Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Ted Hatfield via mailop]

On Tue, 26 Apr 2022, Rob McEwen via mailop wrote:


On 4/26/2022 10:27 PM, Al Iverson via mailop wrote:

and solid spam folder placement



I disagree  - and here is why:

(1) somewhere roughly around 5 to 10 years ago - there were numerous 
articles/discussions about how the spam problem was largely "solved" - and 
people were getting less spam in their inbox. Anecdotally, and for 
perspective, around that time, I recall having a customer (for whom I provide 
email hosting) who got ANGRY at me when they spotted 1 spam in their inbox 
one particular day - 1 spam - and it wasn't even that egregious (not a phish 
or virus, etc). Why? They had gotten so used to seeing zero for many days in 
a row - that 1 was suddenly something to get angry about. Remember those 
days? But now - several years later - there is a building consensus that many 
are getting more and more frustrated with what's suddenly making it past 
their spam folder and into the inbox. So spam is suddenly a worse problem and 
is suddenly UNsolved. I continually see articles about that frustration in my 
new feeds. It didn't get that way overnight - more like it "snuck up on us"! 
But it's suddenly hitting a critical mass in terms of recognition - it more 
recently sort of "tipped the scales" - and the MAIN reason for this - is 
largely BECAUSE of how much more such spams - much MORE than there used to be 
even just a few years ago - are being sent from gmail, g-suite, 
outlook/hotmail, o365, and various ESPs who have figured out that they're 
"too big to block". The largest and most recent trend contributing to this... 
is a huge surge in spam over the past several months which are sent from 
gmail, as well as more ESPs providing "tracking links" that enable the 
spammers to not have to expose their own domains. The sudden increase in 
those two situations is causing this to be an suddenly worsening situation.


(2) This is putting a larger burden on spam filtering and DNSBLs and 
anti-spam tech providers. We're all having to work extra hard, in some cases 
doing massive renovations to our data to handle these changes - much of that, 
again, is due to gmail suddenly being the "wild west" - that combined with as 
other such things that are causing sending-IP-DNSBLs as well as lists that 
block based on the domain in the links - to NOT work AT ALL for MANY of these 
types of spams. Therefore - this is absolutely an "operational issue" - 
because the costs and resources to deal with this - have been shifted from 
those who are guilty of caring about the abuse sent from their networks - and 
which they are often FACILITATING - to this cost being shifted the the 
recipients' networks/systems which are being abused.


(3) And even the spam filtering success you're seeing - where filters are 
putting these in the spam folder - those situations STILL suddenly require a 
larger amount of costs and resources on the part of the spam tech departments 
and tech-providers - as a DIRECT result of how these other systems are more 
often now facilitating the exact types of spams that take more tech and more 
resources (CPU, more anti-spam tech added, etc) to catch!


(4) As a result - for 1 example - before too long from now - the majority of 
spam that invaluement data will be blocking - won't even be due to the types 
of data we're currently delivering - we're currently having to re-engineer 
our entire system as a result of this - doing the R over the past 4 years 
(that's finally coming to fruition), what had previously been done over the 
previous 12 years (btw - as a result - I don't have a life right now - 
haven't had one in many months! Gee thanks, gmail). And that's representative 
of this cost-shifting and burden-shifting - that is ethically reprehensible.


--
Rob McEwen, invaluement



I've been saying something similar for quite some time now to anyone who 
would listen.  Fortunately you've done so in a more deliberative and sane 
manner than I usually do.


You have my sincere thanks for posting such a thoughtful response.


Ted Hatfield

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Rob McEwen via mailop]

On 4/26/2022 10:27 PM, Al Iverson via mailop wrote:

and solid spam folder placement



I disagree  - and here is why:

(1) somewhere roughly around 5 to 10 years ago - there were numerous 
articles/discussions about how the spam problem was largely "solved" - 
and people were getting less spam in their inbox. Anecdotally, and for 
perspective, around that time, I recall having a customer (for whom I 
provide email hosting) who got ANGRY at me when they spotted 1 spam in 
their inbox one particular day - 1 spam - and it wasn't even that 
egregious (not a phish or virus, etc). Why? They had gotten so used to 
seeing zero for many days in a row - that 1 was suddenly something to 
get angry about. Remember those days? But now - several years later - 
there is a building consensus that many are getting more and more 
frustrated with what's suddenly making it past their spam folder and 
into the inbox. So spam is suddenly a worse problem and is suddenly 
UNsolved. I continually see articles about that frustration in my new 
feeds. It didn't get that way overnight - more like it "snuck up on us"! 
But it's suddenly hitting a critical mass in terms of recognition - it 
more recently sort of "tipped the scales" - and the MAIN reason for this 
- is largely BECAUSE of how much more such spams - much MORE than there 
used to be even just a few years ago - are being sent from gmail, 
g-suite, outlook/hotmail, o365, and various ESPs who have figured out 
that they're "too big to block". The largest and most recent trend 
contributing to this... is a huge surge in spam over the past several 
months which are sent from gmail, as well as more ESPs providing 
"tracking links" that enable the spammers to not have to expose their 
own domains. The sudden increase in those two situations is causing this 
to be an suddenly worsening situation.


(2) This is putting a larger burden on spam filtering and DNSBLs and 
anti-spam tech providers. We're all having to work extra hard, in some 
cases doing massive renovations to our data to handle these changes - 
much of that, again, is due to gmail suddenly being the "wild west" - 
that combined with as other such things that are causing 
sending-IP-DNSBLs as well as lists that block based on the domain in the 
links - to NOT work AT ALL for MANY of these types of spams. Therefore - 
this is absolutely an "operational issue" - because the costs and 
resources to deal with this - have been shifted from those who are 
guilty of caring about the abuse sent from their networks - and which 
they are often FACILITATING - to this cost being shifted the the 
recipients' networks/systems which are being abused.


(3) And even the spam filtering success you're seeing - where filters 
are putting these in the spam folder - those situations STILL suddenly 
require a larger amount of costs and resources on the part of the spam 
tech departments and tech-providers - as a DIRECT result of how these 
other systems are more often now facilitating the exact types of spams 
that take more tech and more resources (CPU, more anti-spam tech added, 
etc) to catch!


(4) As a result - for 1 example - before too long from now - the 
majority of spam that invaluement data will be blocking - won't even be 
due to the types of data we're currently delivering - we're currently 
having to re-engineer our entire system as a result of this - doing the 
R over the past 4 years (that's finally coming to fruition), what had 
previously been done over the previous 12 years (btw - as a result - I 
don't have a life right now - haven't had one in many months! Gee 
thanks, gmail). And that's representative of this cost-shifting and 
burden-shifting - that is ethically reprehensible.


--
Rob McEwen, invaluement

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Al Iverson via mailop]

On Tue, Apr 26, 2022 at 5:54 PM Matt Vernhout via mailop
 wrote:
>
> One rogue sales person sending cold email doesn’t mean the whole company is 
> bad either.

Things that really grind my gears:
- Business practices or industries that engender abuse (looking at
you, payday loans)
- Sheer volume of abuse
- Ongoing abuse
- Ignoring reports of abuse

Things that don't really grind my gears:
- One email that is clearly irritating, not yet definitively bulk, not
clearly reported, and where it feels like the originating or
responsible entity hasn't been given a chance to investigate or
respond.

My spamtraps are full of lots of things, and none of them are
ActiveCampaign salespeople gone wild.

Sales people sending cold emails irritate me. I get way too much of it
at my new job. But it pretty much just about all lands in the spam
folder, because their model of B2B trickle sending from Gmail or
Outlook365 (or one of those crappy "cold email" sending platforms),
trying to drum up leads and getting few responses results in low
engagement and solid spam folder placement, that is darn near
unfixable because of its flawed design as a practicel. It is, in
short, not really an OPERATIONAL mail issue, and is darn near already
addressed from the ISP/MBP filer/reputation perspective, from my view,
so I typically wouldn't even wax poetic about it here on Mailop,
personally.

Cheers,
Al Iverson

-- 
Al Iverson / Deliverability blogging at www.spamresource.com
Subscribe to the weekly newsletter at wombatmail.com/sr.cgi
DNS Tools at xnnd.com / (312) 725-0130 / Chicago (Central Time)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Alex Burch via mailop]

This is definitely embarrassing for us (ActiveCampaign) and I appreciate
the call out Anne.

Fwiw, I can honestly say our abuse desk does respond to all cases there and
if you had sent it there they would have seen it and done something at the
least.

Still doesn’t justify the garbage out Marketing team was apparently sending
and I will be sure we address this internally.

Feel free to reach out off list Anne and I can help get to the bottom of
this. Same goes for anyone else who sees garbage coming from
ActiveCampaign. We try, but as we grow this just gets harder as many of you
probably know.

On Tue, Apr 26, 2022 at 3:52 PM Matt Vernhout via mailop 
wrote:

> Sure but Active Campaign sent this not Shopify.
>
> One rogue sales person sending cold email doesn’t mean the whole company
> is bad either.
>
> ~
> Matt
>
> > On Apr 26, 2022, at 18:47, Richard W via mailop 
> wrote:
> >
> > Isn't Shopify Canadian?  Hand it off to the CRTC
> >
> > Richard
> >
> > On 2022-04-26 4:27 p.m., Anne Mitchell via mailop wrote:
>  On Apr 26, 2022, at 3:59 PM, Michael Rathbun via mailop <
> mailop@mailop.org> wrote:
> >>>
> >>> On Tue, 26 Apr 2022 15:30:28 -0600, Anne Mitchell via mailop
> >>>  wrote:
> >>>
>  WTaF??
> >>>
> >>> I presume they are encouraging you to spam your legal services through
> them,
> >>> rather than on the cover and spine of the local Yellow Pages™?
> >> It's worse than that, the spam is for *no* sort of business even
> remotely related to anything I do - it's for "my" Shopify store!  I've
> never had an ecomm store in my life, let alone a Shopify store.
> >> And, it went to my normal ISIPP address, I mean, you'd think they'd
> know...
> >> Anne
> >> ---
> >> Outsource your email deliverability headaches to us, and get to the
> inbox, guaranteed!
> >>
> https://urldefense.com/v3/__http://www.GetToTheInbox.com__;!!JIZ-LZtDGnv5HBqN_A!LUdQY2Ak2FCMwxw0OtDk--7A214ljv7fsVo281sfmotB2S9gwsTYZ3WoAw3gsz5x_Zf91LEYHI2yx_9ATb8$
> >> Anne P. Mitchell,  Esq.
> >> CEO Get to the Inbox by SuretyMail
> >> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email
> marketing law)
> >> Author: The Email Deliverability Handbook
> >> Board of Directors, Denver Internet Exchange
> >> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
> >> Prof. Emeritus, Lincoln Law School
> >> Chair Emeritus, Asilomar Microcomputer Workshop
> >> Counsel Emeritus, MAPS: Mail Abuse Prevention System (now the anti-spam
> division of TrendMicro)
> >> ___
> >> mailop mailing list
> >> mailop@mailop.org
> >>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!LUdQY2Ak2FCMwxw0OtDk--7A214ljv7fsVo281sfmotB2S9gwsTYZ3WoAw3gsz5x_Zf91LEYHI2yz1MYaJI$
> > ___
> > mailop mailing list
> > mailop@mailop.org
> >
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!LUdQY2Ak2FCMwxw0OtDk--7A214ljv7fsVo281sfmotB2S9gwsTYZ3WoAw3gsz5x_Zf91LEYHI2yz1MYaJI$
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!JIZ-LZtDGnv5HBqN_A!LUdQY2Ak2FCMwxw0OtDk--7A214ljv7fsVo281sfmotB2S9gwsTYZ3WoAw3gsz5x_Zf91LEYHI2yz1MYaJI$
>
-- 
Thanks,
Alex


--

Alexander Burch
ActiveCampaign / Senior Deliverability Engineer
abu...@activecampaign.com
1 North Dearborn St Suite 500, Chicago IL, 60602






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Dan Mahoney via mailop]

> On Apr 26, 2022, at 10:18 AM, Robert L Mathews via mailop  
> wrote:
> 
> We've recently been getting more complaints about seemingly valid messages 
> that are rejected when we forward them. Tracking down the problem, it happens 
> when:
> 
> 1. The message that we receive from a third party has line lengths that 
> exceed 998 bytes in violation of RFC 5322 2.1.1;
> 
> 2. The message envelope sender uses SPF "-all";
> 
> 3. The message has a valid, aligned DKIM signature matching the From header 
> when it arrives;
> 
> 4. Postfix wraps the message at 998 bytes when forwarding it due to 
> ;
> 
> 5. This breaks the DKIM signature in the forwarded copy, because addition of 
> the "CR-LF-SP" changes the DKIM body hash;
> 
> 6. The forwarding destination finds no valid DKIM signature, so it uses the 
> SPF "-all" and rejects it with a message like this Gmail example: "550 5.7.26 
> This message does not have authentication information or fails to pass 
> authentication checks".
> 
> How do other people handle this problem? I've seen suggestions of simply 
> preventing Postfix from doing any wrapping, like:
> 
> https://github.com/trusteddomainproject/OpenDMARC/issues/166
> 
> It feels a little evil to just pass non-SMTP compliant messages on to others, 
> but on the other hand, changing the body of a message that has a DKIM 
> signature is clearly wrong, too.

The pedantic* answer here might be to make postfix smart enough to not apply 
this logic *if* there's a DKIM signature with simple/simple in the 
canonicalization.

Postfix itself has zero knowledge of these headers, so adding conditionals to 
tweak this would probably be more trouble than it's worth.

The only way this will pass into gmail is if postfix practices that age-old 
adage of computing: garbage in, garbage out.

-Dan

-- 

* Because you can't have pedantic without "Dan"
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Dave Crocker via mailop]

On 4/26/2022 10:37 AM, Brandon Long via mailop wrote:

Transforming messages for relay is not likely to go well.



This seems an essential point.

It would be worth pressing for some discussion on it, and if possible 
develop as strong a rough consensus on as possible.


There is likely an easy position to take, based on formalities, but this 
being an operations-oriented list, one would hope that operational 
pragmatics would dominate...


d/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[Byung-Hee HWANG via mailop]

> Google might not be sending inter-domain reports
> since your hosted there.

Maybe True. So Jesse is good with "jesse+someth...@mbuki-mvuki.org"
instead of "postmas...@mbuki-mvuki.org".

And this is mine:


Thanks ^^^

Sincerely, Linux fan Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Brett Schenker via mailop]

They've been emailing me for a while now for an address that has nothing to
do with the email work I do. I've been trying to figure out how they got
the address.

Brett

On Tue, Apr 26, 2022 at 5:38 PM Anne Mitchell via mailop 
wrote:

> WTaF?? (Excuse the unladylike acronym.) I just got spammed BY Active
> Campaign. Not _through_ Active Campaign, *by* Active Campaign.  For their
> services.
>
> Anyone else?
>
> So far as I'm concerned, when an ESP transits spam, well, it doesn't
> necessarily mean "block on sight" because it depends on how they deal with
> hit.
>
> But when an ESP *themselves* is spamming, that's a whole other kettle of
> hurt.
>
> Here's the spam:
>
> --
>
> Hi Anne,
>
> Your products and Shopify store look great. But great products and a nice
> looking website aren’t all that’s required to drive customer loyalty; you
> need to deliver a great customer experience.
>
> ActiveCampaign’s industry leading customer experience automation (CXA)
> platform is used by over 130,000 businesses around the globe to:
> • Ensure customers that visit your website get the same consistent
> experience across all channels including; email, social media, SMS and live
> chat.
> • Automatically turn Shopify data into personalized communications
> that drive impactful results in a few clicks.
> If you’d like to learn more about how companies like The Skin Research
> Institute have integrated ActiveCampaign with Shopify to achieve a 330%
> increase in sales in just five months, I’d love to chat further.
>
> Thanks!
>
> Alex
>
>
>
> Alex Esquivel
> ActiveCampaign / Business Development Representative
> Schedule Your Call Here
> (773) 657-9214
> aesqui...@activecampaign.com
> 1 North Dearborn St, 5th Floor, Chicago IL, 60602, USA
>
>
>
> If you'd like me to stop sending you emails, please click here
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[Tobias Fiebig via mailop]

Heho,
Interestingly, Microsoft also sends TLSRPT, even when they use TLSA instead of 
MTA-STS.

With best regards,
Tobias

-Original Message-
From: mailop  On Behalf Of Jesse Hathaway via mailop
Sent: Tuesday, 26 April 2022 23:23
To: Eric Tykwinski 
Cc: mailop@mailop.org
Subject: Re: [mailop] Troubleshooting MTA-STS reports

On Tue, Apr 26, 2022 at 4:08 PM Eric Tykwinski  wrote:
> Everything looks fine to me, have you tried sending an email to a another 
> google account.
> They are the one company I know sends MTA-STS reports, others sadly don’t.

Thanks for checking, I didn't realize they were so rare.

> My guess is that Google might not be sending inter-domain reports since your 
> hosted there.
> Doesn’t make sense to me, but I’m sure if that’s the case Brandon or someone 
> else from Google will tell you.

I was wondering whether that might be part of the problem.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Dave Crocker via mailop]

On 4/26/2022 2:49 PM, Robert L Mathews via mailop wrote:
I suppose the argument in favor of it is that some other places you 
might forward to will reject a message solely because it has line 
lengths longer than allowed, so you can't win either way.


This is an example of how it is useful to distinguish between an MSA 
(submission) from an MTA (relaying).  Having the former enforce 
niceties, at the source makes quite a bit of sense, notably because the 
MSA has a 'relationship' with the user and their MUA.  An MTA doesn't.


d/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[John Levine via mailop]

It appears that Jesse Hathaway via mailop  said:
>On Tue, Apr 26, 2022 at 4:08 PM Eric Tykwinski  wrote:
>> Everything looks fine to me, have you tried sending an email to a another 
>> google account.
>> They are the one company I know sends MTA-STS reports, others sadly don’t.
>
>Thanks for checking, I didn't realize they were so rare.

They're not that rare.  Microsoft and Comcast also send them, along with a few 
smaller places.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Anne Mitchell via mailop]

> On Apr 26, 2022, at 4:50 PM, Matt Vernhout via mailop  
> wrote:
> 
> Sure but Active Campaign sent this not Shopify. 
> 
> One rogue sales person sending cold email doesn’t mean the whole company is 
> bad either. 

Did I mention that they put me on a mailing list, from which I could opt out if 
I didn't want to hear from them any more?

I dunno, Matt, I usually give a company some latitude, but when an ESP, for 
crying out loud, does the very same thing for which we hold them to task when 
their customers do it...kinda hard to excuse it.

Anne

---
Outsource your email deliverability headaches to us, and get to the inbox, 
guaranteed! 
www.GetToTheInbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, MAPS: Mail Abuse Prevention System (now the anti-spam 
division of TrendMicro)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Matt Vernhout via mailop]

Sure but Active Campaign sent this not Shopify. 

One rogue sales person sending cold email doesn’t mean the whole company is bad 
either. 

~
Matt

> On Apr 26, 2022, at 18:47, Richard W via mailop  wrote:
> 
> Isn't Shopify Canadian?  Hand it off to the CRTC
> 
> Richard
> 
> On 2022-04-26 4:27 p.m., Anne Mitchell via mailop wrote:
 On Apr 26, 2022, at 3:59 PM, Michael Rathbun via mailop 
  wrote:
>>> 
>>> On Tue, 26 Apr 2022 15:30:28 -0600, Anne Mitchell via mailop
>>>  wrote:
>>> 
 WTaF??
>>> 
>>> I presume they are encouraging you to spam your legal services through them,
>>> rather than on the cover and spine of the local Yellow Pages™?
>> It's worse than that, the spam is for *no* sort of business even remotely 
>> related to anything I do - it's for "my" Shopify store!  I've never had an 
>> ecomm store in my life, let alone a Shopify store.
>> And, it went to my normal ISIPP address, I mean, you'd think they'd know...
>> Anne
>> ---
>> Outsource your email deliverability headaches to us, and get to the inbox, 
>> guaranteed!
>> www.GetToTheInbox.com
>> Anne P. Mitchell,  Esq.
>> CEO Get to the Inbox by SuretyMail
>> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing 
>> law)
>> Author: The Email Deliverability Handbook
>> Board of Directors, Denver Internet Exchange
>> Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
>> Prof. Emeritus, Lincoln Law School
>> Chair Emeritus, Asilomar Microcomputer Workshop
>> Counsel Emeritus, MAPS: Mail Abuse Prevention System (now the anti-spam 
>> division of TrendMicro)
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Richard W via mailop]

Isn't Shopify Canadian?  Hand it off to the CRTC

Richard

On 2022-04-26 4:27 p.m., Anne Mitchell via mailop wrote:




On Apr 26, 2022, at 3:59 PM, Michael Rathbun via mailop  
wrote:

On Tue, 26 Apr 2022 15:30:28 -0600, Anne Mitchell via mailop
 wrote:


WTaF??


I presume they are encouraging you to spam your legal services through them,
rather than on the cover and spine of the local Yellow Pages™?


It's worse than that, the spam is for *no* sort of business even remotely related to 
anything I do - it's for "my" Shopify store!  I've never had an ecomm store in 
my life, let alone a Shopify store.

And, it went to my normal ISIPP address, I mean, you'd think they'd know...

Anne

---
Outsource your email deliverability headaches to us, and get to the inbox, 
guaranteed!
www.GetToTheInbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, MAPS: Mail Abuse Prevention System (now the anti-spam 
division of TrendMicro)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Anne Mitchell via mailop]

> On Apr 26, 2022, at 3:59 PM, Michael Rathbun via mailop  
> wrote:
> 
> On Tue, 26 Apr 2022 15:30:28 -0600, Anne Mitchell via mailop
>  wrote:
> 
>> WTaF?? 
> 
> I presume they are encouraging you to spam your legal services through them,
> rather than on the cover and spine of the local Yellow Pages™?

It's worse than that, the spam is for *no* sort of business even remotely 
related to anything I do - it's for "my" Shopify store!  I've never had an 
ecomm store in my life, let alone a Shopify store.

And, it went to my normal ISIPP address, I mean, you'd think they'd know...

Anne

---
Outsource your email deliverability headaches to us, and get to the inbox, 
guaranteed! 
www.GetToTheInbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, MAPS: Mail Abuse Prevention System (now the anti-spam 
division of TrendMicro)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[Jesse Hathaway via mailop]

On Tue, Apr 26, 2022 at 4:08 PM Eric Tykwinski  wrote:
> Everything looks fine to me, have you tried sending an email to a another 
> google account.
> They are the one company I know sends MTA-STS reports, others sadly don’t.

Thanks for checking, I didn't realize they were so rare.

> My guess is that Google might not be sending inter-domain reports since your 
> hosted there.
> Doesn’t make sense to me, but I’m sure if that’s the case Brandon or someone 
> else from Google will tell you.

I was wondering whether that might be part of the problem.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Michael Rathbun via mailop]

On Tue, 26 Apr 2022 15:30:28 -0600, Anne Mitchell via mailop
 wrote:

>WTaF?? 

I presume they are encouraging you to spam your legal services through them,
rather than on the cover and spine of the local Yellow Pages™?

mdr
-- 
  The world was almost won by such an ape!
The nations put him where his kind belong.
  But do not rejoice too soon at your escape.
The womb he crawled from is still going strong.
-- Bertold Brecht,"The Resistible Rise of Arturo UI"

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Michael Peddemors via mailop]

Hope you clicked 'Block Sender' ;)

On 2022-04-26 14:30, Anne Mitchell via mailop wrote:

WTaF?? (Excuse the unladylike acronym.) I just got spammed BY Active Campaign. 
Not _through_ Active Campaign, *by* Active Campaign.  For their services.

Anyone else?

So far as I'm concerned, when an ESP transits spam, well, it doesn't necessarily mean 
"block on sight" because it depends on how they deal with hit.

But when an ESP *themselves* is spamming, that's a whole other kettle of hurt.

Here's the spam:

--

Hi Anne,

Your products and Shopify store look great. But great products and a nice 
looking website aren’t all that’s required to drive customer loyalty; you need 
to deliver a great customer experience.

ActiveCampaign’s industry leading customer experience automation (CXA) platform 
is used by over 130,000 businesses around the globe to:
• Ensure customers that visit your website get the same consistent 
experience across all channels including; email, social media, SMS and live 
chat.
• Automatically turn Shopify data into personalized communications that 
drive impactful results in a few clicks.
If you’d like to learn more about how companies like The Skin Research 
Institute have integrated ActiveCampaign with Shopify to achieve a 330% 
increase in sales in just five months, I’d love to chat further.

Thanks!

Alex



Alex Esquivel
ActiveCampaign / Business Development Representative
Schedule Your Call Here
(773) 657-9214
aesqui...@activecampaign.com
1 North Dearborn St, 5th Floor, Chicago IL, 60602, USA




If you'd like me to stop sending you emails, please click here
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Robert L Mathews via mailop]

On 4/26/22 11:40 AM, Luis E. Muñoz via mailop wrote:

> As others indubitably will recommend, don't do that. You are not
> the ESMTP police:-)

I tend to agree, although it's interesting that this setting is the 
Postfix default.


I suppose the argument in favor of it is that some other places you 
might forward to will reject a message solely because it has line 
lengths longer than allowed, so you can't win either way.  :-(


--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] WTaF? I just got spammed BY Active Campaign

[Anne Mitchell via mailop]

WTaF?? (Excuse the unladylike acronym.) I just got spammed BY Active Campaign. 
Not _through_ Active Campaign, *by* Active Campaign.  For their services.

Anyone else?

So far as I'm concerned, when an ESP transits spam, well, it doesn't 
necessarily mean "block on sight" because it depends on how they deal with hit.

But when an ESP *themselves* is spamming, that's a whole other kettle of hurt.

Here's the spam:

--

Hi Anne,

Your products and Shopify store look great. But great products and a nice 
looking website aren’t all that’s required to drive customer loyalty; you need 
to deliver a great customer experience.

ActiveCampaign’s industry leading customer experience automation (CXA) platform 
is used by over 130,000 businesses around the globe to: 
• Ensure customers that visit your website get the same consistent 
experience across all channels including; email, social media, SMS and live 
chat. 
• Automatically turn Shopify data into personalized communications that 
drive impactful results in a few clicks.
If you’d like to learn more about how companies like The Skin Research 
Institute have integrated ActiveCampaign with Shopify to achieve a 330% 
increase in sales in just five months, I’d love to chat further. 

Thanks!

Alex



Alex Esquivel
ActiveCampaign / Business Development Representative
Schedule Your Call Here
(773) 657-9214
aesqui...@activecampaign.com
1 North Dearborn St, 5th Floor, Chicago IL, 60602, USA
   


If you'd like me to stop sending you emails, please click here
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[Jesse Hathaway via mailop]

On Tue, Apr 26, 2022 at 3:48 PM Eric Tykwinski  wrote:
> You need a place to send the emails to:
> _smtp._tls.virtcolo.com. TXT Default v=TLSRPTv1; 
> rua=mailto:postmas...@virtcolo.com

Thanks  Eric, I forgot to include the TLSRPT piece, this is what I
currently have:

$ dig +short txt _smtp._tls.mbuki-mvuki.org
"v=TLSRPTv1; rua=mailto:postmas...@mbuki-mvuki.org;
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Troubleshooting MTA-STS reports

[Eric Tykwinski via mailop]

Jesse,

Everything looks fine to me, have you tried sending an email to a another 
google account.
They are the one company I know sends MTA-STS reports, others sadly don’t.

My guess is that Google might not be sending inter-domain reports since your 
hosted there.
Doesn’t make sense to me, but I’m sure if that’s the case Brandon or someone 
else from Google will tell you.

Sincerely,

Eric Tykwinski
TrueNet, Inc.
P: 610-429-8300

> On Apr 26, 2022, at 4:56 PM, Jesse Hathaway  wrote:
> 
> On Tue, Apr 26, 2022 at 3:48 PM Eric Tykwinski  wrote:
>> You need a place to send the emails to:
>> _smtp._tls.virtcolo.com. TXT Default v=TLSRPTv1; 
>> rua=mailto:postmas...@virtcolo.com
> 
> Thanks  Eric, I forgot to include the TLSRPT piece, this is what I
> currently have:
> 
> $ dig +short txt _smtp._tls.mbuki-mvuki.org
> "v=TLSRPTv1; rua=mailto:postmas...@mbuki-mvuki.org;

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Troubleshooting MTA-STS reports

[Jesse Hathaway via mailop]

Hello mailopers,

I am trying to setup MTA-STS for my domain, I thought I had everything
configured correctly,
in testing mode, but I never receive any reports via TLSRPT. If anyone
has any advice
on how to troubleshoot, that would be greatly appreciated. Yours
kindly, Jesse Hathaway

My current config

$ dig +short txt _mta-sts.mbuki-mvuki.org
"v=STSv1; id=20220404T193755Z;"

$ curl https://mta-sts.mbuki-mvuki.org/.well-known/mta-sts.txt
version: STSv1
mode: testing
mx: aspmx.l.google.com
mx: *.aspmx.l.google.com
max_age: 86400
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Jason R Cowart via mailop]

We’ve seen similar failures with forwarding and DKIM validation that was the 
result of the “simple/simple” canonicalization setting.  DKIM signatures with 
canonicalization set to “relaxed/relaxed” didn’t have this issue.  The folks at 
CISA.gov were nice enough to add an FAQ about this, as many of the senders were 
.gov domains:

https://www.cisa.gov/binding-operational-directive-18-01#can-email-authentication-hinder-my-organizations-ability-to-deliver-email

Having that FAQ has been helpful in convincing some sending domains to change 
their canonicalization setting on their DKIM signatures.

Best,
Jason Cowart

From: mailop  on behalf of Robert L Mathews via 
mailop 
Date: Tuesday, April 26, 2022 at 10:19 AM
To: mailop@mailop.org 
Subject: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding
We've recently been getting more complaints about seemingly valid
messages that are rejected when we forward them. Tracking down the
problem, it happens when:

1. The message that we receive from a third party has line lengths that
exceed 998 bytes in violation of RFC 5322 2.1.1;

2. The message envelope sender uses SPF "-all";

3. The message has a valid, aligned DKIM signature matching the From
header when it arrives;

4. Postfix wraps the message at 998 bytes when forwarding it due to
;

5. This breaks the DKIM signature in the forwarded copy, because
addition of the "CR-LF-SP" changes the DKIM body hash;

6. The forwarding destination finds no valid DKIM signature, so it uses
the SPF "-all" and rejects it with a message like this Gmail example:
"550 5.7.26 This message does not have authentication information or
fails to pass authentication checks".

How do other people handle this problem? I've seen suggestions of simply
preventing Postfix from doing any wrapping, like:

  https://github.com/trusteddomainproject/OpenDMARC/issues/166

It feels a little evil to just pass non-SMTP compliant messages on to
others, but on the other hand, changing the body of a message that has a
DKIM signature is clearly wrong, too.

(And yes, I agree that ideally nobody should use SPF "-all", nobody
should use forwarding, and everyone should send SMTP-compliant messages,
but those are beyond my control.)

--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Luis E . Muñoz via mailop]

On 26 Apr 2022, at 13:18, Robert L Mathews via mailop wrote:

> 4\. Postfix wraps the message at 998 bytes when forwarding it due to 
> <[https://www.postfix.org/postconf.5.html#smtp\_line\_length\_limit](https://www.postfix.org/postconf.5.html#smtp_line_length_limit)\>;
>
> 5\. This breaks the DKIM signature in the forwarded copy, because addition of 
> the "CR-LF-SP" changes the DKIM body hash;

As others indubitably will recommend, don't do that. You are not the ESMTP 
police :-)

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Brandon Long via mailop]

Note that Gmail does not respect spf -all, in the sense that we don't
reject based on it...
though an spf record with only -all is a different story.

That message indicates that based on the message content and source, we
won't accept it without authentication... it's entirely
our own heuristics there.

As for what to do, you accepted the message... if you want to relay it, you
should do so with minimal changes.
Transforming messages for relay is not likely to go well.  If the receiver
wants to impose the limit, then that's on them... I guess
best case, you could only transform if the next hop rejected it.

Brandon

On Tue, Apr 26, 2022 at 10:21 AM Robert L Mathews via mailop <
mailop@mailop.org> wrote:

> We've recently been getting more complaints about seemingly valid
> messages that are rejected when we forward them. Tracking down the
> problem, it happens when:
>
> 1. The message that we receive from a third party has line lengths that
> exceed 998 bytes in violation of RFC 5322 2.1.1;
>
> 2. The message envelope sender uses SPF "-all";
>
> 3. The message has a valid, aligned DKIM signature matching the From
> header when it arrives;
>
> 4. Postfix wraps the message at 998 bytes when forwarding it due to
> ;
>
> 5. This breaks the DKIM signature in the forwarded copy, because
> addition of the "CR-LF-SP" changes the DKIM body hash;
>
> 6. The forwarding destination finds no valid DKIM signature, so it uses
> the SPF "-all" and rejects it with a message like this Gmail example:
> "550 5.7.26 This message does not have authentication information or
> fails to pass authentication checks".
>
> How do other people handle this problem? I've seen suggestions of simply
> preventing Postfix from doing any wrapping, like:
>
>   https://github.com/trusteddomainproject/OpenDMARC/issues/166
>
> It feels a little evil to just pass non-SMTP compliant messages on to
> others, but on the other hand, changing the body of a message that has a
> DKIM signature is clearly wrong, too.
>
> (And yes, I agree that ideally nobody should use SPF "-all", nobody
> should use forwarding, and everyone should send SMTP-compliant messages,
> but those are beyond my control.)
>
> --
> Robert L Mathews
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SMTP line wrapping breaking DKIM signatures when forwarding

[Robert L Mathews via mailop]

We've recently been getting more complaints about seemingly valid 
messages that are rejected when we forward them. Tracking down the 
problem, it happens when:


1. The message that we receive from a third party has line lengths that 
exceed 998 bytes in violation of RFC 5322 2.1.1;


2. The message envelope sender uses SPF "-all";

3. The message has a valid, aligned DKIM signature matching the From 
header when it arrives;


4. Postfix wraps the message at 998 bytes when forwarding it due to 
;


5. This breaks the DKIM signature in the forwarded copy, because 
addition of the "CR-LF-SP" changes the DKIM body hash;


6. The forwarding destination finds no valid DKIM signature, so it uses 
the SPF "-all" and rejects it with a message like this Gmail example: 
"550 5.7.26 This message does not have authentication information or 
fails to pass authentication checks".


How do other people handle this problem? I've seen suggestions of simply 
preventing Postfix from doing any wrapping, like:


 https://github.com/trusteddomainproject/OpenDMARC/issues/166

It feels a little evil to just pass non-SMTP compliant messages on to 
others, but on the other hand, changing the body of a message that has a 
DKIM signature is clearly wrong, too.


(And yes, I agree that ideally nobody should use SPF "-all", nobody 
should use forwarding, and everyone should send SMTP-compliant messages, 
but those are beyond my control.)


--
Robert L Mathews
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop