Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Michael Wise]

/wimper

Yeah, he’s a picture which should make it more clear.

[cid:image002.png@01D19A4E.B53B3D20]

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise
Sent: Tuesday, April 19, 2016 3:03 PM
To: mailop@mailop.org
Subject: Re: [mailop] Removing a JMRP complaint feed from a previous IP owner


Yup. “Open A Ticket…” here:


http://go.microsoft.com/fwlink/?LinkID=614866&clcid
(Yes, you should probably bookmark that for all 
HotMail/JMRP/SNDS issues)

T1 (the robot) won’t be able to deal with it, so when it replies, reply to that 
email and let T2 know what the core issue is.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool
 ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise
Sent: Tuesday, April 19, 2016 2:41 PM
To: mailop@mailop.org
Subject: Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

Just a heads-up that I am trying to get some clarification on this.
Will let y’all know when I have something to share.

☺

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool
 ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Syed Alam
Sent: Tuesday, April 19, 2016 8:37 AM
To: Mr. Frechette mailto:mr.freche...@gmail.com>>
Cc: mailop@mailop.org
Subject: Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

Thanks for your input @Frechette. In your case, you were the owner of both(old 
and new) feeds.

In our case, we are the new owner of IPs. We are unable to reach previous IP 
owner. Technically the previous IP owner rights should have revoked after the 
new verified IP owner.

On Tue, Apr 19, 2016 at 4:58 PM, Mr. Frechette 
mailto:mr.freche...@gmail.com>> wrote:
You're not alone! We had 2 IPs that we needed to change the FBL email address. 
I would remove the IPs from the SNDS and JMRP on the original feed and attempt 
to add them under a new feed. Every time I would do that, it would appear to 
work and then on page refresh, revert back to the original settings.

What helped with us is to remove the IPs from the old feed (revoke access) and 
wait a day. Then, add them under the new feed.

We did have to send multiple emails to request support and by providing 
screenshots and even video of our actions helped to get someone to investigate 
the issue. Not sure if it was a combination of support help and waiting 
overnight, but that's how we got the new feed setup.

Justin Frechette
iContact

On Tue, Apr 19, 2016 at 10:30 AM, Syed Alam 
mailto:s...@postmastery.net>> wrote:
Does anyone have experience with removing a JMRP complaint feed from a previous 
IP owner? Even though the old owner does not have access to the IPs, he is 
receiving all complaints.

We see the old feed in SNDS, but are not allowed to manage it. We tried to 
contact Outlook.com support(many times), but weren’t able to get past the “bot” 
with standard replies. Any help is appreciated.

​Thanks,​

--
Syed Alam

[Image removed by sender.]
Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
Syed Alam

[Image removed by sender.]
Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Michael Wise]

Yup. “Open A Ticket…” here:

http://go.microsoft.com/fwlink/?LinkID=614866&clcid
(Yes, you should probably bookmark that for all 
HotMail/JMRP/SNDS issues)

T1 (the robot) won’t be able to deal with it, so when it replies, reply to that 
email and let T2 know what the core issue is.

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Wise
Sent: Tuesday, April 19, 2016 2:41 PM
To: mailop@mailop.org
Subject: Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

Just a heads-up that I am trying to get some clarification on this.
Will let y’all know when I have something to share.

☺

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool
 ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Syed Alam
Sent: Tuesday, April 19, 2016 8:37 AM
To: Mr. Frechette mailto:mr.freche...@gmail.com>>
Cc: mailop@mailop.org
Subject: Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

Thanks for your input @Frechette. In your case, you were the owner of both(old 
and new) feeds.

In our case, we are the new owner of IPs. We are unable to reach previous IP 
owner. Technically the previous IP owner rights should have revoked after the 
new verified IP owner.

On Tue, Apr 19, 2016 at 4:58 PM, Mr. Frechette 
mailto:mr.freche...@gmail.com>> wrote:
You're not alone! We had 2 IPs that we needed to change the FBL email address. 
I would remove the IPs from the SNDS and JMRP on the original feed and attempt 
to add them under a new feed. Every time I would do that, it would appear to 
work and then on page refresh, revert back to the original settings.

What helped with us is to remove the IPs from the old feed (revoke access) and 
wait a day. Then, add them under the new feed.

We did have to send multiple emails to request support and by providing 
screenshots and even video of our actions helped to get someone to investigate 
the issue. Not sure if it was a combination of support help and waiting 
overnight, but that's how we got the new feed setup.

Justin Frechette
iContact

On Tue, Apr 19, 2016 at 10:30 AM, Syed Alam 
mailto:s...@postmastery.net>> wrote:
Does anyone have experience with removing a JMRP complaint feed from a previous 
IP owner? Even though the old owner does not have access to the IPs, he is 
receiving all complaints.

We see the old feed in SNDS, but are not allowed to manage it. We tried to 
contact Outlook.com support(many times), but weren’t able to get past the “bot” 
with standard replies. Any help is appreciated.

​Thanks,​

--
Syed Alam

[Image removed by sender.]
Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
Syed Alam

[Image removed by sender.]
Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Michael Wise]

Just a heads-up that I am trying to get some clarification on this.
Will let y’all know when I have something to share.

☺

Aloha,
Michael.
--
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting 
Tool ?

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Syed Alam
Sent: Tuesday, April 19, 2016 8:37 AM
To: Mr. Frechette 
Cc: mailop@mailop.org
Subject: Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

Thanks for your input @Frechette. In your case, you were the owner of both(old 
and new) feeds.

In our case, we are the new owner of IPs. We are unable to reach previous IP 
owner. Technically the previous IP owner rights should have revoked after the 
new verified IP owner.

On Tue, Apr 19, 2016 at 4:58 PM, Mr. Frechette 
mailto:mr.freche...@gmail.com>> wrote:
You're not alone! We had 2 IPs that we needed to change the FBL email address. 
I would remove the IPs from the SNDS and JMRP on the original feed and attempt 
to add them under a new feed. Every time I would do that, it would appear to 
work and then on page refresh, revert back to the original settings.

What helped with us is to remove the IPs from the old feed (revoke access) and 
wait a day. Then, add them under the new feed.

We did have to send multiple emails to request support and by providing 
screenshots and even video of our actions helped to get someone to investigate 
the issue. Not sure if it was a combination of support help and waiting 
overnight, but that's how we got the new feed setup.

Justin Frechette
iContact

On Tue, Apr 19, 2016 at 10:30 AM, Syed Alam 
mailto:s...@postmastery.net>> wrote:
Does anyone have experience with removing a JMRP complaint feed from a previous 
IP owner? Even though the old owner does not have access to the IPs, he is 
receiving all complaints.

We see the old feed in SNDS, but are not allowed to manage it. We tried to 
contact Outlook.com support(many times), but weren’t able to get past the “bot” 
with standard replies. Any help is appreciated.

​Thanks,​

--
Syed Alam

[Image removed by sender.]
Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




--
Syed Alam

[Image removed by sender.]
Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Franck Martin via mailop]

On Tue, Apr 19, 2016 at 12:05 PM, Michael Peddemors 
wrote:

> On 16-04-19 11:53 AM, Michael Wise wrote:
>
>> ... unless it's coming from your localnet.
>> Local clients in the IP space "You Own" should get a bit more slack.
>> IMHO.
>>
>> Aloha,
>> Michael.
>>
>>
> Yeah, only for MTA->MTA traffic, not MTU->MTA, if that is what you mean..
>
>
Indeed, nowadays you should not accept MUA connections to port 25, there is
submission port 587 for that.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michael Peddemors]

On 16-04-19 11:53 AM, Michael Wise wrote:

... unless it's coming from your localnet.
Local clients in the IP space "You Own" should get a bit more slack.
IMHO.

Aloha,
Michael.



Yeah, only for MTA->MTA traffic, not MTU->MTA, if that is what you mean..


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michael Wise]

... unless it's coming from your localnet.
Local clients in the IP space "You Own" should get a bit more slack.
IMHO.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michelle Sullivan
Sent: Tuesday, April 19, 2016 7:01 AM
To: mailop@mailop.org
Subject: Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

Petar Bogdanovic wrote:
> On Tue, Apr 19, 2016 at 11:19:57AM +0200, Renaud Allard via mailop wrote:
>> On 04/19/2016 09:15 AM, Michelle Sullivan wrote:
>>> As well... ;-) (and for those that don't get it... the host issued 'HELO
>>> [65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but
>>> something malware and bots do as well..
>> While HELOing like this that might be perfectly "legal", this is
>> something which is probably going to be blocked as well by many/most
>> servers.
> I gave up on valid/consistent HELOs a long time ago.
>
> Minor indication of spaminess?  Yes.  Reason for rejection?  Nope. :)
>
Depends... I have a rather large database of spam and here's what I can 
tell you from that database and my experience over the years:

Unqualified IP in HELO (ie missing the []) - no false positives.. all 
100% spam or viruses.
Qualified IP in HELO minor indicator of spaminess if 'ESMTP' exists in 
the server's banner (as likely the host just doesn't support outgoing 
ESMTP or is sitting behind a PIX like device still!)
Qualified IP in EHLO reasonable indicator of spaminess if 'ESMTP' does 
not exist in the server's banner. (yes this still works, anyone trying 
to ESMTP to a host that doesn't support it is a reasonable bot/mass 
mailer indicator...)
'localhost' in HELO/EHLO and not from yourself is a high indicator of 
spaminess (few FPs, and usually "don't care" about who they are.)

Any other problems like HELO/EHLO not being FQDN, not matching the host, 
not existing etc... I'll usually 4xx or ignore (e.g. ignore for not 
matching, 421 for not existing... etc.)

Regards,

-- 
Michelle Sullivan
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.mhix.org%2f&data=01%7c01%7cmichael.wise%40microsoft.com%7c366a8c2e2bb0442d2a5508d3685cbda2%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=q2%2fnmkxTVXE4gLQ1msi08kvR%2f1iH9T01GyyQ3rJskis%3d


___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c366a8c2e2bb0442d2a5508d3685cbda2%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=2QmUxC1COTrqWQl%2fosjpSh8gTgBDJFo2Th%2fbXr3ySUo%3d
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Luis E. Muñoz]

On 19 Apr 2016, at 1:23, Paul Smith wrote:


On 19/04/2016 06:40, Dave Warren wrote:

On 2016-04-18 10:38, Michael Peddemors wrote:
Registrars paid a lot of money to be able to offer TLD's and they 
shouldn't really be punished just because they are cheaper than 
other domains.


Personally, I'm going to start adding points to any TLD that offers 
first-year-cheap discounts as these attract spammers and other rats 
who want disposable domains but don't care about generating long-term 
domains. .biz and .info poisoned their respective wells doing this, 
and now others are following. I understand your point, but I 
disagree: Their success with a poorly selected business model is not 
my problem.


I'm not saying a TLD can't run promotions, but rather, that the 
upfront cost shouldn't be it, I'd be fine with a TLD doing 
second-year-free or similar.


I agree. The TLD registries need to choose - either they want quality 
and a good reputation, where good customers will use their domains, so 
they have at least some system in place to try to ensure the 'quality' 
of their registrants (eg registrant data validation), or they want 
quick money, accept any registrant and thus must accept the 
consequence that their TLD is treated as trash.


(Disclaimer: $dayjob involves the domain industry)

This is really an over-simplification.

New TLDs have a lower ham:spam ratio, which comes as a consequence of 
the length of time they’ve been available. Older TLDs have been around 
for years, and therefore have a substantially higher amount of ham 
(domains and traffic) to counter the huge amount of spam (again, in 
domains and traffic). Even if all new TLDs price-matched those legacy 
TLDs, the ham:spam ratio would continue to be small.


The fact that .biz and .info still exist, with more or less the same 
level of abuse, is proof that blocking them is pointless. I would argue 
that any improvement on these TLDs perceived “spamminess” is more 
out of the growth of ham than the reduction of spam.


As an additional note, I would like to point out my belief that in this 
regard, the registrar is far more important than the registry. Perhaps 
it’s not clear to many in this audience, but the registry is often 
ignorant of who the real registrant of a domain name is — this 
information, as well as the whole interaction with the registrant lives 
in the registrar. Registrars with solid anti-fraud / anti-abuse 
processes tend to present few abuse incidents — at the same price 
point.


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Syed Alam]

Thanks for your input @Frechette. In your case, you were the owner of
both(old and new) feeds.

In our case, we are the new owner of IPs. We are unable to reach previous
IP owner. Technically the previous IP owner rights should have revoked
after the new verified IP owner.

On Tue, Apr 19, 2016 at 4:58 PM, Mr. Frechette 
wrote:

> You're not alone! We had 2 IPs that we needed to change the FBL email
> address. I would remove the IPs from the SNDS and JMRP on the original feed
> and attempt to add them under a new feed. Every time I would do that, it
> would appear to work and then on page refresh, revert back to the original
> settings.
>
> What helped with us is to remove the IPs from the old feed (revoke access)
> and wait a day. Then, add them under the new feed.
>
> We did have to send multiple emails to request support and by providing
> screenshots and even video of our actions helped to get someone to
> investigate the issue. Not sure if it was a combination of support help and
> waiting overnight, but that's how we got the new feed setup.
>
> Justin Frechette
> iContact
>
> On Tue, Apr 19, 2016 at 10:30 AM, Syed Alam  wrote:
>
>> Does anyone have experience with removing a JMRP complaint feed from a
>> previous IP owner? Even though the old owner does not have access to the
>> IPs, he is receiving all complaints.
>>
>> We see the old feed in SNDS, but are not allowed to manage it. We tried
>> to contact Outlook.com support(many times), but weren’t able to get past
>> the “bot” with standard replies. Any help is appreciated.
>>
>> ​Thanks,​
>>
>> --
>> Syed Alam
>>
>>
>> Postmastery
>> Amsterdam, NL
>> Skype: alam50
>> T: +31 20 261 0438
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
>


-- 
Syed Alam


Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Al Iverson]

Hmm, we should make a "workarounds FAQ" for SNDS/JMRP.

Here's another one I ran into: I have one /24 where, if I add the /24 to
JMRP, it looks like it works, then it vanishes by the next day.
To get that one to work, I had to add each IP address in that range. And
then it worked. No clue why. No other /24s seem to be affected.


--
Al Iverson
www.aliverson.com
(312)725-0130

On Tue, Apr 19, 2016 at 9:58 AM, Mr. Frechette 
wrote:

> You're not alone! We had 2 IPs that we needed to change the FBL email
> address. I would remove the IPs from the SNDS and JMRP on the original feed
> and attempt to add them under a new feed. Every time I would do that, it
> would appear to work and then on page refresh, revert back to the original
> settings.
>
> What helped with us is to remove the IPs from the old feed (revoke access)
> and wait a day. Then, add them under the new feed.
>
> We did have to send multiple emails to request support and by providing
> screenshots and even video of our actions helped to get someone to
> investigate the issue. Not sure if it was a combination of support help and
> waiting overnight, but that's how we got the new feed setup.
>
> Justin Frechette
> iContact
>
> On Tue, Apr 19, 2016 at 10:30 AM, Syed Alam  wrote:
>
>> Does anyone have experience with removing a JMRP complaint feed from a
>> previous IP owner? Even though the old owner does not have access to the
>> IPs, he is receiving all complaints.
>>
>> We see the old feed in SNDS, but are not allowed to manage it. We tried
>> to contact Outlook.com support(many times), but weren’t able to get past
>> the “bot” with standard replies. Any help is appreciated.
>>
>> ​Thanks,​
>>
>> --
>> Syed Alam
>>
>>
>> Postmastery
>> Amsterdam, NL
>> Skype: alam50
>> T: +31 20 261 0438
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Al Iverson]

Can't you go into SNDS Access and re-request access confirmation for
whoever else has access to that range? Seems like that would cut it off.

Al


--
Al Iverson
www.aliverson.com
(312)725-0130

On Tue, Apr 19, 2016 at 9:45 AM, Udeme Ukutt  wrote:

> I think there's a unique form for JMRP requests; is that what you tried?
> I've requested JMRP amendments in the past, with no problem.
>
> Thx,
> Udeme
>
>
> On Tuesday, April 19, 2016, Syed Alam  wrote:
>
>> Does anyone have experience with removing a JMRP complaint feed from a
>> previous IP owner? Even though the old owner does not have access to the
>> IPs, he is receiving all complaints.
>>
>> We see the old feed in SNDS, but are not allowed to manage it. We tried
>> to contact Outlook.com support(many times), but weren’t able to get past
>> the “bot” with standard replies. Any help is appreciated.
>>
>> ​Thanks,​
>>
>> --
>> Syed Alam
>>
>>
>> Postmastery
>> Amsterdam, NL
>> Skype: alam50
>> T: +31 20 261 0438
>>
>
>
> --
> Sent from my iDevice; kindly excuse any typos.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Mr. Frechette]

You're not alone! We had 2 IPs that we needed to change the FBL email
address. I would remove the IPs from the SNDS and JMRP on the original feed
and attempt to add them under a new feed. Every time I would do that, it
would appear to work and then on page refresh, revert back to the original
settings.

What helped with us is to remove the IPs from the old feed (revoke access)
and wait a day. Then, add them under the new feed.

We did have to send multiple emails to request support and by providing
screenshots and even video of our actions helped to get someone to
investigate the issue. Not sure if it was a combination of support help and
waiting overnight, but that's how we got the new feed setup.

Justin Frechette
iContact

On Tue, Apr 19, 2016 at 10:30 AM, Syed Alam  wrote:

> Does anyone have experience with removing a JMRP complaint feed from a
> previous IP owner? Even though the old owner does not have access to the
> IPs, he is receiving all complaints.
>
> We see the old feed in SNDS, but are not allowed to manage it. We tried to
> contact Outlook.com support(many times), but weren’t able to get past the
> “bot” with standard replies. Any help is appreciated.
>
> ​Thanks,​
>
> --
> Syed Alam
>
>
> Postmastery
> Amsterdam, NL
> Skype: alam50
> T: +31 20 261 0438
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michael Peddemors]

On 16-04-19 07:01 AM, Michelle Sullivan wrote:

Any other problems like HELO/EHLO not being FQDN, not matching the host,
not existing etc... I'll usually 4xx or ignore (e.g. ignore for not
matching, 421 for not existing... etc.)

Regards,


Hey, stop telling them all our tricks :)

Yes, we also reject outright any HELO that is just a dotted quad in most 
of our technologies.. And usually mark as Spam anything that doesn't 
present a FQDN in the HELO, or generic localhost.localdomain.


We found that you cannot make a policy that the HELO matches PTR, still 
too many HELO's represent internal naming conventions for the server, 
and do not match the outgoing IP, but it is used as an indicator for 
many of our filtering patterns in conjunction with other indicators.


HELO is easy to forge, the PTR is not, so it is helpful but not 
absolute.  All we ask is that the email administrator at least took the 
time to set up a FQDN for the server host name (which is usually what is 
used for the HELO in most email server implementations by default)



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Removing a JMRP complaint feed from a previous IP owner

[Udeme Ukutt]

I think there's a unique form for JMRP requests; is that what you tried?
I've requested JMRP amendments in the past, with no problem.

Thx,
Udeme

On Tuesday, April 19, 2016, Syed Alam  wrote:

> Does anyone have experience with removing a JMRP complaint feed from a
> previous IP owner? Even though the old owner does not have access to the
> IPs, he is receiving all complaints.
>
> We see the old feed in SNDS, but are not allowed to manage it. We tried to
> contact Outlook.com support(many times), but weren’t able to get past the
> “bot” with standard replies. Any help is appreciated.
>
> ​Thanks,​
>
> --
> Syed Alam
>
>
> Postmastery
> Amsterdam, NL
> Skype: alam50
> T: +31 20 261 0438
>


-- 
Sent from my iDevice; kindly excuse any typos.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Removing a JMRP complaint feed from a previous IP owner

[Syed Alam]

Does anyone have experience with removing a JMRP complaint feed from a
previous IP owner? Even though the old owner does not have access to the
IPs, he is receiving all complaints.

We see the old feed in SNDS, but are not allowed to manage it. We tried to
contact Outlook.com support(many times), but weren’t able to get past the
“bot” with standard replies. Any help is appreciated.

​Thanks,​

-- 
Syed Alam


Postmastery
Amsterdam, NL
Skype: alam50
T: +31 20 261 0438
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michelle Sullivan]

Petar Bogdanovic wrote:

On Tue, Apr 19, 2016 at 11:19:57AM +0200, Renaud Allard via mailop wrote:

On 04/19/2016 09:15 AM, Michelle Sullivan wrote:

As well... ;-) (and for those that don't get it... the host issued 'HELO
[65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but
something malware and bots do as well..

While HELOing like this that might be perfectly "legal", this is
something which is probably going to be blocked as well by many/most
servers.

I gave up on valid/consistent HELOs a long time ago.

Minor indication of spaminess?  Yes.  Reason for rejection?  Nope. :)

Depends... I have a rather large database of spam and here's what I can 
tell you from that database and my experience over the years:


Unqualified IP in HELO (ie missing the []) - no false positives.. all 
100% spam or viruses.
Qualified IP in HELO minor indicator of spaminess if 'ESMTP' exists in 
the server's banner (as likely the host just doesn't support outgoing 
ESMTP or is sitting behind a PIX like device still!)
Qualified IP in EHLO reasonable indicator of spaminess if 'ESMTP' does 
not exist in the server's banner. (yes this still works, anyone trying 
to ESMTP to a host that doesn't support it is a reasonable bot/mass 
mailer indicator...)
'localhost' in HELO/EHLO and not from yourself is a high indicator of 
spaminess (few FPs, and usually "don't care" about who they are.)


Any other problems like HELO/EHLO not being FQDN, not matching the host, 
not existing etc... I'll usually 4xx or ignore (e.g. ignore for not 
matching, 421 for not existing... etc.)


Regards,

--
Michelle Sullivan
http://www.mhix.org/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Lena]

> > 'HELO [65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but
> > something malware and bots do as well..
> 
> While HELOing like this that might be perfectly "legal", this is
> something which is probably going to be blocked as well by many/most
> servers.

I selectively greylist in cases of such HELO or no FCRDNS
or some DNSBLs suspected of false positives.
Greylisting fends off most Windows spambots
and takes care of temporary DNS errors.
If nothing looks suspicious and the host is not in any DNSBL
then no greylisting.

But I reject in cases of my IP (in brackets or bare)
or my domain in HELO (some viruses do that).

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Tony Finch]

Renaud Allard via mailop  wrote:
> On 04/19/2016 09:15 AM, Michelle Sullivan wrote:
> >
> > As well... ;-) (and for those that don't get it... the host issued 'HELO
> > [65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but
> > something malware and bots do as well..
>
> While HELOing like this that might be perfectly "legal", this is
> something which is probably going to be blocked as well by many/most
> servers.

