Re: [mailop] Many SPF failures lately

2017-05-19 Thread frnkblk 
John,

I'm a bit bewildered -- these aren't random strangers, they're the actual
sender.  Am I supposed to second-guess the sender's instructions?  If I have
to second-guess every sender's "-all" then I have to have another layer of
subjective analysis -- currently manual, in my situation.  

Frank


-Original Message-
From: John R Levine [mailto:jo...@taugh.com] 
Sent: Friday, May 19, 2017 7:22 PM
To: frnk...@iname.com
Cc: mailop@mailop.org
Subject: RE: [mailop] Many SPF failures lately

> Yet the senders, via their SPF records with a "-all", told me to reject
those messages. As MTA's, we're doing what the send told us to do.

I don't know about you, but I do not blindly follow instructions from 
random strangers.  It rarely leads to good outcomes.

> For my users, I have the quaint idea that I should try and deliver the
> mail that they obviously want.

Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SPF record

2017-05-19 Thread Ted Hatfield 

On Fri, 19 May 2017, Bryan Blackwell wrote:


Hi folks,

Please pardon the noob question, just want to make sure this is what a proper 
SPF record should look like:

example.org.IN  TXT "v=spf1 mx ~all"

--Bryan

--  Bryan Blackwell --
br...@skiblack.com



Bryan,

The spf record syntax can be found here.

http://www.openspf.org/SPF_Record_Syntax

The record is accurate.  You are specifying a "softfail" with the use of
a tilde.

A softfail (according to the documentation linked above) indicates that
the receiver should accept the email but mark the message in some way to
indicate the message failed it's spf check and the sender may be
illegitimate.


Ted Hatfield

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] SPF record

2017-05-19 Thread Bryan Blackwell 
Hi folks,

Please pardon the noob question, just want to make sure this is what a proper 
SPF record should look like:

example.org.IN  TXT "v=spf1 mx ~all"

--Bryan

--  Bryan Blackwell --
br...@skiblack.com


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread John R Levine 

Yet the senders, via their SPF records with a "-all", told me to reject those 
messages. As MTA's, we're doing what the send told us to do.


I don't know about you, but I do not blindly follow instructions from 
random strangers.  It rarely leads to good outcomes.



For my users, I have the quaint idea that I should try and deliver the
mail that they obviously want.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread frnkblk 
I looked at the last week of blocked email from Travelocity.com and found just 
one blocked message.

It was a flight change email from traveloc...@e.travelocity.com with a source 
IP of 66.244.67.50.

fbulk@frankb-PC:/mnt/c/Users/fbulk$ dig TXT e.travelocity.com +short
"spf2.0/pra include:cust-senderid.exacttarget.com -all"
"v=spf1 include:cust-spf.exacttarget.com -all"
fbulk@frankb-PC:/mnt/c/Users/fbulk$ dig TXT cust-spf.exacttarget.com +short
"v=spf1 ip4:64.132.92.0/24 ip4:64.132.88.0/23 ip4:66.231.80.0/20 
ip4:68.232.192.0/20 ip4:199.122.120.0/21 ip4:207.67.38.0/24 " 
"ip4:207.67.98.192/27 ip4:207.250.68.0/24 ip4:209.43.22.0/28 
ip4:198.245.80.0/20 ip4:136.147.128.0/20 ip4:136.147.176.0/20 ip4:13.111.0.0/18 
-all"
fbulk@frankb-PC:/mnt/c/Users/fbulk$

Besides cust-spf-exacttarget.com having some extra quotes in their SPF record, 
you can see that 66.244.67.50 is not in the above SPF record(s).

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Carl Byington
Sent: Friday, May 19, 2017 11:55 AM
To: mailop@mailop.org
Subject: Re: [mailop] Many SPF failures lately

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2017-05-19 at 03:49 -0500, frnk...@iname.com wrote:
> Most well-known cuplprit is Travelocity and their flight change
> notifications.

The only travelocity mail I see here is from
traveloc...@ac.travelocity.com via 192.161.140.0/24. Are the flight
change notifications from some other system?

ac.travelocity.com CNAME -> travelocity.neolane.net
travelocity.neolane.net TXT -> redirect p140.neolane.net
p140.neolane.net TXT "v=spf1 ip4:192.161.140.0/24 -all"

Even if spf fails, we would accept those based on the DKIM signature by
ac.travelocity.com which is listed in our local policy database.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlkfI0oACgkQL6j7milTFsF0QgCfU/e06B6EOZ9sOLGOUX+HBtpV
X1UAnjCwr/FwQXA3jbew/nHT1IVC2apB
=Iv5/
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread frnkblk 
Yet the senders, via their SPF records with a "-all", told me to reject those 
messages. As MTA's, we're doing what the send told us to do.

Frank

-Original Message-
From: John Levine [mailto:jo...@taugh.com] 
Sent: Friday, May 19, 2017 9:56 AM
To: mailop@mailop.org
Cc: frnk...@iname.com
Subject: Re: [mailop] Many SPF failures lately

In article <002401d2d07c$de401730$9ac04590$@iname.com> you write:
>I turned on SPF checking on our incoming email server about two or three 
>months and notified
>domain holders who were sending legitimate email from bad IPs, and there, too, 
>some fixed up
>their SPF records, but the majority didn't do anything.  So we keep rejecting 
>those emails.  Most
>of them tend to be from auto-notify systems (bank statements, receipts for 
>purchases from online
>stores, etc).  The recipients don't complain to the sender because they're not 
>aware they were
>supposed to get an email, and since a human didn't send it, there's no one on 
>the sending side
>chasing it down.  Most well-known cuplprit is Travelocity and their flight 
>change notifications. 
>Too bad the travelers aren't getting notified.

I must say I'm glad that I'm not one of your mail users.

For my users, I have the quaint idea that I should try and deliver the
mail that they obviously want.

R's,
John



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SymantecCloud "Message filtered"

2017-05-19 Thread frnkblk 
My $WORK domain is also labeled the same “50”, so I suspect the same “limited 
sampling” issue.  

 

Frank

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Stefano Bagnara
Sent: Friday, May 19, 2017 9:03 AM
To: mailop 
Subject: Re: [mailop] SymantecCloud "Message filtered"

 

On 19 May 2017 at 15:22, Ken O'Driscoll mailto:k...@wemonitoremail.com> > wrote:

Hi Stefano,

WatchGuard (http://reputationauthority.org/) are starting to not like the
IP also - "The ip 188.165.188.38 has sent a high ratio of spam (50
percent)."

 

At that portal I get 50 percent also for IP that never sent anything and they 
picture 50 as *green*... I think that my IPs are simply too "low-volume" for 
that database to "gauge". 

 

Are you suggesting that SymantecCloud uses data from ReputationAuthority.org?

 

My guess is that you are seeing the beginning of a reputation problem
developing with your IP. It's not restaurant menu that's causing the
problem. 

 

My IP send mainly italian emails to italian recipient and I found that often 
this reputation portals do not have a real sample from my IPs to get a correct 
reputation.

That IP returns a 97 on Senderscore and "Good" with a 3.4 magnitudo on 
Senderbase. To me it soulds like reputantionauthority doesn't see a lot of 
emails from my IP so it stays on the 50 that it is his default, while 
senderbase and senderscore collect data from more recipients and they are able 
to measure my good reputation.

 

I don't have any other problem to other providers.. It's just a couple of 
message refuses from symanteccloud that I'd like to investigate.

 

Stefano

 


Ken.

-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400   | w: www.wemonitoremail.com 
 

On Fri, 2017-05-19 at 14:42 +0200, Stefano Bagnara wrote:
> On 19 May 2017 at 13:28, Ken O'Driscoll   > wrote:
> > Hi Stefano,
> >
> > That link is only intended for customers. Try using the IP address
> > removal
> > portal at http://ipremoval.sms.symantec.com/lookup/ to request that
> > your IP
> > be de-listed. They will de-list a false positive or tell you what is
> > actually causing the issue. All of their services still share the same
> > reputation data as far as I know.
>
> I should have written that I already tested all of my IPs at that page
> and they are not listed.
>
> > The IP address you submitted, 188.165.188.38, does not have a negative
> reputation and therefore cannot be submitted for investigation.
>
> > The alternative is to find a Symantec customer who is affected and get
> > them
> > to open a service request listing you as an available contact point for
> > troubleshooting. All Symantec products and services come with basic
> > support
> > cover which allows this.
>
> That's what I will do.. but this is a "menu" email from a restaurant to a
> lenovo address (nearby office).. the recipient subscribed to receive the
> menu (sent to other 60 people, 2 in lenovo), but I'm not sure he cares
> enough to open a ticket with his manager at lenovo dealings with the
> symanteccloud configuration. So for my customer it's a fault or mine. I
> hoped I was able to get some sort of hint from symantec or anyone else
> already seen that Message filtered block from symantec when the IP was
> not blocked.
> The same happened to another customer with a vodafone.com 
>   address
> (different IP, similar story).
>
> Thank you,
> Stefano
>  
> >  
> >
> > Ken.
> >
> > -- 
> > Ken O'Driscoll / We Monitor Email
> > t: +353 1 254 9400   | w: 
> > www.wemonitoremail.com  
> >
> > On Fri, 2017-05-19 at 12:56 +0200, Stefano Bagnara wrote:
> > > Hi,
> > >
> > > i'm seeing some reject like this by some of our senders:
> > >
> > > > 553 Message filtered. Refer to the Troubleshooting page at 
> > > > http://www.symanteccloud.com/troubleshooting for more information.
> > > (#5.7.1)
> > >
> > > The landing page explanation for the message filtered brings on the
> > table
> > > almost anything (blacklist ip, open relay, duns, urls, mail server
> > > configuration, virus, exploit, opt-out link).
> > >
> > > So the answer is no to everything. If one of my customer spammed
> > Symantec
> > > customers I'd like to identify him.
> > >
> > > I was about to submit the "False positive" here:
> > > https://support.symantec.com/en_US/article.TECH233678.html
> > >
> > > But from the description it's not clear to me if this is only for
> > their
> > > customers or not.
> > >
> > > Is there anyone from Symantec here?
> > > Does anyone have experience with this generic message filtered error
> > and
> > > how to deal with it?
> > >
> > > Stefano
> > >
> > > --
> > > Stefano Bagnara
> > > Void Labs / VOXmail.it
> > > Apache James/jSPF/jDKIM
> > >
> > > ___
> > > mailop mailing list
> > > mailop@mailop.org  
> > > https://chilli.nosignal.org/cgi-bin/mailman/

Re: [mailop] Many SPF failures lately

2017-05-19 Thread Carl Byington 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Fri, 2017-05-19 at 03:49 -0500, frnk...@iname.com wrote:
> Most well-known cuplprit is Travelocity and their flight change
> notifications.

The only travelocity mail I see here is from
traveloc...@ac.travelocity.com via 192.161.140.0/24. Are the flight
change notifications from some other system?

ac.travelocity.com CNAME -> travelocity.neolane.net
travelocity.neolane.net TXT -> redirect p140.neolane.net
p140.neolane.net TXT "v=spf1 ip4:192.161.140.0/24 -all"

Even if spf fails, we would accept those based on the DKIM signature by
ac.travelocity.com which is listed in our local policy database.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlkfI0oACgkQL6j7milTFsF0QgCfU/e06B6EOZ9sOLGOUX+HBtpV
X1UAnjCwr/FwQXA3jbew/nHT1IVC2apB
=Iv5/
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread John R Levine 

On Fri, 19 May 2017, Luis E. Muñoz wrote:
Well, it's not unheard of to see TOSes that contain provisions for 
spam/malware/illegal content filtering. Considering that from the 1st 
paragraph of RFC-7208 it's clear that the intent is to "authorize", I would 
think the shoe would fit.


If I were looking for an excuse to play BOFH and throw away mail, that's 
as good an excuse as any.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread Luis E. Muñoz 



On 19 May 2017, at 8:52, John Levine wrote:

In article  
you write:
It might be obvious in this particular case but it isn't in general 
if

your users asked or agreed to reject SPF-Fails.


I would be pretty impressed to find a mail system where the users even
knew what SPF fails were, much less agreeing to lose real mail because
of them.


Well, it's not unheard of to see TOSes that contain provisions for 
spam/malware/illegal content filtering. Considering that from the 1st 
paragraph of RFC-7208 it's clear that the intent is to "authorize", I 
would think the shoe would fit.



SPF can be a useful tool, but it's really tiring that people keep
trying to make it a FUSSP.  Because it isn't.


I don't think anybody has claimed SPF to be a FUSSP on this discussion. 
As you say, it's a useful tool and some are trying to make the best use 
out of it.


Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread John Levine 
In article  you 
write:
>It might be obvious in this particular case but it isn't in general if 
>your users asked or agreed to reject SPF-Fails.

I would be pretty impressed to find a mail system where the users even
knew what SPF fails were, much less agreeing to lose real mail because
of them.

SPF can be a useful tool, but it's really tiring that people keep
trying to make it a FUSSP.  Because it isn't.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread Andreas Schamanek 

On Fri, 19 May 2017, at 14:56, John Levine wrote:

> In article <002401d2d07c$de401730$9ac04590$@iname.com> you write:
> >notified domain holders who were sending legitimate email from bad 
> >IPs (...)
> >Most well-known cuplprit is Travelocity and their flight change 
> >notifications. Too bad the travelers aren't getting notified.
> 
> I must say I'm glad that I'm not one of your mail users.
> 
> For my users, I have the quaint idea that I should try and deliver 
> the mail that they obviously want.

It might be obvious in this particular case but it isn't in general if 
your users asked or agreed to reject SPF-Fails.

-- 
-- Andreas

:-)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread John Levine 
In article <002401d2d07c$de401730$9ac04590$@iname.com> you write:
>I turned on SPF checking on our incoming email server about two or three 
>months and notified
>domain holders who were sending legitimate email from bad IPs, and there, too, 
>some fixed up
>their SPF records, but the majority didn't do anything.  So we keep rejecting 
>those emails.  Most
>of them tend to be from auto-notify systems (bank statements, receipts for 
>purchases from online
>stores, etc).  The recipients don't complain to the sender because they're not 
>aware they were
>supposed to get an email, and since a human didn't send it, there's no one on 
>the sending side
>chasing it down.  Most well-known cuplprit is Travelocity and their flight 
>change notifications. 
>Too bad the travelers aren't getting notified.

I must say I'm glad that I'm not one of your mail users.

For my users, I have the quaint idea that I should try and deliver the
mail that they obviously want.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SymantecCloud "Message filtered"

2017-05-19 Thread Stefano Bagnara 
On 19 May 2017 at 15:22, Ken O'Driscoll  wrote:

> Hi Stefano,
>
> WatchGuard (http://reputationauthority.org/) are starting to not like the
> IP also - "The ip 188.165.188.38 has sent a high ratio of spam (50
> percent)."
>

At that portal I get 50 percent also for IP that never sent anything and
they picture 50 as *green*... I think that my IPs are simply too
"low-volume" for that database to "gauge".

Are you suggesting that SymantecCloud uses data from
ReputationAuthority.org?

My guess is that you are seeing the beginning of a reputation problem
> developing with your IP. It's not restaurant menu that's causing the
> problem.
>

My IP send mainly italian emails to italian recipient and I found that
often this reputation portals do not have a real sample from my IPs to get
a correct reputation.
That IP returns a 97 on Senderscore and "Good" with a 3.4 magnitudo on
Senderbase. To me it soulds like reputantionauthority doesn't see a lot of
emails from my IP so it stays on the 50 that it is his default, while
senderbase and senderscore collect data from more recipients and they are
able to measure my good reputation.

I don't have any other problem to other providers.. It's just a couple of
message refuses from symanteccloud that I'd like to investigate.

Stefano


>
> Ken.
>
> --
> Ken O'Driscoll / We Monitor Email
> t: +353 1 254 9400 | w: www.wemonitoremail.com
>
> On Fri, 2017-05-19 at 14:42 +0200, Stefano Bagnara wrote:
> > On 19 May 2017 at 13:28, Ken O'Driscoll  wrote:
> > > Hi Stefano,
> > >
> > > That link is only intended for customers. Try using the IP address
> > > removal
> > > portal at http://ipremoval.sms.symantec.com/lookup/ to request that
> > > your IP
> > > be de-listed. They will de-list a false positive or tell you what is
> > > actually causing the issue. All of their services still share the same
> > > reputation data as far as I know.
> >
> > I should have written that I already tested all of my IPs at that page
> > and they are not listed.
> >
> > > The IP address you submitted, 188.165.188.38, does not have a negative
> > reputation and therefore cannot be submitted for investigation.
> >
> > > The alternative is to find a Symantec customer who is affected and get
> > > them
> > > to open a service request listing you as an available contact point for
> > > troubleshooting. All Symantec products and services come with basic
> > > support
> > > cover which allows this.
> >
> > That's what I will do.. but this is a "menu" email from a restaurant to a
> > lenovo address (nearby office).. the recipient subscribed to receive the
> > menu (sent to other 60 people, 2 in lenovo), but I'm not sure he cares
> > enough to open a ticket with his manager at lenovo dealings with the
> > symanteccloud configuration. So for my customer it's a fault or mine. I
> > hoped I was able to get some sort of hint from symantec or anyone else
> > already seen that Message filtered block from symantec when the IP was
> > not blocked.
> > The same happened to another customer with a vodafone.com address
> > (different IP, similar story).
> >
> > Thank you,
> > Stefano
> >
> > >
> > >
> > > Ken.
> > >
> > > --
> > > Ken O'Driscoll / We Monitor Email
> > > t: +353 1 254 9400 | w: www.wemonitoremail.com
> > >
> > > On Fri, 2017-05-19 at 12:56 +0200, Stefano Bagnara wrote:
> > > > Hi,
> > > >
> > > > i'm seeing some reject like this by some of our senders:
> > > >
> > > > > 553 Message filtered. Refer to the Troubleshooting page at
> > > > > http://www.symanteccloud.com/troubleshooting for more information.
> > > > (#5.7.1)
> > > >
> > > > The landing page explanation for the message filtered brings on the
> > > table
> > > > almost anything (blacklist ip, open relay, duns, urls, mail server
> > > > configuration, virus, exploit, opt-out link).
> > > >
> > > > So the answer is no to everything. If one of my customer spammed
> > > Symantec
> > > > customers I'd like to identify him.
> > > >
> > > > I was about to submit the "False positive" here:
> > > > https://support.symantec.com/en_US/article.TECH233678.html
> > > >
> > > > But from the description it's not clear to me if this is only for
> > > their
> > > > customers or not.
> > > >
> > > > Is there anyone from Symantec here?
> > > > Does anyone have experience with this generic message filtered error
> > > and
> > > > how to deal with it?
> > > >
> > > > Stefano
> > > >
> > > > --
> > > > Stefano Bagnara
> > > > Void Labs / VOXmail.it
> > > > Apache James/jSPF/jDKIM
> > > >
> > > > ___
> > > > mailop mailing list
> > > > mailop@mailop.org
> > > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> > >
> > > ___
> > > mailop mailing list
> > > mailop@mailop.org
> > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> > >
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://chilli.nosignal.

Re: [mailop] SymantecCloud "Message filtered"

2017-05-19 Thread Ken O'Driscoll 
Hi Stefano,

WatchGuard (http://reputationauthority.org/) are starting to not like the
IP also - "The ip 188.165.188.38 has sent a high ratio of spam (50
percent)."

My guess is that you are seeing the beginning of a reputation problem
developing with your IP. It's not restaurant menu that's causing the
problem. 

Ken.

-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400 | w: www.wemonitoremail.com

