Re: [mailop] Microsoft Consumer Email Deliverability Issue

[Bob Proulx via mailop]

Robert Schoneman via mailop wrote:
>   *   The offending emails have
>  *   No attachments
>  *   One image stored on the same domain the message is sent from
>  *   No links

Just some questions...

That "One image stored on the same domain the message is sent from"
must be a link, right?  So the "No links" seems to be a conflict,
right?  Really meant no links other than this one image link?  Might
be better without any links.  Is the image necessary?

I assume this is HTML mail.  Is it HTML only?  Or is it multipart
alternative with an appropriate plain text part?  I suggest the latter
but the plain text portion must be an appropriate alternative.

But as for staring into the abyss that is Microsoft consumer email I
try not to stare into that abyss too long as then the abyss stares
back.  I have had trouble dealing with them before and they are not
friendly about it.  Good luck!

Bob
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Consumer Email Deliverability Issue

[Michael Wise via mailop]

Keep replying, and explain why you can't enroll in SNDS, and ask them to ... 
"Escalate".
That's all I can suggest, sorry.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of Robert Schoneman via 
mailop
Sent: Thursday, April 29, 2021 5:27 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Microsoft Consumer Email Deliverability Issue

We're having issues sending order confirmations from our event ticketing system 
to users of Microsoft's consumer email services (Outlook, Hotmail, Live, MSN). 
The order confirmations are being sent to Junk. Some details are below this 
paragraph. I've communicated with Microsoft's "Outlook.com Deliverability 
Support Team" and while they were very responsive, unfortunately we hit a 
roadblock. They wanted us to enroll in JMRP and SNDS. Microsoft's JMRP system 
requires enrollment in SNDS. However, to enroll in SNDS requires verifying 
ownership of the sending IP's. We don't own them. Our event ticketing system 
vendor who does hasn't been helpful. We own the sending domain.


  *   SPF, DKIM, DMARC are all good and show as "pass" in the email headers of 
messages sent to junk.
  *   Sending IP's have the correct PTR records.
  *   Looking at the headers of a message sent to Junk, I see that our PCL = 2, 
SCL = 0 and BCL = 0.
  *   MS confirmed our sending IP's  and domain aren't the issue: "We were 
unable to identify anything on our side that would prevent your mail from 
reaching Outlook.com customers."
  *   MS did however determine that "messages are being filtered (i.e. sent to 
the Junk folder) based on the recommendations of the SmartScreen Filter."
  *   Email messages from the same sending domain and IP's, using the same 
address, which are other than order confirmations (reports, for example) 
deliver to my Outlook.com email address' Inbox without issue.
  *   The offending emails have
 *   No attachments
 *   One image stored on the same domain the message is sent from
 *   No links
 *   No card info
 *   A name and email address matching the recipient
  *   All emails are sent from a valid address and all NDRs/bounces are 
resolved.
  *   No marketing or bulk mail is sent from the domain.
  *   The same emails sent to Google, AOL, Yahoo deliver without issue.

I'm out of ideas here and would welcome any help on or off list.  Our concern 
is if we can't deliver an order confirmation to our customers who use these 
email services, we'll also have issues delivering their electronic tickets.

Robert Schoneman | Director of IT
Blumenthal Performing Arts

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Microsoft Consumer Email Deliverability Issue

[Robert Schoneman via mailop]

We're having issues sending order confirmations from our event ticketing system 
to users of Microsoft's consumer email services (Outlook, Hotmail, Live, MSN). 
The order confirmations are being sent to Junk. Some details are below this 
paragraph. I've communicated with Microsoft's "Outlook.com Deliverability 
Support Team" and while they were very responsive, unfortunately we hit a 
roadblock. They wanted us to enroll in JMRP and SNDS. Microsoft's JMRP system 
requires enrollment in SNDS. However, to enroll in SNDS requires verifying 
ownership of the sending IP's. We don't own them. Our event ticketing system 
vendor who does hasn't been helpful. We own the sending domain.


  *   SPF, DKIM, DMARC are all good and show as "pass" in the email headers of 
messages sent to junk.
  *   Sending IP's have the correct PTR records.
  *   Looking at the headers of a message sent to Junk, I see that our PCL = 2, 
SCL = 0 and BCL = 0.
  *   MS confirmed our sending IP's  and domain aren't the issue: "We were 
unable to identify anything on our side that would prevent your mail from 
reaching Outlook.com customers."
  *   MS did however determine that "messages are being filtered (i.e. sent to 
the Junk folder) based on the recommendations of the SmartScreen Filter."
  *   Email messages from the same sending domain and IP's, using the same 
address, which are other than order confirmations (reports, for example) 
deliver to my Outlook.com email address' Inbox without issue.
  *   The offending emails have
 *   No attachments
 *   One image stored on the same domain the message is sent from
 *   No links
 *   No card info
 *   A name and email address matching the recipient
  *   All emails are sent from a valid address and all NDRs/bounces are 
resolved.
  *   No marketing or bulk mail is sent from the domain.
  *   The same emails sent to Google, AOL, Yahoo deliver without issue.

I'm out of ideas here and would welcome any help on or off list.  Our concern 
is if we can't deliver an order confirmation to our customers who use these 
email services, we'll also have issues delivering their electronic tickets.

Robert Schoneman | Director of IT
Blumenthal Performing Arts

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Outlook domain here.

[Stefano Bagnara via mailop]

On Thu, 29 Apr 2021 at 11:14, vsai--- via mailop  wrote:
> Outlook is blocking mails that are auto-forwarded from my domain.

Open a ticket here:
http://go.microsoft.com/fwlink/?LinkID=614866

PS: email forwarding nowadays is a PITA and maybe there's no fix to
your issue but stop forwarding.

-- 
Stefano Bagnara
Apache James/jDKIM/jSPF
VOXmail/Mosaico.io/VoidLabs
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Anyone from Outlook domain here.

[Michael Wise via mailop]

When you say, “Outlook” … you mean the FreeMail service, yes?
Auto-forwarded from your domain …
How good is your spam blocking?

Because unless it’s excellent, that’s your problem, right there.
Nobody here is going to be able to help you, including me. 

The first thing you need to do, however, is open a ticket.
But be prepared for disappointment if your IP strongly resembles every other IP 
sending 90% spam.

  https://go.microsoft.com/fwlink/?LinkID=614866

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

From: mailop  On Behalf Of vsai--- via mailop
Sent: Thursday, April 29, 2021 2:13 AM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] Anyone from Outlook domain here.

Outlook is blocking mails that are auto-forwarded from my domain.

They is happening repeatedly. Anyone from Outlook domain here who can help me.

Regards,
Stanley V



Choose to be safer online.
Opt-in to Cyber Safety with NortonLifeLock.
Plans starting as low as $6.95 per month.*
NetZero.com/NortonLifeLock
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [INFORMATION] What's happening in the world of spam/email abuse update

[Noel Butler via mailop]

On 29/04/2021 20:05, Jaroslaw Rafa via mailop wrote:


Dnia 29.04.2021 o godz. 13:04:55 Noel Butler via mailop pisze:


nobody, but nobody, is too big to block to protect my users.


And what if your users because of being unable to communicate with 
Google
users (which is roughly equal to "almost everyone" for an average user) 
will

switch to Google and move their email there?

And BTW. in my opinion that's exactly what Google wants - that everyone 
uses

their services and nobody else's.

So just in order to stop people moving to GGogle we should be able to
communicate with Google :)


I have no doubt they rather people use their service so they can scan 
and scam them, but I don't and wont play their games, if the rest of you 
are too gutless to stand up the bullies thats more work for you, 
answering irate clients who want the spam to stop, how does that go down 
you telling them google is too big to block in your eyes - that, would 
be a faster way to lose clients.


Think what we will about Microsoft, even I give them credit in this 
area, they do a pretty good job when it comes to dealing with abusers on 
their network, no reason google can't.


--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [INFORMATION] What's happening in the world of spam/email abuse update

[Jaroslaw Rafa via mailop]

Dnia 29.04.2021 o godz. 13:04:55 Noel Butler via mailop pisze:
> 
> nobody, but nobody, is too big to block to protect my users.

And what if your users because of being unable to communicate with Google
users (which is roughly equal to "almost everyone" for an average user) will
switch to Google and move their email there?

And BTW. in my opinion that's exactly what Google wants - that everyone uses
their services and nobody else's.

So just in order to stop people moving to GGogle we should be able to
communicate with Google :)
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anyone from Outlook domain here.

[vsai--- via mailop]

Outlook is blocking mails that are auto-forwarded from my domain. They is 
happening repeatedly. Anyone from Outlook domain here who can help me. 
Regards,Stanley V


Choose to be safer online.
Opt-in to Cyber Safety with NortonLifeLock.
Plans starting as low as $6.95 per month.*
https://store.netzero.net/account/showService.do?serviceId=nz-nLifeLock_source=mktg_medium=taglines_campaign=nzlifelk_launch_content=tag695=A34454
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Contact from OVH

[Lilium via mailop]

Can someone from OVH please connect with me off list

We are having an issue with some of your IPs on our SMTP service.

Andrea Fava
RealSender.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spam from Google Work Space sender domain via Google IP(s )

[vsai--- via mailop]

Thank you Arne and Med for your valuable suggestions. I'm new here. Appreciate 
your help in this regard. Regards,Stanley V.

-- Original Message --
From: Arne Jensen 
To: "v...@netzero.net" , mailop@mailop.org
Subject: Re: [mailop] Spam from Google Work Space sender domain via Google IP(s)
Date: Wed, 28 Apr 2021 09:15:09 +0200


Den 28-04-2021 kl. 06:27 skrev vsai--- via mailop:
> I've been receiving spam and phishing scams from Google IP(s).
>
> All these messages have the sender domains associated either with
> Godaddy or with Google work space.
>
> Some of the sample sender domains are listed below:
>
> **

Several of these domains exists in Spam Eating Monkey's FRESH lists,
since they were registered very recently, some of them 2 days old, some
of them around 10 days.

-> https://spameatingmonkey.com/

You might be able to use the FRESH list to trigger on domains that were
registered (very) recently, with their FRESH lists.

A couple of the listed domains that does not appear in SEM FRESH, seems
to exist in URIBL's "black" zone:

-> https://uribl.com/


Licenses and terms/conditions for various of such "reputation" lists may
vary quite a lot, so you will seriously need to go through their
policies, to figure out if you are able to incorporate their data in
your systems.

Not doing so from the beginning, might cause severe consequences...


>
> I could see couple of patterns in these spam.
>
> 1. Spamming from Google groups with topic 25838:
>
>Example: List-Help:
> ,

SEM FRESH and URIBL mentioned above would here require you to split it
out to the real domain, e.g. "lanawilliams.today", before you look it up.

Even if you  go to
"https://support.google.com/a/this.stuff.does.not.exist.invalid/bin/topic.py?topic=25838;,
you will also be redirected to
"https://support.google.com/a/topic/25838;, so you have some options here:

a) With the classic kind of learning spam/ham in spam filters, you might
be able to make your systems"learn" the full/exact link towards being
either spam/ham, but with the amount of different possibilities there
could be, e.g.:

->
https://support.google.com/a/this.stuff.does.not.exist.invalid/bin/topic.py?topic=25838
->
https://support.google.com/a/another.one.that.does.not.exist.invalid/bin/topic.py?topic=25838

That option may not be very feasible, ... for some.

b) You could split out the "real domain" from the URI if it matches the
Google link, and then look up the domain in various of those URI / RHS
lists.

->
https://support.google.com/a/bfjnusfg.lanawilliams.today/bin/topic.py?topic=25838
(lookup: lanawilliams.today)
->
https://support.google.com/a/a.very.simple.example.net/bin/topic.py?topic=25838
(lookup: example.net)
->
https://support.google.com/a/another.fancy.example.co.uk/bin/topic.py?topic=25838
(lookup: example.co.uk)

Depending on your systems, this may not be very simple, such as e.g.
getting "example.co.uk" and other second-, third- (or further level)
registrations like there.


For the extracting, I would however suggest using the Public Suffix list:

-> https://publicsuffix.org/

There are some libraries out there for many programming languages out there.

>
> 2. Received lines has lines either single or multiple "X-Received: by
> 2002"
>
>Example:
> ***
> X-Received: by 2002:ac2:5f75:: with SMTP id
> c21mr4375339lfc.600.1618693533415;
> Sat, 17 Apr 2021 14:05:33 -0700 (PDT)
IPv6 subnet 2002:ac2:5f75::/48, refers to IPv4 address 10.194.95.117.
> Received: by 2002:a05:6512:c22:: with SMTP id
> z34ls4162850lfu.2.gmail; Sat, 17
>  Apr 2021 14:05:32 -0700 (PDT)
IPv6 subnet 2002:a05:6512::/48, refers to IPv4 address 10.5.101.18.
> X-Received: by 2002:a19:7508:: with SMTP id
> y8mr7152413lfe.123.1618693532208;
> Sat, 17 Apr 2021 14:05:32 -0700 (PDT)
> ***

IPv6 subnet 2002:a19:7508::/48, refers to IPv4 address 10.25.117.8.

These IPv6 addresses/subnets are part of the 2002::/16 6to4 anycast
network. So I wouldn't put any weight to them.

Maybe if you expanded them to the IPv4 addresses (hex decode the IPv4
with the first two groups after 2002: minus any :'s in the middle
(ac25f75, a056512 & a197508)), and then maybe if these were actually
revealing other "public IP addresses", and not private/reserved IP
addresses, there might be a chance of using them to detect stuff.

The majority (if not all) of Google email headers seem to indicate
Google is using the 10.0.0.0/8 equivalent of the 6to4 IPv6 space (e.g.
2002:a00::/24  (2002:0a00:::::: -
2002:0aff::::::)) in their internal networks.

> 
> Please let us know if anyone is observing same trend of spam and what
> measures are taken to prevent these patterns.