I tried blocking HELO domain literals briefly in 2009 but the false
positive rate was way too high. On the other hand, ^[0-9.-]+$
has been an effective and safe reason to block for many years.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/  -  I xn--zr8h punycode
Humber, Thames: Northwest, veering north or northeast, 4 or 5. Slight or
moderate. Fair. Good.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Petar Bogdanovic]

On Tue, Apr 19, 2016 at 11:19:57AM +0200, Renaud Allard via mailop wrote:
> 
> On 04/19/2016 09:15 AM, Michelle Sullivan wrote:
> > 
> > As well... ;-) (and for those that don't get it... the host issued 'HELO
> > [65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but
> > something malware and bots do as well..
> 
> While HELOing like this that might be perfectly "legal", this is
> something which is probably going to be blocked as well by many/most
> servers.

I gave up on valid/consistent HELOs a long time ago.

Minor indication of spaminess?  Yes.  Reason for rejection?  Nope. :)


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Renaud Allard via mailop]

On 04/19/2016 09:15 AM, Michelle Sullivan wrote:
> Michael Wise wrote:
>> It hasn't.
>> I'm still trying to bring it to the attention of the responsible parties.
>>
>> Aloha,
>> Michael.
> 
> Perhaps the other thing they might consider changing ('changing' not
> 'fixing', because it's perfectly legal):
> 
> Hello [65.55.234.213], pleased...
> 
> 
> As well... ;-) (and for those that don't get it... the host issued 'HELO
> [65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but
> something malware and bots do as well..

While HELOing like this that might be perfectly "legal", this is
something which is probably going to be blocked as well by many/most
servers.



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Paul Smith]

On 19/04/2016 06:40, Dave Warren wrote:

On 2016-04-18 10:38, Michael Peddemors wrote:
Registrars paid a lot of money to be able to offer TLD's and they 
shouldn't really be punished just because they are cheaper than other 
domains. 


Personally, I'm going to start adding points to any TLD that offers 
first-year-cheap discounts as these attract spammers and other rats 
who want disposable domains but don't care about generating long-term 
domains. .biz and .info poisoned their respective wells doing this, 
and now others are following. I understand your point, but I disagree: 
Their success with a poorly selected business model is not my problem.


I'm not saying a TLD can't run promotions, but rather, that the 
upfront cost shouldn't be it, I'd be fine with a TLD doing 
second-year-free or similar.


I agree. The TLD registries need to choose - either they want quality 
and a good reputation, where good customers will use their domains, so 
they have at least some system in place to try to ensure the 'quality' 
of their registrants (eg registrant data validation), or they want quick 
money, accept any registrant and thus must accept the consequence that 
their TLD is treated as trash.


It's their choice.

The same already applies to hosting companies and MSPs who let spammers 
use their networks - they get put on block RBL blacklists.





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "Spammer TLDs" and IP addresses without a reverse?

[Michelle Sullivan]

Michael Wise wrote:

It hasn't.
I'm still trying to bring it to the attention of the responsible parties.

Aloha,
Michael.


Perhaps the other thing they might consider changing ('changing' not 
'fixing', because it's perfectly legal):


Hello [65.55.234.213], pleased...


As well... ;-) (and for those that don't get it... the host issued 'HELO 
[65.55.234.213]' or 'EHLO [65.55.234.213]' .. perfectly legal but 
something malware and bots do as well.. compare that to, for example, 
one of my mail servers.. vampire.isux.com -- DNS A --> 213.165.190.211 
-- DNS PTR --> vampire.isux.com and will issue 'EHLO 
vampire.isux.com'... very much a confidence boost of 'this is a well 
setup mail server and not a bot/malware')


Regards,

--
Michelle Sullivan
http://www.mhix.org/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop