Re: [mailop] Gmail classifying message as spam based on the sending IP

[Al Iverson via mailop]

Submit a sample message from the affected IP here:
https://support.google.com/mail/contact/gmail_bulk_sender_escalation
They rarely respond, but they do sometimes address issues based on submissions.

Cheers,
Al Iverson

On Fri, Oct 13, 2023 at 7:25 AM Fernando MM via mailop
 wrote:
>
> Hi,
>
> I'm debugging an issue with gmail classifying a simple confirmation email as 
> spam.
>
> At my gmail account it displays "Why is this message in spam? It is similar 
> to messages that were identified as spam in the past.". And at a coworker's 
> account it's displaying the "This message seems dangerous" phishing warning.
>
> If I send this message from another IP at the same /24 range, it works fine 
> and it's delivered to the inbox. No spam/phishing warnings. Also no 
> differences in SPF, DKIM etc.
>
> The issue is that when I check Gmail's Postmaster panel, both IPs have a HIGH 
> reputation.
>
> We also have the historical reputation ( since 2021 ) for these IPs saved 
> locally and they never had a single Medium/Bad day.
>
> Did anyone here had similar issues in the past? Were you able to fix it 
> somehow?
>
> Thanks.
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop



-- 

Al Iverson / Deliverability blogging at https://www.spamresource.com
Subscribe to the weekly newsletter at https://ml.spamresource.com
DNS Tools: https://xnnd.com / (312) 725-0130 / Chicago (Central Time)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] belgacom.be / skynet.be - massing phishing

[Hans-Martin Mosner via mailop]

Am 13.10.23 um 18:30 schrieb Mary via mailop:

Hello everyone,

Anyone from belgacom.be notice massive amounts of phishing with/from skynet.be 
addresses?

I've tried to report them without success. Posted on spamcop.net in case anyone 
would notice, again without success.


No, they don't notice, they probably don't care. I've reported this for a while, without noticeable effect. After a 
while I stopped and use the spamblocking mechanisms. If some Belgacom customer has a legitimate need to communicate with 
our users they will need to talk to us for individual whitelisting.


Cheers,
Hans-Martin___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Filtered DNS at hhs.gov

[Antonio Prado via mailop]

On 10/13/23 6:38 PM, Alessandro Vesely via mailop wrote:
I suspect they tried to put a filter on port 53 too, to avoid too many 
queries, and filter off _dmarc because it is an invalid host.  Sounds 
real?!?


hi,

well, it's not related to DMARC; they seem not answering queries for any 
NX domain:


./dig A @rh120ns1.368.dhhs.gov  qwerty.hhs.gov
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 2607:f220:0:1::2c#53: timed out

; <<>> DiG 9.18.19 <<>> A @rh120ns1.368.dhhs.gov qwerty.hhs.gov
; (2 servers found)
;; global options: +cmd
;; no servers could be reached

./dig A @rh120ns1.368.dhhs.gov  w.connect.hhs.gov
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 2607:f220:0:1::2c#53: timed out

; <<>> DiG 9.18.19 <<>> A @rh120ns1.368.dhhs.gov w.connect.hhs.gov
; (2 servers found)
;; global options: +cmd
;; no servers could be reached
--
antonio


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] belgacom.be / skynet.be - massing phishing

[Mary via mailop]

Hello everyone,

Anyone from belgacom.be notice massive amounts of phishing with/from skynet.be 
addresses?

I've tried to report them without success. Posted on spamcop.net in case anyone 
would notice, again without success.

Thank you.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Filtered DNS at hhs.gov

[Alessandro Vesely via mailop]

That's strange.  The same server replies on one query but not the other:

ale@pcale:~$ dig +short +norecurse @158.74.30.103 bounce.connect.hhs.gov txt
"v=spf1 ip4:158.72.139.19 ip4:158.70.144.146 include:cust-spf.exacttarget.com 
-all"
ale@pcale:~$
ale@pcale:~$ dig +short +norecurse @158.74.30.103 _dmarc.bounce.connect.hhs.gov 
txt
;; communications error to 158.74.30.103#53: timed out
;; communications error to 158.74.30.103#53: timed out
;; communications error to 158.74.30.103#53: timed out
;; no servers could be reached

Note that the server is firewalled and is not reachable by ping or traceroute.

I suspect they tried to put a filter on port 53 too, to avoid too many queries, 
and filter off _dmarc because it is an invalid host.  Sounds real?!?


Best
Ale
--



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Gmail classifying message as spam based on the sending IP

[Jaroslaw Rafa via mailop]

Dnia 13.10.2023 o godz. 09:21:24 Fernando MM via mailop pisze:
> 
> I'm debugging an issue with gmail classifying a simple confirmation email
> as spam.
> 
> At my gmail account it displays "Why is this message in spam? It is similar
> to messages that were identified as spam in the past.". And at a coworker's
> account it's displaying the "This message seems dangerous" phishing warning.
[...]
> Did anyone here had similar issues in the past? Were you able to fix it
> somehow?

I have a similar issue since about 3 years, I think.

Most of the time all emails from my address (hand-written, personal messages,
NO automatically generated content at all and obviously never any spam) are
classified by Gmail as spam with the same message as yours.

Even after marking it on recipient's side as non-spam, following messages
from me are still classified as spam.

Even replies to messages I receive from Gmail users are classified as spam.

Messages with other sender domains hosted on the same server (and sent from
the same IP) go through properly. It's just that Google treats everything
that comes from my domain as spam, no matter what.

Of course SPF, DKIM, DMARC are all OK, server is not blacklisted etc. My
server and domain is on DNSWL, that also doesn't help.

I was never able to solve the issue successfully. Sometimes it disappears
for a few weeks and my emails go to Inbox just fine, but most of the time
they are marked as spam.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Gmail classifying message as spam based on the sending IP

[Fernando MM via mailop]

Hi,

I'm debugging an issue with gmail classifying a simple confirmation email
as spam.

At my gmail account it displays "Why is this message in spam? It is similar
to messages that were identified as spam in the past.". And at a coworker's
account it's displaying the "This message seems dangerous" phishing warning.

If I send this message from another IP at the same /24 range, it works fine
and it's delivered to the inbox. No spam/phishing warnings. Also no
differences in SPF, DKIM etc.

The issue is that when I check Gmail's Postmaster panel, both IPs have a
HIGH reputation.

We also have the historical reputation ( since 2021 ) for these IPs saved
locally and they never had a single Medium/Bad day.

Did anyone here had similar issues in the past? Were you able to fix it
somehow?

Thanks.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] GitHub DMARC inbox bounces

[Patrick Cernko via mailop]

Hi Marcel, hi list,

On 13.10.23 10:55, Marcel Menzel via mailop wrote:
sending DMARC reports to dm...@github.com stopped working for me since 
the 4th of October, anyone experiencing the same?


Their (at Google hosted) inbox bounces with:

Message blocked
Your message to dm...@github.com has been blocked. See technical details 
below for more information.

The response was: Message bounced due to organizational settings.



same here on 2023-10-07 and -08. After that, I added them to my exclude 
list to avoid further dmarc reports and thus annoying bounces. I just 
removed github.com there again, let's see if it happens again.


Regards,
--
Patrick Cernko 



smime.p7s
Description: S/MIME Cryptographic Signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] GitHub DMARC inbox bounces

[Dominik Kupschke via mailop]

Hello Marcel,

all of my DMARC reports send to dm...@github.com this month were accepted.
There is a DMARC report for github.com almost daily send from my system.

Regards,
Dominik

Am Freitag, 13. Oktober 2023, 10:55:53 CEST schrieb Marcel Menzel via mailop:
> Hello list,
> 
> sending DMARC reports to dm...@github.com stopped working for me since 
> the 4th of October, anyone experiencing the same?
> 
> Their (at Google hosted) inbox bounces with:
> 
> Message blocked
> Your message to dm...@github.com has been blocked. See technical details 
> below for more information.
> The response was: Message bounced due to organizational settings.
> 
> 
> Regards,
> 
> Marcel Menzel

signature.asc
Description: This is a digitally signed message part.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Contact in Microsoft 365 Defender for Outlook?

[Rodolfo Saccani via mailop]

We are having issues with emails flagged as phishing by Defender (and not 
delivered) when the email contains URLs of a URL sandboxing service that 
performs security checks at click-time.
One example of a URL that is currently triggering false positives is
hxxps://blackflow[.]urlsand[.]com/?u=https%3A%2F%2Fwww.mailop.org%2F=20266bc5=91873bb2=y=y
Anyway, any URL on this domain will be flagged as phishing.

urlsand.com is the URL sandboxing service that we developed and have been 
running for years, the third level domain is used for customers who want to 
whitelable the service with their own logos and brand colors. Recently, after a 
few days we deploy a new instance of the service, all the email containing URLs 
on the domain are flagged as phishing by Defender.

URLs are rewritten for inbound emails by the ESG that sits in from the 365 
tenant and, of course, the tenant owner can set an exception but any reply sent 
externally that contains one of these URLs will be flagged as phishing and not 
delivered to external recipients on 365.

When recipients report the false positives to Microsoft, the reports are 
routinely closed with a “should have been blocked” clause, with no recourse or 
escalation path.

Is there anybody on the list that I can get in touch with in order to sort out 
this issue?

Cheers
Rodolfo

--
[signature_2066823468]

Rodolfo Saccani | CTO
Email: rodolfo.sacc...@libraesva.com | 
Phone: +3903411880307



--
This message was scanned by Libraesva ESG and is believed to be clean.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] GitHub DMARC inbox bounces

[Marcel Menzel via mailop]

Hello list,

sending DMARC reports to dm...@github.com stopped working for me since 
the 4th of October, anyone experiencing the same?


Their (at Google hosted) inbox bounces with:

Message blocked
Your message to dm...@github.com has been blocked. See technical details 
below for more information.

The response was: Message bounced due to organizational settings.


Regards,

Marcel Menzel___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop