Re: [mailop] Sendgrid phish of the day

2023-12-13 Thread Atro Tossavainen via mailop 
On Wed, Dec 13, 2023 at 05:53:13PM -0500, John R Levine via mailop wrote:
> Phishing their own customers.  I suppose in a karmic sense they
> deserve it.
> 
> (No, CAUCE is not a customer.)

Neither are the resources where Koli-Lõks OÜ spamtraps received the same. :-)


-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] 451-Reject due to policy restrictions from web.de and gmx.de

2023-12-13 Thread Randolf Richardson, Postmaster via mailop 
We're not seeing that error in our mail server logs here in Canada.

The trend seems to be that mail servers worldwide have gradually 
been adding DKIM signing to all outbound mail, and some are starting 
to require it of all inbound mail (we're also considering making DKIM 
signing a requirement for all inbound mail).

Feel free to ask if you have any questions about getting these 
things set up -- the SPF and DMARC part is very easy, and the DKIM 
part takes a bit of work that's well worth the effort.

Getting everything configured and tested over a few days or a 
weekend is a realistic possibility (depending on the size and 
complexity of your system, of course), and could be a nice gift for 
your users if it's working before Christmas.

> Hello all,
> 
> do any of you who do not live in Germany have this error message from 
> GMX and WEB.DE? Or is this an educational measure for German providers only?
> 
> 451-Requested action aborted\n451-Reject due to policy 
> restrictions.\n451 For explanation visit https://postmaster.gmx.net/de/
> https://postmaster.gmx.net/en/case?c=r0103
> 
> Hundreds of domains go through our servers, should we now explain to 
> every customer that if they, as German citizens, want to send an e-mail 
> to other German citizens, especially if they live with Web or GMX.de, 
> they must first populate their domains with DKIM entries? Cool thing, 
> especially so close to Christmas.
> 
> Kind regards
> Andreas
> 
> 


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid phish of the day

2023-12-13 Thread William Kern via mailop 

yeah our customers got a ton of those.

Fortunately, most of them don't even know who or what is twillio/sendgrid

-wk

On 12/13/23 2:53 PM, John R Levine via mailop wrote:
Phishing their own customers.  I suppose in a karmic sense they 
deserve it.


(No, CAUCE is not a customer.)

Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Sendgrid phish of the day

2023-12-13 Thread Randolf Richardson, Postmaster via mailop 
They sent messages to a number of our spamtraps.  I wonder if 
they'll eventually hit all of them.  :D

> Phishing their own customers.  I suppose in a karmic sense they deserve 
> it.
> 
> (No, CAUCE is not a customer.)
> 
> Regards,
> John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail. https://jl.ly


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] 451-Reject due to policy restrictions from web.de and gmx.de

2023-12-13 Thread Andreas via mailop 

Hello all,

do any of you who do not live in Germany have this error message from 
GMX and WEB.DE? Or is this an educational measure for German providers only?


451-Requested action aborted\n451-Reject due to policy 
restrictions.\n451 For explanation visit https://postmaster.gmx.net/de/

https://postmaster.gmx.net/en/case?c=r0103

Hundreds of domains go through our servers, should we now explain to 
every customer that if they, as German citizens, want to send an e-mail 
to other German citizens, especially if they live with Web or GMX.de, 
they must first populate their domains with DKIM entries? Cool thing, 
especially so close to Christmas.


Kind regards
Andreas

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] [Mailbox & Security Providers] Mandated Email Notice Announcement

2023-12-13 Thread Lili Crowley via mailop 
Thanks Justin! I'll contact you off list to review this.




*Lili Crowley*

she/her

Postmaster








On Wed, Dec 13, 2023 at 3:18 PM Justin Frechette via mailop <
mailop@mailop.org> wrote:

> Attention Mailbox & Security Providers:
>
> As outlined in the "Sending Mandated Emails to Large Audiences" Best
> Practice published by M3AAWG, this message is to inform you of a
> significant volume of email that will be sent by IDX (
> https://www.idx.us/about
> )
> via iContact (https://www.icontact.com/about
> )
> to recipients that have a higher likelihood of bouncing, reporting as spam,
> or marking as suspicious.
>
> Due to contractual privacy agreements and advice from Counsel, I am unable
> to prematurely share the specific organization that IDX (via iContact) will
> be sending these notices on behalf of in this forum. I can share that it is
> related to the Citrix NetScaler ADC and NetScaler Gateway vulnerability (
> https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed
> 
> ).
>
> I've included technical details about the notice below. If you are able to
> assist with any mitigation efforts in allowing these required notices to be
> accepted by your networks, I would greatly appreciate it.
>
> *Sending IPs:*
> 74.202.227.59
> 74.202.227.60
> 74.202.227.61
>
> From Address: i...@mail.idx.support
> Reply-To: nore...@mail.idx.support
> From Name: {REDACTED}
> Subject: Notice of Data Security Incident
> Return-Path Domain: mail.idx.support
> DKIM Domain: mail.idx.support
> FBL DKIM Domain: icontactmail10.com
> 
> (Gmail & Yahoo recipients only)
> DMARC: mail.idx.support has a published p=reject record
>
> Start Date: Monday, December 18, 2023
> End Date: Friday, January 19, 2024
> Duration: 33 calendar days
> Total Volume: 35 million recipients (1-2 million per day)
>
> These IPs and domains will not be used for any other sender during this
> time and no other content than these mandated notices.
>
> iContact has done our due diligence to remove/replace as many shared data
> points from these notices as possible. Our core sending is opt-in email
> marketing for SMBs and I would greatly appreciate any filtering you could
> do to prevent these notices from negatively impacting our other mail
> streams.
>
> My contact information is below and please reach out should you have any
> questions or concerns. Thank you again for your assistance.
>
> Justin Frechette
> Manager, Deliverability & Compliance, iContact
> Senders Co-Chair, M3AAWG
> jfreche...@icontact.com
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!Op6eflyXZCqGR5I!HPoeGnJ836iUtC0Vgzdx4hwAtdMrSQD3f95YpBH9pL4iVYbwaVCJ6JCsRpnwk5CpxYV37GmMdS3EHtltZGU$
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] [Mailbox & Security Providers] Mandated Email Notice Announcement

2023-12-13 Thread Justin Frechette via mailop 
Attention Mailbox & Security Providers:

As outlined in the "Sending Mandated Emails to Large Audiences" Best
Practice published by M3AAWG, this message is to inform you of a
significant volume of email that will be sent by IDX (
https://www.idx.us/about) via iContact (https://www.icontact.com/about) to
recipients that have a higher likelihood of bouncing, reporting as spam, or
marking as suspicious.

Due to contractual privacy agreements and advice from Counsel, I am unable
to prematurely share the specific organization that IDX (via iContact) will
be sending these notices on behalf of in this forum. I can share that it is
related to the Citrix NetScaler ADC and NetScaler Gateway vulnerability (
https://www.cisa.gov/guidance-addressing-citrix-netscaler-adc-and-gateway-vulnerability-cve-2023-4966-citrix-bleed
).

I've included technical details about the notice below. If you are able to
assist with any mitigation efforts in allowing these required notices to be
accepted by your networks, I would greatly appreciate it.

*Sending IPs:*
74.202.227.59
74.202.227.60
74.202.227.61

>From Address: i...@mail.idx.support
Reply-To: nore...@mail.idx.support
>From Name: {REDACTED}
Subject: Notice of Data Security Incident
Return-Path Domain: mail.idx.support
DKIM Domain: mail.idx.support
FBL DKIM Domain: icontactmail10.com (Gmail & Yahoo recipients only)
DMARC: mail.idx.support has a published p=reject record

Start Date: Monday, December 18, 2023
End Date: Friday, January 19, 2024
Duration: 33 calendar days
Total Volume: 35 million recipients (1-2 million per day)

These IPs and domains will not be used for any other sender during this
time and no other content than these mandated notices.

iContact has done our due diligence to remove/replace as many shared data
points from these notices as possible. Our core sending is opt-in email
marketing for SMBs and I would greatly appreciate any filtering you could
do to prevent these notices from negatively impacting our other mail
streams.

My contact information is below and please reach out should you have any
questions or concerns. Thank you again for your assistance.

Justin Frechette
Manager, Deliverability & Compliance, iContact
Senders Co-Chair, M3AAWG
jfreche...@icontact.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Docusign phishing campaign of the decade, brought to you by Microsoft?

2023-12-13 Thread Atro Tossavainen via mailop 
On Tue, Dec 12, 2023 at 06:22:10PM -0600, Jarland Donnell via mailop wrote:
> Hey friends,
> 
> Do me a favor and search your logs for this domain:
> SIBBERTLLC.onmicrosoft.com

Three hits yesterday.

> One customer received 1,347 attempted deliveries from it so far.
> Another, 823. Still counting, and plenty more but with smaller
> numbers. Is there no one at Microsoft watching anything, because if
> this doesn't set off red flags, there are no red flags.

I think there isn't.

This campaign wasn't particularly voluminous towards our spamtraps, we
frequently get hundreds and thousands of any given campaign (such as
the "meet Ukrainian ladies" fake dating scams that are being sent from
throwaway Hotmail accounts all the time).

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop