Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread Michael Wise via mailop 

Not my investigation, just handing it off to someone else, since … I don’t know.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: Ken Simpson 
Sent: Friday, March 6, 2020 2:48 PM
To: John R Levine 
Cc: Michael Wise ; mailop@mailop.org
Subject: Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

I looked at the logs, there's quite a few, all seem from outlook hosted
accounts.

It seems like something a co-op student would do: MIME encoding the world. I'd 
love to have an inside view of Michael's investigation.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread Ken Simpson via mailop 
>
> I looked at the logs, there's quite a few, all seem from outlook hosted
> accounts.
>
>
It seems like something a co-op student would do: MIME encoding the world.
I'd love to have an inside view of Michael's investigation.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread John R Levine via mailop 

Yeah, looking for someone to have a peek at that.
Rather Strange, to say the least.


I looked at the logs, there's quite a few, all seem from outlook hosted 
accounts.



-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Friday, March 6, 2020 9:35 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Strange MIME headers from Microsoft



Take a look at this archived message sent from an Outlook hosted user:



https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Flast-call%2FxTEWTOyy4HOX-wyvFVaOicn2P-I%2F%23&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023&sdata=%2Br4mkYri0davTs5Z3J4HCvcuGWtydtlexGxI8FykX%2Bs%3D&reserved=0



The Message-ID, ARC-Seal and some private headers are MIME encoded, like this:



Message-ID: =?utf-8?q?=3CMWHPR1301MB209609A6C565A653FD477AA585E30=40MWHPR130?= 
=?utf-8?q?1MB2096=2Enamprd13=2Eprod=2Eoutlook=2Ecom=3E?=



That is completely invalid under the mail standards (I checked with the guys 
who wrote them) and oddly pointless, since if you decode the MIME glop, it's an 
ordinary ASCII ID:



Message-ID: 
mailto:mwhpr1301mb209609a6c565a653fd477aa585...@mwhpr1301mb2096.namprd13.prod.outlook.com>>



I only see this in messages from outlook.com so I'm pretty sure they're doing 
it, not some intermediate system.  Anyone there we can get to look at it and 
fix it?



R's,

John



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023&sdata=0wdchpRx9ssEJ161kTFXs%2BuH1MkXr6JbgbGihxubCx8%3D&reserved=0



Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Strange MIME headers from Microsoft

2020-03-06 Thread Michael Wise via mailop 


[ hmm / ]



Yeah, looking for someone to have a peek at that.

Rather Strange, to say the least.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of John Levine via mailop
Sent: Friday, March 6, 2020 9:35 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Strange MIME headers from Microsoft



Take a look at this archived message sent from an Outlook hosted user:



https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailarchive.ietf.org%2Farch%2Fmsg%2Flast-call%2FxTEWTOyy4HOX-wyvFVaOicn2P-I%2F%23&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023&sdata=%2Br4mkYri0davTs5Z3J4HCvcuGWtydtlexGxI8FykX%2Bs%3D&reserved=0



The Message-ID, ARC-Seal and some private headers are MIME encoded, like this:



Message-ID: =?utf-8?q?=3CMWHPR1301MB209609A6C565A653FD477AA585E30=40MWHPR130?= 
=?utf-8?q?1MB2096=2Enamprd13=2Eprod=2Eoutlook=2Ecom=3E?=



That is completely invalid under the mail standards (I checked with the guys 
who wrote them) and oddly pointless, since if you decode the MIME glop, it's an 
ordinary ASCII ID:



Message-ID: 
mailto:mwhpr1301mb209609a6c565a653fd477aa585...@mwhpr1301mb2096.namprd13.prod.outlook.com>>



I only see this in messages from outlook.com so I'm pretty sure they're doing 
it, not some intermediate system.  Anyone there we can get to look at it and 
fix it?



R's,

John



___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cff4f318df5b24e654fb008d7c1f52e92%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637191131102826023&sdata=0wdchpRx9ssEJ161kTFXs%2BuH1MkXr6JbgbGihxubCx8%3D&reserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Strange MIME headers from Microsoft

2020-03-06 Thread John Levine via mailop 
Take a look at this archived message sent from an Outlook hosted user:

https://mailarchive.ietf.org/arch/msg/last-call/xTEWTOyy4HOX-wyvFVaOicn2P-I/#

The Message-ID, ARC-Seal and some private headers are MIME encoded, like this:

Message-ID: =?utf-8?q?=3CMWHPR1301MB209609A6C565A653FD477AA585E30=40MWHPR130?= 
=?utf-8?q?1MB2096=2Enamprd13=2Eprod=2Eoutlook=2Ecom=3E?=

That is completely invalid under the mail standards (I checked with
the guys who wrote them) and oddly pointless, since if you decode the MIME glop,
it's an ordinary ASCII ID:

Message-ID: 


I only see this in messages from outlook.com so I'm pretty sure they're doing 
it, not some
intermediate system.  Anyone there we can get to look at it and fix it?

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] These guys are doing it right!

2020-03-06 Thread Brielle via mailop 
I unfortunately had to stop accepting mail from mail.ru many years ago due to 
abuse/spam. 

Big providers do a pretty decent job of filtering inbound abuse/spam, but do a 
really shitty job of controlling outbound abuse/spam. 

Most of my systems have geo filtering in place too - China, Russia, India, 
among others are severely rate limited and restricted, and tend to be whitelist 
only.

Funny how when you block China alone, SSH brute forcing drops by more than 
half...  And when you block India, contact form spam is cut by over 75%...


Sent from my iPhone

> On Mar 6, 2020, at 8:44 AM, Jaroslaw Rafa via mailop  
> wrote:
> 
> Hello all,
> once in a while a topic of e-mails from small senders being mis-classified
> as spam returns on this list. Some time ago I was complaining (and not only
> me, there were more people who experienced the same thing) about Google
> putting my messages into users' Spam folder without me or them knowing it
> (them, because they usually don't look into their Spam folder unless told
> to).
> 
> Today I want to show you a good example how these issues can be handled. I
> tried to send a message to a user on Mail.ru service and I got a 550
> rejection telling me that my message was detected as spam. But not only
> that!
> 
> That's what the rejection message said:
> 
> 550 spam message rejected. Please visit 
> http://help.mail.ru/notspam-support/id?c=XXX 
>or  report details to ab...@corp.mail.ru. Error code:
>Y . ID: Z 
> 
> As you can see, for every message rejected as spam, their system prepares
> special codes for the sender, which you can use to easily submit a
> complaint. If you go to their help page without specifying a parameter (here
> it is: https://help.mail.ru/notspam-support/errors , click on "550 spam
> message discarded/rejected") you'll see that they even have a small graphics
> there showing you exactly where you should look for these codes in the
> rejection message you got. (You have to know a bit Russian however :)).
> 
> From what is written in the form I understand that the messages rejected as
> spam are actually quarantined somewhere on their system (it's possible as
> they are rejected after the DATA phase) and they look at these messages once
> you submit the form.
> 
> I submitted the form, got the ticket confirmation. It took them two days to
> resolve it, so I'm not fully satisfied with reaction time, but they finally
> fixed it. Not for the first time however :). When I got first message from
> them that the issue has been fixed, I tried to send mail again and still got
> a 550. But after I replied to their message that it still doesn't work, they
> fixed it in minutes!
> 
> I'm absolutely positively impressed that such a big mail service (I think
> that Mail.ru may be comparable to Yahoo in size, although probably not
> comparable to Google) can have so user-friendly and actually working
> policy towards false positive spam classifications. You know that your
> message has been mis-classified as spam; you know exactly what to do to
> have the situation fixed; and what's most important, it actually works!
> These Russian guys are definitely doing the good job. Keep it that way!
> -- 
> Regards,
>   Jaroslaw Rafa
>   r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] These guys are doing it right!

2020-03-06 Thread Jaroslaw Rafa via mailop 
Hello all,
once in a while a topic of e-mails from small senders being mis-classified
as spam returns on this list. Some time ago I was complaining (and not only
me, there were more people who experienced the same thing) about Google
putting my messages into users' Spam folder without me or them knowing it
(them, because they usually don't look into their Spam folder unless told
to).

Today I want to show you a good example how these issues can be handled. I
tried to send a message to a user on Mail.ru service and I got a 550
rejection telling me that my message was detected as spam. But not only
that!

That's what the rejection message said:

550 spam message rejected. Please visit 
http://help.mail.ru/notspam-support/id?c=XXX 
or  report details to ab...@corp.mail.ru. Error code:
Y . ID: Z 

As you can see, for every message rejected as spam, their system prepares
special codes for the sender, which you can use to easily submit a
complaint. If you go to their help page without specifying a parameter (here
it is: https://help.mail.ru/notspam-support/errors , click on "550 spam
message discarded/rejected") you'll see that they even have a small graphics
there showing you exactly where you should look for these codes in the
rejection message you got. (You have to know a bit Russian however :)).

From what is written in the form I understand that the messages rejected as
spam are actually quarantined somewhere on their system (it's possible as
they are rejected after the DATA phase) and they look at these messages once
you submit the form.

I submitted the form, got the ticket confirmation. It took them two days to
resolve it, so I'm not fully satisfied with reaction time, but they finally
fixed it. Not for the first time however :). When I got first message from
them that the issue has been fixed, I tried to send mail again and still got
a 550. But after I replied to their message that it still doesn't work, they
fixed it in minutes!

I'm absolutely positively impressed that such a big mail service (I think
that Mail.ru may be comparable to Yahoo in size, although probably not
comparable to Google) can have so user-friendly and actually working
policy towards false positive spam classifications. You know that your
message has been mis-classified as spam; you know exactly what to do to
have the situation fixed; and what's most important, it actually works!
These Russian guys are definitely doing the good job. Keep it that way!
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop