Hi Martin Have you tried t contact RU-CERT: https://www.cert.ru/en/about.shtml
They often are quite helpful. Best Serge On 25.05.20 16:09, Martin Wilhelmi wrote: > Hey everyone, > > I have a conflict with a provider from Russia "Timeweb" AS9123. It seems > to be hosting a customer who sends spam and uses one of my domains as > sender. > > I got the information via DMARC, RFC 7489 with several mails. This > provider has an abuse email address. After I contacted them, they > analyzed my domain, complained about the header of the automatic DMARC > e-mail from mail.ru <http://mail.ru>, because there an internal host > distributes it and uses an internal IP address 10/8 according to RFC > 1918 and so on. > > Apparently one does not want to do anything and requests one of these > e-mails classified as spam sent to @mail.ru. > > But this is not provided for in the DMARC protocol, which the provider > does not 'believe’. > > This means I continue to receive emails from Russia telling me that my > domain is being used by their host to send spam. And the provider writes > me many e-mails telling me that I have to provide correct facts and that > nothing else will be done. > > Because DMARC emails are not facts and cannot be used as evidence. > > Do you have any idea how to deal with this? > > I have received 11 DMARC emails from mail.ru <http://mail.ru> regarding > this host. I have attached last one here with header: > > Return-Path: <dmarc_supp...@corp.mail.ru > <mailto:dmarc_supp...@corp.mail.ru>> > Delivered-To: m...@mnin.de <mailto:m...@mnin.de> > Received: from mail.mnin.de ([xxxx]) > by mail.mnin.de with LMTP > id yedWJNMKx14sDAAAuS6XVA > (envelope-from <dmarc_supp...@corp.mail.ru>) > for <m...@mnin.de>; Fri, 22 May 2020 01:12:19 +0200 > Received: from relay7.m.smailru.net (relay7.m.smailru.net [94.100.178.51]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (No client certificate requested) > by mail.mnin.de (Postcow) with ESMTPS id 6D59868509C > for <m...@mnin.de>; Fri, 22 May 2020 01:12:18 +0200 (CEST) > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; > d=corp.mail.ru; s=mail; > h=Date:Message-ID:To:From:Subject:MIME-Version:Content-Type; > bh=DMqnfyeB+D0YjhIdtRipG66iEqaOVRHns+l07FJTLbw=; > b=k6PdTMpn2SHfn7HO4jdOto6jxVRnOLsCsFLz0Lp87ytUyQL7ifwnze/LC/xQlDQ1hLpkHdM/sM8RFDgusUQYtL4e7/Zkmln4vsjgPvsW6go/YK7hvaeQBKMKgDSXqTlTXqm7BUyXOU4g9wByuAWUM0UpOM+3lrgHzm7d/Fil5IU=; > Received: from [10.161.4.115] (port=48176 helo=60) > by relay7.m.smailru.net with esmtp (envelope-from > <dmarc_supp...@corp.mail.ru>) > id 1jbuMI-0007Kr-2n > for m...@mnin.de; Fri, 22 May 2020 02:12:14 +0300 > Content-Type: multipart/mixed; > boundary="===============1678280035031557895==" > MIME-Version: 1.0 > Subject: Report Domain: mnin.de; Submitter: Mail.Ru; > Report-ID: 25590927945792699841590019200 > From: dmarc_supp...@corp.mail.ru > To: m...@mnin.de > Message-ID: <dmarc-1590102...@corp.mail.ru> > Date: Fri, 22 May 2020 02:12:14 +0300 > Auto-Submitted: auto-generated > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mnin.de; > s=dkim; t=1590102738; > h=from:from:reply-to:subject:subject:date:date:message-id:message-id: > to:to:cc:mime-version:mime-version:content-type:content-type: > dkim-signature; bh=DMqnfyeB+D0YjhIdtRipG66iEqaOVRHns+l07FJTLbw=; > b=YpE4Z5u3l+mzLxsH+2Qbd39KekLCXa2jbbIrdnDxvgNFS6zvl4zKq33jQ/7fs5KkJEB0Xc > VCRT+1keQ9x/+a0tp6IMMUKE1elcOp6LHbBzTXCZYcgylnhbmb/JrCgAUI67KzXJlLn4o4 > pxToLIR5HD58dGeler0v2GTby5si8GUfczS2mM4QAvxJHDSZ8GqTE359H8HTmXUXGBQRb+ > 0RVhhOzYxwmusEpWvuMcXYm4oZ7V+eKNuv12N5xCAbaWaqen37v1M53j0pu1vYoUSQBgOa > dv3UgtOSdPxj8wVI5OzpY6ZVKtfSqyTXW5dV+8yfZUSe1Zpm/UPOO5eaqyUnpw== > ARC-Seal: i=1; s=dkim; d=mnin.de; t=1590102738; a=rsa-sha256; cv=none; > b=keiIRdDt35e1bk6toEJdITgagC1CXQE81NoMoM8T19TBM9LFU4zudqRg73qPYgGkqvXqqI > Te3Z+AC+CZp9bxfqIOrm2xSE8fNfZEKYhl5fB59sen9/m1rwiZznvvbNcBCJMpytYyDAbg > l74M2uJVfvrUAoAbMF8dweJV/SANBC2K6eKs1r9nRu5DrCEcicWKNLxWbvZ7Q/TccUGgeZ > VCyYvxqc0m5U7wZqK/32Sgf1EpWAjkXpC5eTMxH73FfrIkpPQa8v5ag6qKMP+GRk8B3GO1 > eQxsci0l3eATOMFFeEAW/QkSB+ur5f2bPEraluEN5VD4iwWzd2tBGmbcT0ZKaw== > ARC-Authentication-Results: i=1; > mail.mnin.de; > dkim=pass header.d=corp.mail.ru header.s=mail header.b=k6PdTMpn; > spf=pass (mail.mnin.de: domain of dmarc_supp...@corp.mail.ru designates > 94.100.178.51 as permitted sender) smtp.mailfrom=dmarc_supp...@corp.mail.ru > X-Last-TLS-Session-Version: TLSv1.2 > Authentication-Results: mail.mnin.de; > dkim=pass header.d=corp.mail.ru header.s=mail header.b=k6PdTMpn; > dmarc=pass (policy=reject) header.from=corp.mail.ru; > spf=pass (mail.mnin.de: domain of dmarc_supp...@corp.mail.ru designates > 94.100.178.51 as permitted sender) smtp.mailfrom=dmarc_supp...@corp.mail.ru > > --===============1678280035031557895== > MIME-Version: 1.0 > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: base64 > > VGhpcyBpcyBhbiBhZ2dyZWdhdGUgcmVwb3J0IGZyb20gTWFpbC5SdS4= > > --===============1678280035031557895== > Content-Type: application/gzip > MIME-Version: 1.0 > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="mail.ru!mnin.de!1590019200!1590105600.xml.gz" > > H4sICM4Kx14C/21haWwucnUhbW5pbi5kZSExNTkwMDE5MjAwITE1OTAxMDU2MDAueG1sAIVTQXKk > MAy85xW5zSkYqDADW4qzH9jLfsDlscXgCtgu22Szv48MYUJqKpULlpqW6JYFPL9N4/0rhmicfTpU > RXm4R6ucNvbydJhT/9Aenvkd9Ij6LNULh4DehSQmTFLLJDm4cBFWTsj/SDMWf2dgVwRwIozrSQYl > 4uxz5W/lgi8yXgTirgzAtxSkUM4mqZIwtnd8SMn/YmzA8Upn+XzICBXeVmzajOZ103RlV5+6x+bU > 1ceuax8rQsqqq8sS2CcRyASKIO2F5J7xYizfE1cE0OoFrsrmmOGcA9uXspu5eDca9V/4+TyaOGD+ > lCP9lk/W2EIj1a85SP1iJh6ArQHI6PslzSd4bp0ltucQt5gC8CrxKovJAT1vPheQRp1P949K3RwU > CuN51bZFXTfF6VRUx5Z6Xd+AcrOlpsDWYLOAr3KcyWu2YKJ30STalg8pewQW/T1dEuGLlexgzRcv > 7LYjW+QZjTaZ3tAichhQagyiD276HNYeBPaFL+c0iIBxHlP80LDNmqrTkBcGw7Ju28gjjqiSC1wT > g8RtKaxtuJcx5jtdkr2ZHxsr55FPWSa1XZJveq4D+aqdbXfGrj/cO84BW+uiAwAA > --===============1678280035031557895==-- > > Decompressed xml is: > > <?xml version='1.0' encoding='utf-8'?> > <feedback><report_metadata><org_name>Mail.Ru</org_name><email>dmarc_supp...@corp.mail.ru > <mailto:dmarc_supp...@corp.mail.ru></email><extra_contact_info>http://help.mail.ru/mail-help</extra_contact_info><report_id>25590927945792699841590019200</report_id><date_range><begin>1590019200</begin><end>1590105600</end></date_range></report_metadata><policy_published><domain>mnin.de</domain><adkim>r</adkim><aspf>r</aspf><p>none</p><sp>none</sp><pct>100</pct></policy_published><record><row><source_ip>188.225.77.168</source_ip><count>1</count><policy_evaluated><disposition>none</disposition><dkim>fail</dkim><spf>fail</spf></policy_evaluated></row><identifiers><header_from>mnin.de</header_from></identifiers><auth_results><dkim><domain>ninthhelper.ru</domain><selector>dnin</selector><result>pass</result></dkim><spf><domain>ninthhelper.ru</domain><scope>mfrom</scope><result>pass</result></spf></auth_results></record></feedback> > > > Cheers, > > Martin > -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
signature.asc
Description: OpenPGP digital signature