On Fri, 2017-05-19 at 14:42 +0200, Stefano Bagnara wrote:
> On 19 May 2017 at 13:28, Ken O'Driscoll  wrote:
> > Hi Stefano,
> > 
> > That link is only intended for customers. Try using the IP address
> > removal
> > portal at http://ipremoval.sms.symantec.com/lookup/ to request that
> > your IP
> > be de-listed. They will de-list a false positive or tell you what is
> > actually causing the issue. All of their services still share the same
> > reputation data as far as I know.
> 
> I should have written that I already tested all of my IPs at that page
> and they are not listed.
> 
> > The IP address you submitted, 188.165.188.38, does not have a negative
> reputation and therefore cannot be submitted for investigation.
> 
> > The alternative is to find a Symantec customer who is affected and get
> > them
> > to open a service request listing you as an available contact point for
> > troubleshooting. All Symantec products and services come with basic
> > support
> > cover which allows this.
> 
> That's what I will do.. but this is a "menu" email from a restaurant to a
> lenovo address (nearby office).. the recipient subscribed to receive the
> menu (sent to other 60 people, 2 in lenovo), but I'm not sure he cares
> enough to open a ticket with his manager at lenovo dealings with the
> symanteccloud configuration. So for my customer it's a fault or mine. I
> hoped I was able to get some sort of hint from symantec or anyone else
> already seen that Message filtered block from symantec when the IP was
> not blocked.
> The same happened to another customer with a vodafone.com address
> (different IP, similar story).
> 
> Thank you,
> Stefano
>  
> >  
> > 
> > Ken.
> > 
> > -- 
> > Ken O'Driscoll / We Monitor Email
> > t: +353 1 254 9400 | w: www.wemonitoremail.com
> > 
> > On Fri, 2017-05-19 at 12:56 +0200, Stefano Bagnara wrote:
> > > Hi,
> > >
> > > i'm seeing some reject like this by some of our senders:
> > >
> > > > 553 Message filtered. Refer to the Troubleshooting page at 
> > > > http://www.symanteccloud.com/troubleshooting for more information.
> > > (#5.7.1)
> > >
> > > The landing page explanation for the message filtered brings on the
> > table
> > > almost anything (blacklist ip, open relay, duns, urls, mail server
> > > configuration, virus, exploit, opt-out link).
> > >
> > > So the answer is no to everything. If one of my customer spammed
> > Symantec
> > > customers I'd like to identify him.
> > >
> > > I was about to submit the "False positive" here:
> > > https://support.symantec.com/en_US/article.TECH233678.html
> > >
> > > But from the description it's not clear to me if this is only for
> > their
> > > customers or not.
> > >
> > > Is there anyone from Symantec here?
> > > Does anyone have experience with this generic message filtered error
> > and
> > > how to deal with it?
> > >
> > > Stefano
> > >
> > > --
> > > Stefano Bagnara
> > > Void Labs / VOXmail.it
> > > Apache James/jSPF/jDKIM
> > >
> > > ___
> > > mailop mailing list
> > > mailop@mailop.org
> > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> > 
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> > 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SymantecCloud "Message filtered"

2017-05-19 Thread Stefano Bagnara 
On 19 May 2017 at 13:28, Ken O'Driscoll  wrote:

> Hi Stefano,
>
> That link is only intended for customers. Try using the IP address removal
> portal at http://ipremoval.sms.symantec.com/lookup/ to request that your
> IP
> be de-listed. They will de-list a false positive or tell you what is
> actually causing the issue. All of their services still share the same
> reputation data as far as I know.
>

I should have written that I already tested all of my IPs at that page and
they are not listed.

> The IP address you submitted, 188.165.188.38, does not have a negative
reputation and therefore cannot be submitted for investigation.

The alternative is to find a Symantec customer who is affected and get them
> to open a service request listing you as an available contact point for
> troubleshooting. All Symantec products and services come with basic support
> cover which allows this.


That's what I will do.. but this is a "menu" email from a restaurant to a
lenovo address (nearby office).. the recipient subscribed to receive the
menu (sent to other 60 people, 2 in lenovo), but I'm not sure he cares
enough to open a ticket with his manager at lenovo dealings with the
symanteccloud configuration. So for my customer it's a fault or mine. I
hoped I was able to get some sort of hint from symantec or anyone else
already seen that Message filtered block from symantec when the IP was not
blocked.
The same happened to another customer with a vodafone.com address
(different IP, similar story).

Thank you,
Stefano


>


> Ken.
>
> --
> Ken O'Driscoll / We Monitor Email
> t: +353 1 254 9400 | w: www.wemonitoremail.com
>
> On Fri, 2017-05-19 at 12:56 +0200, Stefano Bagnara wrote:
> > Hi,
> >
> > i'm seeing some reject like this by some of our senders:
> >
> > > 553 Message filtered. Refer to the Troubleshooting page at
> > > http://www.symanteccloud.com/troubleshooting for more information.
> > (#5.7.1)
> >
> > The landing page explanation for the message filtered brings on the table
> > almost anything (blacklist ip, open relay, duns, urls, mail server
> > configuration, virus, exploit, opt-out link).
> >
> > So the answer is no to everything. If one of my customer spammed Symantec
> > customers I'd like to identify him.
> >
> > I was about to submit the "False positive" here:
> > https://support.symantec.com/en_US/article.TECH233678.html
> >
> > But from the description it's not clear to me if this is only for their
> > customers or not.
> >
> > Is there anyone from Symantec here?
> > Does anyone have experience with this generic message filtered error and
> > how to deal with it?
> >
> > Stefano
> >
> > --
> > Stefano Bagnara
> > Void Labs / VOXmail.it
> > Apache James/jSPF/jDKIM
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SymantecCloud "Message filtered"

2017-05-19 Thread Ken O'Driscoll 
Hi Stefano,

That link is only intended for customers. Try using the IP address removal
portal at http://ipremoval.sms.symantec.com/lookup/ to request that your IP
be de-listed. They will de-list a false positive or tell you what is
actually causing the issue. All of their services still share the same
reputation data as far as I know.

The alternative is to find a Symantec customer who is affected and get them
to open a service request listing you as an available contact point for
troubleshooting. All Symantec products and services come with basic support
cover which allows this.

Ken.

-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400 | w: www.wemonitoremail.com

On Fri, 2017-05-19 at 12:56 +0200, Stefano Bagnara wrote:
> Hi,
> 
> i'm seeing some reject like this by some of our senders:
> 
> > 553 Message filtered. Refer to the Troubleshooting page at 
> > http://www.symanteccloud.com/troubleshooting for more information.
> (#5.7.1)
> 
> The landing page explanation for the message filtered brings on the table
> almost anything (blacklist ip, open relay, duns, urls, mail server
> configuration, virus, exploit, opt-out link).
> 
> So the answer is no to everything. If one of my customer spammed Symantec
> customers I'd like to identify him.
> 
> I was about to submit the "False positive" here:
> https://support.symantec.com/en_US/article.TECH233678.html
> 
> But from the description it's not clear to me if this is only for their
> customers or not.
> 
> Is there anyone from Symantec here?
> Does anyone have experience with this generic message filtered error and
> how to deal with it?
> 
> Stefano
> 
> --
> Stefano Bagnara
> Void Labs / VOXmail.it
> Apache James/jSPF/jDKIM
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] SymantecCloud "Message filtered"

2017-05-19 Thread Stefano Bagnara 
Hi,

i'm seeing some reject like this by some of our senders:

> 553 Message filtered. Refer to the Troubleshooting page at
> http://www.symanteccloud.com/troubleshooting for more information.
(#5.7.1)

The landing page explanation for the message filtered brings on the table
almost anything (blacklist ip, open relay, duns, urls, mail server
configuration, virus, exploit, opt-out link).

So the answer is no to everything. If one of my customer spammed Symantec
customers I'd like to identify him.

I was about to submit the "False positive" here:
https://support.symantec.com/en_US/article.TECH233678.html

But from the description it's not clear to me if this is only for their
customers or not.

Is there anyone from Symantec here?
Does anyone have experience with this generic message filtered error and
how to deal with it?

Stefano

--
Stefano Bagnara
Void Labs / VOXmail.it
Apache James/jSPF/jDKIM
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Many SPF failures lately

2017-05-19 Thread frnkblk 
We have an automated SPF checking system in place for clients/partners/vendors 
and auto-notify them of invalid/malformed SPF records every three weeks.  The 
responsive ones got them fixed up, but I still have three die-hards that 
haven't made any changes.  Their domains are low-volume, so they probably 
haven't had a palpable issue.

I turned on SPF checking on our incoming email server about two or three months 
and notified domain holders who were sending legitimate email from bad IPs, and 
there, too, some fixed up their SPF records, but the majority didn't do 
anything.  So we keep rejecting those emails.  Most of them tend to be from 
auto-notify systems (bank statements, receipts for purchases from online 
stores, etc).  The recipients don't complain to the sender because they're not 
aware they were supposed to get an email, and since a human didn't send it, 
there's no one on the sending side chasing it down.  Most well-known cuplprit 
is Travelocity and their flight change notifications.  Too bad the travelers 
aren't getting notified.

Frank

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Orlitzky
Sent: Tuesday, May 16, 2017 8:20 AM
To: mailop@mailop.org
Subject: Re: [mailop] Many SPF failures lately

On 05/15/2017 12:34 PM, D'Arcy Cain wrote:
>
> My personal preference is to just bounce it and make them fix their 
> records but it is becoming a support problem because the senders are not 
> reading the bounce message which explains the problem and has a link to 
> a page with more detail.  They simply contact our users saying that it 
> must be our problem.
> 

I usually respond with something like "the administrator of the sending
system told us to reject this message, you'll have to take it up with
him." Then if you ever hear from that guy, tell him to delete the SPF
record completely.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop