On 2021-09-23 11:25 a.m., Robert L Mathews via mailop wrote:
Or "This message is verified as being from gmail.com, but there's no
previous message fromevild...@gmail.com in your mailbox."
For the record, the scammers are trickier than that, they take an old
thread from the compromised account
This thread will probably be a rehash of the many conversations had on
this topic, but the laws always protect the rights on who you open your
door to, and who you decide to let cross the thresh hold...
It's just really sad, that instead of going after malicious dangerous
offenders we keep bri
On 2021-09-23 10:26 p.m., Jay Hennigan via mailop wrote:
On 9/23/21 19:45, John Levine via mailop wrote:
A bizarre new Texas law makes most spam filtering illegal, effective
Dec 2:
“An electronic mail service provider may not intentionally impede
the transmission of another person’s electro
It really isn't GDPR that ruined the ability to use 'whois' for
transparency, it is the lazy hosting companies (or those that like
renting IP(s) to miscreants that search for anonymous places to perform
their actions) that are at fault.
Yes, an individual probably SHOULD be able to opt out fro
Loved this one..
Return-Path:
Received: (qmail 45279 invoked from network); 21 Sep 2021 19:51:34 -
Received: from notifications-01.mailgun.com (HELO
notifications-01.mailgun.com) (192.237.158.61)
Too bad the spammer wasted this opportunity on sending a poorly written
beneficiary spam.
This is a standard feature of RBLDNSD, we use it all the time.
You can use the ACL either to refuse, ignore, or accept from IP Ranges.
But of course, re-inventing the wheel, when there are so many good RBL's
out there (including our own ;) not sure what your differentiator would be.
You can
On 2021-10-04 1:46 p.m., Jaroslaw Rafa via mailop wrote:
Dnia 20.09.2021 o godz. 14:17:27 Jaroslaw Rafa via mailop pisze:
I want to return to an old issue, which repeatedly happens again and again,
that is, Google putting emails from me to recipient's spam folder.
Well, this is getting more an
On 2021-10-07 1:11 p.m., Simon Arlott via mailop wrote:
On 06/10/2021 02:15, Brandon Long via mailop wrote:
Generally speaking, outside of the obvious differences, most of our spam
rules are agnostic to IPv4/IPv6.
The frustrating problem with Google's treatment of IPv6 is that the
"must have r
On 2021-10-12 12:04 p.m., Jaroslaw Rafa via mailop wrote:
Dnia 12.10.2021 o godz. 13:18:12 Jarland Donnell via mailop pisze:
Strong agreement here. Despite SRS I still think forwarding is one
of the major road blocks to progress with email systems.
No, it's the opposite. Things like SPF et al.
On 2021-10-12 12:59 p.m., Jaroslaw Rafa via mailop wrote:
Dnia 12.10.2021 o godz. 14:30:53 Jarland Donnell via mailop pisze:
Well, to be truthful, what harms forwarding is mostly out of my
control. To be frank, Google harms forwarding.
[...]
right back to the problem that infuriates the random
Seems someone/something got caught with not using a SpamHaus RBL
correctly..
Remote host 87.191.57.186 does not like recipient
@open-xchange.com
Remote host said: 554 5.7.1 Service unavailable; Client host [redactted]
blocked using sbl-xbl.spamhaus.org; Error: open resolver;
https://www.spam
Seems that all the connections are triggering a TLS error.. (And of
course, a handshake failure/disconnect)
Seems specific to them, and one other example..
(CONN: 199.91.53.78 -> 25 GeoIP = [US] PTR = mta78s2.r.livingsocial.com)
All the rest are GroupOn
CONN: 50.115.222.111 -> 25 GeoIP = [US]
Put everything under mail.yourdomain.com
Unless you have some strange firewall rule requirements, there is no
real technical advantage, and some real technical disadvantages..
(including paying for multiple certs)
When you get big enough to worry about how to spread out loads, invest
in a lo
Alex,
You would do the world a favour, if you either SWIP'ed (or added it to
your 'rwhois' server) that these IP(s) are part of your
infrastructure... and different from the rest of this range..
NetRange: 96.64.0.0 - 96.124.255.255
CIDR: 96.64.0.0/11, 96.96.0.0/12, 96.120.0.0/
For the record, it was and still is SendGrid that can't seem to get a
handle on compromised accounts, used for phishing, but after the long
success with that platform, other ESP's are being targeted as well.
Eg...
Received: from o53.p38.mailjet.com (HELO o53.p38.mailjet.com)
(185.250.237.53)
Hey Ken,
Can't believe you didn't include 'MagicMail' in that list of on-premise
email servers ;)
Since it has built in spam-protection, no need for another filtering
device in front.
Frankly, spam protection belongs 'in' the email server, IMHO..
-- Michael --
PS, may be time to p
Not to be a 'nitpicker', but isn't visiting a URL providing a lot more
information that just the email address opt-out preferences ;)
Course, even worse are those companies that have an opt-out link that
then asks for your email address ;) Doh!
On 2021-10-27 9:31 a.m., Anne P. Mitchell, Esq.
This has been ongoing for several months now..
RATS-AZURE might be your friend, but we combine that with other checks
to auto detect spammers from Azure..
Are the ones you seeing the NOPTR ones? Or the ones like this..
20.113.36.155 1 rfsvznma9.sabadosprimedevida.org
20
lps in the mean time, or you can reach out to SpamRats team
directly..
On 2021-11-01 3:46 p.m., Slavko via mailop wrote:
Dňa 1. novembra 2021 21:40:50 UTC používateľ Michael Peddemors via mailop
napísal:
RATS-AZURE might be your friend, but we combine that with other checks
to auto detect spa
CTED
From: =?UTF-8?B?Q29uZ3JhdHVsYXRpb25zIQ==?=
Content-Transfer-Encoding: 7bit
Subject:
=?UTF-8?B?WW91IGhhdmUgYmVlbiBjaG9zZW4gdG8gcGFydGljaXBhdGUgaW4gb3VyIExveWFsdHkgUHJvZ3JhbSBmb3IgRlJFRSEg?=
Content-Type: text/html; charset=UTF-8
On 2021-11-02 6:05 a.m., Slavko via mailop wrote:
Dňa 1. nov
On 2021-11-04 7:07 a.m., Larry M. Smith via mailop wrote:
On 11/3/2021, Nicolas JEAN via mailop wrote:
On 15/10/2021 23:22, Paul Gregg via mailop wrote:
(snip)
Sorry for the late reply.
The trick to this is not to limit by IP address - but to implement
service (API) keys.
e.g. each authorise
On 2021-11-10 11:47 a.m., Rob McEwen via mailop wrote:
The only issue here is that, for every user/customer that needs a unique
key, an entirely different set of data has to be loaded into memory on
the server. That's a huge limitation. It doesn't "scale". Therefore, for
invaluement, in our new
No matter WHAT rbl you choose (no pitching ;) make sure you are aware of
WHAT dns servers you are using.
If you check mxtoolbox or hetrixtools, and see an IP listed, but you
don't see it listed in your queries, or blocked/flagged by the chosen
RBL, it is most likely a DNS problem.
Many open
Yes, people do research these things..
(Which reminds me, I do have to finish that blog post on Best Practices
for ISP's and Telco's)
Fortunately, we not only provide email servers, but we have a threat
division as well, so we take a lot of time to look into these issues.
I will send you a d
s are on the typical
suspect networks..
On 2021-11-17 7:18 a.m., Michael Peddemors via mailop wrote:
Yes, people do research these things..
(Which reminds me, I do have to finish that blog post on Best Practices
for ISP's and Telco's)
Fortunately, we not only provide email servers,
Operating a DNS server is so easy, and latency is such a tiny bit of
overhead, with proper caching, would someone explain why they would use
(share) a 3rd party DNS server at all?
oh.. grr.. this is kind of off topic to the list, but DNS lookups are
critical to email infrastructure, not sure i
On 2021-11-22 10:26 a.m., Grant Taylor via mailop wrote:
I've long wondered about malicious ISPs intercepting ~> hijacking
outbound DNS queries
Yeah, yeah, that was what all the DoH proponents *cough*
(Google/CloudFlare) kept trying to scare everyone with, but love to hear
about those 'malici
http://hostedemail.com/
Cannot be reached, best practices says a URL should be associated with
that, maybe set up a redirect to your corporate web page, where contact
information can be found?
If you REALLY want to 'white label', you still should be transparent
with contact information..
J
Oh, and forgot to mention..
Might consider SWIP or 'rwhois' entries to show these networks are for
Tucows email servers, and not part of the other networks that may have
different use cases..
eg.
NetRange: 64.98.0.0 - 64.99.255.255
CIDR: 64.98.0.0/15
NetName:TUCOWS-BL
CONN: 40.107.96.87 -> 25 GeoIP = [US] PTR =
mail-sn1anam02on2087.outbound.protection.outlook.com OS = Windows NT kernel
Returning 250 ok [qp 3539411] for data
QUIT command received, args:
And then it terminates the connection, SSL collapses, without waiting
for the remote mail server to acknow
On 2021-11-26 2:24 a.m., Hetzner Blacklist via mailop wrote:
I manually check those lists every other day, and then use our abuse
system to send notifications to the respective clients. Hosters who have
implemented the API can do so automatically.
The obvious question, given that you manually
On 2021-11-26 1:25 a.m., Mary via mailop wrote:
Thinking out loud...
Yes Mary.. in a perfect world.. but..
Would it be possible for the two sides (blocklists and a cloud/hosting
providers) to come together and have some kind of automated notification?
Sample automated conversation via JSO
Maybe someone from Linode can comment on this..
Here is a typical spam outbreak from Linode..
Usually these are trapped/tagged because the default PTR is still in
place, so doesn't cause enough problems to report, but they do happen
occasionally in spurts.
Since several times it has been men
tion" really on topic for this mailing list?
Isn't there some other list like SPAM-L or something that might be more
suited to that type of conversation?
On Fri, Nov 26, 2021 at 1:05 PM Michael Peddemors via mailop
mailto:mailop@mailop.org>> wrote:
Maybe someone from Lino
On 2021-11-29 6:57 a.m., Larry M. Smith via mailop wrote:
On 11/24/2021, Michael Peddemors via mailop wrote:
CONN: 40.107.96.87 -> 25 GeoIP = [US] PTR =
mail-sn1anam02on2087.outbound.protection.outlook.com OS = Windows NT
kernel
Returning 250 ok [qp 3539411] for data
QUIT command recei
On 2021-11-29 3:20 p.m., Bill Cole via mailop wrote:
On 2021-11-29 at 16:57:54 UTC-0500 (Mon, 29 Nov 2021 13:57:54 -0800)
Michael Peddemors via mailop
is rumored to have said:
On 2021-11-29 6:57 a.m., Larry M. Smith via mailop wrote:
On 11/24/2021, Michael Peddemors via mailop wrote:
CONN
Please reach out to me off list, want to report some connection
oddities, possibly affecting your mailings..
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagi
Hi All,
I normally do this by-weekly on Fridays, but with year end I have been
slipping, and plan on making it a short week this week, so thought I
would send this out early..
BTW, Anyone know if SendInBlue is also using some Digital Ocean space?
Seems like an active spammer over there uses
In general, Linode is not a bad place.. However, you should ask them to
provide you 'rwhois' for your IP Address.
Most of the bad IP(s) are compromised servers, you might have just got
the bad luck of the draw.
But frankly.. what are you planning to do with it?
http://grinta.net/
PS, turn o
That appeared to have started before the log4 notification...
At least it is easy to flag/stop ;)
AS far as 'phishing' goes, Digital Ocean still is the worst.. but more
and more from various cloud providers.. Poor take down practices attract
miscreants.. but the cloud apps one is more likely c
Hi Nicolas,
The problem isn't 'technical', but rather political. There are those
out there that believe by including the originating IP Address, you are
exposing PPI (Private Personal Information) by including the IP Address.
Of course, I personally think this is baloney, as the email operat
On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:
Here's an example from one ticket, however I'm more looking for whether
there is anything I can do to facilitate improving this overall, then
starting trying to intervene about (many!) specific tickets and IPs. I
would be happy to help wit
On 2022-01-11 12:32 p.m., Mark G Thomas via mailop wrote:
Hi,
On Tue, Jan 11, 2022 at 11:21:47AM -0800, Michael Peddemors via mailop wrote:
On 2022-01-11 11:04 a.m., Mark G Thomas via mailop wrote:
Here's an example from one ticket, however I'm more looking for whether
there is anyt
On 2022-01-17 8:40 a.m., Scott Mutter via mailop wrote:
At the same time, I understand why Mailops preaches that they send abuse
reports to the owner of the IP address - which, again, may be several
company levels up from the individual that actually has root to the
server and can take more imm
Yeah, maybe we should close down this thread, simply because it is a
high volume thread among only a few list members, and been going on a
while...
For the record, for our shared mail platform that we operate for smaller
ISP's and Telco's, we don't get a lot of traffic to our posted abuse
add
Serious?
: host aspmx.l.google.com[2607:f8b0:4023:c0b::1a] said:
550-5.2.1 The user you are trying to contact is receiving mail at a
rate
that 550-5.2.1 prevents additional messages from being delivered.
For more
550-5.2.1 information, please visit 550 5.2.1
https://support.goo
Ten minutes of free time got me trolling my spam folder, and saw this
interesting spam message.. and found the headers really interesting.
Might explain a small uptick in spam from Linode servers..
"THIS IS A TEST EMAIL ONLY.
This email was sent by the author for the sole purpose of testing a
you want to keep the noise down)
On 2022-01-19 5:57 p.m., Mark G Thomas via mailop wrote:
Hi Michael,
On 1/19/22 7:23 PM, Michael Peddemors via mailop wrote:
Ten minutes of free time got me trolling my spam folder, and saw this
interesting spam message.. and found the headers really interesting
For the record, in practice it is TOO limiting to expect both forward
and reverse match, and especially if your system doesn't look at
multiple records correctly, eg ANY A <> ANY PTR should be enough.
But expect a lot of false positives if trying to get them to match in
any case. As long as t
Any time you see a /24 in any reputation service, it probably isn't you,
it's your provider.. looking through that range there are some
questionable host names, and some brazilian marketers, etc..
Which is why you should insist you get 'rwhois' listing from your
hosting providers, so it clearl
There is an interesting botnet generating a very specific threat
traffic, but 99% of it appears to be from compromised servers.
Just got a strange case leaking from RoadRunner MTA's, that would like
to discuss, it might help them find some compromised accounts.
--
"Catch the Magic of Linux...
Just a friendly mid week report on the state of spam and threats our
auditors are seeing..
Still seeing a couple of actors using Digital Ocean..
Actor 1)
143.110.147.238 2 vps1.geniusys.org
143.198.135.159 (M) 2 vps1.ok4ya.com
147.182.200.110 (M)
As someone else already pointed out..
Your 'rwhois' could use updating.
Currently it suggest ab...@heficed.com, but there is no abuse contact
field in the standard fields.
'Within' your IP Space, could you be clearer on your IP space?
And the phone number is in Lithunia. Transparency is key
Feb 16 09:05:20 be msd[1435199]: EHLO command received after STARTTLS,
args: mailta.tk.docusign.dev
Feb 16 09:05:20 be msd[1435199]: MAIL command received, args:
FROM: SIZE=8804
Feb 16 09:05:20 be msd[1435199]: MAIL FROM address:
[dse_t...@tkmail.docusign.dev]
Feb 16 09:05:20 be msd[1435199]: CO
Add just the headers from a single abuse email here on the thread..
sanitize as needed.. seems that they of course can only use part of the
information as a forgery (eg SendGrid headers)
I think this is an attack vector that was seen back even a few months
ago, however that type of an attack q
DLl+Q29zeCVlHp9jSG2xlNUkQz/KX4O3yiYOrYCD0qtNO491F2cmq2qsMSgSqqPwbXoiCNEegG8FoiwLeBMcbdCqTQZb/S/gk13BhEIHFfu9tng3n70tLqNwfsVF3aVWc7xsaOw0fFkfJ0GoDoZ876w7cyU5joVw0tikCjABXwRBA==
X-SG-ID:
N2C25iY2uzGMFz6rgvQsb8raWjw0ZPf1VmjsCkspi/LP5qbstBs+tNXeqRqWNMElXL97lzut3o+IPcAkA9CcXv8yKhwJejT9wnW1jUPmsdJ8/FV6Ck4y
whois emailsvr.net
No match for domain "EMAILSVR.NET"
Time to register a domain?
CONN: 34.194.188.63 -> 25 GeoIP = [US] PTR =
otransport-22.outbound.emailsrv.net
And who would put a professional service on an AWS IP with no SWIP/rwhois?
--
"Catch the Magic of Linux..."
--
Seeing strange connections that 'look' like they might be honest
Microsoft servers, but not usual..
Maybe something broke?
CONN: 52.96.178.229 -> 25 GeoIP = [US] PTR = NXDOMAIN
EHLO command received, args: MW4PR15MB4635.namprd15.prod.outlook.com
Simply connects, then disconnects..
Mr Wise?
> Links:
>> --
>> [1] http://email-special.usps.com/
That isn't responding, yes maybe we can ask more details be posted to
the list?
On 2022-03-04 11:55 a.m., Jarland Donnell via mailop wrote:
Do you know if email-special.usps.com will be part of the envelope
sender or just the From heade
Once again, an excellent example of a use case, where giving customers a
'rwhois' or SWIP entry, would result in only that customer being
affected, and not the whole network.
However, since the mail-op channel is not the right place to talk
spamming examples, will refrain from asking for one,
Before you do, you should be forewarned of an increase in various
attacks, including email attacks from broad segments of Azure IP Space.
Insist on getting SWIP for these ranges from Microsoft Azure before
proceeding.
Otherwise you WILL be impacted by others on the Azure network.
NetRange:
[US] PTR = smtp-us-gov-east-1b.appiancloud.com
FROM:
Some engineer woke up one morning, and decided .. 'Hey, let's just fire
up a new domain and use that..'
http://appiancloud.com = 404
Nothing in the whois, and the IP gives no indication of the owner, it's
on AWS..
So, these obviously imp
Authenticated from FastHosts..
Source:
Received: from mail.renam.md (HELO mail.renam.md) (81.180.84.189)
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.
On 2022-03-21 11:43, Sebastian Nielsen via mailop wrote:
But if Microsoft got fined for every phishing email that escaped
This would QUICKLY kill every free email service, and every email service would
become pay-only, to cope with the fines. Propably with obligation-to-pay
contracts too, s
And once again..
NetRange: 52.145.0.0 - 52.191.255.255
CIDR: 52.152.0.0/13, 52.146.0.0/15, 52.145.0.0/16,
52.148.0.0/14, 52.160.0.0/11
NetName:MSFT
NetHandle: NET-52-145-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType:Direct Allocation
OriginAS:
Organiz
Can always be discussed here..
Some small observations..
* Detected Malware Spam from Ukranian servers (minor)
* Detected Pro Ukraine Mailings (legit and people taking advantage)
* Increase in BotNet traffic, Brazil is REALLY bad.
* Increase in compromised email phishing
* Increase in Cloud Phis
rsapps.net, anyone?
I think we may have to agree to disagree on the requirements to run/operate a
mail server. YMMV.
-Original Message-
From: mailop On Behalf Of Michael Peddemors via
mailop
Sent
Since I am on a rant about transparency, Amazon spammers continue to
increase.. and now there is NO trace headers at all.. makes it look like
an OS generated (compromised server?) email.
A 'sendy.co' generated mailing list, it MUST have come from somewhere
correct? No Message-ID generated, no
Not enough time in the day anymore..
Haven't posted one of these in a little while, so a rare midweek post.
Patterns we are seeing this week:
* High Gmail spam leakage numbers (couple new techniques)
* SendGrid very bad still, eg Canada Post phishing et al
- MailGun? "My name is Alexei Navaln
FYI, I would NOT be recommending Digital Ocean for email servers.. given
their current reputation. However, you can find many good hosting
companies that offer a server for $5/month.
I think that is still the lowest tier at Linode for instance.
On 2022-04-08 09:00, Luis E. Muñoz via mailop wro
NetRange: 206.144.0.0 - 206.147.255.255
CIDR: 206.144.0.0/14
NetName:ONVOY-206-144-0-0-14
NetHandle: NET-206-144-0-0-1
Parent: NET206 (NET-206-0-0-0-0)
NetType:Direct Allocation
OriginAS:
Organization: Inteliquent, inc. (NTAJC)
RegDate:1995-10
Return-Path:
Click on the unsubscribe link, and it goes to an insecure pardot page.
--
"Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wiz
On 2022-04-13 14:43, Paul Vixie via mailop wrote:
it's troubling me that in a recent thread asking where to host
mailboxes, google was recommended several times, in spite of the fact
that google is provably wrong and provably non-transarent in how they
decide what inbound e-mail to reject.
of
Thanks for the contribution..
One thing that isn't addressed in that Dave, is cases where the
Delivered To address exists, and the message is routed back out the
internet,. Still seeing cases in the wild where the Delivered To is
added, but it isn't really the transfer of responsibility, but
And we also see that they have not yet 'hard enforced', but it looks
like some trigger on a domain results in requiring SPF for that domain.
Of course, we don't expect Google to reveal their secrets, but we can
assume things like new IP(s), new domains, sudden traffic surges, or
customers clic
On 2022-04-19 09:17, Scott Mutter via mailop wrote:
It depends on what Google mail server you are sending to. Some require
SPF, some don't.
I think you hit the nail on the head. If processed by normal Gmail
servers, probably doesn't enforce SPF.. if the domain/ip have had a
reputation probl
You think we would be done with SendGrid conversations two years ago..
Was just reading on Twitter how Indeed is the most 'phished' brand now,
and was just thinking .. strange, we never see that..
And two hours later, a phishing attempt from a SendGrid IP hit the spam
folder...
Return-Path:
Hope you clicked 'Block Sender' ;)
On 2022-04-26 14:30, Anne Mitchell via mailop wrote:
WTaF?? (Excuse the unladylike acronym.) I just got spammed BY Active Campaign.
Not _through_ Active Campaign, *by* Active Campaign. For their services.
Anyone else?
So far as I'm concerned, when an ESP tr
Just reported, thought I would post here..
"We've recently come across an issue whereby Verizon's vtext service was
sending MMS/images to user emails without a 'Content-Disposition'
header. "
Now, curious as to people's perspective on the requirement to use that
header.. some email clients will
Of course, most Internet probing systems SHOULD have full transparency,
and of course not probe any IPs at abnormal or high rates without
considering the destination.
My opinion, if they aren't transparent with their dealings, including
PTR's, URLs', User Agents, HELO, and of course 'rwhois',
Could someone from SpamHaus reach out to me offlist? Ticket already
opened, but it's been 72 hours..
Asking for an ISP client.. either the removal process over there has
become much harder, or different people handling the removal tickets..
--
"Catch the Magic of Linux..."
-
Hey Ken,
Are these contact info spammers using DSL Home style connections, or
VPN's.. different actors are using different methods of course.
"Eric Jones" still leads the pack in automated methods, while a
couple of other players use bots, and a couple of others appear to be
'human' aided.
This week saw a comeback of that operator, using new networks.
They have been on our reputation lists for a bit..
Also have detection systems that detect the sending patterns, for this
one..
Don't have the actual detection algorithms, but can share them off list
if you want.
That 131 range
For the record, yes.. place the blame where it should be, on the network
operator that allows it.. and Grant's suggestion is the better method if
you can implement...
Use 'detection' to find the bad guys, either by IP or ASN, insert those
into a a reputation list, even if it is only your own..
Kudos to Michael Rathbun for putting the bug in my ear again..
Sorry, been under the weather last couple of weeks, with a rare blood
infection.. so much fun, but back in the saddle again, so that's why you
haven't heard much from me..
In leiu of my bi-weekly state of the union (spam threats)
+1
And they don't offer 'rwhois' to their customers, so the few honest guys
on their networks are painted with the same brush..
And rather than bothering to worry about their reputation, they just
tell their customers they have to use their outbound filtering services
to send email where bla
Yeah, when legit operators have to obfuscate their URL's, you know
something isn't working right..
We saw something similar, we send monthly payment receipts with a URL
for the customer to update their information, and maybe because of
volume, pretty soon anything with a URL pointing to that d
Real strange, fake abuse addresses..
ab...@singlehop.com
abuset...@veeble.org
Spamcop links are to 404..
Just not sure how the content can be malicous, maybe it is just a broken
system over the weekend?
Reporting one of our addresses as the authenticated address, but shows
it coming from a
addresses
with different subjects for a few week. Usually has a attachment, I
suspect trying to spread itself.
And the report numbers in the links are so old I can't even look up when
they were sent or to who. We only hang on for 90 days.
Richard
On 2022-06-13 9:10 a.m., Michael Peddemors v
Yes, in general, despite comments to this mailing list, OVH responses to
spam/threats from their IP space is sorely lacking, still to this date.
Still seeing incredible volumes of compromised servers, snowshoe
spammers, phishing attacks and C&C servers with very slow take downs.
On 2022-06-
Haven't been keeping up on these, figured it is time to put one out,
even though it isn't the end of the week...
What have we been seeing the last couple of weeks..
* Gmail spam continues to be one of the biggest problems
* New Russian Snowshow spammer volumes
* Continuing Email
On 2022-06-15 12:50, Michael Peddemors via mailop wrote:
Haven't been keeping up on these, figured it is time to put one out,
even though it isn't the end of the week...
(see attach)
This one really bugs me Gmail, why should we have to filter these to
protect out customers, as
We just lit up a major customer on MagicMail, and we had to do it a
little faster than we wnated, because of a hardware failure on their old
system..
This is the main Telco for Qatar.. (Ooredoo)
Unfortunately, with the fast go live, we didn't have a chance for a weak
password cleanup, so had
have the tools to perform the cleanups..
On 2022-06-22 08:11, Michael Peddemors via mailop wrote:
We just lit up a major customer on MagicMail, and we had to do it a
little faster than we wnated, because of a hardware failure on their old
system..
This is the main Telco for Qatar.. (Oo
Remember to update SWIP/RWhois, PTR's and SPF before then of course..
inetnum:80.12.242.0 - 80.12.242.1
netname:MAIL-ESSENTIALS-FRANCE
descr: Mail Essentials Project
country:FR
admin-c:TDMT1-RIPE
tech-c: TDMT1-RIPE
status: ASSIGNED PA
remar
I know this doesn't look professional, but the question from the team
member does this contravene any rules or best practices.
list-manage.com
This domain does not have any A records.
It has a single MX record pointed at:
mail.admin.mailchimp.com
That hostname exists, but it doesn't have an
On 2022-06-30 14:00, Michael Peddemors via mailop wrote:
I know this doesn't look professional, but the question from the team
member does this contravene any rules or best practices.
list-manage.com
This domain does not have any A records.
It has a single MX record point
o auto-add the
IP(s) that are detected as sending Phishing like we do to SendGrid..
hehehe...
On 2022-06-30 14:32, Bill Cole via mailop wrote:
On 2022-06-30 at 17:00:50 UTC-0400 (Thu, 30 Jun 2022 14:00:50 -0700)
Michael Peddemors via mailop
is rumored to have said:
I know this doesn't lo
Doh! Sorry list..I should have left the office 30 minutes ago.. Sorry
about the noise, and a personal opinion that should not have been posted
to the list..
Sorry Bill, forgot to double check before hitting send..
On 2022-06-30 14:48, Michael Peddemors via mailop wrote:
;) Thanks Bill. Was
On 2022-07-07 10:41, Nate Burke via mailop wrote:
I've had a small multi-domain business mail server running on the same
IP for the last 20 years, I need to change the IP from an address in a
reassigned IP block, to my own ARIN block. Is IP reputation still a big
deal, or are anti-spam measure
301 - 400 of 547 matches
Mail list logo
