On Fri, 31 Aug 2018 at 00:02, Michael Wise <michael.w...@microsoft.com> wrote: > /me coughs discretely ... > > As I don't have the right crescent wrench to what this issue, I have > forwarded your concerns to the people who ARE in a position to get a better > understanding of these issues. > There's a lot of conflicting signals that SmartScreen takes into > consideration, and a lot of ... obscure-on-purpose policies that affect how > the folks who are typically the ones to mitigate these issues are allowed to > do ... and yes, a lot of boilerplate, sometimes that doesn't seem ... on > point. > > /sigh > > I will do what I can.
Hi Michael, Did you get any answer/update? Or is this still under investigation? Or trashed as "uninteresting"? Since I wrote the post (almost 4 weeks ago) the IP 188.165.188.85 is still the only red IP in our 100+ IP list and it always kept his "red" status in the last weeks. No new trap hits, no new FBL and complaint rate fixed to "< 0.1%". Brothers IPs in the same pool like 188.165.188.87 have been always green, as before. Stefano > Aloha, > Michael. > -- > Michael J Wise > Microsoft Corporation| Spam Analysis > "Your Spam Specimen Has Been Processed." > Got the Junk Mail Reporting Tool ? > > > -----Original Message----- > > From: mailop <mailop-boun...@mailop.org> On Behalf Of Stefano Bagnara > > Sent: Thursday, 30 August, 2018 17:40 > > To: mailop <mailop@mailop.org> > > Subject: [mailop] SmartScreen weirdness > > > > Hi all, or I should probably say Hi Michael, :-) > > > > I manage a pool of 5 IPs shared by the same group of senders (>100 small > > senders). > > IPs are 188.165.188.85..188.165.188.89. (please no OVH-flames) > > > > They are low volume and they sends the same things (emails are > > roundrobin-ed between the IPs). They share the same reputation of public > > reputation providers (99 on senderscore, good on Talos). They haven't been > > blacklisted recently (AFAIK). > > > > One of those IPs is RED on SNDS (188.165.188.85) and in fact, emails sent > > by that IP to new email addresses ends up in the Junk folder. The other 4 > > IPs are GREEN and have always been GREEN and an email sent to a new > > recipient is sent to inbox. I say "new recipients" because if I send an > > email to an "old recipient" that is already reading that email flow the > > email is inboxed by both. It's hard to "debug" this from the outside > > because I need reports from "new users" or I'd have to create new hotmail > > accounts. > > > > In the last 2 months I received only 1 FBL for that IP, and a total of > > 12 FBL from the other 4 IPs (not daily, 3 in the whole 2 months). SNDS > > doesn't report a single spamtrap hit. The volume recorded by SNDS is > > between 500 and 1000 messages per day from each IP. Complaint Rate is "< > > 0.1%" Trap Hits is 0. > > > > I filled the Microsoft Form (SRX1437934126ID ). They told me it's because > > of "SmartScreen" and that they are unable to offer mitigation for that IP. > > The conversation included the "usual" template-based (telling me to use > > JMRP/SNDS) answers: got 4 of them until they stopped answering me begging > > for "details" or "escalation". > > > > I'd like to identify the issue (if there is a bad sender I'd like to simply > > kick him), but I don't have data to use to do my "homework". I also can't > > get why 1 IP is "so bad" while the other 4 in the same pool are pretty > > good, while they simply send the same stuff. > > > > I saw in past Microsoft IP based reputation have a very long memory, so I > > guess it must have something to do with very old sending history from that > > IP (I can't be sure if something bad happened years ago.. I don't think so, > > but I can't exclude it). > > > > I also don't understand what could be the reason behind the answer "the IP > > cannot be mitigated": is it because it is not blocked and mitigation > > happens for blocks that are not depending from SmartScreen? > > Or is it because they are actively seeing bad inbound flow from the IP and > > the reputation is "so bad" that they can't mitigate it? > > > > Michael, do you have an answer for this "scenario" or this specific case? > > Others: did anyone else see similar issues? How did you fix them? > > -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop