[mailop] Contact for Symantec?

[Mark Fletcher via mailop]

Hello,

Is there anyone from Symantec here that could contact me off-list? Our
server at 66.175.222.108 is receiving '500 5.7.1 Symantec Zodiac' responses
from some addresses. Going to https://ipremoval.sms.symantec.com/ipr/lookup
and entering the address, it says that the host has a negative reputation.
I've tried submitting additional information, as requested, but no joy.

Thanks,
Mark
https://groups.io
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] opendmarc fails with tencent.com emails

[Mary via mailop]

thank you for the detailed explanation.



On Fri, 21 May 2021 08:20:11 -0700 Alan Hodgson via mailop  
wrote:

> It's testing qq.com, not tencent.com. They do appear to have an SPF record, 
> fwiw. Which doesn't help DMARC if they don't replace the envelope sender. 
> They'd have to fix that or add a DKIM sig from qq.com. Not sure how tencent's 
> DKIM sig passed; that suggests they put the @qq.com in the From:, or else qq 
> resigned it with a tencent.com key after rewriting the From:. Neither is 
> helpful.
> 
> qq.com's DMARC policy is p=none, though. Which is good considering how broken 
> that mail is.
> 
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Outlook for Mac email autofill

[John Lightfoot via mailop]

 From: Matthew V via mailop Date: Friday, May 21, 2021 at 11:32 AMTo: mailop@mailop.org Subject: Re: [mailop] Outlook for Mac email autofillFrom: mailop  on behalf of John Lightfoot via mailop Sent: Friday, May 21, 2021 3:49:22 AMTo: mailop@mailop.org Subject: [mailop] Outlook for Mac email autofill  I don’t know if this is a bug or a feature, but when I start typing in the To: column in Outlook, I often get extremely spammy autofill choices, e.g. if I type “zu” in the To: field, autofill suggest Pornhub zun...@zunzzp.zunzzp.medknizhkanova.ru and zuma hamson mrhamsonzum...@gmail.com.  I’m using the Microsoft Outlook for Mac, Version 16.50 (21061903).  I’ve noticed this behavior for a while.  Is there a way to prevent this?  Try disabling the Outlook autocomplete/suggest feature, might be something like this: From the File tab, select Options.On the Outlook Options dialog, click Mail.Scroll down to the Send messages sectionUncheck Use Auto-Complete List to suggest names(Option) If you wish to delete the list, click the Empty Auto-Complete List button.Click the OK buttonThat option doesn’t seem to exist in Outlook for Mac.  I can go to Preferences/AutoCorrect/Text Completion and turn off Show AutoComplete tip for AutoText and dates, but that doesn’t seem to affect autocomplete for email addresses.Someone asked earlier if I was auto-replying to spam, and no, I am not.Thanks,John~Matt
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com

[Camille - Clean Mailbox via mailop]

Bonjour Benoît,

It's obvious that they are trying to infect Windows users with Adobe Acrobat 
Reader, they are targetting the (probably) most common configuration on 
Internet, and especially for our well nown Mme Michu.
I've seen few of them here, but all detected as malware & spam.

Best regards,
Camille

-Message d'origine-
De : mailop  De la part de Benoît Panizzon via mailop
Envoyé : vendredi 21 mai 2021 16:29
À : mailop@mailop.org
Objet : [mailop] Mass 'Girl Picture PDF' Spam Mails from various: 
outbound.protection.outlook.com

Hi List

Today, we are getting strange emails from various 
outbound.protection.outlook.com ip addresses to all kind of destination email 
addresses.

Strange thing is:

The have a HUGE list of recipients in the To: Header

They have nonsense 5 letter (3 and 2) Subjects.

The have nonsense content of usually a couple of characters (plain and
html)

They have a PDF attchement (200 to 400kb) containing a picture of a girl.

There are no links, nothing advertised. So except of traffic, they don't seem 
to make any sense for the sender (have not checked the PDF for possible 
exploits, I'm using email PDF preview on linux, so no 'mainstream' PDF reader 
which could be vulnerable).

Does anyone know what the sender wants to achieve with those?

--
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Outlook for Mac email autofill

[Matthew V via mailop]

*From:* mailop  on behalf of John Lightfoot 
via mailop 

*Sent:* Friday, May 21, 2021 3:49:22 AM
*To:* mailop@mailop.org 
*Subject:* [mailop] Outlook for Mac email autofill

I don’t know if this is a bug or a feature, but when I start typing in 
the To: column in Outlook, I often get extremely spammy autofill 
choices, e.g. if I type “zu” in the To: field, autofill suggest 
Pornhub zun...@zunzzp.zunzzp.medknizhkanova.ru 
 and zuma hamson 
mrhamsonzum...@gmail.com .


I’m using the Microsoft Outlook for Mac, Version 16.50 (21061903).  
I’ve noticed this behavior for a while.  Is there a way to prevent this?



Try disabling the Outlook autocomplete/suggest feature, might be 
something like this:


From the File tab, select Options.
On the Outlook Options dialog, click Mail.
Scroll down to the Send messages section
Uncheck Use Auto-Complete List to suggest names
(Option) If you wish to delete the list, click the Empty Auto-Complete 
List button.

Click the OK button


~

Matt

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] opendmarc fails with tencent.com emails

[Alan Hodgson via mailop]

On Fri, 2021-05-21 at 15:06 +0300, Mary via mailop wrote:
> 
> Hello,
> 
> I am seeing a lot of DMARC errors with emails coming from tencent.com, I am
> not sure but based on the opendmarc errors I think these emails are
> forwarded via qq.com and the From domain is replaced from @tencent.com to
> @qq.com (keeping the user part intact).
> 
> The domain tencent.com has valid SPF+DMARC records, but the qq.com domain
> has no TXT records whatsoever.
> 
> Anyone else seen this issue before? is opendmarc at fault?
> 
> 
> -- SAMPLE
> Received: from smtpbg.qq.com (smtpbg552.qq.com [183.3.226.181])
> (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256
> bits))
> (No client certificate requested)
> by my.server.com (Postfix) with ESMTPS id D4ACD5XZ51
> for ; Fri, 21 May 2021 11:14:12 + (UTC)
> Authentication-Results: my.server.com; dmarc=fail (p=none dis=none)
> header.from=qq.com
> Authentication-Results: my.server.com; spf=pass smtp.mailfrom=l...@tencent.com
> Authentication-Results: my.server.com;
> dkim=pass (1024-bit key; unprotected) header.d=tencent.com
> header.i=@tencent.com header.a=rsa-sha256 header.s=s201512 header.b=Ucwje3sK


It's testing qq.com, not tencent.com. They do appear to have an SPF record,
fwiw. Which doesn't help DMARC if they don't replace the envelope sender.
They'd have to fix that or add a DKIM sig from qq.com. Not sure how tencent's
DKIM sig passed; that suggests they put the @qq.com in the From:, or else qq
resigned it with a tencent.com key after rewriting the From:. Neither is
helpful.

qq.com's DMARC policy is p=none, though. Which is good considering how broken
that mail is.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com

[Benoît Panizzon via mailop]

Update, feed the last PDF to Virustotal.

https://www.virustotal.com/gui/file/ad860365c07794fd64c6368db884faa495508b03826422eaa1cdb0d5266f5f42/detection

Yes, 6 Hits for 'Phishing Malware'. I suppose Adobe PDF reader is
vulnerable to this.

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Mass 'Girl Picture PDF' Spam Mails from various: outbound.protection.outlook.com

[Benoît Panizzon via mailop]

Hi List

Today, we are getting strange emails from various
outbound.protection.outlook.com ip addresses to all kind of
destination email addresses.

Strange thing is:

The have a HUGE list of recipients in the To: Header

They have nonsense 5 letter (3 and 2) Subjects.

The have nonsense content of usually a couple of characters (plain and
html)

They have a PDF attchement (200 to 400kb) containing a picture of a
girl.

There are no links, nothing advertised. So except of traffic, they
don't seem to make any sense for the sender (have not checked the PDF
for possible exploits, I'm using email PDF preview on linux, so no
'mainstream' PDF reader which could be vulnerable).

Does anyone know what the sender wants to achieve with those?

-- 
Mit freundlichen Grüssen

-Benoît Panizzon- @ HomeOffice und normal erreichbar
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] opendmarc fails with tencent.com emails

[Mary via mailop]

Hello,

I am seeing a lot of DMARC errors with emails coming from tencent.com, I am not 
sure but based on the opendmarc errors I think these emails are forwarded via 
qq.com and the From domain is replaced from @tencent.com to @qq.com (keeping 
the user part intact).

The domain tencent.com has valid SPF+DMARC records, but the qq.com domain has 
no TXT records whatsoever.

Anyone else seen this issue before? is opendmarc at fault?


-- SAMPLE
Received: from smtpbg.qq.com (smtpbg552.qq.com [183.3.226.181])
(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by my.server.com (Postfix) with ESMTPS id D4ACD5XZ51
for ; Fri, 21 May 2021 11:14:12 + (UTC)
Authentication-Results: my.server.com; dmarc=fail (p=none dis=none) 
header.from=qq.com
Authentication-Results: my.server.com; spf=pass smtp.mailfrom=l...@tencent.com
Authentication-Results: my.server.com;
dkim=pass (1024-bit key; unprotected) header.d=tencent.com 
header.i=@tencent.com header.a=rsa-sha256 header.s=s201512 header.b=Ucwje3sK


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Outlook for Mac email autofill

[Suresh Ramasubramanian via mailop]

Do you have something that auto replies to spam?

--srs

From: mailop  on behalf of John Lightfoot via mailop 

Sent: Friday, May 21, 2021 3:49:22 AM
To: mailop@mailop.org 
Subject: [mailop] Outlook for Mac email autofill


I don’t know if this is a bug or a feature, but when I start typing in the To: 
column in Outlook, I often get extremely spammy autofill choices, e.g. if I 
type “zu” in the To: field, autofill suggest Pornhub 
zun...@zunzzp.zunzzp.medknizhkanova.ru
 and zuma hamson mrhamsonzum...@gmail.com.



I’m using the Microsoft Outlook for Mac, Version 16.50 (21061903).  I’ve 
noticed this behavior for a while.  Is there a way to prevent this?



Thanks,

John



John Lightfoot
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anybody know Anthony Mitchell or Inboxsys?

[Anthony Mitchell via mailop]

Hello Anne,

I wanted to introduce myself, but then I saw that is not necessary 
anymore (Thanks Florian & Atro). Feel free to check my LinkedIn profile. 

You may not have heard of InboxSys , pure 
marketing isn't one of our strengths! But do check out our valued 
customers whom we've helped with E-Mail Deliverability.


I contacted your company as I really liked your article that I read on 
LinkedIn yesterday. For anyone that hasn't read it yet here is the link:

https://www.isipp.com/email-authentication-and-why-its-important-explained-in-simple-terms/

As per my message to your colleague on livechat, I'd be keen to discuss 
opportunities with you, off this list.


Coincidentally I am working on my family tree on ancestry.co.uk 
 at the moment, I will let you know if we 
end up being related!


Kind regards,
Anthony

PS I would love to have you as a guest on deliverability.tv 
 - this can be the prelude


On 20/05/2021 20:41, Anne P. Mitchell, Esq. via mailop wrote:



On May 20, 2021, at 1:32 PM, Florian Vierke via mailop  
wrote:

I‘ve been working with Anthony a few Years back at Teradata/eCircle. He joined 
Adobe and later Inboxsys. I can confirm, that he‘s 10y+ in the industry and has 
been to M3aawg, csa summit, was speaker at emailing 2020 
(https://youtu.be/Snue0SHOG3g) and so on. So yes, he does have some contacts ;)

We’re still running our Youtube channel deliverability.tv together, as much as 
time allows. :)

Regarding inboxsys - it‘s a rebranding of ‚mailmike‘ and exists for a few Years 
now as well. Mailmike was developed by Sebastiaan de Vos, formerly managing 
Deliverability at Emarsys.

Deliverability is a small, but nice family ;)

Florian, thank you so much!  That makes us feel much better!  Happy to share 
with a colleague, but so often it's people looking for intel to use for 
nefarious purposes.  I've also been provided with an intro through LinkedIn 
from another mutual contact.

Thank you again!

Anne

--
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop