Re: [mailop] Forum/Blog spam turned up to 11

[Hans-Martin Mosner via mailop]

Oops, I didn't read your post to the end, with invalid target addresses 
it's likely a different thing. Early in the morning, not the time I should 
talk, high chance of uttering nonsense :-(


Am 27. Mai 2022 07:34:06 schrieb Hans-Martin Mosner via mailop 
:
This is most likely reflector spam containing URL shortener links (bit.ly, 
u.to, or some other) in the name field of contact forms.


Depending on scale, I would advise either to switch off automatic 
confirmation of contact form submissions and always respond personally when 
submissions are serious, or at least checking non-URL fields for URL 
contents and blocking the submission in that case.


External systems which send this kind of spams can be considered 
"exploited" and will be blocked at the server where I manage the mail 
system, and accordingly, our users are strongly discouraged from generating 
automated replies in their web forms, as I don't want our server to be 
categorized as spam-emitting by others.


Cheers,
Hans-Martin

Am 27. Mai 2022 01:18:15 schrieb Jarland Donnell via mailop 
:



Over the last week or so I've noticed an exceptional increase in
outbound emails from my customers to invalid recipients. Obviously this
is problematic but understandable. All of the customers in question run
websites that send an email to confirm registration, and all of the
recipients are properly formatted email addresses. They just don't
exist, and they're increasing at an unusual rate. Others may have the
same going on but may not yet be aware of the pattern. My hope is that
by sharing the pattern others might begin to fight against it as well.

Here is a look at some censored logs: https://clbin.com/Gxeoo

Notice the trend being username + 4 digits, primarily at free email
providers and regional ISPs. Examples:

heidireynoldsplad2...@gmail.com
susanpowersvgjfae2...@cox.net
pabloharveyfhi6...@rediffmail.com
florencenashhqjqj8...@orange.fr
carlosfranklinlydy2...@comcast.net

It's really off the charts, and it's impacting a wide variety of
customers who have no relation to each other. The only similarity being
that they send out website registration confirmations in all cases.

Of course, my first theory is forum spam / blog comment spam. Even if
they can't accomplish the spam, they have most likely built complete
automation to handle this process of mass registrations for a wonderful
"spray and pray" technique. Since the email accounts don't exist,
they're most likely hoping that a confirmation isn't actually required
to begin submitting content to the sites that they register on.

Use this how you will <3

Jarland
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Forum/Blog spam turned up to 11

[Hans-Martin Mosner via mailop]

This is most likely reflector spam containing URL shortener links (bit.ly, 
u.to, or some other) in the name field of contact forms.


Depending on scale, I would advise either to switch off automatic 
confirmation of contact form submissions and always respond personally when 
submissions are serious, or at least checking non-URL fields for URL 
contents and blocking the submission in that case.


External systems which send this kind of spams can be considered 
"exploited" and will be blocked at the server where I manage the mail 
system, and accordingly, our users are strongly discouraged from generating 
automated replies in their web forms, as I don't want our server to be 
categorized as spam-emitting by others.


Cheers,
Hans-Martin

Am 27. Mai 2022 01:18:15 schrieb Jarland Donnell via mailop 
:



Over the last week or so I've noticed an exceptional increase in
outbound emails from my customers to invalid recipients. Obviously this
is problematic but understandable. All of the customers in question run
websites that send an email to confirm registration, and all of the
recipients are properly formatted email addresses. They just don't
exist, and they're increasing at an unusual rate. Others may have the
same going on but may not yet be aware of the pattern. My hope is that
by sharing the pattern others might begin to fight against it as well.

Here is a look at some censored logs: https://clbin.com/Gxeoo

Notice the trend being username + 4 digits, primarily at free email
providers and regional ISPs. Examples:

heidireynoldsplad2...@gmail.com
susanpowersvgjfae2...@cox.net
pabloharveyfhi6...@rediffmail.com
florencenashhqjqj8...@orange.fr
carlosfranklinlydy2...@comcast.net

It's really off the charts, and it's impacting a wide variety of
customers who have no relation to each other. The only similarity being
that they send out website registration confirmations in all cases.

Of course, my first theory is forum spam / blog comment spam. Even if
they can't accomplish the spam, they have most likely built complete
automation to handle this process of mass registrations for a wonderful
"spray and pray" technique. Since the email accounts don't exist,
they're most likely hoping that a confirmation isn't actually required
to begin submitting content to the sites that they register on.

Use this how you will <3

Jarland
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Forum/Blog spam turned up to 11

[Jarland Donnell via mailop]

Several of the ones I've seen have been using recaptcha, the latest 
stuff. That doesn't seem to be throwing them off any.


On 2022-05-26 22:13, Scott Mutter via mailop wrote:

Are there effective anti-bot measures in place on the form?

How effective captcha systems are can be debatable.  BUT, if there are
no anti-bot measures on the form... then shouldn't this type of
activity/abuse be expected?

On Thu, May 26, 2022 at 8:48 PM Ken Simpson  
wrote:


No idea whether it’s bots or real people, but I suspect it’s bots 
given the scale. We’re seeing thousands of unique sites per hour being 
“compromised” in this manner.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Forum/Blog spam turned up to 11

[Scott Mutter via mailop]

Are there effective anti-bot measures in place on the form?

How effective captcha systems are can be debatable.  BUT, if there are
no anti-bot measures on the form... then shouldn't this type of
activity/abuse be expected?

On Thu, May 26, 2022 at 8:48 PM Ken Simpson  wrote:
>
> No idea whether it’s bots or real people, but I suspect it’s bots given the 
> scale. We’re seeing thousands of unique sites per hour being “compromised” in 
> this manner.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Forum/Blog spam turned up to 11

[Ken Simpson via mailop]

No idea whether it’s bots or real people, but I suspect it’s bots given the 
scale. We’re seeing thousands of unique sites per hour being “compromised” in 
this manner.

> On May 26, 2022, at 6:38 PM, Scott Mutter via mailop  
> wrote:
> 
> Are you sure it's actual people registering or is it bots?
> 
> Do the sign up pages have effective captcha or other anti-bot/prove
> you're human measures?
> 
>> On Thu, May 26, 2022 at 7:30 PM Ken Simpson via mailop
>>  wrote:
>> 
>> It's WooCommerce: 
>> https://github.com/woocommerce/woocommerce/blob/ab1a35719c8719c0065f6053892ca970f7f01deb/plugins/woocommerce/includes/emails/class-wc-email-customer-new-account.php#L83
>> 
>>> On Thu, May 26, 2022 at 5:08 PM Ken Simpson  
>>> wrote:
>>> 
>>> Hi Jarland,
>>> 
>>> Yes, we see this as well - since this morning Pacific Time. They are 
>>> snow-shoeing too, sending just one or two submissions per web form, 
>>> presumably to keep a low profile. Same pattern of recipients as you are 
>>> seeing.
>>> 
>>> I'm trying to track down the victim software, which seems to be a WordPress 
>>> plugin.
>>> 
>>> Regards,
>>> Ken
>>> 
>>> On Thu, May 26, 2022 at 4:15 PM Jarland Donnell via mailop 
>>>  wrote:
 
 Over the last week or so I've noticed an exceptional increase in
 outbound emails from my customers to invalid recipients. Obviously this
 is problematic but understandable. All of the customers in question run
 websites that send an email to confirm registration, and all of the
 recipients are properly formatted email addresses. They just don't
 exist, and they're increasing at an unusual rate. Others may have the
 same going on but may not yet be aware of the pattern. My hope is that
 by sharing the pattern others might begin to fight against it as well.
 
 Here is a look at some censored logs: https://clbin.com/Gxeoo
 
 Notice the trend being username + 4 digits, primarily at free email
 providers and regional ISPs. Examples:
 
 heidireynoldsplad2...@gmail.com
 susanpowersvgjfae2...@cox.net
 pabloharveyfhi6...@rediffmail.com
 florencenashhqjqj8...@orange.fr
 carlosfranklinlydy2...@comcast.net
 
 It's really off the charts, and it's impacting a wide variety of
 customers who have no relation to each other. The only similarity being
 that they send out website registration confirmations in all cases.
 
 Of course, my first theory is forum spam / blog comment spam. Even if
 they can't accomplish the spam, they have most likely built complete
 automation to handle this process of mass registrations for a wonderful
 "spray and pray" technique. Since the email accounts don't exist,
 they're most likely hoping that a confirmation isn't actually required
 to begin submitting content to the sites that they register on.
 
 Use this how you will <3
 
 Jarland
 ___
 mailop mailing list
 mailop@mailop.org
 https://list.mailop.org/listinfo/mailop
>>> 
>>> 
>>> 
>>> --
>>> 
>>> Ken Simpson
>>> 
>>> CEO, MailChannels
>>> 
>>> 
>>> Facebook  |  Twitter  |  LinkedIn |  Help Center
>>> 
>>> Our latest case study video: watch here!
>> 
>> 
>> 
>> --
>> 
>> Ken Simpson
>> 
>> CEO, MailChannels
>> 
>> 
>> Facebook  |  Twitter  |  LinkedIn |  Help Center
>> 
>> Our latest case study video: watch here!
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Forum/Blog spam turned up to 11

[Scott Mutter via mailop]

Are you sure it's actual people registering or is it bots?

Do the sign up pages have effective captcha or other anti-bot/prove
you're human measures?

On Thu, May 26, 2022 at 7:30 PM Ken Simpson via mailop
 wrote:
>
> It's WooCommerce: 
> https://github.com/woocommerce/woocommerce/blob/ab1a35719c8719c0065f6053892ca970f7f01deb/plugins/woocommerce/includes/emails/class-wc-email-customer-new-account.php#L83
>
> On Thu, May 26, 2022 at 5:08 PM Ken Simpson  wrote:
>>
>> Hi Jarland,
>>
>> Yes, we see this as well - since this morning Pacific Time. They are 
>> snow-shoeing too, sending just one or two submissions per web form, 
>> presumably to keep a low profile. Same pattern of recipients as you are 
>> seeing.
>>
>> I'm trying to track down the victim software, which seems to be a WordPress 
>> plugin.
>>
>> Regards,
>> Ken
>>
>> On Thu, May 26, 2022 at 4:15 PM Jarland Donnell via mailop 
>>  wrote:
>>>
>>> Over the last week or so I've noticed an exceptional increase in
>>> outbound emails from my customers to invalid recipients. Obviously this
>>> is problematic but understandable. All of the customers in question run
>>> websites that send an email to confirm registration, and all of the
>>> recipients are properly formatted email addresses. They just don't
>>> exist, and they're increasing at an unusual rate. Others may have the
>>> same going on but may not yet be aware of the pattern. My hope is that
>>> by sharing the pattern others might begin to fight against it as well.
>>>
>>> Here is a look at some censored logs: https://clbin.com/Gxeoo
>>>
>>> Notice the trend being username + 4 digits, primarily at free email
>>> providers and regional ISPs. Examples:
>>>
>>> heidireynoldsplad2...@gmail.com
>>> susanpowersvgjfae2...@cox.net
>>> pabloharveyfhi6...@rediffmail.com
>>> florencenashhqjqj8...@orange.fr
>>> carlosfranklinlydy2...@comcast.net
>>>
>>> It's really off the charts, and it's impacting a wide variety of
>>> customers who have no relation to each other. The only similarity being
>>> that they send out website registration confirmations in all cases.
>>>
>>> Of course, my first theory is forum spam / blog comment spam. Even if
>>> they can't accomplish the spam, they have most likely built complete
>>> automation to handle this process of mass registrations for a wonderful
>>> "spray and pray" technique. Since the email accounts don't exist,
>>> they're most likely hoping that a confirmation isn't actually required
>>> to begin submitting content to the sites that they register on.
>>>
>>> Use this how you will <3
>>>
>>> Jarland
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org
>>> https://list.mailop.org/listinfo/mailop
>>
>>
>>
>> --
>>
>> Ken Simpson
>>
>> CEO, MailChannels
>>
>>
>> Facebook  |  Twitter  |  LinkedIn |  Help Center
>>
>> Our latest case study video: watch here!
>
>
>
> --
>
> Ken Simpson
>
> CEO, MailChannels
>
>
> Facebook  |  Twitter  |  LinkedIn |  Help Center
>
> Our latest case study video: watch here!
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Forum/Blog spam turned up to 11

[Ken Simpson via mailop]

It's WooCommerce:
https://github.com/woocommerce/woocommerce/blob/ab1a35719c8719c0065f6053892ca970f7f01deb/plugins/woocommerce/includes/emails/class-wc-email-customer-new-account.php#L83

On Thu, May 26, 2022 at 5:08 PM Ken Simpson 
wrote:

> Hi Jarland,
>
> Yes, we see this as well - since this morning Pacific Time. They are
> snow-shoeing too, sending just one or two submissions per web form,
> presumably to keep a low profile. Same pattern of recipients as you are
> seeing.
>
> I'm trying to track down the victim software, which seems to be a
> WordPress plugin.
>
> Regards,
> Ken
>
> On Thu, May 26, 2022 at 4:15 PM Jarland Donnell via mailop <
> mailop@mailop.org> wrote:
>
>> Over the last week or so I've noticed an exceptional increase in
>> outbound emails from my customers to invalid recipients. Obviously this
>> is problematic but understandable. All of the customers in question run
>> websites that send an email to confirm registration, and all of the
>> recipients are properly formatted email addresses. They just don't
>> exist, and they're increasing at an unusual rate. Others may have the
>> same going on but may not yet be aware of the pattern. My hope is that
>> by sharing the pattern others might begin to fight against it as well.
>>
>> Here is a look at some censored logs: https://clbin.com/Gxeoo
>>
>> Notice the trend being username + 4 digits, primarily at free email
>> providers and regional ISPs. Examples:
>>
>> heidireynoldsplad2...@gmail.com
>> susanpowersvgjfae2...@cox.net
>> pabloharveyfhi6...@rediffmail.com
>> florencenashhqjqj8...@orange.fr
>> carlosfranklinlydy2...@comcast.net
>>
>> It's really off the charts, and it's impacting a wide variety of
>> customers who have no relation to each other. The only similarity being
>> that they send out website registration confirmations in all cases.
>>
>> Of course, my first theory is forum spam / blog comment spam. Even if
>> they can't accomplish the spam, they have most likely built complete
>> automation to handle this process of mass registrations for a wonderful
>> "spray and pray" technique. Since the email accounts don't exist,
>> they're most likely hoping that a confirmation isn't actually required
>> to begin submitting content to the sites that they register on.
>>
>> Use this how you will <3
>>
>> Jarland
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://list.mailop.org/listinfo/mailop
>>
>
>
> --
>
> Ken Simpson
>
> CEO, MailChannels
> 
>
>
> Facebook   |  Twitter   |
> LinkedIn  |  Help Center
> 
>
> Our latest case study video: watch here!
> 
>


-- 

Ken Simpson

CEO, MailChannels



Facebook   |  Twitter   |
LinkedIn  |  Help Center


Our latest case study video: watch here!

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Forum/Blog spam turned up to 11

[Jarland Donnell via mailop]

Over the last week or so I've noticed an exceptional increase in 
outbound emails from my customers to invalid recipients. Obviously this 
is problematic but understandable. All of the customers in question run 
websites that send an email to confirm registration, and all of the 
recipients are properly formatted email addresses. They just don't 
exist, and they're increasing at an unusual rate. Others may have the 
same going on but may not yet be aware of the pattern. My hope is that 
by sharing the pattern others might begin to fight against it as well.


Here is a look at some censored logs: https://clbin.com/Gxeoo

Notice the trend being username + 4 digits, primarily at free email 
providers and regional ISPs. Examples:


heidireynoldsplad2...@gmail.com
susanpowersvgjfae2...@cox.net
pabloharveyfhi6...@rediffmail.com
florencenashhqjqj8...@orange.fr
carlosfranklinlydy2...@comcast.net

It's really off the charts, and it's impacting a wide variety of 
customers who have no relation to each other. The only similarity being 
that they send out website registration confirmations in all cases.


Of course, my first theory is forum spam / blog comment spam. Even if 
they can't accomplish the spam, they have most likely built complete 
automation to handle this process of mass registrations for a wonderful 
"spray and pray" technique. Since the email accounts don't exist, 
they're most likely hoping that a confirmation isn't actually required 
to begin submitting content to the sites that they register on.


Use this how you will <3

Jarland
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Suresh Ramasubramanian via mailop]

Publicsuffix.org is a wonderful resource for the tlds

But then the question of what a valid domain takes some interesting turns.

Validate the mx and it is a parking domain whose mail traffic probably feeds a 
set of spamtraps?

Or one of those trashmail type places that let you create an address that is 
valid for a bare 15 minutes?

Or where the mx points to local host, a cname, or is broken in some other 
manner?

--srs

From: mailop  on behalf of Luis E. Muñoz via mailop 

Sent: Thursday, May 26, 2022 8:04:48 PM
To: mailop@mailop.org 
Subject: Re: [mailop] Help with identifying invalid email domains

On 26 May 2022, at 6:18, Ken O'Driscoll via mailop wrote:

> People should be validating email input fields as a matter of course.

And then, do it correctly. One of my pet peeves is finding out forms that still 
think that there is no such thing as a .click email address. Tends to work 
better for TLDs 4 characters or less in length.

Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Bill Cole via mailop]

On 2022-05-26 at 10:43:00 UTC-0400 (Thu, 26 May 2022 16:43:00 +0200)
Daniele Nicolodi via mailop 
is rumored to have said:


On 26/05/2022 16:34, Luis E. Muñoz via mailop wrote:

On 26 May 2022, at 6:18, Ken O'Driscoll via mailop wrote:

People should be validating email input fields as a matter of 
course.


And then, do it correctly. One of my pet peeves is finding out forms 
that still think that there is no such thing as a .click email 
address. Tends to work better for TLDs 4 characters or less in 
length.


Or that think that + is not a valid local part character...


Or -, #, &, /, etc.
Or think all domains under .com only use 3-label names.
Or think that local parts can't be more than a dozen characters long.

Validating an email address ultimately means mailing it in a way that 
triggers a response which proves conscious receipt. Gross sanity checks 
enforcing some formal rules (e.g. domain label length, ASCII, etc.) 
before accepting an address are sensible, but there's no evidence that 
anyone can deploy a perfect validator for the actual rules of email 
addresses.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Paging 3cx.com/3cx.net

[Luis E . Muñoz via mailop]

If someone has a technical contact with them, I would like to discuss a 
misconfiguration on their end.

Thanks!

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Daniele Nicolodi via mailop]

On 26/05/2022 16:34, Luis E. Muñoz via mailop wrote:

On 26 May 2022, at 6:18, Ken O'Driscoll via mailop wrote:


People should be validating email input fields as a matter of course.


And then, do it correctly. One of my pet peeves is finding out forms that still 
think that there is no such thing as a .click email address. Tends to work 
better for TLDs 4 characters or less in length.


Or that think that + is not a valid local part character...

Cheers,
Dan

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Luis E . Muñoz via mailop]

On 26 May 2022, at 6:18, Ken O'Driscoll via mailop wrote:

> People should be validating email input fields as a matter of course.

And then, do it correctly. One of my pet peeves is finding out forms that still 
think that there is no such thing as a .click email address. Tends to work 
better for TLDs 4 characters or less in length.

Best regards

-lem
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Ken O'Driscoll via mailop]

Absolutely, if that’s why the question was being asked.

But even in that case, they still need to validate input during the COI process 
to reduce FPs when sending COI messages to domains with typos. A typo on the 
LHS means COI fails, which is the desired outcome. Plus, they can use other 
methods to reduce abuse of their COI process.

People should be validating email input fields as a matter of course.

Ken.

From: mailop  On Behalf Of Laura Atkins via mailop
Sent: Thursday 26 May 2022 10:42
To: mailop@mailop.org
Subject: Re: [mailop] Help with identifying invalid email domains

Given that DuckDuckGo is in the business of forwarding email, they MUST use 
confirmed opt-in to avoid having someone mistype an email address. It’s not 
just the domain part that’s in consideration here, they need to ensure that 
typos don’t happen on the left hand side as well. I’d argue that typos on the 
LHS to different are a bigger problem than the occasional hit to a spamtrap as 
they’re forwarding PII to the address.

laura




On 26 May 2022, at 10:21, Ken O'Driscoll via mailop 
mailto:mailop@mailop.org>> wrote:

Hi Omid,

If you are specifically looking to reduce domain related typos on user input, 
then you can use a project such 
asTypofinder. They also have a 
commercial offering.

Alternatively, you could also look at implementing an address validation 
services. Most will do the same thing (and more) but will already have it 
wrapped up in an API for you to call. Validation can be a sketchy industry, 
EmailHippo and Kickbox are 
examples of two legitimate players.

Ken.

From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Omid Majdi via mailop
Sent: Wednesday 25 May 2022 20:00
To: 
mailop_at_mailop.org_o...@duck.com 
mailto:mailop@mailop.org>>
Subject: [mailop] Help with identifying invalid email domains

Hey all,

I'm looking to see if anyone has compiled any lists of invalid email domains? 
Examples of such would be typo domains and/or domains that accept all 
local-part addresses such as gmai.com, 
gmail.co, googlemai.com, or 
proton.com. If there's any resources someone could share 
for known invalid domains that would be incredibly helpful.

Thanks,
Omid Majdi
Product Lead
DuckDuckGo, Inc.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

--
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com

Email Delivery Blog: http://wordtothewise.com/blog





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Laura Atkins via mailop]

Given that DuckDuckGo is in the business of forwarding email, they MUST use 
confirmed opt-in to avoid having someone mistype an email address. It’s not 
just the domain part that’s in consideration here, they need to ensure that 
typos don’t happen on the left hand side as well. I’d argue that typos on the 
LHS to different are a bigger problem than the occasional hit to a spamtrap as 
they’re forwarding PII to the address. 

laura 



> On 26 May 2022, at 10:21, Ken O'Driscoll via mailop  wrote:
> 
> Hi Omid,
>  
> If you are specifically looking to reduce domain related typos on user input, 
> then you can use a project such asTypofinder 
> . They also have a commercial 
> offering.
>  
> Alternatively, you could also look at implementing an address validation 
> services. Most will do the same thing (and more) but will already have it 
> wrapped up in an API for you to call. Validation can be a sketchy industry, 
> EmailHippo  and Kickbox  
> are examples of two legitimate players.
>  
> Ken.
>  
> From: mailop mailto:mailop-boun...@mailop.org>> 
> On Behalf Of Omid Majdi via mailop
> Sent: Wednesday 25 May 2022 20:00
> To: mailop_at_mailop.org_o...@duck.com 
>   >
> Subject: [mailop] Help with identifying invalid email domains
>  
> Hey all,
>  
> I'm looking to see if anyone has compiled any lists of invalid email domains? 
> Examples of such would be typo domains and/or domains that accept all 
> local-part addresses such as gmai.com , gmail.co 
> , googlemai.com , or proton.com 
> . If there's any resources someone could share for known 
> invalid domains that would be incredibly helpful.
>  
> Thanks,
> Omid Majdi
> Product Lead
> DuckDuckGo, Inc.
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop 
> 
-- 
The Delivery Experts

Laura Atkins
Word to the Wise
la...@wordtothewise.com 

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Ken O'Driscoll via mailop]

Hi Omid,

If you are specifically looking to reduce domain related typos on user input, 
then you can use a project such as 
Typofinder. They also have a commercial 
offering.

Alternatively, you could also look at implementing an address validation 
services. Most will do the same thing (and more) but will already have it 
wrapped up in an API for you to call. Validation can be a sketchy industry, 
EmailHippo and Kickbox are 
examples of two legitimate players.

Ken.

From: mailop  On Behalf Of Omid Majdi via mailop
Sent: Wednesday 25 May 2022 20:00
To: mailop_at_mailop.org_o...@duck.com 
Subject: [mailop] Help with identifying invalid email domains

Hey all,

I'm looking to see if anyone has compiled any lists of invalid email domains? 
Examples of such would be typo domains and/or domains that accept all 
local-part addresses such as gmai.com, gmail.co, googlemai.com, or proton.com. 
If there's any resources someone could share for known invalid domains that 
would be incredibly helpful.

Thanks,
Omid Majdi
Product Lead
DuckDuckGo, Inc.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with identifying invalid email domains

[Michael Grant via mailop]

On Wed, May 25, 2022 at 03:00:19PM -0400, Omid Majdi via mailop wrote:
> Examples of such would be typo domains and/or domains that accept all
> local-part addresses such as gmai.com, gmail.co, googlemai.com, or
> proton.com. If there's any resources someone could share for known
> invalid domains that would be incredibly helpful.

I believe Omid is looking for a list of look-alike domains also known
as typosquatting domains.

I too would be interested in similar resource.  Specifically, I've
been looking for something which I can look up a domain name and
return to me if it is likely to be a look-alike domain and what domain
the real brand owner is likely to be.  I've not found such a general
resource.

However, there are several programs out there that will take a domain
name and generate a ton of permutations, including puny coded IDNs
that look exactly like or graphically very similar to the original
domain in question.  For example https://github.com/elceef/dnstwist

Omid, you could create a list of popular email services (gmail.com,
hotmail.com, protonmail.com...etc) and run them through dnstwist.
dnstwist will also tell you which ones are currently registered.

Michael Grant


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop