Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[SM]

Hi Michael,
At 11:44 15-09-2015, Michael Wise wrote:

No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up 
pointing to, "SHOULD", and I can't really do anything but :'(


It is recommended to add a "Message-ID" field if there isn't one in a 
message.  There are reasons why that is not always done.  You did 
your part; that's good enough.


Regards,
-sm 



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] pobox.com contact?

[Phil Pennock]

On 2015-09-14 at 17:42 +, Phil Pennock wrote:
>  If there's
> anyone from pobox reading, could you please reply off-list to me?

The problem has now been resolved, we have access back.

Thanks,
-Phil

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Noel Butler]

On 16/09/2015 04:44, Michael Wise wrote:


If this ML is going to become a forum for reporting spam, I'm gone.


Having been here for few years now, I have to say it does seem to be 
getting worse, this aint anyone's support channel, and perhaps this 
needs to be entered into the charter!



Cheers


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Al Iverson]

On Tue, Sep 15, 2015 at 1:33 PM, Steve Freegard  wrote:
>
> On 15/09/15 18:24, Al Iverson via mailop.org wrote:
>>
>> Is this truly having an immediate negative impact operationally? It
>> seems like this could be feedback you could give them directly,
>> offlist, without having to share it with the rest of us.
>>
>>
>
> Very funny.

Very snotty.

> Feedback to where?

Mr. Peddemors has multiple Microsoft contacts, as I do I. There's even
a Microsoft guy or two on this list, though at least one of them seems
to be tiring of the rock throwing and fantastically tall hyperbole.

Regards,
Al Iverson

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Krishna Garewal]

Multiple Message-ID/id headers for MSA mails has been brought to the right 
people’s (as far as I know) attention.

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise
Sent: Tuesday, September 15, 2015 12:23 PM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..

I’ve been on the list for a while, no need to consult archives.
But the recent threads I have found … disconcerting.

Yes, there’s a lot of angst, mostly about things that we can’t typically do 
anything about; those are not topics we should be discussing.
Things that can be dealt with, especially if it involves my employer, all over 
it.
One off complaints, or … LOOK AT ALL THESE HOST NAMES LEAKING SPAM, OH NOEZ!
… when we’re sending hundreds of millions of legit emails a day… for businesses 
you know … I grieve.

We have issues. (“Who doesn’t? Ours are just bigger than most at times…”)
On the “Protection” side as well as the “Outlook/Hotmail” side.
Some of those I can be an advocate for change on, but it’s not like the old 
days when I could cobble together a spam classification system based on some 
ProcMail and PERL scripts, and have it pumping out actionable intel in a matter 
of days; other people do the Exchange-Equivalent (?!) of those things now, and 
I have next to no input. Not for lack of trying.

I can block traffic from the “Protection” side, or at least mark it as spam as 
it goes out. “SFV:SPM” is my little gift to y’all.
And I can sometimes escalate other issues, especially if it really is impacting 
your system or pushing systems over onto the floor.

But I can’t handle one-off complaints.
I don’t scale.

And, in most cases, I gather, neither do y’all.

As for the Outlook/Hotmail side of the house (stuff that doesn’t have, 
“Protection” in the rDNS, there’s very little I can do. Complaining to Abuse@ 
won’t get you anywhere, because they’re only interested in handling stuff with 
@microsoft.com addresses, for the most part; I don’t talk to those people so 
can’t state with certainty, but y’all have enough stories I’m sure. I can’t 
help there. If you’re blocked by Outlook/Hotmail, the link is … down-thread 
somewhere, and it’s the only way into the ticketing system, and Legal and 
Corporate Affairs (LCA) insists that this be the only way that those issues get 
handled.

“ What we do for one, we must do for all.
“ If we can’t do it for all, we can’t do it at all.

It’s the only way the volume of work can scale.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool
 ?

From: Gil Bahat [mailto:g...@magisto.com]
Sent: Tuesday, September 15, 2015 12:07 PM
To: Michael Wise mailto:michael.w...@microsoft.com>>
Cc: Steve Freegard mailto:steve.freeg...@fsl.com>>; 
mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..

Hi,

the archives will quickly tell you the list never was such and thus isn't 
likely to become one. there's enough value in the list - varying of course by 
your definition of value.
If I were you, I'd stick around the list, perhaps answer a bit less or only 
when you find things interesting.

As a sidenote, I'm nowhere near surprised by the angst level of senders and 
recipients alike, created by distrust between mailbox operators and senders. 
IMHO If the industry would work on better communication facilities, things 
should gradually cool down, on a long term scale.

Regards,

Gil Bahat,
DevOps/Postmaster,
Magisto Ltd.

On Tue, Sep 15, 2015 at 9:44 PM, Michael Wise 
mailto:michael.w...@microsoft.com>> wrote:
No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(

And the information is not pertinent.
If this ML is going to become a forum for reporting spam, I'm gone.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop 
[mailto:mailop-boun...@mailop.org] On Behalf 
Of Steve Freegard
Sent: Tuesday, September 15, 2015 11:33 AM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..


On 15/09/15 18:24, Al Iverson via 
https://na01.safelinks.protection.outlook.com/?url=mailop.org&data=01%7c01%7cmichael.wise%40microsoft.com%7c014eb44783c04c70154808d2bdfd28d0%7c72f988bf86f141af91ab2d7c

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Adam McGreggor]

On Tue, Sep 15, 2015 at 10:06:31PM +0300, Gil Bahat wrote:
> If I were you, I'd stick around the list, perhaps answer a bit less or only
> when you find things interesting.

…maybe adding a couple of lines to one's killfile(s)…

I think it's vital -- for the mail ecosystem -- that there are
representatives from the Big Guys on-list. It would be a loss, I think
to us smaller guys to not have their input (because I'm sure others
are thinking the same, too).


-- 
"If more of us valued food and cheer and song above hoarded gold, it
 would be a merrier world"
 -- J. R. R. Tolkien

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Michael Wise]

I’ve been on the list for a while, no need to consult archives.
But the recent threads I have found … disconcerting.

Yes, there’s a lot of angst, mostly about things that we can’t typically do 
anything about; those are not topics we should be discussing.
Things that can be dealt with, especially if it involves my employer, all over 
it.
One off complaints, or … LOOK AT ALL THESE HOST NAMES LEAKING SPAM, OH NOEZ!
… when we’re sending hundreds of millions of legit emails a day… for businesses 
you know … I grieve.

We have issues. (“Who doesn’t? Ours are just bigger than most at times…”)
On the “Protection” side as well as the “Outlook/Hotmail” side.
Some of those I can be an advocate for change on, but it’s not like the old 
days when I could cobble together a spam classification system based on some 
ProcMail and PERL scripts, and have it pumping out actionable intel in a matter 
of days; other people do the Exchange-Equivalent (?!) of those things now, and 
I have next to no input. Not for lack of trying.

I can block traffic from the “Protection” side, or at least mark it as spam as 
it goes out. “SFV:SPM” is my little gift to y’all.
And I can sometimes escalate other issues, especially if it really is impacting 
your system or pushing systems over onto the floor.

But I can’t handle one-off complaints.
I don’t scale.

And, in most cases, I gather, neither do y’all.

As for the Outlook/Hotmail side of the house (stuff that doesn’t have, 
“Protection” in the rDNS, there’s very little I can do. Complaining to Abuse@ 
won’t get you anywhere, because they’re only interested in handling stuff with 
@microsoft.com addresses, for the most part; I don’t talk to those people so 
can’t state with certainty, but y’all have enough stories I’m sure. I can’t 
help there. If you’re blocked by Outlook/Hotmail, the link is … down-thread 
somewhere, and it’s the only way into the ticketing system, and Legal and 
Corporate Affairs (LCA) insists that this be the only way that those issues get 
handled.

“ What we do for one, we must do for all.
“ If we can’t do it for all, we can’t do it at all.

It’s the only way the volume of work can scale.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool ?

From: Gil Bahat [mailto:g...@magisto.com]
Sent: Tuesday, September 15, 2015 12:07 PM
To: Michael Wise 
Cc: Steve Freegard ; mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..

Hi,

the archives will quickly tell you the list never was such and thus isn't 
likely to become one. there's enough value in the list - varying of course by 
your definition of value.
If I were you, I'd stick around the list, perhaps answer a bit less or only 
when you find things interesting.

As a sidenote, I'm nowhere near surprised by the angst level of senders and 
recipients alike, created by distrust between mailbox operators and senders. 
IMHO If the industry would work on better communication facilities, things 
should gradually cool down, on a long term scale.

Regards,

Gil Bahat,
DevOps/Postmaster,
Magisto Ltd.

On Tue, Sep 15, 2015 at 9:44 PM, Michael Wise 
mailto:michael.w...@microsoft.com>> wrote:
No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(

And the information is not pertinent.
If this ML is going to become a forum for reporting spam, I'm gone.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop 
[mailto:mailop-boun...@mailop.org] On Behalf 
Of Steve Freegard
Sent: Tuesday, September 15, 2015 11:33 AM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..


On 15/09/15 18:24, Al Iverson via 
https://na01.safelinks.protection.outlook.com/?url=mailop.org&data=01%7c01%7cmichael.wise%40microsoft.com%7c014eb44783c04c70154808d2bdfd28d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=iUlvmPaHW9GC7kLBrxjNx0ssuXy8JD5nGgnneQ%2bZV2I%3d
 wrote:
> Is this truly having an immediate negative impact operationally? It
> seems like this could be feedback you could give them directly,
> offlist, without having to share it with the rest of us.
>
>

Very funny.   Feedback to where?  Their 1st line support wouldn't have a
clue what to do with that.

I'm sure that plenty of us check RFC validity (e.g. there shouldn't be
more than one Message-Id header), so it's pretty pertinent information.

I'm sure it's causing them issues with deliverability because of it.

Regards,
Steve.

___
mailop mailing list
mailo

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Steve Freegard]

On 15/09/15 19:44, Michael Wise via mailop.org wrote:

No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(


Yeah - it might say SHOULD, but it's explicit about the maximum number 
of times it can appear if it is added.



And the information is not pertinent.


I'd have thought Microsoft would have been interested that would appear 
to have a bug in recognising Message-ID .vs. Message-Id (e.g. lowercase 
'd') and that might need to be fixed.



If this ML is going to become a forum for reporting spam, I'm gone.


This isn't a spam report per-se though, more of a bug report.   And it 
explains why my own recent password reset of my Microsoft account ended 
up in my Spam folder.


Kind regards,
Steve.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Michael Peddemors]

On 15-09-15 11:44 AM, Michael Wise wrote:

No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(

And the information is not pertinent.
If this ML is going to become a forum for reporting spam, I'm gone.

Aloha,
Michael.



Well, this thread has nothing to do with Spam :)

However, if it will help you in your reports, the RFC carefully covers 
the usage of Message-ID IF you ARE using one.  It should only be created 
either by the original sender, or the 'first' server to accept the message.


Something seems amiss that you might want to escalate to your team, (by 
the way, also has two Return-Path's) and the way the relay is operating.


In this case, the original message is somehow routed to a last hop 
hotmail server, which is probably getting this via a non-standard relay 
method..


However, I have now done my 'friendly' duty and let you know, as I am 
sure it is affecting lots' of your customers..


Thread closed ..

--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Gil Bahat]

Hi,

the archives will quickly tell you the list never was such and thus isn't
likely to become one. there's enough value in the list - varying of course
by your definition of value.
If I were you, I'd stick around the list, perhaps answer a bit less or only
when you find things interesting.

As a sidenote, I'm nowhere near surprised by the angst level of senders and
recipients alike, created by distrust between mailbox operators and
senders. IMHO If the industry would work on better communication
facilities, things should gradually cool down, on a long term scale.

Regards,

Gil Bahat,
DevOps/Postmaster,
Magisto Ltd.

On Tue, Sep 15, 2015 at 9:44 PM, Michael Wise 
wrote:

> No, it doesn't.
>
> After all, technically Message-ID is an optional field.
> I bitch and moan about that, but nobody cares... They all end up pointing
> to, "SHOULD", and I can't really do anything but :'(
>
> And the information is not pertinent.
> If this ML is going to become a forum for reporting spam, I'm gone.
>
> Aloha,
> Michael.
> --
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
> Processed." | Got the Junk Mail Reporting Tool ?
>
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve
> Freegard
> Sent: Tuesday, September 15, 2015 11:33 AM
> To: mailop@mailop.org
> Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in
> password reset links..
>
>
> On 15/09/15 18:24, Al Iverson via
> https://na01.safelinks.protection.outlook.com/?url=mailop.org&data=01%7c01%7cmichael.wise%40microsoft.com%7c014eb44783c04c70154808d2bdfd28d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=iUlvmPaHW9GC7kLBrxjNx0ssuXy8JD5nGgnneQ%2bZV2I%3d
> wrote:
> > Is this truly having an immediate negative impact operationally? It
> > seems like this could be feedback you could give them directly,
> > offlist, without having to share it with the rest of us.
> >
> >
>
> Very funny.   Feedback to where?  Their 1st line support wouldn't have a
> clue what to do with that.
>
> I'm sure that plenty of us check RFC validity (e.g. there shouldn't be
> more than one Message-Id header), so it's pretty pertinent information.
>
> I'm sure it's causing them issues with deliverability because of it.
>
> Regards,
> Steve.
>
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c014eb44783c04c70154808d2bdfd28d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=nG6dlE9YS5zm9Ei7ERHdt%2b7AQj9S5YRtdilQ%2fgKgIzs%3d
>
> ___
> mailop mailing list
> mailop@mailop.org
> http://chilli.nosignal.org/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Laura Atkins]

> On Sep 15, 2015, at 11:33 AM, Steve Freegard  wrote:
> 
> 
> On 15/09/15 18:24, Al Iverson via mailop.org wrote:
>> Is this truly having an immediate negative impact operationally? It
>> seems like this could be feedback you could give them directly,
>> offlist, without having to share it with the rest of us.
> 
> Very funny.   Feedback to where?  Their 1st line support wouldn't have a clue 
> what to do with that.
> 
> I'm sure that plenty of us check RFC validity (e.g. there shouldn't be more 
> than one Message-Id header), so it's pretty pertinent information.
> 
> I'm sure it's causing them issues with deliverability because of it.

Large senders, like Microsoft, have extensive pages discussing where and how to 
report mail issues and problems to them. There is a defacto standard of putting 
up Postmaster webpages that talk about issues with both internal and external 
mail. Often these are separate departments and while it can be a little work to 
read the postmaster pages, they’ll usually direct you towards the appropriate 
people for reporting issues. I keep a somewhat updated list of postmaster pages 
and contacts on the Word to the Wise website at 
https://wordtothewise.com/ISP-information/. But at a lot of places you can just 
use postmaster.example.com where example is the mailing domain you’re looking 
for. 

Just spewing the messages to a public list isn’t really going to accomplish 
much. You’re hoping someone at the correct ISP will take pity on you and 
escalate the issue internally, while bothering hundreds of people who can do 
nothing to help you.

Microsoft is a challenge because they have at least 2 (3?) different commercial 
mail systems in addition to their corporate system. My experience is that the 
folks who are here for Microsoft are extremely responsive to issues that are in 
their area of responsibility but they only handle a small part of one of the 
multiple mail systems Microsoft has. Given the recent tenor of the list, it’s 
likely no one is going to respond the way you’d like them to. 

If they’re having actual deliverability issues, it’s likely that a single 
report from a non-customer isn’t going to be noticed or acted on. If, however, 
customer mail isn’t being delivered then the customers will address this with 
Microsoft. My experience is that invalid messageIDs isn’t a big deal and many 
large mailers violate the RFCs when it comes to messageIDs and mail still gets 
delivered well and to the inbox. 

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Michael Wise]

No, it doesn't.

After all, technically Message-ID is an optional field.
I bitch and moan about that, but nobody cares... They all end up pointing to, 
"SHOULD", and I can't really do anything but :'(

And the information is not pertinent.
If this ML is going to become a forum for reporting spam, I'm gone.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Steve Freegard
Sent: Tuesday, September 15, 2015 11:33 AM
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..


On 15/09/15 18:24, Al Iverson via 
https://na01.safelinks.protection.outlook.com/?url=mailop.org&data=01%7c01%7cmichael.wise%40microsoft.com%7c014eb44783c04c70154808d2bdfd28d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=iUlvmPaHW9GC7kLBrxjNx0ssuXy8JD5nGgnneQ%2bZV2I%3d
 wrote:
> Is this truly having an immediate negative impact operationally? It
> seems like this could be feedback you could give them directly,
> offlist, without having to share it with the rest of us.
>
>

Very funny.   Feedback to where?  Their 1st line support wouldn't have a 
clue what to do with that.

I'm sure that plenty of us check RFC validity (e.g. there shouldn't be 
more than one Message-Id header), so it's pretty pertinent information.

I'm sure it's causing them issues with deliverability because of it.

Regards,
Steve.

___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c014eb44783c04c70154808d2bdfd28d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=nG6dlE9YS5zm9Ei7ERHdt%2b7AQj9S5YRtdilQ%2fgKgIzs%3d

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Steve Freegard]

On 15/09/15 18:24, Al Iverson via mailop.org wrote:

Is this truly having an immediate negative impact operationally? It
seems like this could be feedback you could give them directly,
offlist, without having to share it with the rest of us.




Very funny.   Feedback to where?  Their 1st line support wouldn't have a 
clue what to do with that.


I'm sure that plenty of us check RFC validity (e.g. there shouldn't be 
more than one Message-Id header), so it's pretty pertinent information.


I'm sure it's causing them issues with deliverability because of it.

Regards,
Steve.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Security contacts needed for libero.it / tin.it / alice.it / tiscali.it / virgilio.it / fastwebnet.it / email.it

[Neil Schwartzman]

Please contact me offlist at Neil Schwartzman 

set of compromised user credentials.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Chris Boyd]

> On Sep 15, 2015, at 12:34 PM, Michael Wise  wrote:
> 
> About the only way to report it that won't get ignored (presupposing this 
> didn't wind up in the mailbox of a HotMail, AOL, Yahoo, or similar service 
> that we have an ARF-based Feedback Loop with) is via SpamCop. 

Yes, this is what Hotmail told me a couple of years ago.  Now if I could just 
get SpamCop to correctly detect some of the outlook.com headers…..  But that’’s 
not your problem.  All told, I get more spam from Google than MS.

—Chris


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Anne Mitchell]

Michael Wise wrote:

> I'm considering unsubing from the list.

That would be a great loss.

Anne



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Michael Wise]

I am not ab...@microsoft.com
I do not get those emails.
You will get *ZERO* satisfaction by complaining at them because their job is 
not to handle those kinds of complaints.
I do not have any control over what happens over there at all.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of l...@lena.kiev.ua
Sent: Monday, September 14, 2015 2:36 PM
To: mailop@mailop.org
Subject: Re: [mailop] Protection Outlook.. 

> From: Michael Wise 

> The account has probably already been killed.

I doubt that. I quoted entire header and the one-line body, but:

==

Date: Fri, 4 Sep 2015 22:03:03 +0300
From: l...@lena.kiev.ua
To: ab...@microsoft.com
Subject: Spam complaint

Spam:

> Return-path: <>
> Received: from 
> https://na01.safelinks.protection.outlook.com/?url=mail-sg2apc01hn0234.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c28bd9cd1d3dc4cd6b9c708d2bd90ca46%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=idgnkZ44BHDRgExXOv0PqLByVirAZHTvY4FZzsxjlE0%3d
...
> Subject: YOU HAVE BEEN ANNOUNCED AS ONE OF THE FUND BENEFICIARY!!!
...
> X-Originating-IP: [116.202.38.142]
...
> X-Forefront-Antispam-Report: SFV:SPM;...

==

From: Microsoft Online Safety

Subject: SRX1303257687ID - FW: Spam complaint
Date: Wed, 9 Sep 2015 20:47:10 +

...
Please forward a copy of the questionable message, including the full
message headers...

==

Date: Wed, 9 Sep 2015 23:51:40 +0300
From: l...@lena.kiev.ua
To: Microsoft Online Safety 

Subject: Re: SRX1303257687ID - FW: Spam complaint

> Please forward a copy of the questionable message, including the full
> message headers.  Specifically, we need an unedited copy of the message
> that includes the X-originating IP.

I already quoted full message headers. I repeat:

Return-path: <>
...

==

From: Microsoft Online Safety

To: 
Subject: RE: SRX1303257687ID - FW: Spam complaint
Date: Thu, 10 Sep 2015 21:45:15 +

...
Please forward a copy of the questionable message, including the full
message headers...

==

Date: Fri, 11 Sep 2015 03:00:06 +0300
From: l...@lena.kiev.ua
To: Microsoft Online Safety 

Subject: Re: SRX1303257687ID - FW: Spam complaint

Do you read? I already sent you the full message headers TWICE.

> Please forward a copy of the questionable message, including the full
> message headers.  Specifically, we need an unedited copy of the message
> that includes the X-originating IP.

==

From: Microsoft Online Safety

To: 
Subject: RE: SRX1303257687ID - FW: Spam complaint
Date: Fri, 11 Sep 2015 16:54:36 +

Hello

I can understand your frustration. Unfortunately we cannot take action
on e-mail accounts that are not part of the Microsoft network...

==

Date: Fri, 11 Sep 2015 20:10:45 +0300
From: l...@lena.kiev.ua
To: Microsoft Online Safety 

Subject: Re: SRX1303257687ID - FW: Spam complaint
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.4.2.3i

> I can understand your frustration. Unfortunately we cannot take action
> on e-mail accounts that are not part of the Microsoft network.

Read the header again, attentively this time. The spam came from:

Received: from 
https://na01.safelinks.protection.outlook.com/?url=mail-sg2apc01hn0234.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c28bd9cd1d3dc4cd6b9c708d2bd90ca46%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=idgnkZ44BHDRgExXOv0PqLByVirAZHTvY4FZzsxjlE0%3d
 ([104.47.125.234] helo=APC01-SG2-obe.outbound.protection.outlook.com)
by 
https://na01.safelinks.protection.outlook.com/?url=lena.kiev.ua&data=01%7c01%7cmichael.wise%40microsoft.com%7c28bd9cd1d3dc4cd6b9c708d2bd90ca46%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=yRCh8CTpAvNXBG1TVyzHM7XaBWXgL9y7AVobM7l05Bs%3d
 with esmtps (TLSv1.2:ECDHE-RSA-AES256-SHA384:256)
(Exim 4.86 (FreeBSD))
id 1ZXwD5-000Id2-HP
for l...@lena.kiev.ua; Fri, 04 Sep 2015 21:59:48 +0300

Is 104.47.125.234 part of the Microsoft network?
The spam had empty MAIL FROM (envelope-from, Return-Path),
is it throwing you off?

==

Silence so far.

___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c28bd9cd1d3dc4cd6b9c70

Re: [mailop] Hotmail/Microsoft Contact Available?

[Rich Kulawiec]

On Tue, Sep 15, 2015 at 01:27:03PM +0100, Matthew Newton wrote:
> I got ~2,000 spam mails to our abuse address in the last three
> months - so about 8,000 a year. I get about one legitimate mail per year.
> 
> I'm sure that doesn't easily scale when you get to the size of the
> big mail providers, especially as you're more likely to get spam
> to that address in the first place.

It scales beautifully -- in fact, it's much easier for big mail providers
to deal with this than small ones.  Big ones can easily and trivially
solve the problem simply by using a multi-stage pipeline of automatic
sorting/filing followed by manual review...and manual review is easy
when you have spare change available for hiring. (Which every large
provider represented on this list does, per their own annual reports.)
It turns out to be rather easy to separate almost all real abuse@ traffic
from garden-variety spam, and the use of multiple stages with cross-checks
reduces the error rate to almost nothing.  Been there.  Done that.

(Free clue for stage 1: use procmail and hardcode en masse a generous
selection of addresses gleaned from mailop, nanog, etc.  Any traffic
from those is highly likely to be legit and from your peers.  Act on
it instantly on receipt.   Pass the rest on to subsequent stages.
Note that this is NOT perfect and it is not intended to be.  It's triage
and it works, not only because it has a high TP rate, but because prompt
attention to messages from your known peers will often alleviate the need
for others to contact you, thus reducing overall abuse@ traffic volume,
thus simplifying the message classification problem and simultaneously
reducing its scope.)

> But if you're big enough to host millions of mailboxes, you should
> also be responsible enough to have staff to run all aspects of the
> system, which includes standard ways of reporting problems such as
> abuse@.

Bingo.  This is professional responsibility 101, and I've gotten very
tired of the feeble excuses put forth by inferior people as to why
"it can't be done".  Anyone who says that should stand aside and
make room for those who not only can make it happen, but understand
that they *must* make it happen.

---rsk

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Michael Wise]

I'm considering unsubing from the list.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Al Iverson
Sent: Tuesday, September 15, 2015 10:24 AM
To: mailop 
Subject: Re: [mailop] Microsoft sending multiple Message-ID headers in password 
reset links..

Is this truly having an immediate negative impact operationally? It
seems like this could be feedback you could give them directly,
offlist, without having to share it with the rest of us.

On Tue, Sep 15, 2015 at 12:09 PM, Michael Peddemors
 wrote:
> [...]

-- 
Al Iverson | Minneapolis, MN | (312) 725-0130
https://na01.safelinks.protection.outlook.com/?url=aliverson.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cbcf11d1cdc6540295cdc08d2bdf3685f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3QFFMllnU3KDZd%2bX%2fU%2fyc539pLTdkrh9WaQOSXKj7HI%3d
 | 
https://na01.safelinks.protection.outlook.com/?url=spamresource.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cbcf11d1cdc6540295cdc08d2bdf3685f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=E%2b8JIhs8hVbkSZdD8L%2b944E1ib8WGJ%2fkD1dwYhz63Xw%3d
 | @aliverson

___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fchilli.nosignal.org%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cbcf11d1cdc6540295cdc08d2bdf3685f%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=MJ6og8W7QcFIP6JJ%2fNUGIIoaba7rbYNgtKLa2CRC4VM%3d

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Michael Wise]

About the only way to report it that won't get ignored (presupposing this 
didn't wind up in the mailbox of a HotMail, AOL, Yahoo, or similar service that 
we have an ARF-based Feedback Loop with) is via SpamCop.
 

Seriously, the days of one-off reports ... when you're handling billions of 
messages a day for hundreds of millions of mailboxes ... have ended. They ended 
some time ago.

We have a system that filters out the largest trends in the 100's of thousands 
of sender submissions we get each day for triage, and we handle the top ~70% of 
them ... the ones that are one-off samples pretty much always get ignored 
because they're in error, or they are a small enough sample of the whole 
problem space that we are dealing with that they are almost always eclipsed by 
the larger issues. It allows us to deal with the biggest issues fastest. One 
sample gets lost in the noise, as ... some would argue, it should be.

As I said previously, chances are, these samples have already been dealt with 
by the time you see them.

I tried to act to forestall this long ago by advocating for a sort of Open 
Feedback Loop system, but my efforts were ignored.
Welcome to the desert of the real.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Rich Kulawiec
Sent: Tuesday, September 15, 2015 5:15 AM
To: mailop@mailop.org
Subject: Re: [mailop] Protection Outlook.. 

On Mon, Sep 14, 2015 at 12:00:01PM -0700, Michael Peddemors wrote:
> Monitoring from ISP's and Telco's has always shown a lot of leakage
> from the servers called..
> 
> https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0200.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=oecCQ9QICA9k0oa%2fKDx5oZtm7I6K%2bh6%2fIqBpZhI3Htg%3d

I've seen a noticeable uptick in (obvious) spam from the following
similarly-named servers in the last 60 days:

65.55.169.251   
https://na01.safelinks.protection.outlook.com/?url=mail-bl2un0251.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=TAOhTL0mWKHS28%2fa9oUGd1%2bZfV27i5C%2fDmVn8MXXihc%3d
104.47.124.213  
https://na01.safelinks.protection.outlook.com/?url=mail-hk2apc01hn0213.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=NYqDqdl%2fBwDiYsOUT37czTTq2v4kubVOsBZJ%2f3RzyqY%3d
104.47.124.216  
https://na01.safelinks.protection.outlook.com/?url=mail-hk2apc01hn0216.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=l8m1CWRVmPU38Ava8VtPtOYQ98jxM9TTyVEXEOVOLis%3d
104.47.125.218  
https://na01.safelinks.protection.outlook.com/?url=mail-sg2apc01hn0218.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=NXOsSN%2fBz%2bI3OERNL8WLiYpJ5lLZsL4SPS%2b%2bpblKUz8%3d
104.47.125.235  
https://na01.safelinks.protection.outlook.com/?url=mail-sg2apc01hn0235.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=tssNhjNgOKZxczncEnnRyAx7ntnEV1GhPzd7UToXCBI%3d
104.47.126.202  
https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0202.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=5RUV8qMIewPnME%2fSamkwt0L9qAJYSYTCV2REzEl3VTk%3d
104.47.126.240  
https://na01.safelinks.protection.outlook.com/?url=mail-pu1apc01hn0240.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=JgDLpwP0QPL8vKIDMae8vNhKDD0THC5VBx7GS%2bcIuKc%3d
134.170.140.253 
https://na01.safelinks.protection.outlook.com/?url=mail-hk1hn0253.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=4WAENiP0rY%2b8g%2fPtAumLaDMZaW%2fdqwzQdKmzkR0XGno%3d
157.55.234.144  
https://na01.safelinks.protection.outlook.com/?url=mail-db3on0144.outbound.protection.outlook.com&data=01%7c01%7cmichael.wise%40microsoft.com%7cffbff41a17e24404b09008d2bdc8418b%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=qcK0Bc0rh5a4dZe2hZc4Tk9Qe2kcEWTriNwP%2fYncjfE%3d
157.55.234.249  
https://na01.safelinks.protection.outlook.com/?url=mail-db3hn0249.outbound.pro

Re: [mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Al Iverson]

Is this truly having an immediate negative impact operationally? It
seems like this could be feedback you could give them directly,
offlist, without having to share it with the rest of us.

On Tue, Sep 15, 2015 at 12:09 PM, Michael Peddemors
 wrote:
> [...]

-- 
Al Iverson | Minneapolis, MN | (312) 725-0130
aliverson.com | spamresource.com | @aliverson

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Microsoft sending multiple Message-ID headers in password reset links..

[Michael Peddemors]

Return-Path: 
Delivered-To: 
Received: from bay004-omc1s25.hotmail.com (HELO 
BAY004-OMC1S25.hotmail.com) (65.54.190.36)

by  with (AES256-SHA256 encrypted) SMTP
(7e98ec56-5b63-11e5-9f23-001e67492cec); Mon, 14 Sep 2015 
21:37:40 -0700
Received: from CY1SCH030011851 ([65.54.190.59]) by 
BAY004-OMC1S25.hotmail.com over TLS secured channel with Microsoft 
SMTPSVC(7.5.7601.23008);

 Mon, 14 Sep 2015 21:37:38 -0700
Message-ID: 

^^

X-Message-Routing: 
sKFde7CS5BHygFZaC4gFZWeHmOM+Rjf1iOmv8meDbQqeD+9kHFgbAflrz5UYy6v/Ov/vRliTx0hzi7ScTgwYCoH5DChN1luWmxByQOs8BfzW/Dzi4gPqcL1CrQMljGG5Xt7L3k3lUuR/L5VJotFrDz2vS3Q==

Return-Path: account-security-nore...@account.microsoft.com
From: Microsoft account team 


To: 
Date: Mon, 14 Sep 2015 21:37:38 -0700
Subject: Microsoft account password change
Message-Id: 

^^

X-Priority: 3
X-MSAPipeline: MessageDispatcher
X-MSAMetaData:
 =?us-ascii?q?DbIxlwZgywc9wBsaa7gyvNWdGn4Gq4oR50FomfmedT83pDt3N67GazNKBwSPi?=
 =?us-ascii?q?67LtzQZm0LHAkqSvm0CnrFkQJTSp9aVNZ7pANf85cHuUX3K3Z!ylyZ1chMJHc?=
 =?us-ascii?q?iEG5!MeQ$$?=
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=-s64zI5Dx/pBzb8/pEFLbuA=="
X-OriginalArrivalTime: 15 Sep 2015 04:37:38.0726 (UTC) 
FILETIME=[40431C60:01D0EF70]

X-MagicMail-OS: Inactive
X-MagicMail-UUID: 7e98ec56-5b63-11e5-9f23-001e67492cec
X-MagicMail-SourceIP: 65.54.190.36
X-MagicMail-EnvelopeFrom: 
X-MagicMail-Quarantine: Yes


 
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.


___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Michael Wise]

Um, No.[tm]

I pointed out the header and value to safely write a rule for the traffic way 
down thread, and you've chosen to ignore my advice.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Tuesday, September 15, 2015 8:36 AM
To: mailop@mailop.org
Subject: Re: [mailop] Protection Outlook.. 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 2015-09-15 at 08:50 -0500, Chris Boyd wrote:
> You left off mail-bn1hn0247.outbound.protection.outlook.com

> Return-Path: 
> Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-
> bn1hn0247.outbound.protection.outlook.com [157.56.110.247])
> by pennzoil.gizmopartners.com (8.14.4/8.14.4) with ESMTP id
> t8FCEUw3031966
> (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=OK)
> for ; Tue, 15 Sep 2015 07:14:33 -0500
> Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;

Does this /etc/mail/spamassassin/local.cf segment look correct?

# 2015-09-15 kill outbound.protection.outlook.com (opoc) leaking spam
header OPOC Authentication-Results =~ /spf=none.*smtp\.mailfrom=<>/
score OPOC 10.0


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlX4Os0ACgkQL6j7milTFsHnUQCdGohMK+gL6kg0ETWJR0lO3pbJ
Y5kAnilfaqtdZsdmcSGMGol6XE7hcgHR
=29kh
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Comcast Block - Request Assistance

[Anne Mitchell]

Justin,

> Is there someone from Comcast that would be able to message me off-list to 
> help in resolving a consistent block we're seeing on our IPs? I'd like to 
> take corrective action on the offending sender(s) and help in identifying 
> would be greatly appreciated.

Please contact me offlist - and please include the IPs in question, and any 
error messages.

Anne

Anne P. Mitchell,
Attorney at Law
CEO/President
ISIPP SuretyMail Email Reputation, Accreditation & Certification
Your mail system + SuretyMail accreditation = delivered to their inbox!
Are you an ESP?  Ask us about our Email Academy for YOUR Users!
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Ret. Professor of Law, Lincoln Law School of San Jose
303-731-2121 | amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Carl Byington]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Tue, 2015-09-15 at 08:50 -0500, Chris Boyd wrote:
> You left off mail-bn1hn0247.outbound.protection.outlook.com

> Return-Path: 
> Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-
> bn1hn0247.outbound.protection.outlook.com [157.56.110.247])
> by pennzoil.gizmopartners.com (8.14.4/8.14.4) with ESMTP id
> t8FCEUw3031966
> (version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=OK)
> for ; Tue, 15 Sep 2015 07:14:33 -0500
> Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;

Does this /etc/mail/spamassassin/local.cf segment look correct?

# 2015-09-15 kill outbound.protection.outlook.com (opoc) leaking spam
header OPOC Authentication-Results =~ /spf=none.*smtp\.mailfrom=<>/
score OPOC 10.0


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlX4Os0ACgkQL6j7milTFsHnUQCdGohMK+gL6kg0ETWJR0lO3pbJ
Y5kAnilfaqtdZsdmcSGMGol6XE7hcgHR
=29kh
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

[mailop] Comcast Block - Request Assistance

[Mr. Frechette]

Hello,

Is there someone from Comcast that would be able to message me off-list to
help in resolving a consistent block we're seeing on our IPs? I'd like to
take corrective action on the offending sender(s) and help in identifying
would be greatly appreciated.

Thanks,
Justin Frechette
iContact
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[Michael Peddemors]

On 15-09-15 05:27 AM, Matthew Newton wrote:

On Tue, Sep 15, 2015 at 09:49:50AM +0200, David Hofstee wrote:

I’m not sure why you cannot have an autoresponder behind the
abuse@/postmaster@ with a link in it, to a ticket, containing
the info sent in the first place. See abuse.io for example.


I got ~2,000 spam mails to our abuse address in the last three
months - so about 8,000 a year. I get about one legitimate mail per year.

I'm sure that doesn't easily scale when you get to the size of the
big mail providers, especially as you're more likely to get spam
to that address in the first place.


The rest is just ‘resistance’ in being able to solve issues.


I am not saying I agree with not having a proper abuse@ address, I
just understand why they might be reluctant to. They certainly
shouldn't feed it into a system that blindly responds to what is
usually going to be a forged sender.

But if you're big enough to host millions of mailboxes, you should
also be responsible enough to have staff to run all aspects of the
system, which includes standard ways of reporting problems such as
abuse@.

Matthew




Had an interesting talk with Tobias from Abusix the other day, they are 
actually making a business model of taking over your abuse@ addresses, 
interesting idea and business model.


The model includes the ability to auto suspend services etc..




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Chris Boyd]

> On Sep 15, 2015, at 7:14 AM, Rich Kulawiec  wrote:
> 
> I've seen a noticeable uptick in (obvious) spam from the following
> similarly-named servers in the last 60 days:

You left off mail-bn1hn0247.outbound.protection.outlook.com

Return-Path: 
Received: from na01-bn1-obe.outbound.protection.outlook.com 
(mail-bn1hn0247.outbound.protection.outlook.com [157.56.110.247])
by pennzoil.gizmopartners.com (8.14.4/8.14.4) with ESMTP id 
t8FCEUw3031966
(version=TLSv1/SSLv3 cipher=AES256-SHA256 bits=256 verify=OK)
for ; Tue, 15 Sep 2015 07:14:33 -0500
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>; 
Received: from [100.74.187.43] (101.59.64.219) by
 BLUPR18MB0258.namprd18.prod.outlook.com (10.162.236.149) with Microsoft SMTP
 Server (TLS) id 15.1.268.17; Tue, 15 Sep 2015 10:53:26 +
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Description: Mail message body
Subject: Dear Beneficiary, Kindly read this message and get back to me.
To: recipie...@pennzoil.gizmopartners.com
From: <>
Date: Tue, 15 Sep 2015 16:23:09 +0530
Reply-To: 
X-Antivirus: avast! (VPS 150915-0, 09/15/2015), Outbound message
X-Antivirus-Status: Clean
X-Originating-IP: [101.59.64.219]
X-ClientProxiedBy: HKNPR06CA0035.apcprd06.prod.outlook.com (10.141.16.25) To
 BLUPR18MB0258.namprd18.prod.outlook.com (25.162.236.149)
Message-ID: 

X-Microsoft-Exchange-Diagnostics: 
1;BLUPR18MB0258;2:zzwkLiNoaaLdB6v5/6xRmRYRXo6iJoLqmVUJGqlxW9hr3NFgSAEKvQvFS7KGd56oBg11lB5ZkXWK/QfUZ5TeK+gfCkgzQXh5f3jTv0zba49QpWMyUPl1U5SJfiv0NLrsPtl1U6xZqknrW0htXn++r0H198iXBbE5hsfrbs8sjsg=;3:j6rDFZfNz/qGwAouI58oBo1pA4qcPNsMcvc1nBMublTSq0KGLSlaRhqEEAYWmLo2reTmEX4ff6bWZKeCKe6iCATblXMCaNW3MLPBDviKinZvNDJKcEwZFHGsJ3bKLFLxxjgpV3nqv8I7k2tBXa6VTQ==;25:BqGKFDPgfLAO7LWFW3/u1jmkjxvnqOtWcShZAIdH7fGO8ATqF3dXJx3xqPGeVKdhhjgsznBci5U2FodkHypAvPDsXYrApj/nI9NIJn+iUovcG4h2oQVR8a9cxQWYQW1CwKSL+rpVRkoZXW31WK1kwgBpdexoYV5O7fV+zlzecOO/E/+D4K0qtXKESOxjz39mVI2oZA6J8oVXIZ66+kfpWLCtAjCTln0yYu9wTcwRrDYPd5+xLS2/1Shi3PK4j/h9ukTXvFxAkhSnfltirGXftg==
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BLUPR18MB0258;
X-Microsoft-Antispam-PRVS: 

X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: 
BCL:0;PCL:0;RULEID:(601004)(8121501046)(520075)(5005006)(520078)(3002001);SRVR:BLUPR18MB0258;BCL:0;PCL:0;RULEID:;SRVR:BLUPR18MB0258;
X-Microsoft-Exchange-Diagnostics: 
1;BLUPR18MB0258;4:AmqptwkWLFaSXQkbeqZ7W5QwCOMe8a8fyt5T1ogzNaDSEGWWhYZ7ZLsPNMeIJ7MzgVDu83GyErjBphaVuiJTqZJVIm91jh04cezF0Mv5xBv5oaTYYFxfuHO/by3QXaGmFGQNzp9KXKkSunxy8AzoE/6uTlwNKM63xbYCqtfWTu+Hn8cwtbWJfAyppjSBvElfvXU+1Gh6uw3zfl+o17gC1NQ4CX6DA63Y2p6u7ebMOrgFVphJR4Yygf+ikYztaOIC7S1XYO5eZdvCV4evkzJGauagndFvYx0b0u1surlZNKX5q0r/BqKhvtgc97ZaCqlFtNzCc81SKkxv9g8zDRpt51gvsQ/4F6Y9aSBZE2yuPfY=
X-Forefront-PRVS: 070092A9D3
X-Forefront-Antispam-Report: 
SFV:SPM;SFS:(10009020)(6049001)(6009001)(199003)(189002)(78352002)(229853001)(400145012)(86362001)(53256004)(19580405001)(50466002)(68736005)(110136002)(500797011)(400160011)(500563011)(25011)(74316001)(97736004)(400154011)(500196012)(189998001)(76576001)(77096005)(500183011)(77156002)(122386002)(109986003)(500473012)(81156007)(107886002)(62966003)(4013)(19580395003)(500192011)(33656002)(325944007)(105586002)(500186011)(66066001)(64706001)(43066003)(47776003)(42186005)(86152002)(50986999)(42382002)(101416001)(85782001)(106356001)(46552002)(53806999)(46102003)(54356999)(23756003)(87976001)(525674003);DIR:OUT;SFP:1501;SCL:5;SRVR:BLUPR18MB0258;H:[100.74.187.43];FPR:;SPF:None;PTR:InfoNoRecords;A:0;MX:0;LANG:en;
Received-SPF: None (protection.outlook.com: [100.74.187.43] does not designate
 permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
=?iso-8859-1?Q?1;BLUPR18MB0258;23:oEpMtwrJjWFoyfL3olrMLZAKg94RJrOg4bzbC7c?=
 =?iso-8859-1?Q?Gzjc+kDgUOvEVJVnv9NEJraq8vz38N6HbXWuViU+zANaAuQp60XIOxaUKF?=
 =?iso-8859-1?Q?sUVYr6Yb3eFvK2PN3aA47cC4bcolbuSXDt0UC/jYCnXaQYaSb3ive9DvpD?=
 =?iso-8859-1?Q?jlQm3hO065IOdMwTywib50UVpK9k1+B94vfcDR3XQ1binaNPqED6ZJO4OG?=
 =?iso-8859-1?Q?6osuPOf+oKQEg88tA7TVBBce46K/2R1M2o1dI+MkIkT26rNS5p/Si/WycA?=
 =?iso-8859-1?Q?dxrO+OjARs6+kJpWAhKzgoaLZf9XwRn4haOkdF4WwoLflASRlkVNHTVEzI?=
 =?iso-8859-1?Q?MHA2muHRJF/jlf1/uII5MrnxiMqtllC/Vy3El2WonTyJCh+/pjLijaprJL?=
 =?iso-8859-1?Q?Wk8uAhZ0eaU9x2uU3kmxul+DM+DHJLCAdcj02J7IOQD8TfeVgLr2lY4/He?=
 =?iso-8859-1?Q?iKe7cZDjkKwRML481ZK/3cWaX1hwcZK1bshxQQc+tjMxKJ9jaIqZk+CISN?=
 =?iso-8859-1?Q?4Zc1XmPVDmdcbPpHX1BCp+hjftZoCkFz0PCs9zt2QCOvocaVeYLS+Ztlgq?=
 =?iso-8859-1?Q?/zMPIGEZ4gXuvYjFRWO2PNofJ2I0z5OKVHeSEwMAPOj7GnZgQOnImwJzgj?=
 =?iso-8859-1?Q?+tdfKYsmz9ECV9TsQm81zFgsItUN/7eyuqfoVNpCULJXCfa1/gng0g0klq?=
 =?iso-8859-1?Q?kjQJiU1ucBiMuX5QeHAxG/plVbEL9EjW7934CItmCwkYnmN3jhcJSQnMoD?=
 =?iso-8859-1?Q?gVxAUSzt0PnyN4asGkY4Ajdr9lf1dZTgimE955vrIIdPHrtAyqOiDU1R2h?=
 =?iso-8859-1?Q?vz6TYiqSCjVtp/rmIVD0y965LDaB34y/S9+f2/8O+1ruq3Eox7dy45ghbH?=
 =?iso-8859-1?Q?sOiPBY01bnU/QjZMS8P/k5JQLEpLbwHbL8Pz2oDvQnj7xDSwNgVUeuefV7?=
 =?iso-8859-1?Q?WtULI5Sr

Re: [mailop] Hotmail/Microsoft Contact Available?

[Matthew Newton]

On Tue, Sep 15, 2015 at 09:49:50AM +0200, David Hofstee wrote:
> I’m not sure why you cannot have an autoresponder behind the
> abuse@/postmaster@ with a link in it, to a ticket, containing
> the info sent in the first place. See abuse.io for example.

I got ~2,000 spam mails to our abuse address in the last three
months - so about 8,000 a year. I get about one legitimate mail per year.

I'm sure that doesn't easily scale when you get to the size of the
big mail providers, especially as you're more likely to get spam
to that address in the first place.

> The rest is just ‘resistance’ in being able to solve issues.

I am not saying I agree with not having a proper abuse@ address, I
just understand why they might be reluctant to. They certainly
shouldn't feed it into a system that blindly responds to what is
usually going to be a forged sender.

But if you're big enough to host millions of mailboxes, you should
also be responsible enough to have staff to run all aspects of the
system, which includes standard ways of reporting problems such as
abuse@.

Matthew


-- 
Matthew Newton, Ph.D. 

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, 

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Protection Outlook..

