Re: [mailop] Our experience on Gmail blacklisting our IPs range
On Tue, 5 Apr 2022 16:39:16 +, ml+mailop--- via mailop wrote: >BTW: AFAIK "don't be evil" is not Google's motto anymore. Geek tradition requires inserting "FSVO 'Evil'". mdr -- One thing you discover after opening a can of worms is that each worm is carrying another can. -- Shebardigan ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Our experience on Gmail blacklisting our IPs range
Anne Mitchell via mailop wrote on 2022-04-05 09:13: ... Amen. Good thing their motto is "don't be evil", can you imagine what they'd be doing otherwise? @k8emo made me laugh out loud one day when she said, "unlike google, there never was a time when uber wasn't evil." yikes! -- P Vixie ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Our experience on Gmail blacklisting our IPs range
On Tue, Apr 05, 2022, Paul Vixie via mailop wrote: > google e-mail addresses were signing up en masse for mailman lists here, and > the resulting confirmation e-mail from mailman was seen by google as spam. > i've since turned off confirmation e-mail, and i've added SPF checking to "confirmation e-mail": that would be the mail "please confirm that you want to subscribe to this list"? If you turned it off, does that mean anyone can subscribe addresses of all domains which do not use SPF? And all of that because Google has $#%!^! spam filtering -- way too many false positives. BTW: AFAIK "don't be evil" is not Google's motto anymore. -- Don't Cc: me, use only the list for replies. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Our experience on Gmail blacklisting our IPs range
> at MAPS we got sued a lot, but we always answered requests for removal from > the RBL. Which is one of the reasons that to this day MAPS is seen as the most ethical of RBLs (not to mention the first ;-)) ever. Even by some spammers. ;-) > what google is doing is an active harm which discredits the whole field of > distributed reputation. there should never be deliberate operational impact > without transparency and accountability. Amen. Good thing their motto is "don't be evil", can you imagine what they'd be doing otherwise? Anne (former in-house counsel for MAPS, one of the positions of which I am most proud, we did good work there!) -- Anne P. Mitchell, Attorney at Law CEO ISIPP SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] [External] Re: IP Reputation Services
>> FWIW - spamassassin checks the ISIPP by default since 3.10 and reduces >> the score if your address is found there. > > Unfortunately, too expensive for a little guy. Scott, it is free to query, I guess we need to make that clearer, the pricing you found is for senders wanting to be certified by us. Anne -- Anne P. Mitchell, Attorney at Law CEO ISIPP SuretyMail Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus: Mail Abuse Prevention System (MAPS) (now the anti-spam arm of TrendMicro) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Our experience on Gmail blacklisting our IPs range
Cyril - ImprovMX via mailop wrote on 2022-04-05 03:28: Hi everyone! Two weeks ago, we had two ranges of IP blocked by GMail and since they are a black box, we were in the dark about what would happen with the ban. ... Clearly, someone used the reputation of ImprovMX.com to deliver emails by forging them before delivery. when this happened to my primary outbound IP, it turned out to be that google e-mail addresses were signing up en masse for mailman lists here, and the resulting confirmation e-mail from mailman was seen by google as spam. i've since turned off confirmation e-mail, and i've added SPF checking to the inbound e-mail path. ... After around a week, we restarted the IP and they were accepted by Gmail! We haven't received any responses from the form we submitted, nor from anywhere else. when this happened to me, it went on for months. i hired an outbound e-mail delivery service and taught postfix how to route mail to google's MX servers through that service. this was fraught with pain, and so i eventually renumbered my primary outbound server to a different IP in the same /24. problem "solved". ... My key takeaway here in case your IPs are banned by Gmail is: * First - and most importantly - find and stop the root cause of the problem * If you can, stop sending with these IPs (after fixing the issue, otherwise you'll get your other IP listed too!) * Reach out to Gmail via https://support.google.com/mail/contact/bulk_send_new * Try restarting your IP from time to time. tyvm, i wish i had had this guidance available when this happened to me. ... I hope this will help some of you. Being blocked by Gmail is hard, and facing a black box makes it even harder. You don't know where to look, you don't know what to do, you don't know who to reach out to. at MAPS we got sued a lot, but we always answered requests for removal from the RBL. what google is doing is an active harm which discredits the whole field of distributed reputation. there should never be deliberate operational impact without transparency and accountability. ... but the general feeling was clearly that Gmail is not on this world. May your IPs stay out of DNSBLs. yes, and yes. -- P Vixie ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Our experience on Gmail blacklisting our IPs range
Hi everyone! Two weeks ago, we had two ranges of IP blocked by GMail and since they are a black box, we were in the dark about what would happen with the ban. We made some progress since then and I wanted to share with you what happened, what we did, and what resulted from it because it might help others have their IP unblocked by Gmail. About two weeks ago, we started receiving abuses reports because somehow our emails were used as spam. At first, I thought they were occasional and discarded them (we get a few from time to time), but they kept arriving, and we had more and more reports every day (up to around 50 abuses reports per day). I started retracing the emails back (we add some headers that help us identify the whole flow) and discovered that many reports were originating from the same email. The abuse reports included a spamcop.net report with the entire email (but with the destination recipient removed). My initial assumption, then, was to believe that OVH (our hosting provider, sending us the abuse reports) and/or Spamcop.net weren't checking for duplicates, and someone sending many abuse reports from the same email triggered the notifications, every time. After a discussion with OVH about this potential issue, I discovered that the problem was worst than that. By comparing all the emails from Spamcop.net reports, I discovered that they were from a few emails, but then, they had new headers added on top. This included a new "To", "Subject" and "Date" header. An email sent 4 days ago was sent again, with an updated date. The initial "Subject" was basic things like "hello" and the new Subject added at the top was more spammy (the typical horny stuff). Clearly, someone used the reputation of ImprovMX.com to deliver emails by forging them before delivery. It took us a few days to realize this whole situation, which caused our domain and IP reputation to take a serious hit. As soon as we uncovered it, we started blocking all the domains that were doing this. We also were able to retrace other accounts created by the same user and blocked all the domains. All of these domains were free ones (ending in .ml, .cf, .gq, .ga, etc) so we also decided to stop accepting these domains. But the harm was done, for 50% of all our IPs, Gmail stopped accepting them and was returning "*Our system has detected that this message is likely suspicious due to the very low reputation of the sending domain. To best protect our users from spam, the message has been blocked*". We started to panic. We know that Gmail is impossible to reach out to, and we had absolutely no idea if these IPs were blocked forever, or, if not, for how long. The first thing we did was to stop running these IPs for a while. We also went to this URL ( https://support.google.com/mail/contact/bulk_send_new) and submitted everything we could, by being the most verbose possible. And we waited... We tried restarting the IP the next day, but they were still being refused so we disabled them. After around a week, we restarted the IP and they were accepted by Gmail! We haven't received any responses from the form we submitted, nor from anywhere else. Our domain reputation is still in the "bad" from the Postmaster tool ( https://gmail.com/postmaster/) and we are trying to find ways to reverse it (still haven't figured that one) but the IPs are now working again. My key takeaway here in case your IPs are banned by Gmail is: - First - and most importantly - find and stop the root cause of the problem - If you can, stop sending with these IPs (after fixing the issue, otherwise you'll get your other IP listed too!) - Reach out to Gmail via https://support.google.com/mail/contact/bulk_send_new - Try restarting your IP from time to time. Someone working at Google told us that their Spam Ops were easily removing the flags on the IPs when it was the first time, so if you get your IP frequently blocked at Google, maybe this won't apply to you. I hope this will help some of you. Being blocked by Gmail is hard, and facing a black box makes it even harder. You don't know where to look, you don't know what to do, you don't know who to reach out to. My associate sent a message on this mailing list regarding our issue, trying to have feedback on what to do and if someone else already faced this, and we had some awesome help and feedback from people (thank you so much) but the general feeling was clearly that Gmail is not on this world. May your IPs stay out of DNSBLs. Best, Cyril ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
