Re: [mailop] Vade - Blacklisting

2021-08-16 Thread Scott Undercofler via mailop 
I replied to Scott off list but it might have gotten spam foldered. 

> On Aug 16, 2021, at 7:32 PM, Al Iverson via mailop  wrote:
> 
> You might find https://sendertool.vadesecure.com/ to be a better way
> to work through the issue.
> 
> Good luck,
> Al Iverson
> 
>> On Mon, Aug 16, 2021 at 12:24 PM Scott Mutter via mailop
>>  wrote:
>> 
>> Anybody from Vade on the list able to give any details as to why 
>> 66.11.124.112 is listed?
>> 
>> Apparently Comcast uses Vade as part of their blacklist and this IP is being 
>> blocked by Comcast's mail servers
>> 
>> 554 resimta-po-40v.sys.comcast.net resimta-po-40v.sys.comcast.net 
>> 66.11.124.112 found on one or more DNSBLs, see 
>> http://postmaster.comcast.net/smtp-error-codes.php#BL001000
>> 
>> Going to http://postmaster.comcast.net/smtp-error-codes.php#BL001000 leads 
>> to a spill where they pass the buck to Vade.
>> 
>> Would really like to know why this IP is listed with Vade.  Or does Vade 
>> just add IPs to their blacklist because they can?
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> 
> 
> 
> -- 
> Al Iverson // Wombatmail // Chicago
> Deliverability: https://spamresource.com
> DNS Tools: https://xnnd.com
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Vade - Blacklisting

2021-08-16 Thread Al Iverson via mailop 
You might find https://sendertool.vadesecure.com/ to be a better way
to work through the issue.

Good luck,
Al Iverson

On Mon, Aug 16, 2021 at 12:24 PM Scott Mutter via mailop
 wrote:
>
> Anybody from Vade on the list able to give any details as to why 
> 66.11.124.112 is listed?
>
> Apparently Comcast uses Vade as part of their blacklist and this IP is being 
> blocked by Comcast's mail servers
>
> 554 resimta-po-40v.sys.comcast.net resimta-po-40v.sys.comcast.net 
> 66.11.124.112 found on one or more DNSBLs, see 
> http://postmaster.comcast.net/smtp-error-codes.php#BL001000
>
> Going to http://postmaster.comcast.net/smtp-error-codes.php#BL001000 leads to 
> a spill where they pass the buck to Vade.
>
> Would really like to know why this IP is listed with Vade.  Or does Vade just 
> add IPs to their blacklist because they can?
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop



-- 
Al Iverson // Wombatmail // Chicago
Deliverability: https://spamresource.com
DNS Tools: https://xnnd.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Vade - Blacklisting

2021-08-16 Thread Jay Hennigan via mailop 

On 8/16/21 18:07, Scott Mutter via mailop wrote:

Thanks Alex.

This looks to be working now.

Was this being blocked by Comcast or by Vade?


Blocked by Comcast due to being listed on Vade's RBL.

RBLs by themselves don't block anything. They just list things to aid 
others in making blocking decisions.


Unfortunately I don't have services or access to the whole /24.  Tis a 
shame that an entire Class-C had to be blocked.


Probably time to talk to your ISP and ask them to be more responsive to 
complaints. Someone within that /24 likely has been spamming and 
ignoring complaints for a while. Or worse -- two someones, one in a 
block above and one below your allocation.


NetRange:   66.11.124.0 - 66.11.124.255
CIDR:   66.11.124.0/24
NetName:TIERNET-IPV4-BLK2
NetHandle:  NET-66-11-124-0-1
Parent: GNS-4 (NET-66-11-112-0-1)
NetType:Reallocated
OriginAS:   AS17216
Organization:   Tier.Net Technologies LLC (TTL-100)


OrgAbuseHandle: ABUSE4758-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  +1-888-518-0288
OrgAbuseEmail:  abuse-t...@tier.net


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Vade - Blacklisting

2021-08-16 Thread Scott Mutter via mailop 
Thanks Alex.

This looks to be working now.

Was this being blocked by Comcast or by Vade?

Unfortunately I don't have services or access to the whole /24.  Tis a
shame that an entire Class-C had to be blocked.

On Mon, Aug 16, 2021 at 2:55 PM Brotman, Alex 
wrote:

> Not sure why my response didn’t go to the list:
>
>
>
> Scott,
>
>
>
> It looks like the /24 is blocked, and I’ll see if I can find out why (I’ll
> reply off-list with that info).  In the meantime, we’ll put in an exemption
> for the range.  That should be in place shortly.
>
>
>
>
>
>
>
>
>
> --
>
> Alex Brotman
>
> Sr. Engineer, Anti-Abuse & Messaging Policy
>
> Comcast
>
>
>
> *From:* mailop  *On Behalf Of *Scott Mutter
> via mailop
> *Sent:* Monday, August 16, 2021 2:25 PM
> *To:* mailop@mailop.org
> *Subject:* [EXTERNAL] Re: [mailop] Vade - Blacklisting
>
>
>
> Got the response:
>
>
>
> *Hello,*
>
>
>
>
> *Thank you for your report. It has been taken into account in our
> continuous improvement processus. We will get back to you if necessary.
> Please note that the analysis may take a few days and your situation might
> improve in the meantime. We advise you to keep an eye on your performance.*
>
> *Regards*
>
> *Your Anti-Abuse Vade team.*
>
>
>
> And it's still blocked.
>
> Apologies because I'm probably not in the right state of mind right now.
> This is kind of a tipping point for me right now.  Just really frustrated
> at providers like this that feel they can hold us hostage simply because
> we're not Microsoft, or Yahoo, or Google.
>
> I mean, if the IP is really sending out spam (why is it not on any other
> blacklist?) then I want to know.  I want to remedy the situation.  But to
> block an IP for no reason.  To refuse to unblock an IP for no reason.  ...
> Why is a reputable company like Comcast (?) going to bed with such an
> entity?
>
>
>
> On Mon, Aug 16, 2021 at 1:03 PM Al Iverson 
> wrote:
>
> You might find https://sendertool.vadesecure.com/
> 
> to be a better way
> to work through the issue.
>
> Good luck,
> Al Iverson
>
> On Mon, Aug 16, 2021 at 12:24 PM Scott Mutter via mailop
>  wrote:
> >
> > Anybody from Vade on the list able to give any details as to why
> 66.11.124.112 is listed?
> >
> > Apparently Comcast uses Vade as part of their blacklist and this IP is
> being blocked by Comcast's mail servers
> >
> > 554 resimta-po-40v.sys.comcast.net resimta-po-40v.sys.comcast.net
> 66.11.124.112 found on one or more DNSBLs, see
> http://postmaster.comcast.net/smtp-error-codes.php#BL001000
> 
> >
> > Going to http://postmaster.comcast.net/smtp-error-codes.php#BL001000
> 
> leads to a spill where they pass the buck to Vade.
> >
> > Would really like to know why this IP is listed with Vade.  Or does Vade
> just add IPs to their blacklist because they can?
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> 
>
>
>
> --
> Al Iverson // Wombatmail // Chicago
> Deliverability: https://spamresource.com
> 
> DNS Tools: https://xnnd.com
> 
>
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Vade - Blacklisting

2021-08-16 Thread Brotman, Alex via mailop 
Scott,

It looks like the /24 is blocked, and I’ll see if I can find out why (I’ll 
reply off-list with that info).  In the meantime, we’ll put in an exemption for 
the range.  That should be in place shortly.

--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast

From: mailop  On Behalf Of Scott Mutter via mailop
Sent: Monday, August 16, 2021 2:25 PM
To: mailop@mailop.org
Subject: [EXTERNAL] Re: [mailop] Vade - Blacklisting

Got the response:


Hello,

Thank you for your report.
It has been taken into account in our continuous improvement processus. We will 
get back to you if necessary.
Please note that the analysis may take a few days and your situation might 
improve in the meantime.
We advise you to keep an eye on your performance.

Regards

Your Anti-Abuse Vade team.



And it's still blocked.

Apologies because I'm probably not in the right state of mind right now.  This 
is kind of a tipping point for me right now.  Just really frustrated at 
providers like this that feel they can hold us hostage simply because we're not 
Microsoft, or Yahoo, or Google.

I mean, if the IP is really sending out spam (why is it not on any other 
blacklist?) then I want to know.  I want to remedy the situation.  But to block 
an IP for no reason.  To refuse to unblock an IP for no reason.  ... Why is a 
reputable company like Comcast (?) going to bed with such an entity?

On Mon, Aug 16, 2021 at 1:03 PM Al Iverson 
mailto:aiver...@wombatmail.com>> wrote:
You might find 
https://sendertool.vadesecure.com/
 to be a better way
to work through the issue.

Good luck,
Al Iverson

On Mon, Aug 16, 2021 at 12:24 PM Scott Mutter via mailop
mailto:mailop@mailop.org>> wrote:
>
> Anybody from Vade on the list able to give any details as to why 
> 66.11.124.112 is listed?
>
> Apparently Comcast uses Vade as part of their blacklist and this IP is being 
> blocked by Comcast's mail servers
>
> 554 resimta-po-40v.sys.comcast.net 
> resimta-po-40v.sys.comcast.net 
> 66.11.124.112 found on one or more DNSBLs, see 
> http://postmaster.comcast.net/smtp-error-codes.php#BL001000
>
> Going to 
> http://postmaster.comcast.net/smtp-error-codes.php#BL001000
>  leads to a spill where they pass the buck to Vade.
>
> Would really like to know why this IP is listed with Vade.  Or does Vade just 
> add IPs to their blacklist because they can?
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop



--
Al Iverson // Wombatmail // Chicago
Deliverability: 
https://spamresource.com
DNS Tools: 
https://xnnd.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Vade - Blacklisting

2021-08-16 Thread Jarland Donnell via mailop 
Usually with strong consistency I can check an IP against my systems and 
see why it's listed anywhere. I see no spam from 66.11.124.112 between 
the 25th of last month and today (which is all I can speak for). Most 
likely they'll honor your removal request and work with you quite well. 
Vade is very fair.


On 2021-08-16 12:20, Scott Mutter via mailop wrote:

Anybody from Vade on the list able to give any details as to why
66.11.124.112 is listed?

Apparently Comcast uses Vade as part of their blacklist and this IP is
being blocked by Comcast's mail servers

554 resimta-po-40v.sys.comcast.net [1] resimta-po-40v.sys.comcast.net
[1] 66.11.124.112 found on one or more DNSBLs, see
http://postmaster.comcast.net/smtp-error-codes.php#BL001000

Going to http://postmaster.comcast.net/smtp-error-codes.php#BL001000
leads to a spill where they pass the buck to Vade.

Would really like to know why this IP is listed with Vade.  Or does
Vade just add IPs to their blacklist because they can?

Links:
--
[1] http://resimta-po-40v.sys.comcast.net
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Vade - Blacklisting

2021-08-16 Thread Scott Mutter via mailop 
Got the response:

*Hello,*




*Thank you for your report. It has been taken into account in our
continuous improvement processus. We will get back to you if necessary.
Please note that the analysis may take a few days and your situation might
improve in the meantime. We advise you to keep an eye on your performance.*

*Regards*

*Your Anti-Abuse Vade team.*


And it's still blocked.

Apologies because I'm probably not in the right state of mind right now.
This is kind of a tipping point for me right now.  Just really frustrated
at providers like this that feel they can hold us hostage simply because
we're not Microsoft, or Yahoo, or Google.

I mean, if the IP is really sending out spam (why is it not on any other
blacklist?) then I want to know.  I want to remedy the situation.  But to
block an IP for no reason.  To refuse to unblock an IP for no reason.  ...
Why is a reputable company like Comcast (?) going to bed with such an
entity?

On Mon, Aug 16, 2021 at 1:03 PM Al Iverson  wrote:

> You might find https://sendertool.vadesecure.com/ to be a better way
> to work through the issue.
>
> Good luck,
> Al Iverson
>
> On Mon, Aug 16, 2021 at 12:24 PM Scott Mutter via mailop
>  wrote:
> >
> > Anybody from Vade on the list able to give any details as to why
> 66.11.124.112 is listed?
> >
> > Apparently Comcast uses Vade as part of their blacklist and this IP is
> being blocked by Comcast's mail servers
> >
> > 554 resimta-po-40v.sys.comcast.net resimta-po-40v.sys.comcast.net
> 66.11.124.112 found on one or more DNSBLs, see
> http://postmaster.comcast.net/smtp-error-codes.php#BL001000
> >
> > Going to http://postmaster.comcast.net/smtp-error-codes.php#BL001000
> leads to a spill where they pass the buck to Vade.
> >
> > Would really like to know why this IP is listed with Vade.  Or does Vade
> just add IPs to their blacklist because they can?
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
>
>
>
> --
> Al Iverson // Wombatmail // Chicago
> Deliverability: https://spamresource.com
> DNS Tools: https://xnnd.com
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Vade - Blacklisting

2021-08-16 Thread Jay Hennigan via mailop 

On 8/16/21 10:20, Scott Mutter via mailop wrote:
Anybody from Vade on the list able to give any details as to 
why 66.11.124.112 is listed?


Apparently Comcast uses Vade as part of their blacklist and this IP is 
being blocked by Comcast's mail servers


Did you jump through the flaming hoop?

https://sendertool.vadesecure.com/en/


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Vade - Blacklisting

2021-08-16 Thread Scott Mutter via mailop 
Anybody from Vade on the list able to give any details as to
why 66.11.124.112 is listed?

Apparently Comcast uses Vade as part of their blacklist and this IP is
being blocked by Comcast's mail servers

554 resimta-po-40v.sys.comcast.net resimta-po-40v.sys.comcast.net
66.11.124.112 found on one or more DNSBLs, see
http://postmaster.comcast.net/smtp-error-codes.php#BL001000

Going to http://postmaster.comcast.net/smtp-error-codes.php#BL001000 leads
to a spill where they pass the buck to Vade.

Would really like to know why this IP is listed with Vade.  Or does Vade
just add IPs to their blacklist because they can?
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] Hotmail spam (again)

2021-08-16 Thread Peter N. M. Hansteen via mailop 
On Mon, Aug 16, 2021 at 05:25:57AM -0400, Kevin A. McGrail via mailop wrote:
> 
> Microsoft, at a minimum, has 4 domains under their freemail umbrella: 
> hotmail.com, msn.com, live.com and outlook.com.

In addition, you will see a number of outlook.$countrytld such as outlook.jp, 
outlook.it,
and I think the same applies for hotmail. So basically a metric assload of 
domains
to look out for. Keep in mind that your users will likely have contacts who use
one of those freemail domains for inertia reasons.

> Checking a few days on one server and I see inbound freemail emails from IPs
> in in 104.47.108 & 104.47.109 rarely and the bulk in in 40.92.x.x.
> 
> Checking the logs for inbound on the same server for the same date range
> that isn't from the 4 freemail that advertises
> *.outbound.protection.outlook.com, shows at least some in 104.47. and 40.92/
> 
> And per 
> https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide,
> 40.92 is listed for *.mail.protection.outlook.com, so at least according to
> their documentation there is overlap and my logs appear to confirm it.  They
> are big ranges though so they might have it carved out but likely you have
> to ask Microsoft.

No method is guaranteed to be flawless, but the best suggestion I have is to 
take Microsoft's SPF info and go from there. Keep in mind that the info they
publish may vary by region.

If you're lucky enough to have a system with OpenSMTPd within reach, 
'smtpctl spf walk' for a domain will be useful to retrieve that info
(see https://bsdly.blogspot.com/2018/11/goodness-enumerated-by-robots-or.html 
for related musings).

All the best,
Peter


-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] Hotmail spam (again)

2021-08-16 Thread Kevin A. McGrail via mailop 

Good morning,
Yes sorry. That's my point. You cannot filter MS junk by its headers 
(as far as I know)
No, but there are techniques in SpamAssassin for things such as 
transaction reputation and whether it's coming from a freemail 
provider.  This is not a new phenomenon in the anti-spam world that 
spammers are using freemail systems and it can be a good data point in 
analysis.


Perhaps you were just showing the IPs but I think you will find that 
hotmail/live/msn/outlook use all the same IPs but I could be wrong.  
They likely come under the "to big to block" so content and 
transaction analysis is what I use with Apache SpamAssassin.


I was hoping that maybe they used a separate address range for free 
Hotmail accounts. That would be helpful.


Your email was too much of a red herring IMO so you might re-ask that 
specific question.  Some notes from me on the topic:


Microsoft, at a minimum, has 4 domains under their freemail umbrella:  
hotmail.com, msn.com, live.com and outlook.com.


Checking a few days on one server and I see inbound freemail emails from 
IPs in in 104.47.108 & 104.47.109 rarely and the bulk in in 40.92.x.x.


Checking the logs for inbound on the same server for the same date range 
that isn't from the 4 freemail that advertises 
*.outbound.protection.outlook.com, shows at least some in 104.47. and 40.92/


And per 
https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide, 
40.92 is listed for *.mail.protection.outlook.com, so at least according 
to their documentation there is overlap and my logs appear to confirm 
it.  They are big ranges though so they might have it carved out but 
likely you have to ask Microsoft.


Regards,
KAM


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] Hotmail spam (again)

2021-08-16 Thread Markus E. via mailop 

On Sun, 15 Aug 2021, Kevin A. McGrail via mailop wrote:


On 8/15/2021 8:05 AM, Markus E. via mailop wrote:

How do you guys combat Hotmail spam?


Markus, I did not see anything in the snippet that you posted that was 
of help to block the emails.


Yes sorry. That's my point. You cannot filter MS junk by its headers (as 
far as I know)


Perhaps you were just showing the IPs but 
I think you will find that hotmail/live/msn/outlook use all the same IPs 
but I could be wrong.  They likely come under the "to big to block" so 
content and transaction analysis is what I use with Apache SpamAssassin.


I was hoping that maybe they used a separate address range for free 
Hotmail accounts. That would be helpful.



Regards,

KAM


Thanks

Markus E.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop