date:20180207

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

2018-02-07 Thread Carl Byington

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, 2018-02-08 at 01:32 +, Brandon Long via mailop wrote:
> And this is a direct message from the list to the one attempting to
> unsubscribe?

Not sure about that one, but I have a very similar sample, DKIM signed
by work-web-press.20150623.gappssmtp.com


X-Spam-Checked-In-Group: emailss0@work-web.press
X-Google-Group-Id: 1064089360714
List-Post: , 
List-Help: ,
 
List-Archive: 
List-Unsubscribe: ,
 


That was sent to someone who has no google accounts of any sort, but the
URL redirects to a google login page.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlp7uWsACgkQL6j7milTFsFNrwCfZO0fPCkzsCib7J9/nPJLsRyU
Jt8An3GmcHMDsbsJJnDCL1A3xSm6KjTf
=T/yH
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

2018-02-07 Thread John Levine

In article

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

2018-02-07 Thread Brandon Long via mailop

I'll file a bug.

And this is a direct message from the list to the one attempting to
unsubscribe?

Brandon

On Wed, Feb 7, 2018, 5:15 PM Michael Peddemors 
wrote:

> Spammers are abusing Google Groups lists of course, and I am sure they
> are working on it, but the issue is with the unsubscribe URL methods..
> Comments at the bottom of the example..
>
> eg..
>
> (Relevant Information Only)
>
>
> Return-Path: 
>
> Received: from mail-ua0-f199.google.com (HELO mail-ua0-f199.google.com)
> (209.85.217.199)
>
> Sender: emails1@onlineprod.press
>
> X-BeenThere: emails1@onlineprod.press
>
> Date: Wed, 7 Feb 2018 13:38:51 -0800 (PST)
> From: by...@prodinfos.top
> Message-Id: 
> Subject:
> =?UTF-8?Q?This_Is_The_Fastest_Method_Of_Creating_Millionaires=E2=80=A6?=
>
> X-Original-Sender: by...@prodinfos.top
> Precedence: list
> Mailing-list: list Emails1@onlineprod.press; contact
> Emails1+owners@onlineprod.press
> List-ID: 
> X-Spam-Checked-In-Group: Emails1@onlineprod.press
> X-Google-Group-Id: 836059732772
> List-Post:
> ,
> 
> List-Help:
> ,
>   
> List-Archive:  >
> List-Unsubscribe:
> ,
>   
>
>
> However, if a non-google recipient receives that email, they can't
> actually utilize the un-subscribe URL, it redirects to...
>
>
> Authorization Failed
> This group is on a private domain.
> Please sign in with an authorized account to view this content.
>
> Just pointing it out..
>
>
>
> --
> "Catch the Magic of Linux..."
> 
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
> 
> A Wizard IT Company - For More Info http://www.wizard.ca
> "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada
>
> This email and any electronic data contained are confidential and
> intended solely for the use of the individual or entity to which they
> are addressed. Please note that any views or opinions presented in this
> email are solely those of the author and are not intended to represent
> those of the company.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

2018-02-07 Thread Jim Popovitch via mailop

On February 8, 2018 1:05:59 AM UTC, Michael Peddemors  
wrote:
>Spammers are abusing Google Groups lists of course, and I am sure they 
>are working on it, but the issue is with the unsubscribe URL methods.. 
>Comments at the bottom of the example..
>


I've been reporting this to Google for 4 weeks now.  Unsubbing from the www 
interface doesn't work either.  They don't seem to care...



-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spam originating from Office 365

2018-02-07 Thread Michael Wise via mailop



If it's being marked as spam, and isn't, the recipient Office365 Tenant needs 
to raise it as a False Positive.

Or the sender, if it’s coming from Office365 to an external.

One way or another, *SOMEONE* has to raise it as an FP.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?



-Original Message-
From: mailop  On Behalf Of Jethro R Binks
Sent: Wednesday, February 7, 2018 4:00 AM
To: mailop@mailop.org
Subject: Re: [mailop] Spam originating from Office 365



On Tue, 6 Feb 2018, Carl Byington wrote:



> On Mon, 2018-02-05 at 03:00 +, Shane Clay via mailop wrote:

> > For our customers, the bulk majority of spam they actually receive

> > (over 90% of whats delivered and more than 40% of whats blocked) now

> > days comes from Office 365. Do others see these same trends?

>

> The percentage is not that high here, but are you using something to

> reject mail containing SFV:SPM ?  For example, spamassassin:

>

> header OPOC X-Forefront-Antispam-Report =~ /SFV\:SPM/ score  OPOC 10



I lately asked about this on another mailing list, but didn't get response.  
Greatful for any views from this community:





For some considerable time we've had a rule to increase the score in

SpamAssassin based on whether the MS infrastructure it came to us through

marked it as spam itself:



# protection.outlook.com may determine that an (outbound?) message is spam and 
adds

# to this header.  Trust them.

# 
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftechnet.microsoft.com%2Fen-gb%2Flibrary%2Fdn205071(v%3Dexchg.150).aspx=04%7C01%7Cmichael.wise%40microsoft.com%7C580890a03f55433c289d08d56e23b819%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C0%7C636536022054510463%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1=hFmwGDByaTPunc4wUoDgpnS01d7YaMhVYuWZqNBUqVM%3D=0

header PROTECTIONOUTLOOK_MARKED_SPAM X-Forefront-Antispam-Report =~ /SFV\:SPM/

score  PROTECTIONOUTLOOK_MARKED_SPAM 10.0



Now I've seen many cases where this is plainly successful.  But I've also

had queries for emails from "reputable" sites (including .ac.uk ones)

which have also been marked in this, and thus highly scored at our end

before delivery.  So I'm wondering if something has changed and this isn't

so reliable.



At the moment, if I get an enquiry, I just make some comment along the

lines that MS's infrastructure is closer to the sender, and is in a better

position to evaluate whether a message is spam - we simply trust what they

say, by virtue of the content in the X-Forefront-Antispam-Report header.



Does anyone have any insight into whether this is a reasonable position to

maintain now?





.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .

Jethro R Binks, Network Manager,

Information Services Directorate, University Of Strathclyde, Glasgow, UK



The University of Strathclyde is a charitable body, registered in

Scotland, number SC015263.



___

mailop mailing list

mailop@mailop.org

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=04%7C01%7Cmichael.wise%40microsoft.com%7C580890a03f55433c289d08d56e23b819%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C1%7C636536022054520473%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1=J2q1uFYf%2BB%2FX1lkXrlAMOlgEjdrSFR2fx%2BVB7iyhsW0%3D=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft/Outlook Helo Hostnames Unknown

2018-02-07 Thread Frederik Ferner

I know this thread is a bit older but we've been seeing similar issues
recently where HELO doesn't match RDNS and DNS for HELO does resolve to
a different IP:

IP for sending host: 40.107.1.100
RDNS: mail-eopbgr10100.outbound.protection.outlook.com.
HELO: eur03-am5-obe.outbound.protection.outlook.com
IP for HELO: 213.199.154.111

Would be nice if someone could look into fixing this.

Frederik

On Thu, Jan 11, 2018 at 07:29:25PM +, Michael Wise via mailop wrote:
> 
> Yes, I agree ... oh, waitaminute.
> Can you at least provide an example?
> Just a single example?
> Better yet, some meta-analysis of what these invalid URIs look like?
> It would help.
> 
> Aloha,
> Michael.
> -- 
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool ?
> 
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of MRob
> Sent: Thursday, January 11, 2018 12:53 AM
> To: mailop@mailop.org
> Subject: [mailop] Microsoft/Outlook Helo Hostnames Unknown
> 
> Some time in the last 24 hours, mails coming from outlook.com are using 
> unregistered hostnames in their HELO greeting. Would be nice if this was 
> fixed.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7C526d6b41b2684ef974cc08d558d18a87%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C636512579355988072=74ya0GUtP3nZUZwhGMJWio%2BNO0NX%2BX3ugucrA5e2Zjo%3D=0
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spam originating from Office 365

2018-02-07 Thread Jethro R Binks

On Tue, 6 Feb 2018, Carl Byington wrote:

> On Mon, 2018-02-05 at 03:00 +, Shane Clay via mailop wrote:
> > For our customers, the bulk majority of spam they actually receive
> > (over 90% of whats delivered and more than 40% of whats blocked) now
> > days comes from Office 365. Do others see these same trends?
> 
> The percentage is not that high here, but are you using something to
> reject mail containing SFV:SPM ?  For example, spamassassin:
> 
> header OPOC X-Forefront-Antispam-Report =~ /SFV\:SPM/
> score  OPOC 10

I lately asked about this on another mailing list, but didn't get 
response.  Greatful for any views from this community:

For some considerable time we've had a rule to increase the score in 
SpamAssassin based on whether the MS infrastructure it came to us through 
marked it as spam itself:

# protection.outlook.com may determine that an (outbound?) message is spam and 
adds
# to this header.  Trust them.
# https://technet.microsoft.com/en-gb/library/dn205071(v=exchg.150).aspx
header PROTECTIONOUTLOOK_MARKED_SPAM X-Forefront-Antispam-Report =~ /SFV\:SPM/
score  PROTECTIONOUTLOOK_MARKED_SPAM 10.0

Now I've seen many cases where this is plainly successful.  But I've also 
had queries for emails from "reputable" sites (including .ac.uk ones) 
which have also been marked in this, and thus highly scored at our end 
before delivery.  So I'm wondering if something has changed and this isn't 
so reliable.

At the moment, if I get an enquiry, I just make some comment along the 
lines that MS's infrastructure is closer to the sender, and is in a better 
position to evaluate whether a message is spam - we simply trust what they 
say, by virtue of the content in the X-Forefront-Antispam-Report header.

Does anyone have any insight into whether this is a reasonable position to 
maintain now?

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks, Network Manager,
Information Services Directorate, University Of Strathclyde, Glasgow, UK

The University of Strathclyde is a charitable body, registered in
Scotland, number SC015263.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

2018-02-07 Thread Olaf Petry - Hornetsecurity

Hello,

BTW I guess most unsubscribe header belong to the one-click-unsubscribe, see 
rfc 8058
Whitepaper: 
https://certified-senders.org/wp-content/uploads/2017/07/CSA_one-click_list-unsubscribe.pdf

Mit freundlichen Grüßen / Kind Regards
Olaf Petry

-Ursprüngliche Nachricht-
Von: mailop [mailto:mailop-boun...@mailop.org] Im Auftrag von Andy Smith
Gesendet: Mittwoch, 7. Februar 2018 03:17
An: mailop@mailop.org
Betreff: Re: [mailop] Anyone on this list from SpamCop?

Hello,

On Tue, Feb 06, 2018 at 03:34:34PM -0800, Laura Atkins wrote:
> > On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> > Putting a URL in a List-Unsubscribe header is an entirely reasonable
> > thing to do, and lots of ESPs do it.  
> 
> Lots of non-ESPs do it, too. 
> 
> List-Unsubscribe: 

When it comes to SpamCop it is never offering to report URLs found
in a List-Unsubscribe header so it must have been taught to ignore
those.

It is also ignoring URLs in the header X-Spam-Report, the default
SpamAssassin report header. The problem comes when a custom report
header is used, e.g.:
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

Re: [mailop] Spam originating from Office 365

Re: [mailop] Microsoft/Outlook Helo Hostnames Unknown

Re: [mailop] Spam originating from Office 365

Re: [mailop] Anyone on this list from SpamCop?

8 matches

Site Navigation

Mail list logo

Footer information