Re: [mailop] Junk filtering as a tool for unfair competition
I would just like to ask where I can apply to become an official Microsoft X-header analyst and/or creator. Reading these reminds me of the old days when I had Eudora and set it up so that it added an X-Because-I-Can: header well, because I could. But I do question the wisdom of adding some 5K worth of idiotic X-headers to a message whose body content is one line of abused URL shortener trying to sell me make-penis-fast pills. YMMV. I mean, what could the possible value be of a header like X-MS-Exchange-CrossTenant-FromEntityHeader: Internet ? Or X-MS-PublicTrafficType: Email ? Of COURSE it's email. And I love this: X-IncomingHeaderCount: 21 and yet there are at least 36 headers in the first example Daniele sent. And despite the fact that Daniele sent message #2 from kernel-panic.it, you still have X-OriginatorOrg: outlook.com which is, frankly, incorrect. Unless I misunderstand the meaning of "originator". We recently refused mail from a potential licensee because their own Forefront server labeled it as spam. Authenticated, outbound, and so on, and they still thought it was worthy of rejecting, so we rejected it (I still don't quite understand why once a message has been determined to be spam it is still relayed - but I don't have that many X-headers to draw on). Is there anything at all about these headers that has value? -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ Internet security and antispam hostname intelligence: http://enemieslist.com/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Junk filtering as a tool for unfair competition
Thanks Micheal for your feedback. We've been experiencing these problems for weeks now, and I get this behavior for emails sent from different providers / domains / countries. Please find attached (I hope attachments are allowed in this mailing list) the relevant headers for 3 different emails sent from different domains / providers. Any help is very much appreciated! Thanks and best regards, Daniele On 22-Oct-19 11:42 PM, Michael Wise via mailop wrote: If we throw something in the trash, there's a reason. Cite, please, with full headers of a junked email. Aloha, Michael. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop Authentication-Results: spf=pass (sender IP is 209.85.128.51) smtp.mailfrom=gmail.com; outlook.com; dkim=pass (signature was verified) header.d=gmail.com;outlook.com; dmarc=pass action=none header.from=gmail.com; Received-SPF: Pass (protection.outlook.com: domain of gmail.com designates 209.85.128.51 as permitted sender) receiver=protection.outlook.com; client-ip=209.85.128.51; helo=mail-wm1-f51.google.com; X-Antivirus: Avast (VPS 191022-2, 10/22/2019), Outbound message X-Antivirus-Status: Clean X-IncomingHeaderCount: 21 X-MS-Exchange-Organization-ExpirationStartTime: 22 Oct 2019 20:37:52.4807 (UTC) X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.000 X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit X-MS-Exchange-Organization-Network-Message-Id: aa0ffd95-bc33-4cf2-ec9a-08d7572fb600 X-EOPAttributedMessage: 0 X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-:0 X-MS-Exchange-Organization-MessageDirectionality: Incoming X-Forefront-Antispam-Report: EFV:NLI; X-MS-Exchange-Organization-AuthSource: DM6NAM12FT026.eop-nam12.prod.protection.outlook.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-PublicTrafficType: Email X-MS-UserLastLogonTime: 10/22/2019 5:37:00 PM X-MS-Office365-Filtering-Correlation-Id: aa0ffd95-bc33-4cf2-ec9a-08d7572fb600 X-MS-TrafficTypeDiagnostic: DM6NAM12HT188: X-MS-Exchange-EOPDirect: true X-Sender-IP: 209.85.128.51 X-SID-Result: PASS X-MS-Exchange-Organization-PCL: 2 X-Microsoft-Antispam: BCL:0; X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2019 20:37:52.4447 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: aa0ffd95-bc33-4cf2-ec9a-08d7572fb600 X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435- X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: ---- X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6NAM12HT188 X-MS-Exchange-Transport-EndToEndLatency: 00:00:00.9969103 X-MS-Exchange-Processed-By-BccFoldering: 15.20.2367.016 X-Microsoft-Antispam-Mailbox-Delivery: abwl:0;wl:0;pcwl:0;kl:0;iwl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:J;OFR:SpamFilterAuthJ;ENG:(5062000261)(5061607266)(5061608174)(4900115)(4920090)(6390077)(4950130)(4990090)(9140004);RF:JunkEmail; X-Message-Info: qoGN4b5S4yppgiU0M6YqGcOBrMyVdeDs2Nj1rVY4Twa+JolJ19Fi22UCqDArXNZp/ybXIul9RoOhI9AW4fizeoBkSBs8bFtWrc040D37Xwolsr0GjmCam933YgJei5AYcZNlAVXVQLdxTqIYkq2mrrHnHmkC/kcd+Ed/IwqfEB59SDNAD/zYFCMR5qOSoa/qQZT69KritPF3i1abGF5sWw== X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MjtHRD0xO1NDTD02 X-Microsoft-Antispam-Message-Info: Xaf/adHPpMEGZAbyNiXx56I9AyWk/dfeh/Wv5p1sKT/lGXDjVRlNQJ8cxOXIGhARwQ+RbvtqVsgus7JvZlbNcMCwrzQdzXydxwsRuWA/Z221su2eTGey/z6SeIESgV+tHT9yyE7rVTLuiuUJGqEayDwoTBsKnN6U2KVWyZZwLArE5cgNtXn2IDOSutNCs2uNqOnRCy8Vug4yjqzQ1TI5PXPPMOK8whfTXtQkNA23182q2/Mr7xBdGHBMOggJ3UC7jcoXVwm22A4gfLXGVYWriYMCcvTS35L2zhZD3zfkyBiV0OqbQlBvz7DsezBKprj6AbgkGrFSI+Zw7tLZUxSlboLRKv9mjXt6IhoSzUFIiwjwGgBqHzSk57LQtCAhtSoRFPrsxcGg2HugyMT3iNZP9VTDCbnu0D9hPz5hMEdupMx3GKIPf+4prJCiTeH6tZRiwpbH+NKhKqprtQ0tb9E2Kt3y5ua9TTA/dbX4/BJvuqwsEO4xwyAOOwBZY884klVnVc2lVpsDeS1J5Fzk4qIJdvmDCEENIDC8H+e8ikMnoA0fy4rufBXZe8+OpMT8qvJ2Qo/XKC4ZoE3lg5tqBIqcKE8pT/uUDQu/Z3JjbDeAVfjtqv83n+0q2AFqLSmxSLq+/CQrJCEUGfM6/x9zYC5UhkX3yKDTdqsudmqYzics5Bu68sUJ2wvpF1dLFGUEciTdrwShUns2ww0bn8kbOnLj+ziYGmvpiKhf7yuCj0O8+oJs9UEky8uaRKI5M9H5tvvkKMc0U18fNYnSrHmRiOgE78oy60T+s6lBPZx9zabw1HtbMkcryzCNRx54uQGZfB3dAuthentication-Results: spf=pass (sender IP is 62.149.156.80) smtp.mailfrom=kernel-panic.it; outlook.com; dkim=pass (signature was verified) header.d=aruba.it;outlook.com; dmarc=bestguesspass action=none header.from=kernel-panic.it; Received-SPF: Pass (protection.outlook.com: domain of kernel-panic.it designates 62.149.156.80 as permitted sender) receiver=protection.outlook.com; client-ip=62.149.156.80; helo=smtpcmd0880.aruba.it; X-IncomingTopHeaderMarker: OriginalChecksum:B83055D9E72FD98F815107F7C5EC9A770C42FDB43B12FFCCDCE2E72C2870FC75;UpperCasedChecksum:EEE0F4D7BF21B76F790025DE3172B9477A27ABF1DB43D0153908B7F2C331217B;SizeAsReceived:1125;Count:12 Received: from kernel-panic.it ([10.10.10.169]) by
Re: [mailop] Junk filtering as a tool for unfair competition
If we throw something in the trash, there's a reason. Cite, please, with full headers of a junked email. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail ? -Original Message- From: mailop On Behalf Of Daniele via mailop Sent: Tuesday, October 22, 2019 2:36 PM To: mailop@mailop.org Subject: [mailop] Junk filtering as a tool for unfair competition It looks like Microsoft, with its long history of questionable practices, has recently developed a new strategy for tearing down its weaker competitors. The strategy is quite simple: all legitimate emails sent to Microsoft-hosted accounts, coming from small to medium competitors' domains or servers, are simply delivered to the junk folder with no apparent reason. This strategy is simple but effective: competitors' reputation is harmed, their clients upset and pushed to change service provider. Well, Microsoft clients neither get a great level of service ...but who cares? So my question is: do you think it's fair that something as important as fighting spam, that should push cooperation among Internet Service Providers, can be abused to the point of becoming a tool for unfair competition and abuse of a dominant position? What do you guys think? Best regards, Daniele ___ mailop mailing list mailop@mailop.org https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C7246eb85bae043d97a8d08d757387dd2%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637073772457294871sdata=11WVZxUjHTfOLJLeEAYLWggl9fqRLZQAlpPuw6Cn5i0%3Dreserved=0 <>___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Junk filtering as a tool for unfair competition
It looks like Microsoft, with its long history of questionable practices, has recently developed a new strategy for tearing down its weaker competitors. The strategy is quite simple: all legitimate emails sent to Microsoft-hosted accounts, coming from small to medium competitors' domains or servers, are simply delivered to the junk folder with no apparent reason. This strategy is simple but effective: competitors' reputation is harmed, their clients upset and pushed to change service provider. Well, Microsoft clients neither get a great level of service ...but who cares? So my question is: do you think it's fair that something as important as fighting spam, that should push cooperation among Internet Service Providers, can be abused to the point of becoming a tool for unfair competition and abuse of a dominant position? What do you guys think? Best regards, Daniele ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] ASN Reputation lists, was Re: Gmail marking email from me as spam
On 2019-10-22 8:26 a.m., Hetzner Blacklist via mailop wrote: Bad sign-ups, there's been an uptick of that in the past ~2 weeks. We usually find and kick them out within a few hours, but if you see anything showing up in your logs for more than 24 hours, you're very welcome to contact me. Am 22.10.2019 um 13:00 schrieb Michael Peddemors : Are these compromises, bad sign-ups, or some actual other usage patterns? Replied also off list.. but yeah, these bad sign-ups have continued for over a week, and more yesterday.. And if the Linode guys can also report on their problems over the last week, suggest that they having a similar problem with bad sign-ups.. but in their case it might be different, and more to do with widespread compromises? 23.92.29.80 (S) 22 li662-80.members.linode.com 23.239.3.111(M) 8 li684-111.members.linode.com 45.33.12.189(M) 7 li966-189.members.linode.com 45.56.78.202(S,M)17 li928-202.members.linode.com 45.56.94.160(S,M)10 li896-160.members.linode.com 45.56.118.161 (S,M)11 li936-161.members.linode.com 45.56.126.93(M) 9 li944-93.members.linode.com 45.79.13.52 (S) 15 li1112-52.members.linode.com 45.79.43.161(S) 55 li1142-161.members.linode.com 45.79.52.175(S) 17 li1151-175.members.linode.com 45.79.132.83(S) 20 li1231-83.members.linode.com 45.79.156.69(S,M)12 li1255-69.members.linode.com 45.79.213.197 (S,M)12 li1312-197.members.linode.com 66.175.219.241 (S) 12 li514-241.members.linode.com 66.175.220.93 (S) 22 li515-93.members.linode.com 66.228.45.239 5 li326-239.members.linode.com 66.228.57.139 (M) 2 li314-139.members.linode.com 69.164.203.20 9 li117-20.members.linode.com 69.164.216.205 (S) 56 li131-205.members.linode.com 74.207.231.48 (S) 15 li73-48.members.linode.com 96.126.125.243 (S) 22 li374-243.members.linode.com 103.3.63.253(S) 24 li819-253.members.linode.com 109.74.200.29 (S) 31 li147-29.members.linode.com 109.74.206.101 (S) 23 li153-101.members.linode.com 139.162.47.39 6 li1460-39.members.linode.com 139.162.50.228 (S) 49 li1463-228.members.linode.com 139.162.101.95 (S) 56 li1585-95.members.linode.com 139.162.114.186 (S) 17 li1598-186.members.linode.com 139.162.121.222 (S) 56 li1605-222.members.linode.com 139.162.127.136 (S) 55 li1611-136.members.linode.com 139.162.186.43 (S) 17 li1503-43.members.linode.com 139.162.189.62 (S) 27 li1506-62.members.linode.com 139.162.197.15 (S) 56 li1360-15.members.linode.com 139.162.244.186 (S) 18 li1529-186.members.linode.com 139.162.249.182 (S) 55 li1534-182.members.linode.com 172.104.24.119 (S) 12 li1843-119.members.linode.com 172.104.32.194 (S) 24 li1612-194.members.linode.com 172.104.35.180 (S) 55 li1615-180.members.linode.com 172.104.40.32 (S) 13 li1620-32.members.linode.com 172.104.49.246 (S) 56 li1629-246.members.linode.com 172.104.101.43 (S) 27 li1711-43.members.linode.com 172.104.105.164 (S) 19 li1715-164.members.linode.com 172.104.121.29 (S) 19 li1731-29.members.linode.com 172.104.139.61 (S) 27 li1655-61.members.linode.com 172.104.154.147 (S) 19 li1670-147.members.linode.com 172.104.155.226 (S) 26 li1671-226.members.linode.com 172.104.169.204 (S) 24 li1760-204.members.linode.com 172.104.170.123 (S) 22 li1761-123.members.linode.com 172.104.252.47 (S) 22 li1829-47.members.linode.com 172.105.7.115 (S) 24 li1961-115.members.linode.com 172.105.14.93 (S) 17 li1969-93.members.linode.com 172.105.15.31 8 li1970-31.members.linode.com 172.105.16.166 (S) 17 li1971-166.members.linode.com 172.105.19.135 (S) 11 li1974-135.members.linode.com 172.105.26.60 (S) 23 li1981-60.members.linode.com 172.105.27.55 (S) 11 li1982-55.members.linode.com 172.105.41.209 (S) 56 li1993-209.members.linode.com 172.105.42.48 (S) 29 li1994-48.members.linode.com 172.105.42.130 (S) 53 li1994-130.members.linode.com 172.105.43.23 (S) 24 li1996-23.members.linode.com 172.105.48.241 (S) 34 li2029-241.members.linode.com 172.105.52.174 (S) 54 li2059-174.members.linode.com 172.105.54.239 (S) 55
Re: [mailop] ASN Reputation lists, was Re: Gmail marking email from me as spam
Bad sign-ups, there's been an uptick of that in the past ~2 weeks. We usually find and kick them out within a few hours, but if you see anything showing up in your logs for more than 24 hours, you're very welcome to contact me. Am 22.10.2019 um 13:00 schrieb Michael Peddemors : > Are these compromises, bad sign-ups, or some actual other usage patterns? ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Anyone a direct contact to the Mailchimp abuse desk?
Hi All I'm looking for a direct contact to the Mailchimp Abuse Desk, regarding a case of a repeated spamer I opened in March this year. Mailchimp told me they need some time to verify my evidences and reconstruct how their customer acted. I update that mailchimp case with the question if they finally came to a conclusion on a monthly base. They don't react. So if anyone from Mailchimp is reading this. Please contact me offlist. Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
