Re: [mailop] Many Google "social engineering content" false-positives
So, the problem isn't strictly the CNAMEs, its the fact that the same page with the same path is served on all of the domains on that server. If you restricted serving of the link-tracking link to the domain it was supposed to be for, it would only have affected that domain. I've submitted your escalation, though often there's a faster response to the automated systems and mechanisms. Brandon On Wed, Jan 9, 2019 at 2:11 PM Brandon Long wrote: > If you send me a list of affected domains, I can raise an internal > escalation to the safe browsing team so they can see if the rules are > working as expected or not. > > Brandon > > On Wed, Jan 9, 2019 at 10:48 AM Tim Starr wrote: > >> We have a case of many clients' link-tracking domains being all flagged >> for "social engineering content." I see that there's a case-by-case >> security review request process, but is there any way to handle it for many >> at once? This seems to have been due to many different domains all being >> CNAMEd to one, then one client sending a campaign with a blacklisted domain >> in it, getting all the domains with the same CNAME value flagged. >> >> Tim Starr >> Senior Director, Deliverability >> Maropost.com >> ___ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Many Google "social engineering content" false-positives
If you send me a list of affected domains, I can raise an internal escalation to the safe browsing team so they can see if the rules are working as expected or not. Brandon On Wed, Jan 9, 2019 at 10:48 AM Tim Starr wrote: > We have a case of many clients' link-tracking domains being all flagged > for "social engineering content." I see that there's a case-by-case > security review request process, but is there any way to handle it for many > at once? This seems to have been due to many different domains all being > CNAMEd to one, then one client sending a campaign with a blacklisted domain > in it, getting all the domains with the same CNAME value flagged. > > Tim Starr > Senior Director, Deliverability > Maropost.com > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Many Google "social engineering content" false-positives
We have a case of many clients' link-tracking domains being all flagged for "social engineering content." I see that there's a case-by-case security review request process, but is there any way to handle it for many at once? This seems to have been due to many different domains all being CNAMEd to one, then one client sending a campaign with a blacklisted domain in it, getting all the domains with the same CNAME value flagged. Tim Starr Senior Director, Deliverability Maropost.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
I didn't find shorter than "List of domain names formerly used to receive massive amounts of emails" for the title of the page, if someone has a better idea, please sho[o|u]t ... -- Benjamin -Original Message- From: mailop On Behalf Of Benjamin BILLON Sent: mardi 8 janvier 2019 20:19 To: mailop@mailop.org Subject: Re: [mailop] List of unused, big email-domains? RBL would be useful but I can start a list of defunct domains based on my experience, my email history and a few logs. I can't publish a RBL in a blink. Also in my case, I wouldn't need a MTA to consume the list, I just want to have a list, with a date (or a year) of when the domain stopped asking to receive emails, so when I spot those domains I would have an indication of the age of the database, and do something with that. It would also show an interesting history of the merges and deaths of emailing ecosystems on the Internet. I'm not convinced about the need to highly document that, and official shutdown pages have high chances of being shut as well not long after the domain. But there's no problem to describing too much either. We could also ask Al, or Laura, to maintain this list, but I believe they wouldn't mind a little community effort instead. I'll create the page on Wikipedia tomorrow, if nobody does it first =) -- Benjamin -Original Message- From: mailop On Behalf Of Grant Taylor via mailop Sent: mardi 8 janvier 2019 19:58 To: mailop@mailop.org Subject: Re: [mailop] List of unused, big email-domains? On 01/08/2019 10:32 AM, John Levine wrote: > A lot of them have been turned into spamtraps after rejecting mail for > a year or so. For obvious reasons, the people using them will not > tell you what they are. I think there is a significant difference in a list of defunct sending domains and a list of spam traps. I can see how there is some overlap. But I don't think that concern of the latter precludes the former. Also, it would be trivial for spam trap operators to disqualify their domains by stating that they do send email from said domains. -- Grant. . . . unix || die ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
On 01/09/2019 09:45 AM, John Levine wrote: Sounds like it'd be more productive to fix the code in the MTA rather than to invent a band-aid and then try to make the MTA use the band-aid. Rejecting mail for authoritative NXDOMAIN failure is pretty basic. I think most of the MTAs (that I've looked at) already have code to do this. It's just that people don't enable it for one reason or another. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
In article you write: >On 01/09/2019 07:58 AM, John Levine wrote: >> Sounds like it'd be more useful to persuade those domains to publish a >> null MX. Then everyone's mail to them will fail automagically. > >Agreed. > >However that requires that the domains still be registered and having >DNS service. > >Granted, MTAs should refuse to accept email for non-existent domains. >But we all know that there are a LOT of MTAs that don't do things the >way that they should. Sounds like it'd be more productive to fix the code in the MTA rather than to invent a band-aid and then try to make the MTA use the band-aid. Rejecting mail for authoritative NXDOMAIN failure is pretty basic. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
On 01/09/2019 07:58 AM, John Levine wrote: Sounds like it'd be more useful to persuade those domains to publish a null MX. Then everyone's mail to them will fail automagically. Agreed. However that requires that the domains still be registered and having DNS service. Granted, MTAs should refuse to accept email for non-existent domains. But we all know that there are a LOT of MTAs that don't do things the way that they should. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
* John Levine : > In article <0eb10a39-fe76-e064-ae17-dc1484260...@stefan-neufeind.de> you > write: > >Part of my reason to start this mail-thread was that for some domains > >which get mistypes from time to time (like gmail.de instead of > >gmail.com) it would maybe nice to reject that email right away ... > > Sounds like it'd be more useful to persuade those domains to publish a > null MX. Then everyone's mail to them will fail automagically. ACK and thanks for bringing null MXes up. p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
In article <0eb10a39-fe76-e064-ae17-dc1484260...@stefan-neufeind.de> you write: >Part of my reason to start this mail-thread was that for some domains >which get mistypes from time to time (like gmail.de instead of >gmail.com) it would maybe nice to reject that email right away ... Sounds like it'd be more useful to persuade those domains to publish a null MX. Then everyone's mail to them will fail automagically. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] List of unused, big email-domains?
On 1/8/19 9:20 PM, John Levine wrote: > In article > you write: >> -=-=-=-=-=- >> -=-=-=-=-=- >> >> On 01/08/2019 12:46 PM, John Levine wrote: >>> Why would spam trap domains want to say anything? >> >> So that their domain(s) would be ineligible to be listed. > > You're still making the key assumption that they would care. > >> Receivers could use it to reject email from listed defunct domains. >> Domains which likely don't have SFP or other mechanisms to indicate that >> they don't send email. > > Before you put a lot of effort into this, how much difference would it > make for spam filtering? I don't see a lot of spam purporting to be > from famous dead domains. They're either famous live domains or > random addresses picked from their spam lists. Hi, Part of my reason to start this mail-thread was that for some domains which get mistypes from time to time (like gmail.de instead of gmail.com) it would maybe nice to reject that email right away instead of having it in the outgoing queue for some days (Connetion timed out, ...) and being able to tell the sender after delay of some days that finally that email still timed out - although by looking at the domain we could already tell beforehand that delivery will not succeed / does not make sense. But there might be other purposes to use such a list, of course. Kind regards, Stefan ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
