Re: [mailop] Sendgrid strikes again; zendesk, actually

[Jaroslaw Rafa via mailop]

Dnia 26.02.2020 o godz. 12:12:13 Alessandro Vesely via mailop pisze:
> 
> Sorry, I thought I had made it clear they're _not_ ticket ack.  I attach the
> last one I received, it arrived five minutes after I sent the last complaint.

It looks like they are just returning you the message you have sent.
Why? - I don't know. Looks like some error on their side.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Paul Smith via mailop]

On 26/02/2020 11:12, Alessandro Vesely via mailop wrote:



That looks remarkably like Sendgrid use ZenDesk for their abuse desk platform, 
and they’re replying to or otherwise acknowledging your ticket. That they 
include the original email body isn’t that surprising for an abuse desk.


Sorry, I thought I had made it clear they're _not_ ticket ack.  I attach the
last one I received, it arrived five minutes after I sent the last complaint.

It looks EXACTLY like a ticket acknowledgement email to me. The "## In 
replies all text above this line is added to the ticket ##" text is 
telling me that it's a ticket acknowledgement and is allowing you to add 
more information to the ticket by email. I'm not entirely sure why the 
confusion???


Try changing the subject/message slightly on the complaint message you 
send. I 100% expect the message you receive in return will have that 
changed subject/message, not the original subject/message content.




--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Jaroslaw Rafa via mailop]

Dnia 26.02.2020 o godz. 11:50:18 Paul Smith via mailop pisze:
> It looks EXACTLY like a ticket acknowledgement email to me. The "##
> In replies all text above this line is added to the ticket ##" text
> is telling me that it's a ticket acknowledgement and is allowing you
> to add more information to the ticket by email. I'm not entirely
> sure why the confusion???

I guess the confusion may come from the fact that one would usually not
expect a ticket acknowledgment to be ONLY the exact copy of the message you
have sent and pretty much nothing more. I still think they misconfigured
something.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Paul Smith via mailop]

On 26/02/2020 12:21, Jaroslaw Rafa via mailop wrote:

I guess the confusion may come from the fact that one would usually not
expect a ticket acknowledgment to be ONLY the exact copy of the message you
have sent and pretty much nothing more. I still think they misconfigured
something.


But it isn't...

It has

## In replies all text above this line is added to the ticket ##
--

above the quoted text

and

-

Your Twilio Ticket ID # 3806345 Encoded ID # [Q54RWY-VROX] Your 
Ticketing System's ID # (if we have recorded one): -


 This email is a service from SendGrid.

below the quoted text. The middle of the message is the ticket history. 
That is quite normal for ticket acknowlegements that I see. It all looks 
normal to me. They can't put anything else at the top of the message 
because "all text above this line is added to the ticket"





--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Luke via mailop]

Unfortunately, the host name filter2087p1mdw1.sendgrid.net does not
actually indicate an outbound filter. The name is a legacy naming
convention. The "filter" servers at SendGrid do a lot of things, but out
bound filtering is not one of them.

They also have no process in place for verifying From addresses. With their
API, you can put whatever you want in the From field. Clearly not ideal,
but they arent unique in this regard. All in all, considering the amount of
email SendGrid sends, the scale of the phishing problem is remarkably
small. Despite their problems, I'd say they don't get the credit they
deserve. It is easy to get a few bad messages and point your finger and say
they dont care, but that isn't true.

On Wed, Feb 26, 2020, 12:25 AM Hans-Martin Mosner via mailop <
mailop@mailop.org> wrote:

> Am 25.02.20 um 19:12 schrieb Alessandro Vesely via mailop:
>
> On Tue 25/Feb/2020 16:30:29 +0100 Luke via mailop wrote:
>
> Some more detail on this would be helpful.
>
> On Mon, 24 Feb 2020 11:35:08 +0100 I received the first abusive message, with
> subject: "I have videos of you masturbating"
> sent by o2.ptr2321.cornerstoner.co.uk [149.72.56.5].
>
> On Mon, 24 Feb 2020 11:49:16 +0100 I sent a complaint to ab...@sendgrid.com 
> with
> subject: "Abuse: I have videos of you masturbating".
> The complaint was delivered on Mon 24, Feb 2020 11:49:19 to 
> mxa-0023de01.gslb.pphosted.com [148.163.153.13].
>
> On Mon, 24 Feb 2020 21:44:27 +0100 I received a further abusive message with
> subject: "Request# 3806345 | Abuse: I have videos of you masturbating | -"
> sent by outbyoip4.pod14.use1.zdsys.com [192.161.148.4].
>
> I reported the second message as well, this morning, with
> subject: "Abuse: Request# 3806345 | Abuse: I have videos of you masturbating 
> |".
> Recipients included ab...@sendgrid.com, and the report was delivered to 
> mxb-0023de01.gslb.pphosted.com [148.163.153.13] on Tue, 25 Feb 2020 10:50:00 
> +0100.
>
> On Tue, 25 Feb 2020 10:54:46 +0100 I received a third abusive message with
> subject: "Request# 3809003 | Abuse: Request# 3806345 | Abuse: I have videos 
> of you masturbating | - | -"
> sent by outbyoip7.pod14.use1.zdsys.com [192.161.148.7].
>
>
> I'm gonna send yet another complaint right now :-)
>
> Best
> Ale
>
> These are clearly (automated?) ticket creation notices. Their usefulness
> is certainly questionable, but I would not report them as abuse, even
> though the replies include the original abusive content.
>
> I got a similar one in response to a phishing mail report that I sent
> yesterday, still waiting for a human answer stating that the problem has
> been identified.
>
> My suspicion is that sendgrid uses a classical authenticated sender
> mechanism, and if one of their customers have their credentials stolen they
> are blissfully sending out any crap that's received with these customer
> credentials. This is acceptable for a simple e-mail provider (although some
> large ones helpfully employ egress spam filtering) but should not be ok for
> a mass-mailing infrastructure provider.
> These headers show that sendgrid apparently have some filter mechanism but
> they did not keep this message from being sent:
>
> Received: by filter2087p1mdw1.sendgrid.net with SMTP id 
> filter2087p1mdw1-28948-5E5491B9-2A
> 2020-02-25 03:17:14.132210298 + UTC m=+1044011.719633273
> Received: from zlb12 (mail.elektrofun.cz [87.121.98.48])
>   by ismtpd0006p1lon1.sendgrid.net (SG) with ESMTP id 
> abZM1wRpRt-9dgz6vsxK0w
>   Tue, 25 Feb 2020 03:17:13.566 + (UTC)
> From: "Amazon Services Europe" 
> 
>
> Sendgrid should not accept messages with "amazon.info" in the From:
> header unless the customer has been previously authorized to send mails in
> the name of Amazon. I don't know whether their X-SG-EID: header contains
> encoded information about the customer, probably it does, so they should be
> able to identify and stop the customer.
>
> I'd like them to send a short response to my abuse report stating that
> they have identified the problem and have taken steps to prevent it from
> occurring again, but that's probably wishful thinking. Meaningful responses
> to abuse reports are rare...
>
> Cheers,
> Hans-Martin
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Spectrum webmail folks around?

[Jay R. Ashworth via mailop]

My sister's inherited tampabay.rr.com account -- the only one we have to
look at your webmail client with -- is unreasonably slow in retrieving mail
from folders.  On my 16GB i7 with Win 10, it can take on the order of a minute
to open a folder with 3 messages in it; much longer for things like the Inbox.

Ridiculously longer on less powerful devices, like her Android tablet.

I'm told this is a pervasive problem with the webmail service.  Is it, perhaps,
trying to implement an entire IMAP client in Javascript?

If there's anyone in that department at that carrier who can comment on this,
that'd be great.

Cheers,
-- jra

-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates   http://www.bcp38.info  2000 Land Rover DII
St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647 1274

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Alessandro Vesely via mailop]

On Wed 26/Feb/2020 12:50:18 +0100 Paul Smith via mailop wrote:
> On 26/02/2020 11:12, Alessandro Vesely via mailop wrote:
>>
>>> That looks remarkably like Sendgrid use ZenDesk for their abuse desk
>>> platform, and they’re replying to or otherwise acknowledging your ticket.
>>> That they include the original email body isn’t that surprising for an abuse
>>> desk.
>>
>> Sorry, I thought I had made it clear they're _not_ ticket ack.  I attach the
>> last one I received, it arrived five minutes after I sent the last complaint.
>>
> It looks EXACTLY like a ticket acknowledgement email to me. The "## In replies
> all text above this line is added to the ticket ##" text is telling me that
> it's a ticket acknowledgement and is allowing you to add more information to
> the ticket by email. I'm not entirely sure why the confusion???


Hm... it vaguely resembles a ticket acknowledge email.  When I forwarded the
abusive message as an attachment, I added a short accompanying note.  There is
no mention of my note in the ticket.

Neither there is any kind of boilerplate, except those two lines:

## In replies all text above this line is added to the ticket ##
This email is a service from SendGrid.

Don't they write something like:

   Thank you for your report. Please note that due to the volume of mail
   sent to this address, it may take some time for your request to be
   processed. If your issue is time sensitive, you can fill out our abuse
   form at: 
?

In addition, the very first message of the series didn't have my avatar, it was
added in the first "ticket acknowledgment".  Rather unusual, eh?


> Try changing the subject/message slightly on the complaint message you send. I
> 100% expect the message you receive in return will have that changed
> subject/message, not the original subject/message content.


Correct.  It seems to me that their ticketing system has been hacked.


Best
Ale
-- 
















___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spectrum webmail folks around?

[Ken O'Driscoll via mailop]

On Wed, 2020-02-26 at 17:07 +, Jay R. Ashworth via mailop wrote:
> My sister's inherited tampabay.rr.com account -- the only one we have to
> look at your webmail client with -- is unreasonably slow in retrieving mail
> from folders.  On my 16GB i7 with Win 10, it can take on the order of a minute
> to open a folder with 3 messages in it; much longer for things like the Inbox.
> 
> Ridiculously longer on less powerful devices, like her Android tablet.
> 
> I'm told this is a pervasive problem with the webmail service.  Is it, 
> perhaps,
> trying to implement an entire IMAP client in Javascript?
> 
> If there's anyone in that department at that carrier who can comment on this,
> that'd be great.

This list is not intended for provisioning end user support on provider
email services.

If you have problem with the webmail service provided by
Charter/Spectrum then you should open a support request with them. 

Ken.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from Cloudmark?

[Brett Schenker via mailop]

If so, can you ping me off list? Thanks!

-- 
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Robert L Mathews via mailop]

On 2/26/20 5:22 AM, Luke via mailop wrote:
> 
> They also have no process in place for verifying From addresses. With
> their API, you can put whatever you want in the From field. Clearly not
> ideal, but they arent unique in this regard. All in all, considering the
> amount of email SendGrid sends, the scale of the phishing problem is
> remarkably small.

I strongly disagree with this. I get the most blatant phishing messages,
sometimes sent to obvious role addresses, and reporting it as being
received at one address (out of several) has historically caused that
address to get listwashed while the mail continues to the others.

This morning I looked at a fraction of my inbound Sendgrid mail and
found these DMARC rejection failures:

---

Received: from dhl.com (unknown [104.152.185.247])
by ismtpd0077p1mdw1.sendgrid.net (SG) with ESMTP id
WDd40e6kS0yDqUPUjLyFpg
From: dhlsen...@dhl.com
Subject: [Newsletters] DHL Shipment Successful : Air Waybill no 4449826931

Received: from wellsfargo.com
(ec2-3-12-148-177.us-east-2.compute.amazonaws.com [3.12.148.177])
by ismtpd0039p1iad2.sendgrid.net (SG)
From: Wells Fargo 
Subject: Warning: Account Temporary Blocked

Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63])
by ismtpd0001p1lon1.sendgrid.net (SG)
From: "Chase Online" 
Subject: Your Online Informations are Outdated. Update Now

Received: from MTQzMTI5NzY (unknown [35.175.22.107]) by
ismtpd0011p1iad2.sendgrid.net (SG)
From: "supp...@chase.com" 
Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On
02/27/2020 [MAIL ID:4435446]

Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63])
by ismtpd0004p1lon1.sendgrid.net (SG) with ESMTP id
Rmde0K91SFiqiUueuaNLbg
From: "Chase Online" 
Subject: Online Alert.

---

And this is just the blatant phishing (there's much more non-phishing spam).

This is not the sign of a company that cares about phishing.

Adding a "will this message trigger a DMARC reject" filter on outgoing
mail would be trivial. Adding a filter that flags "@wellsfargo.com" and
other frequently phished domain names in the From header would be
trivial. Adding a filter that flags mail runs with a high percentage
sent to "support@", "info@", "sales@", and "billing@" would be trivial.

The fact that they haven't bothered with any of these things after years
of this tells you everything you need to know.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from HughesNet ISP here

[Lili Crowley via mailop]

Please contact me off list.

Thanks!
Lili


Lili Crowley
Postmaster
Verizon Media
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid strikes again; zendesk, actually

[Luke via mailop]

They might not care about phishing as much as you'd like them to. But they
do care about phishing.

All of your suggestions are good ones. Some of them are even "trivial" as
you put it.

The fact that they haven't bothered with any of these things after years
> of this tells you everything you need to know.
>

Well. I guess that's that.

On Wed, Feb 26, 2020 at 10:58 AM Robert L Mathews via mailop <
mailop@mailop.org> wrote:

> On 2/26/20 5:22 AM, Luke via mailop wrote:
> >
> > They also have no process in place for verifying From addresses. With
> > their API, you can put whatever you want in the From field. Clearly not
> > ideal, but they arent unique in this regard. All in all, considering the
> > amount of email SendGrid sends, the scale of the phishing problem is
> > remarkably small.
>
> I strongly disagree with this. I get the most blatant phishing messages,
> sometimes sent to obvious role addresses, and reporting it as being
> received at one address (out of several) has historically caused that
> address to get listwashed while the mail continues to the others.
>
> This morning I looked at a fraction of my inbound Sendgrid mail and
> found these DMARC rejection failures:
>
> ---
>
> Received: from dhl.com (unknown [104.152.185.247])
> by ismtpd0077p1mdw1.sendgrid.net (SG) with ESMTP id
> WDd40e6kS0yDqUPUjLyFpg
> From: dhlsen...@dhl.com
> Subject: [Newsletters] DHL Shipment Successful : Air Waybill no 4449826931
>
> Received: from wellsfargo.com
> (ec2-3-12-148-177.us-east-2.compute.amazonaws.com [3.12.148.177])
> by ismtpd0039p1iad2.sendgrid.net (SG)
> From: Wells Fargo 
> Subject: Warning: Account Temporary Blocked
>
> Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63])
> by ismtpd0001p1lon1.sendgrid.net (SG)
> From: "Chase Online" 
> Subject: Your Online Informations are Outdated. Update Now
>
> Received: from MTQzMTI5NzY (unknown [35.175.22.107]) by
> ismtpd0011p1iad2.sendgrid.net (SG)
> From: "supp...@chase.com" 
> Subject: [Card Fraud Prevention] Activity On Your Debit or ATM Card On
> 02/27/2020 [MAIL ID:4435446]
>
> Received: from WIN-JM5NDCQFSU3 (unknown [193.56.28.63])
> by ismtpd0004p1lon1.sendgrid.net (SG) with ESMTP id
> Rmde0K91SFiqiUueuaNLbg
> From: "Chase Online" 
> Subject: Online Alert.
>
> ---
>
> And this is just the blatant phishing (there's much more non-phishing
> spam).
>
> This is not the sign of a company that cares about phishing.
>
> Adding a "will this message trigger a DMARC reject" filter on outgoing
> mail would be trivial. Adding a filter that flags "@wellsfargo.com" and
> other frequently phished domain names in the From header would be
> trivial. Adding a filter that flags mail runs with a high percentage
> sent to "support@", "info@", "sales@", and "billing@" would be trivial.
>
> The fact that they haven't bothered with any of these things after years
> of this tells you everything you need to know.
>
> --
> Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Anne P. Mitchell, Esq. via mailop]

I came across a pdf titled Spam Lawsuits: What's the Worst that Can Happen? 
...no author, no sponsoring org (although I suspect a connection with MailChimp 
owing to a line say saying "If you're a MailChimp customer" and another saying 
"As you're a MailChimp customer")

You can see it here:

https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf

I'd like to give proper attribution...anybody recognize it?

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security, Lincoln 
Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Will Boyd via mailop]

definitely connected to mailchimp:
https://www.slideshare.net/mailchimp/spam-lawsuits-whats-the-worst-that-could-happen

On Wed, Feb 26, 2020 at 2:01 PM Anne P. Mitchell, Esq. via mailop <
mailop@mailop.org> wrote:

> I came across a pdf titled Spam Lawsuits: What's the Worst that Can
> Happen? ...no author, no sponsoring org (although I suspect a connection
> with MailChimp owing to a line say saying "If you're a MailChimp customer"
> and another saying "As you're a MailChimp customer")
>
> You can see it here:
>
>
> https://urldefense.com/v3/__https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf__;!!NCc8flgU!LUTvpjrgfNqfFFcorZXIQR_mLEvJNOwSokkyC8dc4jGV6v_I749gOhfm6HFGOm5c-A$
>
> I'd like to give proper attribution...anybody recognize it?
>
> Anne
>
> ---
> Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security,
> Lincoln Law School
> CEO/President, SuretyMail Email Reputation Certification
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Former Counsel: Mail Abuse Prevention System (MAPS)
>
>
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop__;!!NCc8flgU!LUTvpjrgfNqfFFcorZXIQR_mLEvJNOwSokkyC8dc4jGV6v_I749gOhfm6HE_2dRSxA$
>


-- 
[image: sendgridlogo2.png] 
Will Boyd
Sr. Email Deliverability Consultant
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Michael Peddemors via mailop]

No, but that is a valuable list that can show the 'why' of real 
fines/levies.  Be nice if they included a few Canadian examples


https://www.theglobeandmail.com/business/article-crtc-levies-fines-against-two-companies-under-canadas-anti-spam-law/

https://crtc.gc.ca/eng/DNCL/dnclc_2019.htm

https://crtc.gc.ca/eng/archive/2019/2019-111.htm

Lot's of examples..

On 2020-02-26 12:54 p.m., Anne P. Mitchell, Esq. via mailop wrote:

I came across a pdf titled Spam Lawsuits: What's the Worst that Can Happen? ...no author, no 
sponsoring org (although I suspect a connection with MailChimp owing to a line say saying "If 
you're a MailChimp customer" and another saying "As you're a MailChimp customer")

You can see it here:

https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf

I'd like to give proper attribution...anybody recognize it?

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security, Lincoln 
Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AT&T Block - abuse_...@abuse-att.net still valid?

[Scott Mutter via mailop]

I know this will come as a complete and absolute shock to most everyone
here.

It's been 15 days since I originally posted this on this list.  I was told
to wait about a week to let them "weed" out all of the clutter AT&T likely
gets from this abuse address... so I waited 2 weeks.

The shocking part... it's still blocked.  And I haven't received a peep
from AT&T other than the canned response I got on February 10th (16 days
ago).

So basically all I've done is wasted 16 days waiting for a response or
resolution.

And yet people wonder why I have zero faith in the way any of these "big"
mail providers address disputes to their clandestine blacklisting and
blocking process.

Am I suppose to wait another decade or two for a response or resolution
from AT&T regarding this?

For what it's worth - the IP address in this particular case
is 192.158.224.5 - I would very much love for someone to tell me what is
wrong with this IP address and why AT&T is blacklisting it.  What services
do you all recommend to go to to check the reputation of a mail server's IP
address?  I've been using Senderscore, Senderbase, Proofpoint, Symantec,
Spamhaus, Spamcop - this IP address comes up clean at all of those places -
but I guess those aren't good sources to double check with?

I'm open to suggestions on how I'm suppose to handle this and what I need
to do to resolve this.  Apparently checking the IP's reputation at those
sites isn't good enough.  And apparently sending an email to
abuse_...@abuse-att.net is not good enough.



On Tue, Feb 11, 2020 at 9:50 AM Scott Mutter via mailop 
wrote:

> Anybody from AT&T able to check a couple of abuse tickets for me?
>
> AT&T is blocking one of our servers, I sent messages on February 8th and
> February 10th to abuse_...@abuse-att.net but have not heard anything back
> - other than the canned response - and the IP is still blocked.
>
> The rejection notice says to email abuse_...@abuse-att.net but I'm not
> sure if that is still valid.
>
> Ticket numbers are:
>
> 020820-180048-39537-00
> 021020-164333-46154-00
>
> I suppose it's possible that AT&T is just inundated with abuse requests -
> but maybe there is a better way to weed out the valid requests from the
> invalid requests.
>
> If abuse_...@abuse-att.net is no longer valid, then perhaps the rejection
> notice needs to be updated.
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Hokan via mailop]

The document attributes suggest that the author is "MailChimp", that
is was created "Wednesday, 24 September 2014 16:23:42 UTC", but
modified earler than that on "Thursday, 15 November 2012 21:48:19 UTC"



On Wed, Feb 26, 2020 at 01:54:54PM -0700, Anne P. Mitchell, Esq. via mailop 
wrote:
> I came across a pdf titled Spam Lawsuits: What's the Worst that Can Happen? 
> ...no author, no sponsoring org (although I suspect a connection with 
> MailChimp owing to a line say saying "If you're a MailChimp customer" and 
> another saying "As you're a MailChimp customer")
> 
> You can see it here:
> 
> https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf
> 
> I'd like to give proper attribution...anybody recognize it?

-- 
Hokan MEnet, a wholly owned subsidiary of Enet
System Administrator Department of Aerospace Engineering and Mechanics
ho...@me.umn.edu  Department of Mechanical Engineering
612.626.9800  Department of Industrial and Systems Engineering

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Grégoire , André via mailop]

Some more interesting Canadian links:

Our Dashboard: https://crtc.gc.ca/eng/internet/pub/20190930.htm

Orcus Rat: 
https://crtc.gc.ca/eng/archive/2019/vt191210.htm
https://www.newswire.ca/news-releases/crtc-issues-115-000-in-penalties-to-stop-the-spread-of-malicious-software-866235347.html

Malvertising: https://crtc.gc.ca/eng/archive/2018/vt180711.htm


Andre

Andre Gregoire, CISSP
Manager, CASL Enforcement
Compliance & Enforcement
Canadian Radio-television and Telecommunications Commission (CRTC)

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors 
via mailop
Sent: February 26, 2020 4:22 PM
To: mailop@mailop.org
Subject: Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that 
Can Happen?' ?

No, but that is a valuable list that can show the 'why' of real fines/levies.  
Be nice if they included a few Canadian examples

https://www.theglobeandmail.com/business/article-crtc-levies-fines-against-two-companies-under-canadas-anti-spam-law/

https://crtc.gc.ca/eng/DNCL/dnclc_2019.htm

https://crtc.gc.ca/eng/archive/2019/2019-111.htm

Lot's of examples..

On 2020-02-26 12:54 p.m., Anne P. Mitchell, Esq. via mailop wrote:
> I came across a pdf titled Spam Lawsuits: What's the Worst that Can 
> Happen? ...no author, no sponsoring org (although I suspect a 
> connection with MailChimp owing to a line say saying "If you're a 
> MailChimp customer" and another saying "As you're a MailChimp 
> customer")
> 
> You can see it here:
> 
> https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulatio
> ns.pdf
> 
> I'd like to give proper attribution...anybody recognize it?
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security, 
> Lincoln Law School CEO/President, SuretyMail Email Reputation 
> Certification
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam 
> law) Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance 
> Consultant Former Counsel: Mail Abuse Prevention System (MAPS)
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For 
More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard 
Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended 
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely those 
of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Ideas for possible content for FAQ: "Best Practices for running a mail server"

[Michael Peddemors via mailop]

Hehe.. another one.. (You think it would be self obvious)

When you talk about transparency, the idea is that the domain in the PTR 
should have a URL, where contact information related to abuse for/from 
that domain can be found..


97.107.24.93x1  1.outbound1.email-aeg.com
97.107.24.95x1  1.outbound3.email-aeg.com

(triggering one of our invalid user detection tools)

Visit the domain, http://email-aeg.com, and it redirects.. to an 
insecure page.. https://email-aeg.com/YesConnect?page=login


This server could not prove that it is email-aeg.com; its security 
certificate is from *.emailmarketing.com


I don't know if it is EXACTLY an email best practice..

But make sure that your pages have proper SSL's.

* Unsubscribe pages/urls
* Domain Pages

If your page is insecure, no one (and rightly so) will continue to 
unsubscribe, or report to you problems.




On 2020-02-25 3:12 a.m., Simon Lyall via mailop wrote:


Thank you for all the suggestions. I've put together a couple of pages:

https://www.mailop.org/faq/
https://www.mailop.org/best-practices/

as a start. What do people think needs to be added or changed?

Simon.
Mailop Admin Team.





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AT&T Block - abuse_...@abuse-att.net still valid?

[Michael Peddemors via mailop]

host 192.158.224.5
5.224.158.192.in-addr.ARPA domain name pointer server.divebums.com

host -t TXT divebums.com
divebums.com descriptive text "v=spf1 ip4:192.158.224.5 
ip4:174.36.50.170 ip4:192.110.160.37 +ip4:168.235.104.229 
ip4:192.158.224.5 a mx -all"


NetRange:   192.158.224.0 - 192.158.231.255
CIDR:   192.158.224.0/21
NetName:H4Y-IPV4-BLK2
NetHandle:  NET-192-158-224-0-2
Parent: VIVID-HOSTING-2 (NET-192-158-224-0-1)
NetType:Reallocated
OriginAS:   AS397373, AS17216
Organization:   H4Y Technologies LLC (HTL-33)
RegDate:2014-08-07
Updated:2019-04-16
Comment:http://www.iwfhosting.net
Comment:http://www.h4y.us
Comment:Standard NOC hours are 24/7
Ref:https://rdap.arin.net/registry/ip/192.158.224.0


OrgName:H4Y Technologies LLC

Well, the hosting provider should be able to help.  Ask them to provide 
you with 'rwhois' listing for your IP Address, so that you have clear 
operational authority, and transparency, and so people can see when you 
started using the IP Address.


"Assumming" that your mailing list software is set up correctly to only 
be a confirmed double opt-in, you 'should' find that most abuse teams 
will be very responsive.


Many of them lurk on this list as well of course, but this list isn't 
for 'ranting' (most of the time).  More flies with honey and all that.


Be nice in your ask, and you will see faster responses usually, try not 
to make the request sound like a 'bit** fest'..


Posting this once more.. More people need to read it.

https://www.m3aawg.org/sites/default/files/m3aawg-blocklist-help-bp-2018-02.pdf




On 2020-02-26 1:25 p.m., Scott Mutter via mailop wrote:
I know this will come as a complete and absolute shock to most everyone 
here.


It's been 15 days since I originally posted this on this list.  I was 
told to wait about a week to let them "weed" out all of the clutter AT&T 
likely gets from this abuse address... so I waited 2 weeks.


The shocking part... it's still blocked.  And I haven't received a peep 
from AT&T other than the canned response I got on February 10th (16 days 
ago).


So basically all I've done is wasted 16 days waiting for a response or 
resolution.


And yet people wonder why I have zero faith in the way any of these 
"big" mail providers address disputes to their clandestine blacklisting 
and blocking process.


Am I suppose to wait another decade or two for a response or resolution 
from AT&T regarding this?


For what it's worth - the IP address in this particular case 
is 192.158.224.5 - I would very much love for someone to tell me what is 
wrong with this IP address and why AT&T is blacklisting it.  What 
services do you all recommend to go to to check the reputation of a mail 
server's IP address?  I've been using Senderscore, Senderbase, 
Proofpoint, Symantec, Spamhaus, Spamcop - this IP address comes up clean 
at all of those places - but I guess those aren't good sources to double 
check with?


I'm open to suggestions on how I'm suppose to handle this and what I 
need to do to resolve this.  Apparently checking the IP's reputation at 
those sites isn't good enough.  And apparently sending an email to 
abuse_...@abuse-att.net  is not good enough.




On Tue, Feb 11, 2020 at 9:50 AM Scott Mutter via mailop 
mailto:mailop@mailop.org>> wrote:


Anybody from AT&T able to check a couple of abuse tickets for me?

AT&T is blocking one of our servers, I sent messages on February 8th
and February 10th to abuse_...@abuse-att.net
 but have not heard anything back -
other than the canned response - and the IP is still blocked.

The rejection notice says to email abuse_...@abuse-att.net
 but I'm not sure if that is still
valid.

Ticket numbers are:

020820-180048-39537-00
021020-164333-46154-00

I suppose it's possible that AT&T is just inundated with abuse
requests - but maybe there is a better way to weed out the valid
requests from the invalid requests.

If abuse_...@abuse-att.net  is no
longer valid, then perhaps the rejection notice needs to be updated.


___
mailop mailing list
mailop@mailop.org 
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
--

Re: [mailop] AT&T Block - abuse_...@abuse-att.net still valid?

[Lyle Giese via mailop]

Don't know if ATT looks at this but I know they used to.  The TTL for 
the A record for server.divebums.com is 900 seconds.  If checking this 
parameter, it was recommended that this be at least 12 hrs or 43,200 
seconds.  The theory was that 900 seconds indicated it was on a dynamic 
ip address.


Good luck!

Lyle Giese

LCR Computer Services, Inc.

On 2020-02-26 15:25, Scott Mutter via mailop wrote:
I know this will come as a complete and absolute shock to most 
everyone here.


It's been 15 days since I originally posted this on this list.  I was 
told to wait about a week to let them "weed" out all of the clutter 
AT&T likely gets from this abuse address... so I waited 2 weeks.


The shocking part... it's still blocked.  And I haven't received a 
peep from AT&T other than the canned response I got on February 10th 
(16 days ago).


So basically all I've done is wasted 16 days waiting for a response or 
resolution.


And yet people wonder why I have zero faith in the way any of these 
"big" mail providers address disputes to their clandestine 
blacklisting and blocking process.


Am I suppose to wait another decade or two for a response or 
resolution from AT&T regarding this?


For what it's worth - the IP address in this particular case 
is 192.158.224.5 - I would very much love for someone to tell me what 
is wrong with this IP address and why AT&T is blacklisting it.  What 
services do you all recommend to go to to check the reputation of a 
mail server's IP address?  I've been using Senderscore, Senderbase, 
Proofpoint, Symantec, Spamhaus, Spamcop - this IP address comes up 
clean at all of those places - but I guess those aren't good sources 
to double check with?


I'm open to suggestions on how I'm suppose to handle this and what I 
need to do to resolve this.  Apparently checking the IP's reputation 
at those sites isn't good enough.  And apparently sending an email to 
abuse_...@abuse-att.net  is not good 
enough.




On Tue, Feb 11, 2020 at 9:50 AM Scott Mutter via mailop 
mailto:mailop@mailop.org>> wrote:


Anybody from AT&T able to check a couple of abuse tickets for me?

AT&T is blocking one of our servers, I sent messages on February
8th and February 10th to abuse_...@abuse-att.net
 but have not heard anything back
- other than the canned response - and the IP is still blocked.

The rejection notice says to email abuse_...@abuse-att.net
 but I'm not sure if that is still
valid.

Ticket numbers are:

020820-180048-39537-00
021020-164333-46154-00

I suppose it's possible that AT&T is just inundated with abuse
requests - but maybe there is a better way to weed out the valid
requests from the invalid requests.

If abuse_...@abuse-att.net  is no
longer valid, then perhaps the rejection notice needs to be updated.


___
mailop mailing list
mailop@mailop.org 
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Tom Kulzer via mailop]

http://static.mailchimp.com/www/guides/spam-lawsuits/package/spam-lawsuits.pdf 



Cheers,
Tom Kulzer
CEO & Founder
AWeber Communications
https://www.aweber.com
https://twitter.com/tkulzer


> On Feb 26, 2020, at 3:54 PM, Anne P. Mitchell, Esq. via mailop 
>  wrote:
> 
> I came across a pdf titled Spam Lawsuits: What's the Worst that Can Happen? 
> ...no author, no sponsoring org (although I suspect a connection with 
> MailChimp owing to a line say saying "If you're a MailChimp customer" and 
> another saying "As you're a MailChimp customer")
> 
> You can see it here:
> 
> https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf
> 
> I'd like to give proper attribution...anybody recognize it?
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security, 
> Lincoln Law School
> CEO/President, SuretyMail Email Reputation Certification
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Former Counsel: Mail Abuse Prevention System (MAPS)
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



signature.asc
Description: Message signed with OpenPGP
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AT&T Block - abuse_...@abuse-att.net still valid?

[Scott Mutter via mailop]

I really wouldn't think TTL would be a determining factor - at least if it
is I'd argue against it being such.  Do any DNS resolvers actually cache
data for the period stated in the TTL these days?  Too long of a TTL, I
think resolvers will flush it out before then anyway.  Maybe 900 is too
short, but I'd argue that looking at TTL isn't a good way to determine
spammyness.

If you look at gmail.com it's TTL is 300 seconds - now... granted that IP
address is not used to actually connect to mail server to send out mail,
it's just the IP address for the front facing gmail.com.

If you look at Yahoo, one of their sending IPs - 98.137.65.31 - resolves to
sonic315-55.consmr.mail.gq1.yahoo.com. and
sonic315-55.consmr.mail.gq1.yahoo.com. has a TTL of 1800 seconds.
Obviously, 1800 is larger than 900, but enough to worry about?

I definitely would subscribe to the notion that TTL should not matter for
this.  But should and does are two different things.

On Wed, Feb 26, 2020 at 3:53 PM Lyle Giese via mailop 
wrote:

> Don't know if ATT looks at this but I know they used to.  The TTL for the
> A record for server.divebums.com is 900 seconds.  If checking this
> parameter, it was recommended that this be at least 12 hrs or 43,200
> seconds.  The theory was that 900 seconds indicated it was on a dynamic ip
> address.
>
> Good luck!
>
> Lyle Giese
>
> LCR Computer Services, Inc.
> On 2020-02-26 15:25, Scott Mutter via mailop wrote:
>
> I know this will come as a complete and absolute shock to most everyone
> here.
>
> It's been 15 days since I originally posted this on this list.  I was told
> to wait about a week to let them "weed" out all of the clutter AT&T likely
> gets from this abuse address... so I waited 2 weeks.
>
> The shocking part... it's still blocked.  And I haven't received a peep
> from AT&T other than the canned response I got on February 10th (16 days
> ago).
>
> So basically all I've done is wasted 16 days waiting for a response or
> resolution.
>
> And yet people wonder why I have zero faith in the way any of these "big"
> mail providers address disputes to their clandestine blacklisting and
> blocking process.
>
> Am I suppose to wait another decade or two for a response or resolution
> from AT&T regarding this?
>
> For what it's worth - the IP address in this particular case
> is 192.158.224.5 - I would very much love for someone to tell me what is
> wrong with this IP address and why AT&T is blacklisting it.  What services
> do you all recommend to go to to check the reputation of a mail server's IP
> address?  I've been using Senderscore, Senderbase, Proofpoint, Symantec,
> Spamhaus, Spamcop - this IP address comes up clean at all of those places -
> but I guess those aren't good sources to double check with?
>
> I'm open to suggestions on how I'm suppose to handle this and what I need
> to do to resolve this.  Apparently checking the IP's reputation at those
> sites isn't good enough.  And apparently sending an email to
> abuse_...@abuse-att.net is not good enough.
>
>
>
> On Tue, Feb 11, 2020 at 9:50 AM Scott Mutter via mailop 
> wrote:
>
>> Anybody from AT&T able to check a couple of abuse tickets for me?
>>
>> AT&T is blocking one of our servers, I sent messages on February 8th and
>> February 10th to abuse_...@abuse-att.net but have not heard anything
>> back - other than the canned response - and the IP is still blocked.
>>
>> The rejection notice says to email abuse_...@abuse-att.net but I'm not
>> sure if that is still valid.
>>
>> Ticket numbers are:
>>
>> 020820-180048-39537-00
>> 021020-164333-46154-00
>>
>> I suppose it's possible that AT&T is just inundated with abuse requests -
>> but maybe there is a better way to weed out the valid requests from the
>> invalid requests.
>>
>> If abuse_...@abuse-att.net is no longer valid, then perhaps the
>> rejection notice needs to be updated.
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>
> ___
> mailop mailing 
> listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AT&T Block - abuse_...@abuse-att.net still valid?

[Luis E. Muñoz via mailop]

On 26 Feb 2020, at 13:53, Lyle Giese via mailop wrote:

Don't know if ATT looks at this but I know they used to.  The TTL for 
the A record for server.divebums.com is 900 seconds.  If checking 
this parameter, it was recommended that this be at least 12 hrs or 
43,200 seconds.  The theory was that 900 seconds indicated it was on 
a dynamic ip address.


I've seen that criteria used in the past in a DNS blacklist. TBH, I 
haven't seen this mentioned anywhere else in relation to deciding 
whether an IP address is static or not. In particular, there are many 
reasons you might want to have a short TTL – geo load balancing is 
just one of them.


I would tend to think that an organization doing that is trying very 
hard to be "static", as in "being there to receive your email" :-)


-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AT&T Block - abuse_...@abuse-att.net still valid?

[Luis E. Muñoz via mailop]

On 26 Feb 2020, at 14:18, Scott Mutter via mailop wrote:


[⋯] Do any DNS resolvers actually cache
data for the period stated in the TTL these days?


Many do. If you're operating a recursive for any sizable user 
population, you want to minimize the response time. Having the response 
in your local cache is actually as fast as you can get. Then again, with 
long TTLs comes the longevity of errors. This is why public resolvers 
have heuristics / buttons to forget data ahead of time or trigger a 
refresh.


I've seen some studies that compare large recursive resolver 
performance, that left me with the impression that at some sites, the 
resolvers are resource-starved. I wouldn't think this is a deliberate 
stance, as it degrades the quality perception of customers.


If you look at gmail.com it's TTL is 300 seconds - now... granted that 
IP
address is not used to actually connect to mail server to send out 
mail,

it's just the IP address for the front facing gmail.com.


Likely, they need to be able to point to a wholly different anycast node 
on a whim, or don't want you to carry a cached response when roaming 
between networks. I would not consider any large sender as a good 
example of the discussion on this context, because with that scale, come 
very specific challenges.


Many of the infrastructure elements I manage have sub-1d TTLs in their 
DNS records except for things like TLSA records and such. In our case, 
this is to ensure that changes can be deployed quickly. This of course 
comes with the price that we will disappear much faster from the DNS if 
we manage to screw up our geo-diverse name servers.


I definitely would subscribe to the notion that TTL should not matter 
for

this.  But should and does are two different things.


+1

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Anne P. Mitchell, Esq. via mailop]

Thank you, everyone, for helping solve this mystery!   The document actually 
does have attribution in the Slideshare version (what I had found was a plain 
PDF file, with no attribution).

Thank you again!

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyber Law & Cyber Security, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop