Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk

2015-09-14 Thread Ian Eiloart 

> On 10 Sep 2015, at 08:23, Brandon Long  wrote:
> 
> On Wed, Sep 9, 2015 at 5:32 PM, Robert Mueller  wrote:
>  
>> We don't recommend doing that:
>>  
>> https://support.google.com/mail/answer/175365
>>  
>> If you are forwarding mail, you'll inevitably forward spam, and you don't 
>> want your reputation to take a hit on that.
>>  
>> Or, damned if you do, damned if you don't.
>  
> Ok, just to confirm, does this mean you don't recommend or recognise SRS 
> rewritten MAIL FROM addresses as special in any way?
> 
> Does anyone understand SRS?  I thought it was pretty much a dead end. 
> 

Seems to me that the reason Google recommend not rewriting the envelope sender 
is that your domain may get punished for forwarding spam. The solution, 
apparently, would be to use a different domain. And probably a different IP 
address, too. 

Of course that makes it more likely that your own email is delivered, but less 
likely that the forwarded email is delivered: since it won’t benefit from any 
positive reputation that your own email has.

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk

2015-09-14 Thread Ian Eiloart 

> On 10 Sep 2015, at 12:45, Robert Mueller  wrote:
> 
>> 
>> Ok, just to confirm, does this mean you don't recommend or recognise SRS 
>> rewritten MAIL FROM addresses as special in any way?
>>  
>> Does anyone understand SRS?  I thought it was pretty much a dead end. 
>  
> IMHO everything about SPF and SRS borders on somewhere between pointless and 
> craziness. Is there any evidence it's been useful in any way to help stop or 
> identify spam?


The main benefit it to permit whitelisting of trusted domains. For example, I’d 
be quite happy to whitelist any *.ac.uk domain for email that (a) gets an SPF 
pass, and (b) has no attachments, and (c) some other stuff. 

-- 
Ian Eiloart
Postmaster, University of Sussex
+44 (0) 1273 87-3148

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] msn/outlook blacklist advice

2015-09-14 Thread G. Miliotis 

Hello everyone,

We've just moved someof our MXs to a new IP and it turns out we didn't 
plan this very well.


Microsoft has the whole new range blacklisted (Getting SC-001 errors for 
136.243.92.253; 136.243.92.252; 136.243.92.216). The troubleshooting  
form provides no real feedback and I couldn't get to a human.


Our MX is low volume (~1000mails / monthly) but many small businesses 
depend on us for mail and the heat is being turned up.


What is the correct way to handle this transition? Is there any 
microsoft contact here to contact me off list? Any advice/help would be 
greatly appreciated.


Best Regards,
George Miliotis


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] msn/outlook blacklist advice

2015-09-14 Thread G. Miliotis 


On 14/09/2015 06:44 μμ, Steve Atkins wrote:

Microsoft has the whole new range blacklisted (Getting SC-001
errors for 136.243.92.253; 136.243.92.252; 136.243.92.216).

I'm assuming those three IP addresses are for smarthosts

> that send outbound mail for you and your customers.

Only one is currently in use as mx. I'm working on all three 
simultaneously as they're all blacklisted in SNDS and we got them as a 
group. I'm not moving more MXs over to this range before I figure out 
what's Microsoft's idea of the right way to do this.



To start with, check your DNS has been updated to match your new smarthosts, 
particularly SPF and MX records.
Our SPF records indicate only the .252 because this is the only one in 
use right now.


Google gives us a SPF-PASS when sending to them on all domains I checked 
(cgvillas.com, gogastires.gr are two examples).


So the issue remains, what *is* the correct way to migrate to a new IP 
that's been blacklisted by MS and how long should it take?



Cheers,
   Steve


Thanks for getting back so quickly!

--George

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

2015-09-14 Thread Michael Wise 
If it has anything to do with Hotmail, this is the wrong advice.
If it’s specific to Hotmail or Outlook.com email addresses and such like…

http://mail.live.com/mail/troubleshooting.aspx

In particular, *THIS* bit:

[cid:image001.png@01D0EEF7.73DED2E0]

Sooner or later, your discussions will end there, and the ticketing will begin.
There is *NO* way around it; Microsoft Legal has been very clear on the matter.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Matthew Black
Sent: Monday, September 14, 2015 1:45 PM
To: Brian Curry ; mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?

Are you a mail producer or a Microsoft Office365 / Exchange Online Protection 
customer? If so, call your normal support channels. If not, ask a few of your 
select customers to complain to Microsoft. I am one of those Microsoft 
customers that has experienced a number of so called “white hat” e-mail 
marketing companies that let many of their customers send UCE despite a 
zero-tolerance policy.

matthew black
california state university, long beach


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brian Curry
Sent: Thursday, September 03, 2015 7:25 AM
To: mailop@mailop.org
Subject: [mailop] Hotmail/Microsoft Contact Available?

Is anyone from Microsoft/Hotmail able to help me with a delivery issue that has 
been lingering for months?

Long story short, I have been going in loops with the normal Hotmail support 
process for months and cannot seem to get a useful answer. IP address in 
question has pulled way back on engagement and I have tested the email content 
outside of the normal IP address and can get it to deliver just fine.

Any help is much appreciated, can contact me off list for me private details.


Brian Curry
Manager of Deliverability, Digital Messaging
Merkle Inc.
Phone: 720.836.2150
bcu...@merkleinc.com


This email and any attachments transmitted with it are intended for use by the 
intended recipient(s) only. If you have received this email in error, please 
notify the sender immediately and then delete it. If you are not the intended 
recipient, you must not keep, use, disclose, copy or distribute this email 
without the author’s prior permission. We take precautions to minimize the risk 
of transmitting software viruses, but we advise you to perform your own virus 
checks on any attachment to this message. We cannot accept liability for any 
loss or damage caused by software viruses. The information contained in this 
communication may be confidential and may be subject to the attorney-client 
privilege.
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Franck Martin 
On Mon, Sep 14, 2015 at 12:00 PM, Michael Peddemors 
wrote:

> Monitoring from ISP's and Telco's has always shown a lot of leakage from
> the servers called..
>
> mail-pu1apc01hn0200.outbound.protection.outlook.com
>
> And over the last week, those numbers substantially increased..
>
> However, while caught by our filtering systems, you have to look at some
> simple obvious issues..
>
> (Maybe someone can explain how this traffic is relayed, and why it is so
> hard to stop at the source?)
>
> Return-Path: <>
>
>  (We wrote a 'fake bounce' rule specifically for
> protection.outlook.com servers)
>  Much of the spam shows up with no Return-Path, I am sure that can be
> prevented, no?
>
> Delivered-To: mich...@linuxmagic.com
> Received: (qmail 29387 invoked from network); 14 Sep 2015 17:13:15 -
> Received: from mail-pu1apc01hn0200.outbound.protection.outlook.com (HELO
> APC01-PU1-obe.outbound.protection.outlook.com) (104.47.126.200)
> by be.cityemail.com with SMTP
> (e1fa336e-5b03-11e5-8599-5bc0ef165c91); Mon, 14 Sep 2015 10:13:15
> -0700
> Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;
>
> ^ Could this be a clue? No Sender IP? No MailFrom?
>

the HELO hostname does not have an SPF record:
https://dmarcian.com/spf-survey/APC01-PU1-obe.outbound.protection.outlook.com

cf http://trac.tools.ietf.org/html/rfc7208#section-10.1.3


>
> Received: from [106.223.20.123] (106.223.20.123) by
>  SG2PR0201MB0984.apcprd02.prod.outlook.com (10.162.202.155) with Microsoft
>  SMTP Server (TLS) id 15.1.268.17; Mon, 14 Sep 2015 17:13:03 +
> Content-Type: multipart/alternative; boundary="===0365285247=="
> MIME-Version: 1.0
> Subject: I Have An Urgent Matter To Discuss With You
> To: recipie...@wizard.ca
> From: v...@wizard.ca, hol...@wizard.ca, k...@wizard.ca
>
>  None of the above exist of course.. actually sent to different
> addresses
>
> Date: Mon, 14 Sep 2015 22:42:56 +0530
> Reply-To: 
>
> ^ Isn't this suspicious?
>
> seems someone can get outlook.com to do some backscatter or inject a fake
bounce and have it routed by outlook.com ?
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Noel Butler 

On 15/09/2015 05:34, Michael Wise wrote:



We are compelled to deliver it; talk to the senders who wander around
wondering what the heck happened to a message that they handed off to
a given mailhost and it was never delivered.



We've all been seeing that for over a decade with hotmail, we succeed in 
the send, and recipient never gets it :)



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Noel Butler 
 

On 15/09/2015 06:54, Franck Martin wrote: 

> On Mon, Sep 14, 2015 at 12:00 PM, Michael Peddemors  
> wrote:
> 
>> Monitoring from ISP's and Telco's has always shown a lot of leakage from the 
>> servers called..
>> 
>> mail-pu1apc01hn0200.outbound.protection.outlook.com [1]
>> 
>> And over the last week, those numbers substantially increased..
>> 
>> However, while caught by our filtering systems, you have to look at some 
>> simple obvious issues..
>> 
>> (Maybe someone can explain how this traffic is relayed, and why it is so 
>> hard to stop at the source?)
>> 
>> Return-Path: <>
>> 
>>  (We wrote a 'fake bounce' rule specifically for protection.outlook.com 
>> [2] servers)
>> Much of the spam shows up with no Return-Path, I am sure that can be 
>> prevented, no?
>> 
>> Delivered-To: mich...@linuxmagic.com
>> Received: (qmail 29387 invoked from network); 14 Sep 2015 17:13:15 -
>> Received: from mail-pu1apc01hn0200.outbound.protection.outlook.com [1] (HELO 
>> APC01-PU1-obe.outbound.protection.outlook.com [3]) (104.47.126.200)
>> by be.cityemail.com [4] with SMTP
>> (e1fa336e-5b03-11e5-8599-5bc0ef165c91); Mon, 14 Sep 2015 10:13:15 -0700
>> Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;
>> 
>> ^ Could this be a clue? No Sender IP? No MailFrom?
> 
> the HELO hostname does not have an SPF record: 
> https://dmarcian.com/spf-survey/APC01-PU1-obe.outbound.protection.outlook.com 
> [6] 
> 
> cf http://trac.tools.ietf.org/html/rfc7208#section-10.1.3 [7] 
> 
>> Received: from [106.223.20.123] (106.223.20.123) by
>> SG2PR0201MB0984.apcprd02.prod.outlook.com [5] (10.162.202.155) with Microsoft
>> SMTP Server (TLS) id 15.1.268.17; Mon, 14 Sep 2015 17:13:03 +
>> Content-Type: multipart/alternative; boundary="===0365285247=="
>> MIME-Version: 1.0
>> Subject: I Have An Urgent Matter To Discuss With You
>> To: recipie...@wizard.ca
>> From: v...@wizard.ca, hol...@wizard.ca, k...@wizard.ca
>> 
>>  None of the above exist of course.. actually sent to different addresses
>> 
>> Date: Mon, 14 Sep 2015 22:42:56 +0530
>> Reply-To: 
>> 
>> ^ Isn't this suspicious?
> 
> seems someone can get outlook.com [8] to do some backscatter or inject a fake 
> bounce and have it routed by outlook.com [8] ?

It is becoming rather annoying :) 

 

Links:
--
[1] http://mail-pu1apc01hn0200.outbound.protection.outlook.com
[2] http://protection.outlook.com
[3] http://APC01-PU1-obe.outbound.protection.outlook.com
[4] http://be.cityemail.com
[5] http://SG2PR0201MB0984.apcprd02.prod.outlook.com
[6]
https://dmarcian.com/spf-survey/APC01-PU1-obe.outbound.protection.outlook.com
[7] http://trac.tools.ietf.org/html/rfc7208#section-10.1.3
[8] http://outlook.com
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

2015-09-14 Thread Michael Wise 

Or people who are in a desperate hurry...
Both of which intersect on the Ven Diagram of a great many Mail Admins.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
Sent: Monday, September 14, 2015 2:54 PM
To: mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?


> On Sep 14, 2015, at 2:33 PM, Michael Wise  wrote:
> 
> It’s on my bucket list….

OTOH, it's a reasonably effective method of filtering out people who refuse
to read documentation.

Cheers,
  Steve

>  
> Aloha,
> Michael.
> --
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
> Processed." | Got the Junk Mail Reporting Tool ?
>  
> From: Gil Bahat [mailto:g...@magisto.com] 
> Sent: Monday, September 14, 2015 2:29 PM
> To: Michael Wise 
> Cc: mailop@mailop.org
> Subject: Re: [mailop] Hotmail/Microsoft Contact Available?
>  
> That brings up a very good point: can anyone make this link at least mildly 
> more prominent than a 'here' anchor in the middle of a large body of text 
> under an unassuming header?
> 
> Almost makes you feel unwanted.
> 
> On Sep 15, 2015 12:16 AM, "Michael Wise"  wrote:
> If it has anything to do with Hotmail, this is the wrong advice.
> If it’s specific to Hotmail or 
> https://na01.safelinks.protection.outlook.com/?url=Outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c453fcad8f70643c8143808d2bd4fda8f%7c72f988bf86f141af91ab2d7cd011db47%7c1=4ox8ZI%2b0mYIO4Es8bnHhxfbHC6U97qIhx2kk3V2zBcE%3d
>  email addresses and such like…
>  
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmail.live.com%2fmail%2ftroubleshooting.aspx=01%7c01%7cmichael.wise%40microsoft.com%7c453fcad8f70643c8143808d2bd4fda8f%7c72f988bf86f141af91ab2d7cd011db47%7c1=ZS3Sx%2bO3rHf81xgujzkgyCsBR66S8s9nAm67jjFqPlw%3d
>  
> In particular, *THIS* bit:
>  
> 
>  
> Sooner or later, your discussions will end there, and the ticketing will 
> begin.
> There is *NO* way around it; Microsoft Legal has been very clear on the 
> matter.
>  
> Aloha,
> Michael.
> --
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
> Processed." | Got the Junk Mail Reporting Tool ?
>  
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Matthew Black
> Sent: Monday, September 14, 2015 1:45 PM
> To: Brian Curry ; mailop@mailop.org
> Subject: Re: [mailop] Hotmail/Microsoft Contact Available?
>  
> Are you a mail producer or a Microsoft Office365 / Exchange Online Protection 
> customer? If so, call your normal support channels. If not, ask a few of your 
> select customers to complain to Microsoft. I am one of those Microsoft 
> customers that has experienced a number of so called “white hat” e-mail 
> marketing companies that let many of their customers send UCE despite a 
> zero-tolerance policy.
>  
> matthew black
> california state university, long beach
>  
>  
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brian Curry
> Sent: Thursday, September 03, 2015 7:25 AM
> To: mailop@mailop.org
> Subject: [mailop] Hotmail/Microsoft Contact Available?
>  
> Is anyone from Microsoft/Hotmail able to help me with a delivery issue that 
> has been lingering for months?
>  
> Long story short, I have been going in loops with the normal Hotmail support 
> process for months and cannot seem to get a useful answer. IP address in 
> question has pulled way back on engagement and I have tested the email 
> content outside of the normal IP address and can get it to deliver just fine.
>  
> Any help is much appreciated, can contact me off list for me private details.
>  
>  
> Brian Curry
> Manager of Deliverability, Digital Messaging
> Merkle Inc.
> Phone: 720.836.2150
> bcu...@merkleinc.com
>  
> This email and any attachments transmitted with it are intended for use by 
> the intended recipient(s) only. If you have received this email in error, 
> please notify the sender immediately and then delete it. If you are not the 
> intended recipient, you must not keep, use, disclose, copy or distribute this 
> email without the author’s prior permission. We take precautions to minimize 
> the risk of transmitting software viruses, but we advise you to perform your 
> own virus checks on any attachment to this message. We cannot accept 
> liability for any loss or damage caused by software viruses. The information 
> contained in this communication may be confidential and may be subject to the 
> attorney-client privilege.
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
>

Re: [mailop] Hotmail/Microsoft Contact Available?

2015-09-14 Thread Gil Bahat 
Why don't we take this to the next level then and hide it behind a 1x1
pixel and triple the level of tier-1 scripted support, after making it
available only via IVR with average 15 minutes wait?

let's weed out the weak-willed, because what this industry definitely needs
is more distrust and lack of communication between senders and receivers,
all in the (sometimes ludicrous excuse) name of spam fighting.

even if mailop doesn't actually resolve my issues (and for the most part it
has), it does have the special property of making you feel that somebody
cares about your email. from the perspective of a sender trying to keep
sane, that means a lot.



On Tue, Sep 15, 2015 at 1:02 AM, Michael Wise 
wrote:

>
> Or people who are in a desperate hurry...
> Both of which intersect on the Ven Diagram of a great many Mail Admins.
>
> Aloha,
> Michael.
> --
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
> Processed." | Got the Junk Mail Reporting Tool ?
>
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Atkins
> Sent: Monday, September 14, 2015 2:54 PM
> To: mailop@mailop.org
> Subject: Re: [mailop] Hotmail/Microsoft Contact Available?
>
>
> > On Sep 14, 2015, at 2:33 PM, Michael Wise 
> wrote:
> >
> > It’s on my bucket list….
>
> OTOH, it's a reasonably effective method of filtering out people who refuse
> to read documentation.
>
> Cheers,
>   Steve
>
> >
> > Aloha,
> > Michael.
> > --
> > Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
> Been Processed." | Got the Junk Mail Reporting Tool ?
> >
> > From: Gil Bahat [mailto:g...@magisto.com]
> > Sent: Monday, September 14, 2015 2:29 PM
> > To: Michael Wise 
> > Cc: mailop@mailop.org
> > Subject: Re: [mailop] Hotmail/Microsoft Contact Available?
> >
> > That brings up a very good point: can anyone make this link at least
> mildly more prominent than a 'here' anchor in the middle of a large body of
> text under an unassuming header?
> >
> > Almost makes you feel unwanted.
> >
> > On Sep 15, 2015 12:16 AM, "Michael Wise" 
> wrote:
> > If it has anything to do with Hotmail, this is the wrong advice.
> > If it’s specific to Hotmail or
> https://na01.safelinks.protection.outlook.com/?url=Outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c453fcad8f70643c8143808d2bd4fda8f%7c72f988bf86f141af91ab2d7cd011db47%7c1=4ox8ZI%2b0mYIO4Es8bnHhxfbHC6U97qIhx2kk3V2zBcE%3d
> email addresses and such like…
> >
> >
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmail.live.com%2fmail%2ftroubleshooting.aspx=01%7c01%7cmichael.wise%40microsoft.com%7c453fcad8f70643c8143808d2bd4fda8f%7c72f988bf86f141af91ab2d7cd011db47%7c1=ZS3Sx%2bO3rHf81xgujzkgyCsBR66S8s9nAm67jjFqPlw%3d
> >
> > In particular, *THIS* bit:
> >
> > 
> >
> > Sooner or later, your discussions will end there, and the ticketing will
> begin.
> > There is *NO* way around it; Microsoft Legal has been very clear on the
> matter.
> >
> > Aloha,
> > Michael.
> > --
> > Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has
> Been Processed." | Got the Junk Mail Reporting Tool ?
> >
> > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Matthew
> Black
> > Sent: Monday, September 14, 2015 1:45 PM
> > To: Brian Curry ; mailop@mailop.org
> > Subject: Re: [mailop] Hotmail/Microsoft Contact Available?
> >
> > Are you a mail producer or a Microsoft Office365 / Exchange Online
> Protection customer? If so, call your normal support channels. If not, ask
> a few of your select customers to complain to Microsoft. I am one of those
> Microsoft customers that has experienced a number of so called “white hat”
> e-mail marketing companies that let many of their customers send UCE
> despite a zero-tolerance policy.
> >
> > matthew black
> > california state university, long beach
> >
> >
> > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brian Curry
> > Sent: Thursday, September 03, 2015 7:25 AM
> > To: mailop@mailop.org
> > Subject: [mailop] Hotmail/Microsoft Contact Available?
> >
> > Is anyone from Microsoft/Hotmail able to help me with a delivery issue
> that has been lingering for months?
> >
> > Long story short, I have been going in loops with the normal Hotmail
> support process for months and cannot seem to get a useful answer. IP
> address in question has pulled way back on engagement and I have tested the
> email content outside of the normal IP address and can get it to deliver
> just fine.
> >
> > Any help is much appreciated, can contact me off list for me private
> details.
> >
> >
> > Brian Curry
> > Manager of Deliverability, Digital Messaging
> > Merkle Inc.
> > Phone: 720.836.2150
> > bcu...@merkleinc.com
> >
> > This email and any attachments transmitted with it are intended for use
> by the intended recipient(s) only. If you have received this

Re: [mailop] Protection Outlook..

2015-09-14 Thread Lena 
> From: Michael Wise 

> The account has probably already been killed.

I doubt that. I quoted entire header and the one-line body, but:

==

Date: Fri, 4 Sep 2015 22:03:03 +0300
From: l...@lena.kiev.ua
To: ab...@microsoft.com
Subject: Spam complaint

Spam:

> Return-path: <>
> Received: from mail-sg2apc01hn0234.outbound.protection.outlook.com
...
> Subject: YOU HAVE BEEN ANNOUNCED AS ONE OF THE FUND BENEFICIARY!!!
...
> X-Originating-IP: [116.202.38.142]
...
> X-Forefront-Antispam-Report: SFV:SPM;...

==

From: Microsoft Online Safety

Subject: SRX1303257687ID - FW: Spam complaint
Date: Wed, 9 Sep 2015 20:47:10 +

...
Please forward a copy of the questionable message, including the full
message headers...

==

Date: Wed, 9 Sep 2015 23:51:40 +0300
From: l...@lena.kiev.ua
To: Microsoft Online Safety 

Subject: Re: SRX1303257687ID - FW: Spam complaint

> Please forward a copy of the questionable message, including the full
> message headers.  Specifically, we need an unedited copy of the message
> that includes the X-originating IP.

I already quoted full message headers. I repeat:

Return-path: <>
...

==

From: Microsoft Online Safety

To: 
Subject: RE: SRX1303257687ID - FW: Spam complaint
Date: Thu, 10 Sep 2015 21:45:15 +

...
Please forward a copy of the questionable message, including the full
message headers...

==

Date: Fri, 11 Sep 2015 03:00:06 +0300
From: l...@lena.kiev.ua
To: Microsoft Online Safety 

Subject: Re: SRX1303257687ID - FW: Spam complaint

Do you read? I already sent you the full message headers TWICE.

> Please forward a copy of the questionable message, including the full
> message headers.  Specifically, we need an unedited copy of the message
> that includes the X-originating IP.

==

From: Microsoft Online Safety

To: 
Subject: RE: SRX1303257687ID - FW: Spam complaint
Date: Fri, 11 Sep 2015 16:54:36 +

Hello

I can understand your frustration. Unfortunately we cannot take action
on e-mail accounts that are not part of the Microsoft network...

==

Date: Fri, 11 Sep 2015 20:10:45 +0300
From: l...@lena.kiev.ua
To: Microsoft Online Safety 

Subject: Re: SRX1303257687ID - FW: Spam complaint
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.4.2.3i

> I can understand your frustration. Unfortunately we cannot take action
> on e-mail accounts that are not part of the Microsoft network.

Read the header again, attentively this time. The spam came from:

Received: from mail-sg2apc01hn0234.outbound.protection.outlook.com 
([104.47.125.234] helo=APC01-SG2-obe.outbound.protection.outlook.com)
by lena.kiev.ua with esmtps (TLSv1.2:ECDHE-RSA-AES256-SHA384:256)
(Exim 4.86 (FreeBSD))
id 1ZXwD5-000Id2-HP
for l...@lena.kiev.ua; Fri, 04 Sep 2015 21:59:48 +0300

Is 104.47.125.234 part of the Microsoft network?
The spam had empty MAIL FROM (envelope-from, Return-Path),
is it throwing you off?

==

Silence so far.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Michael Wise 

As I said ... we are compelled.
And we're working on that for Hotmail as well, but it's not gonna happen, 
"Tomorrow".

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Noel Butler
Sent: Monday, September 14, 2015 3:16 PM
To: mailop@mailop.org
Subject: Re: [mailop] Protection Outlook.. 

On 15/09/2015 05:34, Michael Wise wrote:

> 
> We are compelled to deliver it; talk to the senders who wander around
> wondering what the heck happened to a message that they handed off to
> a given mailhost and it was never delivered.
> 

We've all been seeing that for over a decade with hotmail, we succeed in 
the send, and recipient never gets it :)


___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop=01%7c01%7cmichael.wise%40microsoft.com%7c459f7c5df942456b5a2308d2bd52ff66%7c72f988bf86f141af91ab2d7cd011db47%7c1=d%2fP5k5JZ0RQnPHZbgsmdaG8EVbKVCIQoQrLmnZmDcmg%3d

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] pobox.com contact?

2015-09-14 Thread Phil Pennock 
Hey,

Old story, shadow IT setup, email for a domain being handled by pobox,
person who set it up has left, no authentication information stored in
company password manager system.  I'm trying to get back access so we
can pay pobox money and get things running again.

(Which is, understandably, something to make people cautious because
 it's rather close to what a social engineer would say).

Urgency on our side, need this chased faster than pobox are responding
to support email (and they have no phone contact); I have a billing
group number and am willing to jump through many hoops.  If there's
anyone from pobox reading, could you please reply off-list to me?

Thanks,
-Phil

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Michael Wise 
Heh.

Would love to stop using the pipelined metaphor, but alas; I'm not in charge of 
the design, coding, or anything else... I just try to make sure that the spammy 
stuff is tagged as spam so y'all can look at it and decide for yourselves, 
easily. :)

There are many, many other types of messages with NUL sender that are not 
bounces.

We are compelled to deliver it; talk to the senders who wander around wondering 
what the heck happened to a message that they handed off to a given mailhost 
and it was never delivered.

Much screaming if traffic you thought at the moment was spam, and you just drop 
it on the floor.
Many people scream in your face if you get it wrong.

There's things that work at the single mailhost level, and there's things that 
work at the couple of redundant server level, and there stuff that works when 
you have tens of thousands of servers being one service... and they all have 
very little to do with each other beyond a set of protocols they are all 
supposed to speak. Very little at all. I wish it were otherwise, but it's not.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: Michael Peddemors [mailto:mich...@linuxmagic.com] 
Sent: Monday, September 14, 2015 12:25 PM
To: Michael Wise ; mailop 
Subject: Re: [mailop] Protection Outlook.. 

On 15-09-14 12:16 PM, Michael Wise wrote:
> If you see this ...
>
>   X-Forefront-Antispam-Report: SFV:SPM
>   (Specifically, the "SFV:SPM")
>
> That means we thought it was spam, but due to the pipelined nature of our 
> service, rather than drop it on the floor as some do, we were compelled to 
> deliver it. The traffic came in via a TLS connection from Bharti Airtel Ltd. 
> In India. The account has probably already been killed.
>
> Aloha,
> Michael.
>

This of course doesn't address the original question of why allowing 
delivery of messages without the MAIL FROM: that aren't really bounces.. 
(Time to stop pipelining ;)

Thanks for the tip.. But it isn't helping anyone if you keep sending 
obvious spam out of your networks..

You aren't REALLY compelled to deliver it..

Hard to believe that the infrastructure can't reject known spam..


-- 
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at 
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.linuxmagic.com=01%7c01%7cmichael.wise%40microsoft.com%7cd747489fc87b4aed089208d2bd3a2c22%7c72f988bf86f141af91ab2d7cd011db47%7c1=4tY6uZVReK4awovXBVkXKM6t1fhPegHGf5eD4cMV89M%3d
 @linuxmagic

A Wizard IT Company - For More Info 
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.wizard.ca=01%7c01%7cmichael.wise%40microsoft.com%7cd747489fc87b4aed089208d2bd3a2c22%7c72f988bf86f141af91ab2d7cd011db47%7c1=vRmsE8iuy6gyD7c33PSUcA2BXxn0NbRljgtai%2f1AyRw%3d
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Michael Wise 
If you see this ...

X-Forefront-Antispam-Report: SFV:SPM
(Specifically, the "SFV:SPM")

That means we thought it was spam, but due to the pipelined nature of our 
service, rather than drop it on the floor as some do, we were compelled to 
deliver it. The traffic came in via a TLS connection from Bharti Airtel Ltd. In 
India. The account has probably already been killed.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors
Sent: Monday, September 14, 2015 12:00 PM
To: mailop 
Subject: [mailop] Protection Outlook.. 

Monitoring from ISP's and Telco's has always shown a lot of leakage from 
the servers called..

https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0200.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=xT8Oo5RAGXaMUUw3q8MouTTarYplKxFxww07BluXiFQ%3d

And over the last week, those numbers substantially increased..

However, while caught by our filtering systems, you have to look at some 
simple obvious issues..

(Maybe someone can explain how this traffic is relayed, and why it is so 
hard to stop at the source?)

Return-Path: <>

 (We wrote a 'fake bounce' rule specifically for 
protection.outlook.com servers)
  Much of the spam shows up with no Return-Path, I am sure that can be 
prevented, no?

Delivered-To: mich...@linuxmagic.com
Received: (qmail 29387 invoked from network); 14 Sep 2015 17:13:15 -
Received: from 
https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0200.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=xT8Oo5RAGXaMUUw3q8MouTTarYplKxFxww07BluXiFQ%3d
 (HELO 
https://na01.safelinks.protection.outlook.com/?url=APC01-PU1-obe.outbound.protection.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=5ngeL52kH5mOzaCCyc%2bMRuUYzUj98MxaQJhsYDd5fOc%3d)
 (104.47.126.200)
by 
https://na01.safelinks.protection.outlook.com/?url=be.cityemail.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=f4UL%2buoHixPSRY%2b2VGwUWHUVOJmZeFAFOcx%2fuebBEXE%3d
 with SMTP
(e1fa336e-5b03-11e5-8599-5bc0ef165c91); Mon, 14 Sep 2015 10:13:15 -0700
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;

^ Could this be a clue? No Sender IP? No MailFrom?

Received: from [106.223.20.123] (106.223.20.123) by
  
https://na01.safelinks.protection.outlook.com/?url=SG2PR0201MB0984.apcprd02.prod.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=NxyYuouMdfsVY0CPJvOPIDqfDSDSAeguYT9aFPryjC0%3d
 (10.162.202.155) with Microsoft
  SMTP Server (TLS) id 15.1.268.17; Mon, 14 Sep 2015 17:13:03 +
Content-Type: multipart/alternative; boundary="===0365285247=="
MIME-Version: 1.0
Subject: I Have An Urgent Matter To Discuss With You
To: recipie...@wizard.ca
From: v...@wizard.ca, hol...@wizard.ca, k...@wizard.ca

 None of the above exist of course.. actually sent to different 
addresses

Date: Mon, 14 Sep 2015 22:42:56 +0530
Reply-To: 

^ Isn't this suspicious?

X-Originating-IP: [106.223.20.123]
X-ClientProxiedBy: 
https://na01.safelinks.protection.outlook.com/?url=SIXPR04CA0018.apcprd04.prod.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=3EgI%2bPJtwtPhrU1Xt7bwv8OFfz6%2fXbcHMcY8Qvoxo1A%3d
 
(10.141.119.18) To
  
https://na01.safelinks.protection.outlook.com/?url=SG2PR0201MB0984.apcprd02.prod.outlook.com=01%7c01%7cmichael.wise%40microsoft.com%7c1a87a0f969514cbb021a08d2bd38262e%7c72f988bf86f141af91ab2d7cd011db47%7c1=NxyYuouMdfsVY0CPJvOPIDqfDSDSAeguYT9aFPryjC0%3d
 (25.162.202.155)
Message-ID: 

X-Microsoft-Exchange-Diagnostics:

[mailop] Gmail and PDF attachments.. Changes in policy?

2015-09-14 Thread Michael Peddemors 
Just had a few reports that Gmail is blocking messages with PDF 
attachments..



74.125.28.26 failed after I sent the message.
Remote host said: 552-5.7.0 This message was blocked because its content
presents a potential
552-5.7.0 security issue. Please visit
552-5.7.0  https://support.google.com/mail/answer/6590 to review our message
552 5.7.0 content and attachment content guidelines. 100si10432244iog.166 -
gsmtp


However, PDF files aren't listed as one of the attachment types they block.

Has there been a change lately?

Content-Type: application/pdf;
name="20150912 accepted offer.pdf"



 
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

2015-09-14 Thread Michael Peddemors 

On 15-09-14 12:16 PM, Michael Wise wrote:

If you see this ...

X-Forefront-Antispam-Report: SFV:SPM
(Specifically, the "SFV:SPM")

That means we thought it was spam, but due to the pipelined nature of our 
service, rather than drop it on the floor as some do, we were compelled to 
deliver it. The traffic came in via a TLS connection from Bharti Airtel Ltd. In 
India. The account has probably already been killed.

Aloha,
Michael.



This of course doesn't address the original question of why allowing 
delivery of messages without the MAIL FROM: that aren't really bounces.. 
(Time to stop pipelining ;)


Thanks for the tip.. But it isn't helping anyone if you keep sending 
obvious spam out of your networks..


You aren't REALLY compelled to deliver it..

Hard to believe that the infrastructure can't reject known spam..


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop