Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 8 Feb 2021, at 21:20, Dave Warren via mailop wrote: On 2021-02-08 16:14, Bill Cole via mailop wrote: [...] The "de-tagging" tactic that Al noted has existed, although I don't see much evidence of it in recent years. I think it may be that enough people who use tagged addresses give tagged addresses less scrutiny that senders who paid attention noticed that de-tagging hurts deliverability. There is also the possibility to give anything missing a tag extreme scrutiny Everything is relative :) (or outright reject it) if a user is careful to never give out untagged addresses. Yes. e.g.: I have a ridiculously strict local IP blocklist fed by automated mechanisms which sometimes list whole RIR allocations. It is used via scoring before SMTP and in content filtering, but for untagged addresses it is also used as an absolute ban if nothing else known at RCPT time (i.e. recipient address tagging or other stuff) exempts the message. Beyond that, many years ago I turned my nominally 'main' email address with which I use local-part tagging into a virtual address that is not an authentication identity on any system. OTOH, the "real" address to which my tagged addresses deliver (and which is used for authentication) is not actually mailable. That's an extremely useful secondary effect of intensive tagged-address usage, since the credential-stuffers all try tagged addresses or the de-tagged 'main address" and so are easy to identify without depending on rate or volume of attempts. No address that anyone knows legitimately is part of any credential set. By definition there is no consent given to a sender who just makes up their own addresses (by stripping or changing tags), which is significant to any sender trying to operate on an opt-in basis. Absolutely correct. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2021-02-08 16:14, Bill Cole via mailop wrote: On 8 Feb 2021, at 17:03, Richard Bewley via mailop wrote: The critical feature in '+' tagging (and equivalents using other characters or patterns) is the ability to create aliases on-the-fly in a namespace that the user controls such that the mail system handling delivery only needs to know the tagging pattern rather than every new tag. In a previous life I had an email system that would sort tagged messages into a subfolder, but only for folders that existed. If a folder didn't exist the message would get rejected at SMTP time. Not many users used it or grasped the concept of giving out a different address to each company, but the idea you could actually revoke a sender's ability to send to you just by deleting a folder was well received. Since some companies didn't accept tags, we allowed a - instead, and t...@mailbox.example.com would get aliased to mailbox+...@example.com. But of course now users have even more possible addresses they might have given out, which increases confusion significantly for those who didn't really get how tagged addresses worked but tried anyway. The "de-tagging" tactic that Al noted has existed, although I don't see much evidence of it in recent years. I think it may be that enough people who use tagged addresses give tagged addresses less scrutiny that senders who paid attention noticed that de-tagging hurts deliverability. There is also the possibility to give anything missing a tag extreme scrutiny (or outright reject it) if a user is careful to never give out untagged addresses. By definition there is no consent given to a sender who just makes up their own addresses (by stripping or changing tags), which is significant to any sender trying to operate on an opt-in basis. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 2021-02-08 15:03, Richard Bewley via mailop wrote: Only this weekend I was trying to help an old colleague with a migration from Gsuite to M365. The #1 complaint... was some of his minions were seemingly crippled by the lack of this function.. and I was thinking err aliases? Aliases? You could always turn on + addressing on M365... https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online Admittedly it is fairly new, and opt-in for reasons described on the link above, but it should be straightforward for a client moving in from another that supported plus addressing. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
On 8 Feb 2021, at 17:03, Richard Bewley via mailop wrote: +1 to Al. (no pun intended for the '+'.) Only this weekend I was trying to help an old colleague with a migration from Gsuite to M365. The #1 complaint... was some of his minions were seemingly crippled by the lack of this function.. and I was thinking err aliases? Aliases? The critical feature in '+' tagging (and equivalents using other characters or patterns) is the ability to create aliases on-the-fly in a namespace that the user controls such that the mail system handling delivery only needs to know the tagging pattern rather than every new tag. The "de-tagging" tactic that Al noted has existed, although I don't see much evidence of it in recent years. I think it may be that enough people who use tagged addresses give tagged addresses less scrutiny that senders who paid attention noticed that de-tagging hurts deliverability. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
+1 to Al. (no pun intended for the '+'.) Only this weekend I was trying to help an old colleague with a migration from Gsuite to M365. The #1 complaint... was some of his minions were seemingly crippled by the lack of this function.. and I was thinking err aliases? Aliases? At least I am not alone ;o) Richard -Original Message- From: Al Iverson Sent: 08 February 2021 17:46 To: mailop Subject: Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam.. I'm going to go wide (and unpopular) on this one and say that this is just another reason address plussing is crappy. Even the desired use case is very easily exploited. Bad guys can just strip the +tag and then you lose your visibility into where they got the address from. I guess if it's all you've got, so be it. I'm a hypocrite, I guess. I use it sometimes. But I think individual aliases are a much better solution. Cheers, Al Iverson On Mon, Feb 8, 2021 at 10:01 AM Michael Peddemors via mailop wrote: > > Didn't take Google spammers long to figure out using + addressing to > try and get by spam filters.. or personal block lists.. > > > Return-Path: > > From: "Bitcoin Trader" > > Judging by volume, I am sure that there are no sane rate limiters in > place.. > > I would think that any use of a + address, usually is for a specific > purpose, and should have very tight outbound rate limiters in place. > > -- Michael -- > > > > > On 2021-02-05 10:12 a.m., Camille - Clean Mailbox via mailop wrote: > > Also, a trusted user can be hacked and his account hijacked to send spam. > > > >> Le 5 févr. 2021 à 18:25, Marcel Becker via mailop > >> a écrit : > >> > >> > >> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop > >> mailto:mailop@mailop.org>> wrote: > >> > >> > >> You can not trust users to identify spam. > >> > >> > >> This. A Thousand times this. A lot of us privileged with the > >> insight into how mail technically works (or so) have difficulties > >> grasping how real people use mail. And the available abuse reporting > >> channels. > >> > >> ___ > >> mailop mailing list > >> mailop@mailop.org > >> https://list.mailop.org/listinfo/mailop > > > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > > > > > > -- > "Catch the Magic of Linux..." > -- > -- Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company > - For More Info http://www.wizard.ca "LinuxMagic" a Registered > TradeMark of Wizard Tower TechnoServices Ltd. > -- > -- > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and > intended solely for the use of the individual or entity to which they are > addressed. > Please note that any views or opinions presented in this email are > solely those of the author and are not intended to represent those of the > company. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com This email may be proprietary or confidential and may constitute a business secret protected by law. If you’re not the intended recipient, notify me by email and erase all copies and attachments, and do not forward nor disclose its contents to anyone. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
I'm going to go wide (and unpopular) on this one and say that this is just another reason address plussing is crappy. Even the desired use case is very easily exploited. Bad guys can just strip the +tag and then you lose your visibility into where they got the address from. I guess if it's all you've got, so be it. I'm a hypocrite, I guess. I use it sometimes. But I think individual aliases are a much better solution. Cheers, Al Iverson On Mon, Feb 8, 2021 at 10:01 AM Michael Peddemors via mailop wrote: > > Didn't take Google spammers long to figure out using + addressing to try > and get by spam filters.. or personal block lists.. > > > Return-Path: > > From: "Bitcoin Trader" > > Judging by volume, I am sure that there are no sane rate limiters in > place.. > > I would think that any use of a + address, usually is for a specific > purpose, and should have very tight outbound rate limiters in place. > > -- Michael -- > > > > > On 2021-02-05 10:12 a.m., Camille - Clean Mailbox via mailop wrote: > > Also, a trusted user can be hacked and his account hijacked to send spam. > > > >> Le 5 févr. 2021 à 18:25, Marcel Becker via mailop > >> a écrit : > >> > >> > >> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop > >> mailto:mailop@mailop.org>> wrote: > >> > >> > >> You can not trust users to identify spam. > >> > >> > >> This. A Thousand times this. A lot of us privileged with the insight > >> into how mail technically works (or so) have difficulties grasping how > >> real people use mail. And the available abuse reporting channels. > >> > >> ___ > >> mailop mailing list > >> mailop@mailop.org > >> https://list.mailop.org/listinfo/mailop > > > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > > > > > > -- > "Catch the Magic of Linux..." > > Michael Peddemors, President/CEO LinuxMagic Inc. > Visit us at http://www.linuxmagic.com @linuxmagic > A Wizard IT Company - For More Info http://www.wizard.ca > "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. > > 604-682-0300 Beautiful British Columbia, Canada > > This email and any electronic data contained are confidential and intended > solely for the use of the individual or entity to which they are addressed. > Please note that any views or opinions presented in this email are solely > those of the author and are not intended to represent those of the company. > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
It's a testing server at ... Hetzner. So, yeah, good luck. Unfortunately getting mail accepted at MS or Google from a new VPS seems to be nearly impossible. I would love to be proved wrong, though, by those more knowledgeable. I'm not expert on these kind of things. I've a direct friend who manage a dedicated server on Hetzner and he doesn't have any problem on sending emails to any domain. Anyway I can perfectly send emails to any gmail account and with any other mail provider I've tried. The problem now is only with Microsoft, specifically with outlook "free" mails. I think it depends on the history of the IP you get. I cannot know. On hetzner runs a big part of tor network, maybe this could impair the deliverability of some IPs . But this is just my assumption. Anyway, like I said in the first email, I did a mistake by sending emails from telnet, from my domain. I probably have impaired my domain score. Moreover when I contacted Microsoft I discovered that my IP was already in their blacklist before I bought my vps. At that time I was on trabia network. I got my IP mitigated, but I changed provider the same. Probably depends on the network reputation where the VPS is located. But if configured properly, and not on network with a poor reputation, should not really be an issue. If on a network with a poorer reputation, ask that they give you an 'rwhois' listing for transparency. Try standing up a VPS on a 'bullet proof hoster', and good luck.. thanks for your suggestion. What hoster do you think is "bullet proof"? I'm gonna delve into rwhois, honestly I didn't head it before. https://whatismyipaddress.com/ip/78.14.94.161 You are on ADSL, probably with a static IP but it looks like a dynamic range --> risk of netblock. I also run my private mailserver with a few mails a day, but I'm on a fiber connection from a high-quality ISP. You might want to consider a VPS. Evert Yes, that's my second level domain. The dns gui of my registar forces me to assign an IP to my second level domain. But I'm sending from mx1.mail.foddi.net, which is hosted on Hetzner, with a static IP obviously. Ale ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
Hi Ale, On 08/02/2021 14.09, Ale via mailop wrote: I will see what happens until June, when my domain expires. If the problem will persist, I'm gonna contact them and eventually change domain and IP. According to https://whatismyipaddress.com/ip/78.14.94.161 You are on ADSL, probably with a static IP but it looks like a dynamic range --> risk of netblock. I also run my private mailserver with a few mails a day, but I'm on a fiber connection from a high-quality ISP. You might want to consider a VPS. Evert ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..
Didn't take Google spammers long to figure out using + addressing to try and get by spam filters.. or personal block lists.. Return-Path: From: "Bitcoin Trader" Judging by volume, I am sure that there are no sane rate limiters in place.. I would think that any use of a + address, usually is for a specific purpose, and should have very tight outbound rate limiters in place. -- Michael -- On 2021-02-05 10:12 a.m., Camille - Clean Mailbox via mailop wrote: Also, a trusted user can be hacked and his account hijacked to send spam. Le 5 févr. 2021 à 18:25, Marcel Becker via mailop a écrit : On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop mailto:mailop@mailop.org>> wrote: You can not trust users to identify spam. This. A Thousand times this. A lot of us privileged with the insight into how mail technically works (or so) have difficulties grasping how real people use mail. And the available abuse reporting channels. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
On 2021-02-08 7:37 a.m., Alan Hodgson via mailop wrote: Unfortunately getting mail accepted at MS or Google from a new VPS seems to be nearly impossible. I would love to be proved wrong, though, by those more knowledgeable. Probably depends on the network reputation where the VPS is located. But if configured properly, and not on network with a poor reputation, should not really be an issue. If on a network with a poorer reputation, ask that they give you an 'rwhois' listing for transparency. Try standing up a VPS on a 'bullet proof hoster', and good luck.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
On Mon, 2021-02-08 at 14:09 +0100, Ale via mailop wrote: > > Being "properly configured" these days entails needing many things > > that you didn't say. Forward-Reverse-DNS, SPF, DKIM, DMARC just for > > starters. And then more in other places. > > > Impossible to know and so impossible to say. It's a private 3rd party > > reputation scoring system in use. > > Hello, > > I've setup all these things, so *i assume* that my mail server is > properly configured now. the domain it's the same I'm using right now. > But like i said previously, it's a testing server, because i knew > something could go wrong. It's a testing server at ... Hetzner. So, yeah, good luck. Unfortunately getting mail accepted at MS or Google from a new VPS seems to be nearly impossible. I would love to be proved wrong, though, by those more knowledgeable. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
Being "properly configured" these days entails needing many things that you didn't say. Forward-Reverse-DNS, SPF, DKIM, DMARC just for starters. And then more in other places. Impossible to know and so impossible to say. It's a private 3rd party reputation scoring system in use. Hello, I've setup all these things, so *i assume* that my mail server is properly configured now. the domain it's the same I'm using right now. But like i said previously, it's a testing server, because i knew something could go wrong. i know it's a proprietary, non-transparent spam system. but i hoped that someone else had a clue about how it works. i created more than 10 outlook accounts, and I've one premium account offered by my university. the weird thing is that not every mail that goes through outlook..protection is being treated in the same way. basically in every free account, the first times i send emails from my domain, they go almost always in the junk folder. This doesn't happen, most of the times, if i send emails to premium accounts. After i mark as not junk a couple of times, i can receive correctly the emails, but only from the specific user i marked as not junk. the premium accounts allow the user to make some sort of special report as "not junk" in order to change their spam system. I don't even send 100 mails/day, so probably it's not enough to change my score. I will see what happens until June, when my domain expires. If the problem will persist, I'm gonna contact them and eventually change domain and IP. It also heavily depends on the ASN. It is the most ridiculous filter mechanism I ever came across. We had a whole ASN blocked and waited for weeks until it was removed from their list. No information which system triggered it. We never found a reason nor were we given a reason by MS. If they decide to filter to "Junk", fine. If they decide to block a whole ASN and don't give the slightest hint why it happened and don't even act on it when being contacted for weeks, I wonder who serioulsy wants to do business with them. If you don't mind losing mail from your customers, don't care about non-existing support and finally don't care for privacy: MS is your choice. I agree with you, but i'm very biased towards MS. I don't like/use their products even when are technically good. Anyway, i assumed that they send some kind of abuse notification to the ip's owner, but as far as i see they just block you, and that's it. very easy to do. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Microsoft antispam
It also heavily depends on the ASN. It is the most ridiculous filter mechanism I ever came across. We had a whole ASN blocked and waited for weeks until it was removed from their list. No information which system triggered it. We never found a reason nor were we given a reason by MS. If they decide to filter to "Junk", fine. If they decide to block a whole ASN and don't give the slightest hint why it happened and don't even act on it when being contacted for weeks, I wonder who serioulsy wants to do business with them. If you don't mind losing mail from your customers, don't care about non-existing support and finally don't care for privacy: MS is your choice. I personally like a lot of products from MS, but their cloud services are none of them... :) -- Originalnachricht -- Von: "Bob Proulx via mailop" An: mailop@mailop.org Gesendet: 07.02.2021 23:59:09 Betreff: Re: [mailop] Microsoft antispam Ale via mailop wrote: My question is: if my server is properly configured, Being "properly configured" these days entails needing many things that you didn't say. Forward-Reverse-DNS, SPF, DKIM, DMARC just for starters. And then more in other places. and i don't send ANY spam mail to anyone, there is the possibility that in the future my domain will get a greater sending score and my emails go to the inbox folder? Impossible to know and so impossible to say. It's a private 3rd party reputation scoring system in use. Bob ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop