Re: [mailop] Google to the WCP?

[Brandon Long via mailop]

Pretty sure we don't do that well, I mean, if you set up a GSuite
account and specify inbound gateways, we attempt to walk the Received
headers to find the "true" external IP and do SPF based on that, but doing
SPF on all received headers would be weird... and externally visible to
anyone who uses macros in their SPF record.

Which isn't to say we don't sometimes inspect and learn things from
Received headers, it just doesn't use SPF, and is a pretty rare signal
these days anyways.

More likely in this case, its a highly-spoofed/high-target domain (apple.com),
coming from a low-volume/unknown service (they haven't started using it
yet, this is just testing) and some other "normal" features of such
messages... and then an overly pessimistic deep learning model.

Brandon


On Fri, Apr 12, 2019 at 11:51 AM Mark Milhollan  wrote:

> Google inspects Received headers and checks SPF for each ignoring those
> showing an RFC-1918 address, any of which failing means a pretty good
> chance the message will be given the SPAM tag, i.e., SPF is checked not
> just for the connected peer.  So a message originated at 192.168.1.101
> and relayed via 192.0.0.x with SPF saying that only 192.0.0.0/24 is an
> authorized sender then all is well, but if it had originated at 1.2.3.4
> Google would judge that it fails SPF and very likely be given a SPAM
> tag.  (Repeated more RFC-ishly at bottom)
>
> More specifically if the message originated at internal.apple.com at
> 17.x.x.x then was relayed via the ESP at 192.0.2.x with SPF saying that
> only 192.0.2.0/24 is an authorized sender of the FROM FQDN Google would
> likely tag it SPAM because of the first Received header.
>
>
> Given an SPF of "v=spf1 ip4:192.0.0.25 ~all".
>
>Okay:
>  Received: from ([192.0.0.25]) by Google
>  Received: from ([192.168.1.101]) by myserver
>
>Fail:
>  Received: from ([192.0.0.25]) by Google
>  Received: from ([1.2.3.4]) by myserver
>
>
> /mark
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Are there any de facto standards around no-reply@ addresses?

[SM]

Hi Grant,
At 05:12 PM 10-04-2019, Grant Taylor via mailop wrote:
The back story in this case involved two such systems that were 
naively replying to each others no-reply address.


I'm used to things like Auto-Generated: and X-Loop* headers.  But 
I'm not aware of any de facto standard around no-reply addresses.


The "Auto-Submitted" header field might help (RFC 3834) to avoid a 
loop.  I guess that nore...@example.com is intended to inform the 
person reading the email that he/she should not reply to it.


Regards,
-sm 



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Are there any de facto standards around no-reply@ addresses?

[Mark Milhollan]

On Wed, 10 Apr 2019, Grant Taylor wrote:


Are there any standards around no-reply type addresses?



The back story in this case involved two such systems that were naively
replying to each others no-reply address.


Automation trying to be "helpful"?  Damned if you do and damned if you 
don't, and in this case damned all around.  It sounds like the messages 
were auto-generated and should have had headers indicating such, which 
still leaves whether there's enough clue in the receiver to check for 
them and if found avoid generating a response.



Another part of the question was if it's okay to omit such no-reply addresses
when generating recipients for auto-replies or other programmatically
generated emails.


Almost certainly.  A related question is whether the presence of one 
should supress any kind of response especially from automation.  The 
trick is that you can't be sure if  is from 
automation or merely someone at example.com being funny/peevish.  When a 
message is received from a sender that doesn't want a reply (even if 
human) the mere presence of those headers begins to provide convincing, 
well not proof but at least an assertion that automation should not 
respond even "helpfully".



/mark

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google to the WCP?

[Mark Milhollan]

Google inspects Received headers and checks SPF for each ignoring those 
showing an RFC-1918 address, any of which failing means a pretty good 
chance the message will be given the SPAM tag, i.e., SPF is checked not 
just for the connected peer.  So a message originated at 192.168.1.101 
and relayed via 192.0.0.x with SPF saying that only 192.0.0.0/24 is an 
authorized sender then all is well, but if it had originated at 1.2.3.4 
Google would judge that it fails SPF and very likely be given a SPAM 
tag.  (Repeated more RFC-ishly at bottom)


More specifically if the message originated at internal.apple.com at 
17.x.x.x then was relayed via the ESP at 192.0.2.x with SPF saying that 
only 192.0.2.0/24 is an authorized sender of the FROM FQDN Google would 
likely tag it SPAM because of the first Received header.



Given an SPF of "v=spf1 ip4:192.0.0.25 ~all".

  Okay:
Received: from ([192.0.0.25]) by Google
Received: from ([192.168.1.101]) by myserver

  Fail:
Received: from ([192.0.0.25]) by Google
Received: from ([1.2.3.4]) by myserver


/mark

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Summary of Active Brute Force Attackers, something to think about over the weekend

[Michael Rathbun]

On Fri, 12 Apr 2019 08:01:15 -0700, Michael Peddemors 
wrote:

>The pgHammer continues to lead in the sheer volume of attempts, but is 
>down to only 271 servers still operational.  (Amazon, five are still on 
>your network)

The stats for yesterday showed a mere 279 IPs and a paltry 7,551 hits.  So,
there is some attenuation.  Still, this is a remarkably resilient activity.

mdr
-- 
  "Après moi le déluge." -- Louis XV 
  "Until then just jiggle the handle." -- Brooke McEldowney


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

[Shahjahan Miah]

Figured it out, MS are sending two different email, one without the link and 
one with the link.

[signature_1395543467]
Shahjahan Miah | Sr Deliverability Development Consultant
m: +447960741688
e: shahjahan.m...@mapp.com
Follow us:  [cid:image006.png@01D4B7E6.669D8F70] 

[cid:image007.png@01D4B7E6.669D8F70]    
[cid:image008.png@01D4B7E6.669D8F70] 


From: mailop  On Behalf Of Shahjahan Miah
Sent: 12 April 2019 15:57
To: Al Iverson ; mailop@mailop.org
Subject: Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

This email has reached Mapp via an external source

Strange, I’m getting a different response then normal.

Example:

This is to inform you that Shah miah 
(xx...@hotmail.com) has requested access to view 
Hotmail and Windows Live Mail traffic data for 91.192.41.161 .

You are receiving this because you have signed up to be part of a preview 
release of Smart Network Data Services, or a Smart Network Data Services user 
has requested that this email be sent to this address. Smart Network Data 
Services is a revolutionary Windows Live Mail initiative, designed to allow 
everyone who owns IP space to contribute to the fight against spam and protect 
e-mail as a valued communications, productivity and commerce tool. If you have 
questions about our privacy policy, please read our privacy statement available 
at http://privacy.live.com.If you do not wish to receive further mails from 
Smart Network Data Services, you can remove yourself from the system by going 
to https://postmaster.live.com/snds/pref.aspx.

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
(c)2006 Microsoft Corporation. All rights reserved. Microsoft, MSN, the MSN 
logo, and Hotmail are either registered trademarks or trademarks of the 
Microsoft Corporation in the United States and/or other countries.

This e-mail is from Mapp Digital and its international legal entities and may 
contain information that is confidential or proprietary.
If you are not the intended recipient, do not read, copy or distribute the 
e-mail or any attachments. Instead, please notify the sender and delete the 
e-mail and any attachments.
Please consider the environment before printing. Thank you.

[signature_1395543467]
Shahjahan Miah | Sr Deliverability Development Consultant
m: +447960741688
e: shahjahan.m...@mapp.com
Follow us:  [cid:image006.png@01D4B7E6.669D8F70] 

[cid:image007.png@01D4B7E6.669D8F70]    
[cid:image008.png@01D4B7E6.669D8F70] 


From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Al Iverson
Sent: 12 April 2019 14:19
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

This email has reached Mapp via an external source

Or it could be one of these notifications that are just informational in 
nature, and are separate from the verification emails.

-- Forwarded message -
From: snds-authorizat...@outlook.com 
mailto:snds-authorizat...@outlook.com>>
Date: Thu, Apr 4, 2019 at 3:25 PM
Subject: X X has requested access to Hotmail traffic data for X through X
To: 

Dear Al Iverson,

This is to inform you that X X (x@x.x) has requested access to 
view Hotmail and Windows Live Mail traffic data for X through X.

You are receiving this because you have signed up to be part of a preview 
release of Smart Network Data Services, or a Smart Network Data Services user 
has requested that this email be sent to this address. Smart Network Data 
Services is a revolutionary Windows Live Mail initiative, designed to allow 
everyone who owns IP space to contribute to the fight against spam and protect 
e-mail as a valued communications, productivity and commerce tool. If you have 
questions about our privacy policy, please read our privacy statement available 
at http://privacy.live.com.If you do not wish to receive further mails from 
Smart Network Data Services, you can remove yourself from the system by going 
to https://postmaster.live.com/snds/pref.aspx.

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
(c)2006 Microsoft Corporation. All rights reserved. Microsoft, MSN, the MSN 
logo, and Hotmail are either registered trademarks or trademarks of the 
Microsoft Corporation in the United States and/or other countries.

On Fri, Apr 12, 2019 at 8:09 AM Copernica BV, Bas van Berckel via mailop 
mailto:mailop@mailop.org>> wrote:

Just tried adding myself, got the same old message as always. Sounds to me like 
something on your end cut the message off before the link.

--

Met vrien

[mailop] Summary of Active Brute Force Attackers, something to think about over the weekend

[Michael Peddemors]

Just before I get down to my Friday Business, popped up the dashboard 
for our Distributed Feedback System (DFS) to get a comparison of the 
Brute Force attack vector..


The numbers are an indicator for comparison purposes only.
There of course would be a lot more bot attacks, but many are trying to 
attack ports that we know they shouldn't be, so are already dropped 
before the feedback system can count/report them.


The pgHammer continues to lead in the sheer volume of attempts, but is 
down to only 271 servers still operational.  (Amazon, five are still on 
your network)


NameHits   Unique IP(s)
...
pgHammer69410271
Static Vietnamese Bots  10477   5364
Smart Cutwail7699 17
Older Cutwail4947   1433
Compromised Ubiquiti 4607   3914
Asian Big Dynamic IP(s)  4184   2105
Compromised Cisco Routers3419   2809
Compromised WRT Routers  3382   2952
Vietel Specific  1728   1396
Compromised Linux NotIdentified  1435 78
Sextortion Spammer   1298546 (Spam)
Winbot   1284476
Compromised MikroTik  543491

Now this doesn't of course include all of the ones we track, but rather 
some of the 'smarter' ones that aren't so obvious that they have been 
blocked long ago..


But thought it would be interesting enough to post here.

Have a save and happy weekend all.. Remember, lock your mailboxes..

-- Michael --

PS, Thanks to those that have helped reduce the number of pgHammer 
compromised servers..





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

[Shahjahan Miah]

Strange, I’m getting a different response then normal.

Example:

This is to inform you that Shah miah (xx...@hotmail.com) has requested access 
to view Hotmail and Windows Live Mail traffic data for 91.192.41.161 .
You are receiving this because you have signed up to be part of a preview 
release of Smart Network Data Services, or a Smart Network Data Services user 
has requested that this email be sent to this address. Smart Network Data 
Services is a revolutionary Windows Live Mail initiative, designed to allow 
everyone who owns IP space to contribute to the fight against spam and protect 
e-mail as a valued communications, productivity and commerce tool. If you have 
questions about our privacy policy, please read our privacy statement available 
at http://privacy.live.com.If you do not wish to receive further mails from 
Smart Network Data Services, you can remove yourself from the system by going 
to https://postmaster.live.com/snds/pref.aspx.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
(c)2006 Microsoft Corporation. All rights reserved. Microsoft, MSN, the MSN 
logo, and Hotmail are either registered trademarks or trademarks of the 
Microsoft Corporation in the United States and/or other countries.
This e-mail is from Mapp Digital and its international legal entities and may 
contain information that is confidential or proprietary.
If you are not the intended recipient, do not read, copy or distribute the 
e-mail or any attachments. Instead, please notify the sender and delete the 
e-mail and any attachments.
Please consider the environment before printing. Thank you.

[signature_1395543467]
Shahjahan Miah | Sr Deliverability Development Consultant
m: +447960741688
e: shahjahan.m...@mapp.com
Follow us:  [cid:image006.png@01D4B7E6.669D8F70] 

[cid:image007.png@01D4B7E6.669D8F70]    
[cid:image008.png@01D4B7E6.669D8F70] 


From: mailop  On Behalf Of Al Iverson
Sent: 12 April 2019 14:19
To: mailop@mailop.org
Subject: Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

This email has reached Mapp via an external source

Or it could be one of these notifications that are just informational in 
nature, and are separate from the verification emails.

-- Forwarded message -
From: snds-authorizat...@outlook.com 
mailto:snds-authorizat...@outlook.com>>
Date: Thu, Apr 4, 2019 at 3:25 PM
Subject: X X has requested access to Hotmail traffic data for X through X
To: 

Dear Al Iverson,

This is to inform you that X X (x@x.x) has requested access to 
view Hotmail and Windows Live Mail traffic data for X through X.

You are receiving this because you have signed up to be part of a preview 
release of Smart Network Data Services, or a Smart Network Data Services user 
has requested that this email be sent to this address. Smart Network Data 
Services is a revolutionary Windows Live Mail initiative, designed to allow 
everyone who owns IP space to contribute to the fight against spam and protect 
e-mail as a valued communications, productivity and commerce tool. If you have 
questions about our privacy policy, please read our privacy statement available 
at http://privacy.live.com.If you do not wish to receive further mails from 
Smart Network Data Services, you can remove yourself from the system by going 
to https://postmaster.live.com/snds/pref.aspx.

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
(c)2006 Microsoft Corporation. All rights reserved. Microsoft, MSN, the MSN 
logo, and Hotmail are either registered trademarks or trademarks of the 
Microsoft Corporation in the United States and/or other countries.

On Fri, Apr 12, 2019 at 8:09 AM Copernica BV, Bas van Berckel via mailop 
mailto:mailop@mailop.org>> wrote:

Just tried adding myself, got the same old message as always. Sounds to me like 
something on your end cut the message off before the link.

--

Met vriendelijke groet,

Best regards,



Bas van Berckel

Deliverability Expert



Support & Operations Copernica BV

+31 (0)20 520 61 90

www.copernica.com
On 12-04-19 13:46, Shahjahan Miah wrote:
Hi,

Have Microsoft changed the process for requesting authorisation of sending IPs 
on SNDS? The email we get in our abuse folder no longer has the link to confirm 
the request to add the IP to the tool.

It only states that someone has requested access to view hotmail data but no 
link, very strange.

Thanks,
Shah


[signature_1395543467]
Shahjahan Miah | Sr Deliverability Development Consultant
m: +447960741688
e: shahjahan.m...@mapp.com
Follow us:  [cid:image006.png@01D4B7E6.669D8F70] 

[cid:image007.png@01D4B7E6.669D8F70] 

[mailop] Outage @outlook.com creating invalid sender addresses?

[Benoit Panizzon]

Hi List

Today, our support team started getting quite some emails from
legitimate customers, but with envelope sender and From: header looking
like:

From: "Firstname Name" 

That Hex String is different for each sender.

Recieved: header show, they got sent via outlook.com plattform, but the
sender email address is invalid if we reply.

So I start wondering, do others also see that phenomena?

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

[Al Iverson]

Or it could be one of these notifications that are just informational in
nature, and are separate from the verification emails.

-- Forwarded message -
From: snds-authorizat...@outlook.com 
Date: Thu, Apr 4, 2019 at 3:25 PM
Subject: X X has requested access to Hotmail traffic data for X through X
To: 

Dear Al Iverson,

This is to inform you that X X (x@x.x) has requested access to view Hotmail
and Windows Live Mail traffic data for X through X.

You are receiving this because you have signed up to be part of a preview
release of Smart Network Data Services, or a Smart Network Data Services
user has requested that this email be sent to this address. Smart Network
Data Services is a revolutionary Windows Live Mail initiative, designed to
allow everyone who owns IP space to contribute to the fight against spam
and protect e-mail as a valued communications, productivity and commerce
tool. If you have questions about our privacy policy, please read our
privacy statement available at http://privacy.live.com.If you do not
wish to receive further mails from Smart Network Data Services, you can
remove yourself from the system by going to
https://postmaster.live.com/snds/pref.aspx.

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
(c)2006 Microsoft Corporation. All rights reserved. Microsoft, MSN, the MSN
logo, and Hotmail are either registered trademarks or trademarks of the
Microsoft Corporation in the United States and/or other countries.

On Fri, Apr 12, 2019 at 8:09 AM Copernica BV, Bas van Berckel via mailop <
mailop@mailop.org> wrote:

> Just tried adding myself, got the same old message as always. Sounds to me
> like something on your end cut the message off before the link.
>
> --
> Met vriendelijke groet,
> Best regards,
>
> Bas van Berckel
> Deliverability Expert
>
> Support & Operations Copernica BV
> +31 (0)20 520 61 90www.copernica.com
>
> On 12-04-19 13:46, Shahjahan Miah wrote:
>
> Hi,
>
>
>
> Have Microsoft changed the process for requesting authorisation of sending
> IPs on SNDS? The email we get in our abuse folder no longer has the link to
> confirm the request to add the IP to the tool.
>
>
>
> It only states that someone has requested access to view hotmail data but
> no link, very strange.
>
>
>
> Thanks,
>
> Shah
>
>
>
>
>
> [image: signature_1395543467] 
> * Shahjahan Miah **|* Sr Deliverability Development Consultant
>
> *m: *+447960741688
> *e:* *shahjahan.m...@mapp.com *
>
> Follow us:  [image: cid:image006.png@01D4B7E6.669D8F70]
>    [image:
> cid:image007.png@01D4B7E6.669D8F70]   
> [image:
> cid:image008.png@01D4B7E6.669D8F70]
> 
>
>
>
> Mapp Digital UK Ltd, registered in England and Wales with company number
> 10162741 and offices located at 95 Gresham Street, 6th Floor, London, EC2V
> 7NA
>
> This e-mail is from Mapp Digital and its international legal entities and
> may contain information that is confidential or proprietary.
> If you are not the intended recipient, do not read, copy or distribute the
> e-mail or any attachments. Instead, please notify the sender and delete the
> e-mail and any attachments.
> Please consider the environment before printing. Thank you.
>
> ___
> mailop mailing 
> listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


-- 
al iverson // wombatmail // miami
http://www.aliverson.com
http://www.spamresource.com
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from free.fr on the list?

[Benjamin BILLON]

And make sure to have your homework done, be clear, concise and provide details 
of how you fixed the issue.
If it's not totally fixed and you get blocked again, he'll have other things to 
do than reply to you.

--
Benjamin

From: mailop  On Behalf Of Mathieu Bourdin
Sent: vendredi 12 avril 2019 13:54
To: Sidsel Jensen ; mailop 
Subject: Re: [mailop] Anyone from free.fr on the list?

Hi,

You can reach out to postmas...@proxad.net (home 
company for free.fr). The guy in charge is usually quite reactive but, as he is 
alone, it might depend of his schedule.

Mathieu B.


De : mailop mailto:mailop-boun...@mailop.org>> De la 
part de Sidsel Jensen
Envoyé : vendredi 12 avril 2019 13:39
À : mailop mailto:mailop@mailop.org>>
Objet : [mailop] Anyone from free.fr on the list?

Hi

We had a spam outbreak (mainly Paypal stuff) targetted towards accounts on 
free.fr and I’ve been struggling to get it cleaned up.
Some of our sending IPs are still blacklisted though..

If there is someone from free.fr on the list - please reach out 
to me off the list
- Thanks :-)

Kind Regards,
Sidsel Jensen
Systems Engineer @ One.com
s...@one.com





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

[Copernica BV, Bas van Berckel via mailop]

Just tried adding myself, got the same old message as always. Sounds to 
me like something on your end cut the message off before the link.


--
Met vriendelijke groet,
Best regards,

Bas van Berckel
Deliverability Expert

Support & Operations Copernica BV
+31 (0)20 520 61 90
www.copernica.com

On 12-04-19 13:46, Shahjahan Miah wrote:


Hi,

Have Microsoft changed the process for requesting authorisation of 
sending IPs on SNDS? The email we get in our abuse folder no longer 
has the link to confirm the request to add the IP to the tool.


It only states that someone has requested access to view hotmail data 
but no link, very strange.


Thanks,

Shah

signature_1395543467 *
Shahjahan Miah **|***Sr Deliverability Development Consultant

*m: *+447960741688
*e:* _shahjahan.m...@mapp.com _

Follow us: cid:image006.png@01D4B7E6.669D8F70 
cid:image007.png@01D4B7E6.669D8F70 
cid:image008.png@01D4B7E6.669D8F70 



Mapp Digital UK Ltd, registered in England and Wales with company 
number 10162741 and offices located at 95 Gresham Street, 6th Floor, 
London, EC2V 7NA


This e-mail is from Mapp Digital and its international legal entities 
and may contain information that is confidential or proprietary.
If you are not the intended recipient, do not read, copy or distribute 
the e-mail or any attachments. Instead, please notify the sender and 
delete the e-mail and any attachments.

Please consider the environment before printing. Thank you.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from free.fr on the list?

[Mathieu Bourdin]

Hi,

You can reach out to postmas...@proxad.net (home 
company for free.fr). The guy in charge is usually quite reactive but, as he is 
alone, it might depend of his schedule.

Mathieu B.


De : mailop  De la part de Sidsel Jensen
Envoyé : vendredi 12 avril 2019 13:39
À : mailop 
Objet : [mailop] Anyone from free.fr on the list?

Hi

We had a spam outbreak (mainly Paypal stuff) targetted towards accounts on 
free.fr and I’ve been struggling to get it cleaned up.
Some of our sending IPs are still blacklisted though..

If there is someone from free.fr on the list - please reach out 
to me off the list
- Thanks :-)

Kind Regards,
Sidsel Jensen
Systems Engineer @ One.com
s...@one.com





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Microsoft SNDS Requesting authorisation of IPs

[Shahjahan Miah]

Hi,

Have Microsoft changed the process for requesting authorisation of sending IPs 
on SNDS? The email we get in our abuse folder no longer has the link to confirm 
the request to add the IP to the tool.

It only states that someone has requested access to view hotmail data but no 
link, very strange.

Thanks,
Shah


[signature_1395543467]
Shahjahan Miah | Sr Deliverability Development Consultant
m: +447960741688
e: shahjahan.m...@mapp.com
Follow us:  [cid:image006.png@01D4B7E6.669D8F70] 

[cid:image007.png@01D4B7E6.669D8F70]    
[cid:image008.png@01D4B7E6.669D8F70] 


Mapp Digital UK Ltd, registered in England and Wales with company number 
10162741 and offices located at 95 Gresham Street, 6th Floor, London, EC2V 7NA
This e-mail is from Mapp Digital and its international legal entities and may 
contain information that is confidential or proprietary.
If you are not the intended recipient, do not read, copy or distribute the 
e-mail or any attachments. Instead, please notify the sender and delete the 
e-mail and any attachments.
Please consider the environment before printing. Thank you.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from free.fr on the list?

[Sidsel Jensen]

Hi

We had a spam outbreak (mainly Paypal stuff) targetted towards accounts on 
free.fr  and I’ve been struggling to get it cleaned up.
Some of our sending IPs are still blacklisted though..

If there is someone from free.fr  on the list - please reach 
out to me off the list
- Thanks :-)

Kind Regards,
Sidsel Jensen
Systems Engineer @ One.com 
s...@one.com 








signature.asc
Description: Message signed with OpenPGP
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] 2 Return-Path headers?

[Vladimir Dubrovin via mailop]

According to current practices and standards, Return-Path header should
never be added by sender. This line is usually added by MDA (Mail
Delivery Agent) when the message is delivered to mailbox and is always a
first line of delivered message, but older systems could add Return-Path
during transfer. You can safely ignore any Return-Path which is not a
first line in the message delivered to mailbox. See
https://tools.ietf.org/html/rfc5321#section-4.4  it's very clear on this:

   
   When the delivery SMTP server makes the "final delivery" of a
   message, it inserts a return-path line at the beginning of the mail
   data.  This use of return-path is required; mail systems MUST support
   it.  The return-path line preserves the information in the  from the MAIL command.  Here, final delivery means the message
   has left the SMTP environment.  Normally, this would mean it had been
   delivered to the destination user or an associated mail drop, but in
   some cases it may be further processed and transmitted by another
   mail system.

   It is possible for the mailbox in the return path to be different
   from the actual sender's mailbox, for example, if error responses are
   to be delivered to a special error handling mailbox rather than to
   the message sender.  When mailing lists are involved, this
   arrangement is common and useful as a means of directing errors to
   the list maintainer rather than the message originator.

   The text above implies that the final mail data will begin with a
   return path line, followed by one or more time stamp lines.  These
   lines will be followed by the rest of the mail data: first the
   balance of the mail header section and then the body (RFC 5322 
 [4 
]).

   It is sometimes difficult for an SMTP server to determine whether or
   not it is making final delivery since forwarding or other operations
   may occur after the message is accepted for delivery.  Consequently,
   any further (forwarding, gateway, or relay) systems MAY remove the
   return path and rebuild the MAIL command as needed to ensure that
   exactly one such line appears in a delivered message.

   A message-originating SMTP system SHOULD NOT send a message that
   already contains a Return-path header field.  SMTP servers performing
   a relay function MUST NOT inspect the message data, and especially
   not to the extent needed to determine if Return-path header fields
   are present.  SMTP servers making final delivery MAY remove Return-
   path header fields before adding their own.

   The primary purpose of the Return-path is to designate the address to
   which messages indicating non-delivery or other mail system failures
   are to be sent.  For this to be unambiguous, exactly one return path
   SHOULD be present when the message is delivered.  Systems using RFC 

   822  syntax with non-SMTP transports 
SHOULD designate an unambiguous
   address, associated with the transport envelope, to which error
   reports (e.g., non-delivery messages) should be sent.




11.04.2019 22:01, Autumn Tyr-Salvia пишет:
> Hello,
>
> I'm looking at headers for a particular message, and noticed two
> different Return-Path headers. The message is being sent by an ESP.
> One Return-Path uses a VERP address with the ESP's domain, and the
> other uses the same address as the friendly From:. 
>
> I haven't seen this in other headers before - is this common? Why
> would there be 2? I spent some quality time with RFC 2822 and couldn't
> determine if it's spec-legal to have two Return-Path headers or not.
> More to the point, it's using the one with the ESP domain for checking
> SPF, which is not what the desired behavior. 
>
> I can reach out directly to the ESP in question to get more info, but
> wanted to ask this group first if there's some other resource I should
> consult for a firm understanding of using multiple Return-Path headers
> before I have that conversation.
>
>
> Thanks,
>
> Autumn Tyr-Salvia
> tyrsalvia@gmail
> atyrsalvia@agari
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


-- 
Vladimir Dubrovin
@Mail.Ru

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AS Number RBL (Re: Digital Ocean Sextortion Spammers..)

[Brent Clark]

You should look to using sanesecurity shelter signature.

I.e. shelter.ldb

Regards
Brent Clark


On 2019/04/11 11:31, Benoit Panizzon wrote:

Hi List

Our Mail Infrastructure just got hit by a new sextortion wave
originating from vairous IP @ AS14061

I wondered, aren't there any RBL providers blacklisting whole AS
ip ranges or returning the AS number when queried with the reversed IP,
so blocking / penalizing could be easily implemented in SpamAssassin and
other mail filters using RBL DNS queries?

A quick google search did not return any useful hits on that topic.

Mit freundlichen Grüssen

-Benoît Panizzon-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop