Re: [mailop] Sudden drop of frenzied login attempts

On 2024-10-04 03:45, Alessandro Vesely via mailop wrote: Hi, this is the second day that illegal login attempts to IMAP/SMTP accounts are down by almost an order of magnitude (thousands to hundreds on my tiny server).  Has there been some mayor clearance? Best Ale A bot stopped running? A

Re: [mailop] Huge increase in SASL brute force

Nothing to see here folks.. let's move along.. Well, to be truthful you asked for advice.. so .. first of all, this appears to be standard botnet activity, probably from compromised IoT and CPE equipment.. there are many similar attempts, eg if it was from Chinese telecoms, a lot is actually c

Re: [mailop] Unsolicited messages from *.outbound-mail.sendgrid.net

On 2024-10-14 06:05, Renaud Allard via mailop wrote: On 10/14/24 2:17 PM, Marco Moock via mailop wrote: Am 14.10.2024 um 12:31:30 Uhr schrieb Paul Menzel via mailop: Is there something else I can do despite forwarding messages to ab...@sendgrid.net? Should SendGrid do better? They simply i

Re: [mailop] Unsolicited messages from *.outbound-mail.sendgrid.net

Don't even get me started on SendGrid.. two years on and the same actors are still abusing their systems.. We attempted to reach out to help them with this problem, and ended up with them not able to do anything .. upper level didn't want the change.. So much phishing from their IPs.. this i

Re: [mailop] Unsolicited messages from *.outbound-mail.sendgrid.net

You are right, far too many companies big enough to at least get a dedicated IP, instead of a shared IP, they should have custom PTR's, and *shudder* their SPF records included all of SendGrid, so needless to say they are very vulnerable to spoofing and phishing.. Someone should write a small

[mailop] Hate when Banks use loose SPF (macros) records..

chase.com. 3590 IN TXT "v=spf1 exists:%{i}.spf.chase.com exists:%{i}.spf.hc4673-96.iphmx.com exists:%{i}.spf.hc4698-8.iphmx.com include:tpo.chase.com ip4:207.162.228.0/24 ip4:207.162.229.0/24 ip4:207.162.225.0/24 ip4:196.37.232.50 ip4:159.53.46.0/24 ip4:159.53.36.0/24 ip4:159.53" ".110.0/2

[mailop] Made me Giggle...

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning gmail.com discourages use of 52.172.161.255 as permitted sender) -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Vi

Re: [mailop] Trend Micro Contact

On 2024-09-23 14:52, Brotman, Alex via mailop wrote: Hello, It appears as though TM has a segment of our network incorrectly listed as "dial-up". I'm looking for a contact over there who might be able to resolve that, and who I can supply with a list of what is currently "dynamic". Thank you

[mailop] Anyone on ZenLayer lurking on the list?

Hit me up off list, curious about some traffic patterns from the 98.98.108.0/24 block to port 25.. (It could be they assigned this range to someone else, just no SWIP update) -- "Catch the Magic of Linux..." Michael Peddem

[mailop] Any PayPal people on here? See an ongoing threat sent directly from PayPal servers.

Please reach out to me off list, this threat has been going on for some time.. people gaming the paypal system to send fake notices, using the invoice system, trying to steal paypal credentials.. -- "Catch the Magic of Linux..."

Re: [mailop] Google Rejecting Mails as Spam

On 2024-10-25 11:59, Matus UHLAR - fantomas via mailop wrote: Requiring "hostname must poing back to sending IP" violates the RFC. That's why I asked about the rDNS matching - I don't remember seeing such server on the net yet. There are many reasons for HELO (Server Name) to be an internal na

Re: [mailop] New IPs

Suggestion Luc? NetRange: 67.69.168.0 - 67.69.168.255 CIDR: 67.69.168.0/24 NetName:BELL-OPS-20121029-CA NetHandle: NET-67-69-168-0-1 Parent: BELLNEXXIA-11 (NET-67-68-0-0-1) NetType:Reassigned OriginAS: AS577 Customer: Bell Canada ICN (C0319

Re: [mailop] Google Rejecting Mails as Spam

On 2024-10-25 11:00, Matus UHLAR - fantomas via mailop wrote: Am 25.10.2024 um 15:39:15 Uhr schrieb Pete Long via mailop: Unfortunately, Google is still rejecting emails from valar.uk.net. I guess I'll wait a bit longer. Tobias described it properly, there's more what you can and should do. O

Re: [mailop] Spam/scam from salud.pr.gov (via O365/Microsoft)

We're monitoring these government compromises, and yes.. it does appear to be the same actors.. but it isn't what you think.. it is a bot operator, and I don't think they really realize the power they have in those compromised email accounts.. Just using them for either standard spamming.. scr

Re: [mailop] Yahoo/AOL Delivery Issues as of November 11th.

Aside from your issue reaching a 'human' response, and that to you the error messages and support responses are cryptic.. Yahoo is usually pretty good, and usually starts flowing again once a reduction in the triggering events is seen.. However, not sure you should use pipelining .. Given that

Re: [mailop] Email delivery issue

For the record, they are located on OVH IP space.. give all the problems from that IP space, many vendors could be blocking traffic from them.. NetRange: 135.148.130.0 - 135.148.130.127 CIDR: 135.148.130.0/25 NetName:OVH-DEDICATED-FO NetHandle: NET-135-148-130-0-1 Pa

Re: [mailop] Is there a standard for how many RCPT to accept?

You are right Victor of course... And for the record, ESP's and senders should NEVER assume that they can send even 100 recipients.. In our MagicMail SMTP we apply a penalty for invalid users.. each invalid user is the equivalent of 15 legitimate recipients.. so if you send 10 invalid recipien

Re: [mailop] How much mail is spam?

That's the problem with 'statistics'.. Used to be almost every spam protection vendor claimed ridiculously high numbers, but that is because they processed 'every' attempt. Since most email servers utilize thing like RBL's and rate limiters, the SMTP layer doesn't need to process so much.. A

Re: [mailop] Minimum Viable IP Reputation Check for a new IP?

Better to check http://mxtoolbox.com and http://hetrixtools.com And 'wellknown' VPS providers can be bad too.. check their overall reputation as well as your own IP address. On 2024-12-27 17:17, Sabahattin Gucukoglu via mailop wrote: Hi guys, Subject says it all, really: what's the minimum y

Re: [mailop] M365 SPF Validation issue where "exists" mechanism is used

Pet Peeve.. *grr* why use Macro's when you can hard code the value? The more explicit you can be, the safer you are.. Not to mention, easier for the rest of the world to see what your intentions are.. On 2025-02-06 07:18, Chris Spencer via mailop wrote: I'm a Technical Product Manager at Fortr

Re: [mailop] The "NEW" Outlook

On 2024-12-11 11:20, Scott Q. via mailop wrote: I find that beyond the : - security risks - privacy concerns​ - inability to troubleshoot connection issues - being exposed to MS outages - inability to optimize routing for global customers there is also the glaring fact that MS is a competitor i

Re: [mailop] PayPal Phishing from Paypal servers.. Now coming through o365 as well

For the record, this has been going on for some months now.. We have been even keeping track of the phone numbers used in this scam, but we already notice that they are attempting to obfuscate the phone numbers.. As Louis pointed out, it's the 'sellers note' that is being abused.. as well as

[mailop] PayPal Phishing from Paypal servers.. Now coming through o365 as well

Ouch.. getting even harder for recipient spam protections to catch this guy, given that o365 is also a 'too big to block'.. Standard Paypal Phone Scam we have seen coming from PayPal's own infrastructure.. But now via o365.. redaccted headers below.. (PayPal should have stopped this at the so

Re: [mailop] Docusign Phishing from .. Now coming through o365 as well

Docusign" On 2024-12-10 14:34, Michael Peddemors via mailop wrote: For the record, this has been going on for some months now.. We have been even keeping track of the phone numbers used in this scam, but we already notice that they are attempting to obfuscate the phone numbers.. As Louis p

Re: [mailop] DNSBL List

IF you can't adequately monitor your own outbound mail queues, and track rejections, and want someone else to do your job for you, you might like to offer the RBL operators some money to do your job for you. *Sheesh* Eg, Twilio is a billion dollar company, and can't get a handle on those phis

Re: [mailop] DNSBL List

the spamtrap address. How does this make any sort of sense ? You are supposed to monitor logs anyways.. aren't you? Scott​ On Wednesday, 18/12/2024 at 16:53 Michael Peddemors via mailop wrote: IF you can't adequately monitor your own outbound mail queues, and track reject

Re: [mailop] PayPal Phishing from Paypal servers.. Now coming through o365 as well

-Tag: is-invoice Umm.. MailGun, that isn't an invoice.. It's Phishing.. On 2024-12-11 01:33, Alessandro Vesely via mailop wrote: On Tue 10/Dec/2024 23:23:51 +0100 Andrew C Aitchison wrote: On Tue, 10 Dec 2024, Michael Peddemors via mailop wrote: Ouch.. getting even harder for reci

[mailop] I know there is some 1 and 1 (IONOS) kundenserver.de people lurking on this list..

Your systems are being abused right now by a well known attacker.. Sending email replay attacks, and your systems also generate back scatter.. First of all.. (And this goes to all email operators) only allow domains in the MAIL FROM, that are actually served by your servers. Second, don't gen

[mailop] Anyone from Vocus (New Zealand) on the list?

They are suffering from a large scale compromise sending phishing out.. If they reach off list we can give a clue on the sources.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at

Re: [mailop] Strange attack - what do they want?

On 2025-03-27 13:55, Jaroslaw Rafa via mailop wrote: Hello, a few days ago someone managed to abuse an account registration form on my personal website and a few dozens of random recipients at different domains (mostly at Yahoo) got registration confirmation emails from my address. The scale of t

Re: [mailop] Outbound IP ranges for iCloud

On 2025-04-08 10:20, Suresh Ramasubramanian via mailop wrote: Hi folks, we are deploying a new set of outbounds for iCloud alongside our existing ranges.Please update any filtering that you might have.Additionally, please note that mail from iCloud might ALSO originate from hosts with a *.appl

Re: [mailop] Email-Friendly B2B Infrastructure Hosting

Ouch.. not sure if you want to recommend them ;) However Mark.. that isn't a very good description of what you are looking for? 'aws-like'.. You mean SES, or just cloud .. You can get redunduncy/resiliency in many ways. But for only 10k users, for mail that isn't a very big load.. Do they

[mailop] Anyone from the klaviyomail.com group on here?

Please reach out to me offlist.. You got a problematic customer.. In a giving mood today, if you want details on this one.. prolific.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visi

Re: [mailop] Deutsche Telekom

y could add ​to their own private database, I don't see the need to make this info public. Scott​ On Monday, 14/04/2025 at 16:18 Michael Peddemors via mailop wrote: On 2025-04-14 08:02, Scott Q. via mailop wrote: > Anyone dealt/dealing with them in getting IPs unblocked ? &

Re: [mailop] Deutsche Telekom

On 2025-04-14 08:02, Scott Q. via mailop wrote: Anyone dealt/dealing with them in getting IPs unblocked ? It seems they have a new internal regulation where they want the sending domain to be explicitly linked to the actual owner that sends the e-mails. Which makes sense in theory but there's

[mailop] Who would be handling how Microsoft emails their Sign-In notifications?

I know we have lurkers, but Michael has been long silent on the list.. So hoping for a reach out from someone on their email delivery team... Aside from of course the broken use of double Return-Path, have some other concerns given the similarities of those notifications, with a know phishing g

[mailop] Requesting Feedback from the community.. Compromised Email Account reporting.

Background: Compromised email accounts are on the rise, from almost every sector, and often it is the same actors and infrastructures that are being used as a source to send out their malware and phishing from these compromised accounts. Historically, while we identify these threats, we have

Re: [mailop] OVH: RIPE listed abuse address sends automated reply to use form

Don't get me started on OVH.. Aside from allowing widespread obvious spammers and phishing operations, their support team appears to care very little about it, or their reputation.. What is it with companies, when a trusted industry person sends them evidence on those actors, but they want you

Re: [mailop] Cisco IronPort (iphmx.com) contact

ty good alone, IMO. Scott Q:  not sure if you're aware, but there's a very coarse reputation check you can do here for your sending IP: https://talosintelligence.com/reputation_center/ You won't get the raw SBRS score, but it will give you an idea. Robert On 5/14/2025 at 17

Re: [mailop] Cisco IronPort (iphmx.com) contact

The only thing is .. I believe Cisco devices all use the Cisco DNS servers for all RBL lookups, rather than their own DNS servers.. Is this a correct assumption? This can cause problems for some people with some RBL's. On 2025-05-14 14:43, Gellner, Oliver via mailop wrote: On 14.05.2025 at

Re: [mailop] Anybody know how to get off a blocklist at Proofpoint Dynamic Reputation

On 2025-05-23 09:16, Ken Robinson via mailop wrote: I just started getting bounces from this service.     host mx1-us1.ppe-hosted.com [67.231.154.162]     SMTP error from remote mail server after RCPT TO:mailto:review...@publishersweekly.com>>:     550 5.7.1

Re: [mailop] Is there a way to block domains registered at a specific registrar with SpamAssassin or similar

On 2025-05-23 05:49, Benoît Panizzon via mailop wrote: Hi List We get bombarded with loads of spam mails advertising .my domains to redirect traffic. As soon as one domain is listed, another one is used. Source ip changes all the time. Only common characteristic is: .my domain registered @ na

Re: [mailop] Icewarp and "New" Outlook

On 2025-05-23 02:49, Peter Corlett via mailop wrote: [...] As a result, clients and servers SHOULD implement both STARTTLS on port 587 and Implicit TLS on port 465 for this transition period. Which is pretty clear. I think it is important that consideration is given to how the 'big pl

Re: [mailop] Weird junk emails via Google Groups

Which is why we give Google Groups a negative reputation.. (Aside from the long standing obvious abuse of it) You should NEVER have to log in to 'unsubscribe', let alone have to get a google account to remove yourself.. Spam folders are full of those.. actually, majority of what is in my per

Re: [mailop] Outlook.com: intermittent DKIM failures

If the Message-ID is missing, Microsoft is doing the right thing adding it, that takes precedence over breaking the DKIM signature.. I guess this is a good way to let you know that you should be including that header ;) On 2025-06-23 03:22, Paulo Pinto via mailop wrote: Hi all. Maybe this c

Re: [mailop] Anyone from OVH around?

Just one? There are several /24's engaged in #phishing as we speak ;) Received: from controle29t.shadowgate.pics (HELO controle29t.shadowgate.pics) (51.161.131.112) Portugese Phishing? Same actor as was on Hetzner, Selectel etc.. On 2025-05-30 05:32, Juan Manavella via mailop wrote: Hi,

[mailop] Can I get a CenturyLink/Level 3 representative lurking on here to reach out?

Chasing down strange activity from a range on their networks, with no PTR's and trying to validate what these systems are used for.. Please reach out off list. -- "Catch the Magic of Linux..." Michael Peddemors, President/

<    1   2   3   4   5   6