Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?

2017-11-16 Thread John Johnstone 

On 11/16/17 6:12 PM, Michael Peddemors wrote:


And ON that topic.. what to do about the elephant in the room..

Seems both Spammers and Email Marketers are all jumping on the Amazon 
bandwagon.. (Personally, I never thought the price point would make it 
worth it)


In addition, the email address validating / list cleaning services 
hosted at Amazon are rampant.  In that sense, Amazon has become the new 
botnet with its IP address diversity.


-
John J.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?

2017-11-16 Thread Michael Peddemors 

And ON that topic.. what to do about the elephant in the room..

Seems both Spammers and Email Marketers are all jumping on the Amazon 
bandwagon.. (Personally, I never thought the price point would make it 
worth it)


And just came across the reports of starting to see it on this network..

NetRange:   18.219.0.0 - 18.228.255.255
CIDR:   18.219.0.0/16, 18.220.0.0/14, 18.224.0.0/14, 18.228.0.0/16

And of course, Amazon does not appear to want to SWIP it any more 
accurately than that..


IS this something that ARIN should be commenting on?  I mean they are 
assigning the addresses, even if they say they aren't guaranteed to 
assign them for long in their cloud structures..


We have been tracking a steady increase in activity, both spam activity, 
and ransom ware hosted on the Amazon cloud.. and as anyone who has tried 
jumping through the hoops of reporting there, it isn't easy or quick.


Fresh brand new domains, placeholders for websites..

And of course, they don't even assign a company contiguous IP ranges..

Should we just start blocking these types of ranges, and then only 
exempt the legitimate ones?


A quick check across a couple of /22' across that block, and the ONLY 
ones with PTR records are all placeholder/spammer domains..




On 17-11-16 02:45 PM, Anne P. Mitchell Esq. wrote:


  


On 23/12/2015 02:28, mikea wrote:

On Tue, Dec 22, 2015 at 09:14:51AM -0700, Anne Mitchell wrote:

We are repeatedly being spammed by Ezoic, and we have reported them to their 
providers (enom, scalr, Amazon and Google multiple times).
Just *what* can be done about a non-moving target spammer who is sending 
through Google (already reported to them) and hosting on Amazon? (ditto.)
I don't mean at the local level, I mean about getting them shut down (or at 
least listed).

At this point, all I can think of is this:
If you don't complain, then they can't ignore you.
Google and Amazon are "too big to be shut down", "too important to be
blocked", and "too big to be influenced from outside". That's a bad
combination.



Rubbish! no-ones too big to be blocked, it's this type of attitude that allows the bigger 
players to sit back and say "ah so what" when you do complain.



As a follow up, either Google finally booted them, or they are sharing the 
wealth, as we just got this Ezoic spam and it went out through Amazon..here's 
the complaint we just sent in case any of you are interested:




Hey Anne- I've reached out to you a handful of times in the last couple of 
years and I thought, 'hey, what's one more time?'


Hey Piper - I'll tell you what "one more time is"..it's the time I report you 
and Ezoic (already known as big fat spammers) for spamming us!

Providers:

The below is 100% pure spam, sent to a role account that cannot (and
indeed did not) sign up for anything.

In other words, this spam was sent to a *scraped* email address.

You are receiving this report, with full headers and content below,
because your company in some manner hosts or otherwise facilitates
the organization that is sending the spam.

Amazon, you are hosting this spammer's spam-sending on your EC2 system.

Amazon, you are also hosting this spammer's website.

Scalr, you are providing their DNS.

If you are not hosting the server through which the spam email is
being sent, then you are receiving this because you are the registrar
of record for the domain of this spammer, you are hosting their DNS,
or in some other way providing material support to their spamming.

Please let us know if you need any further information, and please let
us know what actions have been taken regarding my complaint.  Inaction
or lack of reply will result in this matter being reported to
Spamhaus, Spamcop, and other anti-spam blacklists.

Thank you.

Kind regards,

Anne

Anne P. Mitchell, Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Member: California Bar Cyberspace Law Committee
CEO: ISIPP SuretyMail Email Accreditation
http://www.ISIPP.com/
http://www.ISIPP.eu/



-- Original Message --

From: Piper Lofrano 
Subject: Google Certified Tools
Date: November 15, 2017 at 5:29:25 PM MST
To: i...@theinternetpatrol.com
Message-Id: 
Reply-To: Piper Lofrano 
Delivered-To: anne.mitchell@gmail.com,
i...@theinternetpatrol.com
Received: by 10.25.228.77 with SMTP id b74csp1809564lfh; Wed, 15 Nov 2017 
16:29:32 -0800 (PST),
from partita.isipp.com (partita.isipp.com. [69.12.213.130]) by mx.google.com with 
ESMTPS id f19si19047909plr.675.2017.11.15.16.29.31 for 
 (version=TLS1_2 
cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Nov 2017 16:29:32 -0800 
(PST),
from concerto.isipp.com (69-12-212-226.static.sonic.net [69.12.212.226]) by 
partita.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id vAG0TUlc016183 for

Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?

2017-11-16 Thread Anne P. Mitchell Esq. 

 
> 
> On 23/12/2015 02:28, mikea wrote:
>> On Tue, Dec 22, 2015 at 09:14:51AM -0700, Anne Mitchell wrote:
>>> We are repeatedly being spammed by Ezoic, and we have reported them to 
>>> their providers (enom, scalr, Amazon and Google multiple times).
>>> Just *what* can be done about a non-moving target spammer who is sending 
>>> through Google (already reported to them) and hosting on Amazon? (ditto.)
>>> I don't mean at the local level, I mean about getting them shut down (or at 
>>> least listed).
>> At this point, all I can think of is this:
>>If you don't complain, then they can't ignore you.
>> Google and Amazon are "too big to be shut down", "too important to be
>> blocked", and "too big to be influenced from outside". That's a bad
>> combination.
> 
> 
> Rubbish! no-ones too big to be blocked, it's this type of attitude that 
> allows the bigger players to sit back and say "ah so what" when you do 
> complain.


As a follow up, either Google finally booted them, or they are sharing the 
wealth, as we just got this Ezoic spam and it went out through Amazon..here's 
the complaint we just sent in case any of you are interested:



> Hey Anne- I've reached out to you a handful of times in the last couple of 
> years and I thought, 'hey, what's one more time?' 

Hey Piper - I'll tell you what "one more time is"..it's the time I report you 
and Ezoic (already known as big fat spammers) for spamming us!

Providers:

The below is 100% pure spam, sent to a role account that cannot (and
indeed did not) sign up for anything. 

In other words, this spam was sent to a *scraped* email address.

You are receiving this report, with full headers and content below,
because your company in some manner hosts or otherwise facilitates 
the organization that is sending the spam.

Amazon, you are hosting this spammer's spam-sending on your EC2 system.

Amazon, you are also hosting this spammer's website.

Scalr, you are providing their DNS.

If you are not hosting the server through which the spam email is
being sent, then you are receiving this because you are the registrar
of record for the domain of this spammer, you are hosting their DNS,
or in some other way providing material support to their spamming. 

Please let us know if you need any further information, and please let
us know what actions have been taken regarding my complaint.  Inaction
or lack of reply will result in this matter being reported to
Spamhaus, Spamcop, and other anti-spam blacklists. 

Thank you.

Kind regards,

Anne

Anne P. Mitchell, Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Member: California Bar Cyberspace Law Committee
CEO: ISIPP SuretyMail Email Accreditation
http://www.ISIPP.com/
http://www.ISIPP.eu/



-- Original Message --
> From: Piper Lofrano 
> Subject: Google Certified Tools
> Date: November 15, 2017 at 5:29:25 PM MST
> To: i...@theinternetpatrol.com
> Message-Id: 
> Reply-To: Piper Lofrano 
> Delivered-To: anne.mitchell@gmail.com,
> i...@theinternetpatrol.com
> Received: by 10.25.228.77 with SMTP id b74csp1809564lfh; Wed, 15 Nov 2017 
> 16:29:32 -0800 (PST),
> from partita.isipp.com (partita.isipp.com. [69.12.213.130]) by mx.google.com 
> with ESMTPS id f19si19047909plr.675.2017.11.15.16.29.31 for 
>  (version=TLS1_2 
> cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Nov 2017 16:29:32 
> -0800 (PST),
> from concerto.isipp.com (69-12-212-226.static.sonic.net [69.12.212.226]) by 
> partita.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id vAG0TUlc016183 for 
> ; Wed, 15 Nov 2017 16:29:30 -0800,
> from p3plsmtp02-06-26.prod.phx3.secureserver.net 
> (p3plsmtp02-06.prod.phx3.secureserver.net [72.167.218.36]) by 
> concerto.isipp.com (Postfix) with ESMTP id 04C244C0033 for 
> ; Wed, 15 Nov 2017 16:29:29 -0800 (PST),
> (qmail 27988 invoked from network); 16 Nov 2017 00:29:29 -,
> (qmail 27985 invoked by uid 30297); 16 Nov 2017 00:29:29 -,
> from unknown (HELO p3plibsmtp01-01.prod.phx3.secureserver.net) 
> ([72.167.238.33]) (envelope-sender ) by 
> p3plsmtp02-06-26.prod.phx3.secureserver.net (qmail-1.03) with SMTP for 
> ; 16 Nov 2017 00:29:29 -,
> from mail-qt0-f172.google.com ([209.85.216.172]) by bizsmtp with SMTP id 
> F83ce1epm1LtYF83ceAJfT; Wed, 15 Nov 2017 17:29:29 -0700,
> by mail-qt0-f172.google.com with SMTP id 1so38709450qtn.3 for 
> ; Wed, 15 Nov 2017 16:29:28 -0800 (PST),
> from s.ezoic.com (ec2-50-19-94-188.compute-1.amazonaws.com. [50.19.94.188]) 
> by smtp.gmail.com with ESMTPSA id p34sm4301107qkh.28.2017.11.15.16.29.26 for 
>  (version=TLS1 cipher=AES128-SHA bits=128/128); 
> Wed, 15 Nov 2017 16:29:26 -0800 (PST)

Re: [mailop] Gmail forwarding blowback

2017-11-16 Thread Warren Volz 
Never good enough (on the spam filters) but great suggestion. 

The user has disabled forwarding and is using POP3 to pull mail into
Gmail. 

Thanks all for the help! 

-Warren 

On 11/09/2017 4:35 pm, Dave Warren wrote:

> On 2017-11-08 12:20, Warren Volz wrote: 
> 
>> All,
>> 
>> One of my users has their account setup to forward mail to Gmail. Recently 
>> I've started to see lots of rejects that look like the following:
>> 
>>  (expanded from ): host
>> gmail-smtp-in.l.google.com[2607:f8b0:400e:c04::1a] said: 550-5.7.1
>> [ipv6 address 18] Our system has detected that
>> 550-5.7.1 this message is likely suspicious due to the very low reputation
>> of 550-5.7.1 the sending IP address. To best protect our users from spam,
>> the 550-5.7.1 message has been blocked. Please visit 550 5.7.1
>> https://support.google.com/mail/answer/188131 for more information.
>> p26si2014836pli.781 - gsmtp (in reply to end of DATA command)
>> 
>> I've looked over the forwarding best practices provided by google and we are 
>> not modifying the envelope sender. I'd rather not start throwing away what 
>> our filter marks as spam since I leave that up to the user, but is that the 
>> only way to stop the bounces? Also, is the "18]" an artifact or some kind of 
>> error?
> 
> How good are your spam filters? One thing you can try is to only forward 
> non-spam and dump the spam in the user's mailbox.
> 
> Next, have the user configure Gmail's POP3 account retrieval feature so that 
> Google will retrieve the spam and add it to the mailbox. There will be some 
> degree of latency for the spam to come through, but nothing gets lost.
> 
> It mostly doesn't matter if you deliver the non-spam into your local mailbox 
> (and forward it) or just forward it as Gmail skips duplicate messages.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] iCloud "Message rejected due to local policy"

2017-11-16 Thread Chris Nagele 
> Probably not so helpful but we saw similar issues in the past. I contacted
> icloudad...@apple.com then but usually we were able to send before they got
> back to us.
>
> For it only affected some recipients even though all messages were sent from
> the same domain/IP.

I wanted to follow up on this. Unfortunately we didn't learn much from
the process. The errors were only coming back for specific sending
domains, and completely random. In some cases the same exact content
would get the "local policy" response, then a few minutes later it
would be successfully delivered.

When we heard back from Apple, they just commented that they updated
some things and it is fixed. After that point delivery was back to
normal.

Chris

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone on here from cox.net?

2017-11-16 Thread Tony Rose 
Hi All,

I am looking to see if there is anyone from Cox on here.

Thanks,
Tony
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] rescam.org experiences?

2017-11-16 Thread Ken O'Driscoll 
On Thu, 2017-11-16 at 10:29 -0500, Rich Kulawiec wrote:
> I think that setting up a system that accepts input which can be
> forged/fabricated at will in any desired quantity by nearly any
> attacker and then generates email output to arbitrary destinations of
> that
> attacker's choosing is a seriously bad idea.  This is an abuse magnet --
> perhaps one that's well-intended, but it will be repurposed as soon as
> it's worth someone's time/effort.

+1. It'll get blocked by all of the freemail providers once it's abused and
that will completely negate its intended usefulness.

Ken.

-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400 | w: www.wemonitoremail.com

Need to understand deliverability? Now there's a book:
www.wemonitoremail.com/book


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] rescam.org experiences?

2017-11-16 Thread Rich Kulawiec 
I think that setting up a system that accepts input which can be
forged/fabricated at will in any desired quantity by nearly any
attacker and then generates email output to arbitrary destinations of that
attacker's choosing is a seriously bad idea.  This is an abuse magnet --
perhaps one that's well-intended, but it will be repurposed as soon as
it's worth someone's time/effort.

---rsk

p.s.  Here's an interesting thought experiment for you.  Suppose S
is a scammer and V is the intended victim.  S writes a scam message,
plugs V's address into it, and reports this fake to rescam.org.  Then S
actually sends the scam to V, with S's address in it.  V reports this
to rescam.org.  What does rescam.org do?  If it responds to neither,
then V now has a technique for rendering it useless.  If it responds to
both, then V has been victimized twice.  If it responds only to one,
which one?  The one that arrived first?  Well, that's wrong.  The one
that arrived second?  But why?

Now make it a thousand V's and one S, or vice versa.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone Here From Vertical Response?

2017-11-16 Thread Todd Herr via mailop 
If so, please contact me off-list.

Thank you.

-- 

*todd herr*

*sr. delivery engineer www.sparkpost.com *
*twitter* @toddherr @sparkpost

*tel* 415-578-5222 x477
*mobile* 703-220-4153
*email* todd.h...@sparkpost.com 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Random question about complaints

2017-11-16 Thread David Hofstee 
Have seen this too. Our CEO triggered an FBL from Microsoft. The email was
sent from our corporate mail server... He kept wondering why he would no
longer be able to forward anything to his hotmail account. That was fun.


David

On 15 November 2017 at 19:45, Nick Schafer  wrote:

> Thanks all! Very helpful and inline with what I was thinking!
>
> Nick Schafer
> Technical Account Manager, Mailgun 
> Add me on LinkedIn
> 
>
> On Wed, Nov 15, 2017 at 12:27 PM, Ken O'Driscoll 
> wrote:
>
>> On Wed, 2017-11-15 at 11:56 -0600, Nick Schafer wrote:
>> > My question is, is there anything that could inadvertently trigger a
>> spam
>> > complaint for a recipient without their knowing? My hunch is some sort
>> of
>> > mailbox add on or something to that extent but wanted to hear others
>> > thoughts.
>> >
>> > Of course, the recipient may have accidentally clicked "spam" or "junk"
>> > and they just forgot :)
>>
>> Some users hit "spam" when they want to unsubscribe, others when they want
>> to move a mail out of their inbox.
>>
>> Some users also consider their trash folder to be a valid place for
>> storing
>> previous correspondence.
>>
>> The user in question could also have created an automatic filter that
>> matched a particular key word and marked those emails as spam.
>>
>> Bottom line is that you don't know what they're doing, how they use email
>> or how a mailbox provider will treat some of their actions (particularly
>> automated ones).
>>
>> Occasional false positives are part of the course.
>>
>> Ken.
>>
>> --
>> Ken O'Driscoll / We Monitor Email
>> t: +353 1 254 9400 | w: www.wemonitoremail.com
>>
>> Need to understand deliverability? Now there's a book:
>> www.wemonitoremail.com/book
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>


-- 
--
My opinion is mine.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop