 16.02.2024 at 03:38 Matt Palmer via mailop wrote:
Although I must say that
without reverse DNS
would seem to be the easier blocking option -- when was the last time you saw
legitimate mail from an IP without rDNS?
Unfortunately
On 2024-02-27 15:01, Tim C via mailop wrote:
On 28/2/24 09:30, Rob Nagler via mailop wrote:
a mx ip4:139.177.203.52
You could try removing the redundant A/MX as they all point to
139.177.203.52.
___
mailop mailing list
mailop@mailop.org
https://lis
Does anyone know what this IP space is assigned for in general? Tracking
some new threats..
inetnum:144.178.0.0 - 144.178.63.255
descr: Apple Inc
status: LEGACY
remarks:Cupertino
admin-c:JD9555-RIPE
tech-c: JD9555-RIPE
netname:Apple-144-17
host -t TXT save.ca
save.ca descriptive text "v=spf1 ip4:70.33.236.0/25 mx a
include:sendgrid.net include:thestar.ca include:thestar.com
include:spf.google.com include:spf.protection.outlook.com
include:spf.yahoo.com include:spf.aol.com include:amazonses.com -all"
... so.. basically hard bl
Tobias,
This does sound like a typical 'mail bomb', and there are even services
you can rent to mail bomb an enemy..
Used to only see it in the gamer community, kid stuff.. but it is more
rare than you think.. sometimes it can go on for several days..
Usually, someone has p**'ed off someone
If they are 'dedicated', doesn't matter if they are coming from
SendGrid, the PTR should reflect your clients domain.
host 149.72.234.90
90.234.72.149.in-addr.arpa domain name pointer
wrqvzxrx.outbound-mail.sendgrid.net.
And given the amount of abuse of SendGrid servers, anything you can do
Your biggest threat is hosting on AWS..
Given the nature of EC2, you want to ensure that the IPs you are using
are not in the midst of some abusive IPs, and AWS is still not providing
public 'rwhois' delegation to our knowledge.
Make sure that you have a correct PTR record of course, the gene
On 2024-03-26 15:14, Ken Johnson via mailop wrote:
Here, I have seen a gradual improvement in the quality of mail (now seeing a
few legitimate users) coming from Amazon SES (based on headers containing
amazonses.com), and now only add +3 in our local SpamAssassin filters. Of
course, other peo
Aruba's email systems do have a lot of issues, but this one was a little
new to me..
Received: from mail-lf1-f48.google.com ([209.85.167.48])
by Aruba Outgoing Smtp with ESMTPSA
id uDJ6rtNJEjUFfuDJ6rzmku; Tue, 09 Apr 2024 17:22:44 +0200
It could be that they simply record ESMTP
It's REALLY hard to give you good advice, if you don't include the
actual IP Address that is listed..
However, if it is the same email server you sent from, it's on Contabo
which has it's own problems with reputation.. And I don't think they
really care to help the innocent operators on their
On 2024-04-18 06:01, Sebastian Arcus via mailop wrote:
In that case I think I am back to square one. If an infected device
connecting to 587/465 to various servers on the internet, from our
network, to try and guess passwords/break into accounts wouldn't have
used the FQDN of our public IP as H
On 2024-04-29 08:02, Mendel Kucharzeck via mailop wrote:
Hi,
During my last email campaign, I’ve encountered issues with gmail – and
after investigating this for a few days, I cannot make heads or tails of
the results. Maybe anyone can shed any light on what is happening.
Environment: Mailin
On 2024-04-30 04:44, Mendel Kucharzeck via mailop wrote:
Laura,
Thanks for your reply! Highly appreciated. Inline:
- Anyone else seeing this behaviour from gmail recently?
- Could the newly created, custom MAIL-FROM-domain cause a behaviour like this?
The MAIL-FROM-Domain has not yet been use
Both life and Business have been very active, so it's been a bit since I
posted one of these.. It's about time again..
* SendGrid continues to allow the same common threats from escaping
* Increase in threat actors from Thailand/Vietnam region, but probably
proxies for Chinese actors
* Digital
On 2024-05-30 10:46, Richard Laager via mailop wrote:
On May 30, 2024, at 12:35, Michael Peddemors via mailop
wrote:
They do know there is RBL's that list known abusive BEC Attackers?
I’m new to the list (though not email admin). What RBL are you saying I should
be looking at? I al
great'..
Thanks for sharing..
On 2024-05-30 12:32, Slavko via mailop wrote:
Dňa 30. mája 2024 18:23:25 UTC používateľ Michael Peddemors via mailop
napísal:
I am sure there are many others that are dedicated to strictly AUTHentication
abuse.. The key is to be able to do the check at all
On 2024-06-13 08:28, Anne P. Mitchell, Esq. via mailop wrote:
On Jun 12, 2024, at 11:40 PM, Hans-Martin Mosner via mailop
wrote:
Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop:
I've also always found abuse@ to be responsive there, and it's peopled by a real person, who
Jun 18 09:58:03 be msd[1959712]: CONN: 34.229.185.73 -> 25 GeoIP = [US]
PTR = ec2-34-229-185-73.compute-1.amazonaws.com OS = Linux 2.2.x-3.x
Jun 18 09:58:04 be msd[1959712]: HELO command received, args: [127.0.0.1]
Jun 18 09:58:04 be msd[1959712]: RSET command received, args:
Jun 18 09:58:04 be m
Hey Benny,
Just an FYI, the list admin's prefer NOT to have the list used for
reporting spam.. It's okay to report generic trends, or
misconfigurations, or visibility into something new.. (And of course,
you are welcome to provide evidence of that.. ) but the list can quickly
get consumed if
https://wznoc.com/
With a obscure page like that, you are asking for trouble..
Just like the pages many of the bullet proof hosters throw up..
Why not use amscomputer.com in the PTR records, if these are your servers?
https://www.amscomputer.com/
Inquiring minds would like to know.
CIDR:
at's a good idea, except when you have to deal with companies like Everbridge
Inc or Tencent QQ, which apparently think it's a good idea to rent VMs at
various cloud providers and run them with their default config.
----- Original Message -
| From: "Michael Peddemors via mailo
Slightly 'off-thread' but want to point out that the idea of 'soft-fail'
is not universal..
Personally, we believe that if someone advertises a HARD FAIL, it should
be rejected in the SMTP transaction.. And SOFT FAIL, if from a source
that especially vulnerable to forgeries, and/or targeted in
On 2024-07-09 07:58, Michael Breuer via mailop wrote:
On 9. Jul 2024, at 03:41, John Levine via mailop wrote:
So for this inquiry I really am asking about reliable hosts - anywhere in
the world. That may or may not include names like Hetzner, Vultr, or AWS -
Take a look at Amazon SES. It'
There are SO many things wrong with this don't know even where to start..
Received: from shopify.com ([89.190.156.188])
Duplicate Return-Path
X-Original-Message-ID:
<668ef133.170a0220.9c6db.ca0esmtpin_added_bro...@mx.google.com>
(google.com: domain abaimiddle.school.test-google-a.com configure
Yes, as we all know.. threat teams and spam filtering teams spend a LOT
of resources on those.. but when you see exactly the same samples year
after year, you have to question their motivation.. (right now 'their'
meaning specifically Gmail and o265)
And 'rejecting' the messages IS possible, b
On 2024-07-31 07:49, Andrew C Aitchison via mailop wrote:
On Sun, 14 Jul 2024, Scott Q. via mailop wrote:
My question wasn't geared in that direction. It's up to each
provider to create their own custom interfaces for integrating all
that. It's not rocket science.
My question was geared toward
Uptick no.. It's been crazy levels for over a year now...
The team has a whole slew of custom filters for this type of spam, it
would be easier of course if Google took care of them but..
And there has been several discussions on this and other lists about
this type of spam.. You might want t
1 - 100 of 532 matches
Mail list logo