[Rich Kulawiec]

On Mon, Sep 14, 2015 at 12:00:01PM -0700, Michael Peddemors wrote:
> Monitoring from ISP's and Telco's has always shown a lot of leakage
> from the servers called..
> 
> mail-pu1apc01hn0200.outbound.protection.outlook.com

I've seen a noticeable uptick in (obvious) spam from the following
similarly-named servers in the last 60 days:

65.55.169.251   mail-bl2un0251.outbound.protection.outlook.com
104.47.124.213  mail-hk2apc01hn0213.outbound.protection.outlook.com
104.47.124.216  mail-hk2apc01hn0216.outbound.protection.outlook.com
104.47.125.218  mail-sg2apc01hn0218.outbound.protection.outlook.com
104.47.125.235  mail-sg2apc01hn0235.outbound.protection.outlook.com
104.47.126.202  mail-pu1apc01hn0202.outbound.protection.outlook.com
104.47.126.240  mail-pu1apc01hn0240.outbound.protection.outlook.com
134.170.140.253 mail-hk1hn0253.outbound.protection.outlook.com
157.55.234.144  mail-db3on0144.outbound.protection.outlook.com
157.55.234.249  mail-db3hn0249.outbound.protection.outlook.com
157.55.234.251  mail-db3hn0251.outbound.protection.outlook.com
157.56.110.247  mail-bn1hn0247.outbound.protection.outlook.com
157.56.110.248  mail-bn1hn0248.outbound.protection.outlook.com
157.56.110.251  mail-bn1hn0251.outbound.protection.outlook.com
157.56.112.250  mail-am1hn0250.outbound.protection.outlook.com
157.56.112.251  mail-am1hn0251.outbound.protection.outlook.com
157.56.112.253  mail-am1hn0253.outbound.protection.outlook.com
157.56.112.254  mail-am1hn0254.outbound.protection.outlook.com
207.46.100.245  mail-by2hn0245.outbound.protection.outlook.com
207.46.100.248  mail-by2hn0248.outbound.protection.outlook.com

I haven't bothered reporting any of it because I'm not convinced that
anyone there will actually do anything meaningful about it.  But if there
is someone there with the baseline professionalism to individually and
completely investigate every single specimen (with an eye toward
identifying root cause(s) and fixing same), I would be happy to package
them all up and forward them along.

---rsk

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Delivery to btinternet.com / cpcloud.co.uk

[Rich Kulawiec]

On Mon, Sep 14, 2015 at 01:05:28PM -0400, Rich Kulawiec wrote:
> That's part of it, sure.  But having working RFC 2152 role addresses,

RFC 2142, sorry for the typo.

---rsk

___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[David Hofstee]

I’m not sure why you cannot have an autoresponder behind the abuse@/postmaster@ 
with a link in it, to a ticket, containing the info sent in the first place. 
See abuse.io for example.

The rest is just ‘resistance’ in being able to solve issues.


David Hofstee

Deliverability Management
MailPlus B.V. Netherlands (ESP)

Van: mailop [mailto:mailop-boun...@mailop.org] Namens Michael Wise
Verzonden: Monday, September 14, 2015 11:13 PM
Aan: mailop@mailop.org
Onderwerp: Re: [mailop] Hotmail/Microsoft Contact Available?

If it has anything to do with Hotmail, this is the wrong advice.
If it’s specific to Hotmail or Outlook.com email addresses and such like…

http://mail.live.com/mail/troubleshooting.aspx

In particular, *THIS* bit:

[cid:image001.png@01D0EF9B.DCF1FC40]

Sooner or later, your discussions will end there, and the ticketing will begin.
There is *NO* way around it; Microsoft Legal has been very clear on the matter.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Matthew Black
Sent: Monday, September 14, 2015 1:45 PM
To: Brian Curry mailto:bcu...@merkleinc.com>>; 
mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?

Are you a mail producer or a Microsoft Office365 / Exchange Online Protection 
customer? If so, call your normal support channels. If not, ask a few of your 
select customers to complain to Microsoft. I am one of those Microsoft 
customers that has experienced a number of so called “white hat” e-mail 
marketing companies that let many of their customers send UCE despite a 
zero-tolerance policy.

matthew black
california state university, long beach


From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brian Curry
Sent: Thursday, September 03, 2015 7:25 AM
To: mailop@mailop.org
Subject: [mailop] Hotmail/Microsoft Contact Available?

Is anyone from Microsoft/Hotmail able to help me with a delivery issue that has 
been lingering for months?

Long story short, I have been going in loops with the normal Hotmail support 
process for months and cannot seem to get a useful answer. IP address in 
question has pulled way back on engagement and I have tested the email content 
outside of the normal IP address and can get it to deliver just fine.

Any help is much appreciated, can contact me off list for me private details.


Brian Curry
Manager of Deliverability, Digital Messaging
Merkle Inc.
Phone: 720.836.2150
bcu...@merkleinc.com


This email and any attachments transmitted with it are intended for use by the 
intended recipient(s) only. If you have received this email in error, please 
notify the sender immediately and then delete it. If you are not the intended 
recipient, you must not keep, use, disclose, copy or distribute this email 
without the author’s prior permission. We take precautions to minimize the risk 
of transmitting software viruses, but we advise you to perform your own virus 
checks on any attachment to this message. We cannot accept liability for any 
loss or damage caused by software viruses. The information contained in this 
communication may be confidential and may be subject to the attorney-client 
privilege.
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] msn/outlook blacklist advice

[Dave Warren]

On 2015-09-14 09:06, G. Miliotis wrote:
So the issue remains, what *is* the correct way to migrate to a new IP 
that's been blacklisted by MS and how long should it take?


As a similarly low volume sender, I've never found any real trick other 
than signing up for every feedback loop in sight (I get the impression 
that this helps them understand that it's intended to send mail, and 
care about the results, although who knows), then set up deliveries to 
use the new range first, and smarthost through your old IP when the new 
range fails.


Once failures start, and they will, fill out the postmaster contact 
forms and wait, while trying again, often you'll get nothing back or a 
"Look at our best practices, but we can't help" yet suddenly mail will 
start flowing again.


Ultimately it seems to take a month or so before delivery starts to 
become reliable, last I moved IPs.


This isn't just for Microsoft, but for all the big providers. Usually 
after a month or so, the intermittent problems stop, but in the mean 
time, flowing mail through the old IPs once the new ones get rejected 
helps keep your customers from rebelling.


Your mileage will vary.

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren



___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[Michael Wise]

If it's Hotmail that is blocking you, my advice stands.

If it's"protection.outlook.com" which is a different entity entirely, then 
delist@ is the way to proceed, yes.

Aloha,
Michael.
--
Sent from my Windows Phone

From: G. Miliotis
Sent: ‎9/‎15/‎2015 12:03 AM
To: mailop@mailop.org
Subject: Re: [mailop] Hotmail/Microsoft Contact Available?

On 15/9/2015 12:12 ??, Michael Wise wrote:
Sooner or later, your discussions will end there, and the ticketing will begin.
There is *NO* way around it; Microsoft Legal has been very clear on the matter.

This is interesting, I was just instructed by my server provider to contact 
del...@messaging.microsoft.com 
concerning a blacklisted IP range I'm trying to get unblocked. If this is 
wrong, I should let them know not to tell anyone else.

--GM
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop

Re: [mailop] Hotmail/Microsoft Contact Available?

[G. Miliotis]

On 15/9/2015 12:12 πμ, Michael Wise wrote:


Sooner or later, your discussions will end there, and the ticketing 
will begin.


There is **NO** way around it; Microsoft Legal has been very clear on 
the matter.


This is interesting, I was just instructed by my server provider to 
contact del...@messaging.microsoft.com concerning a blacklisted IP range 
I'm trying to get unblocked. If this is wrong, I should let them know 
not to tell anyone else.


--GM
___
mailop mailing list
mailop@mailop.org
http://chilli.nosignal.org/mailman/listinfo/mailop