[mailop] Anyone from Cisco Talos IP/domain reputation team?
Hello, kind folks! Are there any helpful souls from the Cisco Talos IP & Domain Reputation team lurking, who could help me out by answering a few questions regarding fluctuating SMTP server IP reputation? Some public sector entities in my neck of the woods are using Talos to evaluate incoming e-mail, and lately we have periodically had to worry about people not being able to contact police, ambulance services, some hospitals or even their unemployment office via e-mail, because our SMTP IP reputation at Talos has suddenly gone from Neutral to Poor. Unfortunately neither Talos general support channels nor the entities that use Talos have been unable to pinpoint a specific issue for us, that would allow for us to account for these anomalies. Maybe there is someone out there with more intimate access to Talos’s evaluation data and can shine some light on why “the computer says no”. Any help would be appreciated. With best regards, Ardi Jürgens signature.asc Description: Message signed with OpenPGP ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for mail campaign services
On Fri 07/May/2021 17:39:33 +0200 Jay Hennigan via mailop wrote: On 5/7/21 01:33, Alessandro Vesely via mailop wrote: On Wed 05/May/2021 21:14:08 +0200 Jay Hennigan via mailop wrote: Then my personal recommendation would be Mailchimp or possibly Constant Contact if you're not comfortable with doing it in-house. Thank you Jay for mentioning that. Would someone explain concisely what are the main tradeoffs that make it uncomfortable to run a campaign in-house, in this post-desktop publishing era? It depends on what the problem is that you're trying to solve. If you want tracking bugs and a lot of analytics, that requires more expertise. If you just want to get the message out to your subscribers it's not that difficult. Indeed! The GNU Mailman program is free and open-source and does a reasonable job for small to medium sized lists. I've been running it for a number of specialty mailing lists both broadcast and discussion style for well over a decade with few issues, some lists well over 1000 subscribers and it scales beyond that. I think most of the people who run their own mail site experienced running mailing lists. It is quite straightforward. However, organizations that outsource email facilities obviously need to turn to an ESP. Bear in mind that a substantial portion of the people on this list are either in the email service provider business or support those who are so you are likely to get nudged in that direction. Yeah, I know. I appreciate that recommended ESPs do full impersonation, I mean DMARC, DKIM, SPF. I'd hope such formal impersonation implies actually wearing their customers' shoes. If ESPs provide target users with a seamless email interaction with their customer organization, then any ethic doubt softens into the deep meaning of what is an organization's identity. Others let the outsourcing be apparent. For example, Greenpeace acting through e-activist.com. I don't know you, but I take notice of a site's TLD being org vs com. E-activist.com in particular seems to be willing to address any kind of activism, irrespective of its color. I can't stand it. It's too much! Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for mail campaign services
On Fri, May 7, 2021 at 10:46 AM Jay Hennigan via mailop wrote: > Bear in mind that a substantial portion of the people on this list are > either in the email service provider business or support those who are > so you are likely to get nudged in that direction. Or not. I work for an ESP platform but my subscriber list manager for Spam Resource is just a shell script. https://www.spamresource.com/2020/02/fun-with-double-opt-in.html It depends on how much hassle you want to deal with. Warming up an IP from zero reputation to inbox delivery at the top 3 (Verizon, Microsoft, Google) can be hell. But I've got years of reputation history for my main sending server. Others don't. And I like writing my own stuff from scratch when I can. For those who don't want to roll their own, stuff like MailChimp, or Constant Contact, or Substack should work fine. Mailman seems oriented to discussion lists instead of broadcast lists, and I found it to be a super huge pain in the ass to set up, back in the day. Maybe it's better now? Cheers, Al Iverson -- Al Iverson // Wombatmail // Chicago Deliverability: https://spamresource.com DNS Tools: https://xnnd.com ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Haraka status? Exim the only choice? (v Postfix)
On Fri, May 7, 2021 at 8:23 AM Steven Champeon via mailop wrote: > I've only ever seen 11 hosts that were > actually running it. > I use it as an 'internal relay' and it works well. Hundreds of copiers, UPS units, and other low-level network devices use it as their outbound SMTP server. It does some light re-formatting of addresses and makes things look less spammy and then pass it on to the company's mail server (usually GSuite) for delivery. I've also used it in one really odd situation where a company didn't want to buy a bunch of Exchange 2007 licenses for all their staff, so C-level staff were on the Exchange server, and everyone else was on a Dovecot server. Haraka would do the spam filtering, then check the address against a list and either route it via SMTP to Exchange 2007 or LMTP to Dovecot. Having Haraka in front of Exchange 2007 made debugging mail issues infinitely easier as Exchange logs were (probably still are) absolute garbage, and the spam filtering was dismal. -A ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for mail campaign services
On 5/7/21 01:33, Alessandro Vesely via mailop wrote: On Wed 05/May/2021 21:14:08 +0200 Jay Hennigan via mailop wrote: Then my personal recommendation would be Mailchimp or possibly Constant Contact if you're not comfortable with doing it in-house. Thank you Jay for mentioning that. Would someone explain concisely what are the main tradeoffs that make it uncomfortable to run a campaign in-house, in this post-desktop publishing era? It depends on what the problem is that you're trying to solve. If you want tracking bugs and a lot of analytics, that requires more expertise. If you just want to get the message out to your subscribers it's not that difficult. The GNU Mailman program is free and open-source and does a reasonable job for small to medium sized lists. I've been running it for a number of specialty mailing lists both broadcast and discussion style for well over a decade with few issues, some lists well over 1000 subscribers and it scales beyond that. Bear in mind that a substantial portion of the people on this list are either in the email service provider business or support those who are so you are likely to get nudged in that direction. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Haraka status? Exim the only choice? (v Postfix)
Am 07.05.21 um 16:31 schrieb Steven Champeon via mailop: > > As for Haraka, I haven't followed it closely but know Matt to be a solid > coder; the impression I got when he was writing it was that it was on a > lark to see if he could write an RFC-compliant SMTP server in > Javascript. I think the quote was "that's why there are weekends". > Having written a lot of JS code over the years, including an entire > library and book on how to use it to produce Web-based GUIs, I was > amazed that it actually worked. I've only ever seen 11 hosts that were > actually running it. Speaking of coding and weekends, a very tangential question: Has anybody considered writing a MTA in Rust? I've been intrigued by its excellent safety guarantees for some time, and it has rekindled my fun in low-level coding (because it's much nicer without dangling pointers and memory leaks). I implemented a postfix policy daemon in Rust to block based on sometimes pretty complex DNS-based conditions (for example, there are rules which detect whether the MX or NS of a sender's domain is in a specific ASN and the localpart follows some pattern), and it performs solidly on a moderately sized mailserver. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Haraka status? Exim the only choice? (v Postfix)
on Sat, May 01, 2021 at 03:18:49AM +, MRob via mailop wrote: > Can I ask what are mailop's opinions about Exim? Thanks you! I'm a dinosaur who at one point had 15K lines of custom m4 code in my sendmail setup (I removed a few thousand a few years back for various reasons), and am still running it because it Just Works, so take any of this with a massive grain of salt, but I've also looked at some 97%+ of IPv4 and can tell you that AFAICT the only people actually running Exim are on cPanel shared webhosting servers, and the folks who wrote it in the first place at Cambridge. This despite claims that it's the most popular MTA on the Internet with a 60% market share[1]. This is not to denigrate Exim, just to suggest that its userbase probably isn't even really aware that they're running Exim and configures what they need to configure via some Web hosting management console. Postfix in my experience is solid, and has lots of knobs to tweak, but if you need something special, such as say, blocking mail from the idiot with infinite Gmail accounts having common Vietnamese surnames in them who keeps trying to sell t-shirts to your role accounts, you're out of luck. I know, you can write a policy daemon, but I haven't had much luck with that, for various performance-based reasons which may no longer be applicable many years on. (I ran Postfix for a year as a trial and had a lukewarm response to it.) For context, I run a project called Enemieslist which has reduced the PTR naming conventions for much of IPv4 down to regular expressions with classifications of assignment type (static, dynamic) and other special subclasses like NATs, resnets, shared and dedicated webhosts, etc. The idea being that you ought to be able to set policy regarding where you're blocking or accepting and/or quarantining mail from based on such factors, though it's been applied in a wider variety of ways than we first imagined, it's the darling of big data scientists. We made the dataset queriable via a patch to rbldnsd over fifteen years ago, and our original users wanted to include checks against the mirrors in their MTAs, which included Exim, Postfix, qpsmtpd, ecelerity, and obviously sendmail, as well as SpamAssassin. Vincent wrote some custom code to integrate into Cloudmark as well. So we have some old contrib policy daemons for postfix, config info for Exim, an SA plugin, and various other forms of custom integration. The common aspect to all was that they could query our DNSBL with the PTR of the connecting host and then implement some policy based on the result (eg, block dynamic, quarantine generic static, etc.) Exim could do this via configuration; Postfix required a policy daemon, the others required custom plugins or modules or as with sendmail, custom rulesets. Of the 149424 patterns we have for known outbound mail servers and server farms, only 4003 are known to run Exim. Of the 68266 shared webhost patterns, 21260 run cPanel and therefore are also running Exim by default. Postfix is on at least 17395 of those surveyed, by comparison. These are based on banner scans, which you can obviously configure to obscure the software make and model but that's a baseline for you. I'd say go with whatever MTA has the most active development and support community, if you don't already have a lot invested in customization and configuration of your current MTA. We did a banner survey of the edu space some fifteen years ago and found that a ridiculous proportion of them were running Barracuda boxes, like 80% or so, but this was back when you couldn't walk through an airport without seeing a Barracuda advertisement on the wall; I suspect things have changed since then. Proofpoint seems to have surged ahead. I know that sendmail rulesets have been compared to modem line noise and Mr. Dithers' cursing, and can attest to the fact that writing them is far more satisfying than reading them, but you have almost infinite customization capacity if you can stand it. I once mentioned to a friend (who used to write for sendmail.net when that was a thing) that you could probably fit all of the people with as much experience writing sendmail rulesets as I had into a Volvo station wagon, and his reply was "you could fit more if you pulped them first", so don't take this as a recommendation for sendmail; I'll eventually have to give up on it and surrender to whatever the vox populi says I need to use. As for Haraka, I haven't followed it closely but know Matt to be a solid coder; the impression I got when he was writing it was that it was on a lark to see if he could write an RFC-compliant SMTP server in Javascript. I think the quote was "that's why there are weekends". Having written a lot of JS code over the years, including an entire library and book on how to use it to produce Web-based GUIs, I was amazed that it actually worked. I've only ever seen 11 hosts that were actually running it. HTH, Steve [1] http://www.securityspace.com/s_survey/
[mailop] [BACKSCATTER] Anyone know wadax.ne.jp
Maybe if you do, you can send them a friendly nod.. Seems someone has decided to use their backscatter for sending spam messages.. From: Mail Delivery System Subject: Undelivered Mail Returned to Sender This is the mail system at host pmgd06.wadax.ne.jp. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. Typical, the server allows forged MAIL FROM and From, gets blocked by the receiving system, and then attempts to notify the sender, forged in this case, and issue an NDR, and of course the NDR contains the original spam message, but the NDR's can get past the forgery restrictions, as it is from Mailer-Daemon. They need to prevent forged 'MAIL FROM' and need to prevent backscatter. Their 'postmaster' address in the 'cc' to this post. Everyone should remember, they should have checks that the MAIL FROM can only originate from an address that resides on their system. Have a happy friday everyone.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Anyone from Otenet
Hi All, Is there anyone from Otenet we could talk offline with? We see some heavy throttle on a particular scenario where everything else looks good, and we have tried reaching out to different addresses (including abuse@ and postmaster@) with no luck. Thanks! José Ramón García Layos Deliverability | Adobe ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for mail campaign services
> On 7 May 2021, at 09:33, Alessandro Vesely via mailop > wrote: > > On Wed 05/May/2021 21:14:08 +0200 Jay Hennigan via mailop wrote: >> Then my personal recommendation would be Mailchimp or possibly Constant >> Contact if you're not comfortable with doing it in-house. > > > Thank you Jay for mentioning that. > > Would someone explain concisely what are the main tradeoffs that make it > uncomfortable to run a campaign in-house, in this post-desktop publishing era? Bounce and queue handling. Setting up throttles and limits for outbound rates. Database management. FBL and complaint handling management. Creating messages that are cross platform for the receiver. Reputation management. laura -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Recommendations for mail campaign services
On Wed 05/May/2021 21:14:08 +0200 Jay Hennigan via mailop wrote: Then my personal recommendation would be Mailchimp or possibly Constant Contact if you're not comfortable with doing it in-house. Thank you Jay for mentioning that. Would someone explain concisely what are the main tradeoffs that make it uncomfortable to run a campaign in-house, in this post-desktop publishing era? Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop