Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote:
> >> On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
> >>> On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
>  Ok sorry not "most" but "some may"...
> 
>  My checkpoint rep said that they get their reputation lists from other
>  companies... is it wrong ?
> >>>
> >>> It's possible that Check Point are just an aggregator and don't actually
> >>> have first-hand data. But I don't think of Check Point when somebody
> >>> says DNSBL, which may be my own failure :-D
> >>>
> >>> As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
> >>> SORBS, UCEProtect, PSBL at least all have their own data, I would
> >>> even go so far as to guess "exclusively".
> >>
> >> You didn't accidentally ignore "SpamRats" did you? ;)  But we do have
> >> 'some' reports of aggregators querying our data.. And of course there
> >> are licensed users of our data. And there are some that 'white label'
> >> the rejection, as if it is their own data..
> >>
> >> But in general, there isn't much 'sharing' of data, some consolidation
> >> of data from various sources.
> >>
> >> For the REALLY bad guys though, it would be nice if there was more
> >> sharing of data.. Or maybe an industry 'do not route' that all RBL
> >> providers can include.
> > 
> > Spamhaus makes the DROP data available (which I believe is also
> > included in their SBL), which is useful for using firewalls to just
> > block or ignore connections from the worst offenders:
> > 
> > DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
> > Lists
> > https://www.spamhaus.org/drop/
> > 
> > UCE Protect also has level 3 listings for the worst offenders,
> > although I don't recall the list being downloadable for firewall use:
> > 
> > UCEPROTECT Blacklist Policy LEVEL 3
> > https://www.uceprotect.net/en/index.php?m=3=5
> > 
> > The problem with all DNSBL providers including the same data from
> > one source is that errors can unfairly penalize with major impact
> > that DNSBL operators generally try to prevent.
> > 
> >> A great believer in sharing, but we do all have to pay the bills.
> > 
> > The entire open source software movement is probably one of the very
> > best examples of altruistic sharing.  Supporting people who create
> > useful open source solutions and/or contribute to open source deserve
> > financial support so they can more easily pay their bills too. :)
> > 
> 
> Well, technically UCEPROTECT-3 is not really a DROP list.  And of 
> course, every RBL provider uses different logic to determine what is a 
> DROP list.
> 
> What would be nice, is to be able to have a single system, that takes in 
> data from say SpamHuas DROP lists, as well as others like our own 
> RATS-NULL list, and create a publicly accessible DROP list compiled by 
> the evidence of multiple providers.

I would be willing to facilitate this from the LumberCartel.ca web 
site.  Do you know some DNSBL operators who would be interested in 
sending automated updates or providing me with a way to download the 
updates periodically each day?

> With no single entity setting the reputation, and with public evidence, 
> it would make it a lot easier for the internet as a whole to trust this 
> data, and separate the bad operators from the internet as a whole.

Yes!

> Most of us in the industry know the real bad actors, bulletproof 
> hosters, hacker havens etc.. but it is a shame that everyone as a whole 
> is not protected from them.

...and spam sewers (nobody likes to mention this because it stinks 
so badly, and it never did get cleaned up despite the best efforts of 
so many NANAE regulars in the early days).

> A common source of reputation, something that say every Linux, Apple, 
> and Windows system could trust and enable by default at the network 
> layer.. Just not sure how to realistically make that happen, or how 
> those dedicated to the data intelligence and gathering could maintain 
> viability (eg, who pays for that work to continue).

I'd be happy to write the scripts to generate different formats for 
the various firewalls, DNS zones, SpamAssassin rules, and mail server 
lists, and add support for new ones as they come up.

> Without eating your own lunch.

I envision making this available for free, and crediting all 
contributors (who are okay with being credited).

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Michael Peddemors via mailop]

On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote:

On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:

On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:

Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?


It's possible that Check Point are just an aggregator and don't actually
have first-hand data. But I don't think of Check Point when somebody
says DNSBL, which may be my own failure :-D

As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
SORBS, UCEProtect, PSBL at least all have their own data, I would
even go so far as to guess "exclusively".


You didn't accidentally ignore "SpamRats" did you? ;)  But we do have
'some' reports of aggregators querying our data.. And of course there
are licensed users of our data. And there are some that 'white label'
the rejection, as if it is their own data..

But in general, there isn't much 'sharing' of data, some consolidation
of data from various sources.

For the REALLY bad guys though, it would be nice if there was more
sharing of data.. Or maybe an industry 'do not route' that all RBL
providers can include.


Spamhaus makes the DROP data available (which I believe is also
included in their SBL), which is useful for using firewalls to just
block or ignore connections from the worst offenders:

DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
Lists
https://www.spamhaus.org/drop/

UCE Protect also has level 3 listings for the worst offenders,
although I don't recall the list being downloadable for firewall use:

UCEPROTECT Blacklist Policy LEVEL 3
https://www.uceprotect.net/en/index.php?m=3=5

The problem with all DNSBL providers including the same data from
one source is that errors can unfairly penalize with major impact
that DNSBL operators generally try to prevent.


A great believer in sharing, but we do all have to pay the bills.


The entire open source software movement is probably one of the very
best examples of altruistic sharing.  Supporting people who create
useful open source solutions and/or contribute to open source deserve
financial support so they can more easily pay their bills too. :)



Well, technically UCEPROTECT-3 is not really a DROP list.  And of 
course, every RBL provider uses different logic to determine what is a 
DROP list.


What would be nice, is to be able to have a single system, that takes in 
data from say SpamHuas DROP lists, as well as others like our own 
RATS-NULL list, and create a publicly accessible DROP list compiled by 
the evidence of multiple providers.


With no single entity setting the reputation, and with public evidence, 
it would make it a lot easier for the internet as a whole to trust this 
data, and separate the bad operators from the internet as a whole.


Most of us in the industry know the real bad actors, bulletproof 
hosters, hacker havens etc.. but it is a shame that everyone as a whole 
is not protected from them.


A common source of reputation, something that say every Linux, Apple, 
and Windows system could trust and enable by default at the network 
layer.. Just not sure how to realistically make that happen, or how 
those dedicated to the data intelligence and gathering could maintain 
viability (eg, who pays for that work to continue).


Without eating your own lunch.


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
> > On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
> >> Ok sorry not "most" but "some may"...
> >>
> >> My checkpoint rep said that they get their reputation lists from other
> >> companies... is it wrong ?
> > 
> > It's possible that Check Point are just an aggregator and don't actually
> > have first-hand data. But I don't think of Check Point when somebody
> > says DNSBL, which may be my own failure :-D
> > 
> > As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
> > SORBS, UCEProtect, PSBL at least all have their own data, I would
> > even go so far as to guess "exclusively".
> 
> You didn't accidentally ignore "SpamRats" did you? ;)  But we do have 
> 'some' reports of aggregators querying our data.. And of course there 
> are licensed users of our data. And there are some that 'white label' 
> the rejection, as if it is their own data..
> 
> But in general, there isn't much 'sharing' of data, some consolidation 
> of data from various sources.
> 
> For the REALLY bad guys though, it would be nice if there was more 
> sharing of data.. Or maybe an industry 'do not route' that all RBL 
> providers can include.

Spamhaus makes the DROP data available (which I believe is also 
included in their SBL), which is useful for using firewalls to just 
block or ignore connections from the worst offenders:

DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
Lists
https://www.spamhaus.org/drop/

UCE Protect also has level 3 listings for the worst offenders, 
although I don't recall the list being downloadable for firewall use:

UCEPROTECT Blacklist Policy LEVEL 3
https://www.uceprotect.net/en/index.php?m=3=5

The problem with all DNSBL providers including the same data from 
one source is that errors can unfairly penalize with major impact 
that DNSBL operators generally try to prevent.

> A great believer in sharing, but we do all have to pay the bills.

The entire open source software movement is probably one of the very 
best examples of altruistic sharing.  Supporting people who create 
useful open source solutions and/or contribute to open source deserve 
financial support so they can more easily pay their bills too. :)

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Michael Peddemors via mailop]

On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:

On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:

Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?


It's possible that Check Point are just an aggregator and don't actually
have first-hand data. But I don't think of Check Point when somebody
says DNSBL, which may be my own failure :-D

As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
SORBS, UCEProtect, PSBL at least all have their own data, I would
even go so far as to guess "exclusively".




You didn't accidentally ignore "SpamRats" did you? ;)  But we do have 
'some' reports of aggregators querying our data.. And of course there 
are licensed users of our data. And there are some that 'white label' 
the rejection, as if it is their own data..


But in general, there isn't much 'sharing' of data, some consolidation 
of data from various sources.


For the REALLY bad guys though, it would be nice if there was more 
sharing of data.. Or maybe an industry 'do not route' that all RBL 
providers can include.


A great believer in sharing, but we do all have to pay the bills.

--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[John Levine via mailop]

It appears that hg user via mailop  said:
>Since most RBLs exchange data, ...

No, they don't.  Can we leave the conpsiracy theories at home, please?

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Anne Mitchell via mailop]

>> Small pedantic point: DNSBLs, not RBLs.
> 
> As an erstwhile MAPS employee, the persistence of this pedantry warms my 
> heart...


me too (on both counts)


> Also, to author[-1], I think it is a bit of a misimpression that DNSBL 
> operators share data. In some cases they may have overlapping sources, and 
> obviously they can query each others' lists, but there's legal peril in DNSBL 
> operators working together and using each others' non-public data. You can be 
> fairly sure that if Spamhaus and SORBS (Proofpoint) and Barracuda are all 
> listing an IP, they each have their own trustworthy data to back it up.

And this is really why I responded - because yes, so much this about the legal 
peril.


>> Graeme (wearing massive floppy felt pedant hat with huge gold tassels 
>> attached to make the point) :)

Hang on, let me don my professorial mortarboard and hood (and just *why* is it 
called a hood, anyways?)

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Bill Cole via mailop]

On 2024-01-19 at 07:03:35 UTC-0500 (Fri, 19 Jan 2024 12:03:35 +)
Simon Arlott via mailop 
is rumored to have said:


On 19/01/2024 00:33, Randolf Richardson, Postmaster via mailop wrote:

The blacklists seem to be blocking mostly the ones that send
directly from @.onmicrosoft.com addresses, which
should make filtering easy if we can confirm for certain that no
legitimate eMail has these as the sender -- that is, not in the
"Return-Path:" header and not in the "From:" header.


I have a legitimate email today from @example.onmicrosoft.com (both
envelope sender and From: header) that is a cross-organisation meeting
invite. Normally all of their email uses their domain but some 
Microsoft

software is using this internal domain for meeting invites.

Indiscriminate blocking is going to unexpectedly reject real email.


There are some very well-known major corporations who have had policies 
of rejecting any meeting invites with .ics files unless the sender is 
whitelisted. Too many people do not expect random strangers "inviting" 
them to meetings and have their settings configured to auto-accept 
invites.





--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Bill Cole via mailop]

On 2024-01-19 at 09:31:19 UTC-0500 (Fri, 19 Jan 2024 15:31:19 +0100)
hg user via mailop 
is rumored to have said:


Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?


In all likelihood that means they don't manage their own blocking 
list(s) but rather buy information from DNSBL operators and other 
assemblers of raw data such as Spamhaus, Proofpoint, Cisco, and others.  
To the best of my knowledge, Checkpoint only uses that information in 
the devices they sell customers, and they are not operating their own 
generally available DNSBL.




On Fri, Jan 19, 2024 at 10:55 AM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:


Since most RBLs exchange data,


Source?

--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Bill Cole via mailop]

On 2024-01-19 at 05:31:12 UTC-0500 (Fri, 19 Jan 2024 10:31:12 +)
Graeme Fowler via mailop 
is rumored to have said:

On 19 January 2024 06:13:20 hg user via mailop  
wrote:

Since most RBLs exchange data


Small pedantic point: DNSBLs, not RBLs.


As an erstwhile MAPS employee, the persistence of this pedantry warms my 
heart...


Also, to author[-1], I think it is a bit of a misimpression that DNSBL 
operators share data. In some cases they may have overlapping sources, 
and obviously they can query each others' lists, but there's legal peril 
in DNSBL operators working together and using each others' non-public 
data. You can be fairly sure that if Spamhaus and SORBS (Proofpoint) and 
Barracuda are all listing an IP, they each have their own trustworthy 
data to back it up.


Trend Micro would still assert that the term RBL is their trademark 
(so far as I know), plus a non-small percentage of known DNS block 
lists could not be even marginally described as "real time".


Well, there is also that...

Graeme (wearing massive floppy felt pedant hat with huge gold tassels 
attached to make the point) :)


Excellence in headgear.

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Randolf Richardson, Postmaster via mailop]

> On Wed, 17 Jan 2024 15:35:42 +0100, Hans-Martin Mosner via mailop
>  wrote:
> 
> >Am 17.01.24 um 15:20 schrieb Paul Menzel via mailop:
> >> With this in mind, did somebody compile a block list yet? Or should I just 
> >> create a whitelist? 
> >
> >A block list does not make sense, as new domains are added continuously. 
> >It's just too simple.
> 
> I have noticed the predominance of "x.onmicrosoft.com" domains in the spam
> sump here.  In many cases, the envelope from and the "friendly" from contain
> different x- domains, and these rotate rapidly.  They are either created
> algorithmically, or by persons diddling their fingers on a keyboard.

The well-known acronym of "YMMV" (Your Mileage May Vary) - or the 
Canadian alternative of "YKMV" (Your Kilometerage May Vary) - comes 
to mind as the effects seem to be somewhat inconsistent.

For example, I'm not seeing names of farm animals and vehicle brands 
intermixed in the third level of the hostnames anymore, and I wonder 
how long the pattern you're encountering will last.

> Twelve years back, when I was on the team that theoretically combated
> electronic used food both entering and exiting the Office 365 system, we saw
> the same evolving set of tricks that some of us had encountered back in the
> Dialup Epoch.  I wrote the front end for a lights-out dialup account creation
> and provisioning system, and before long the volume of code designed to
> prevent new accounts far exceeded that devoted to establishing new accounts.
> After the Company changed hands, this focus was removed from the system that
> replaced mine.
> 
> All of this is to say, you must have an active rather than reactive response
> to hostile usage of your system, whether there is definite and immediate
> revenue loss, or not.  

I agree.  Any system that shows consistency is eventually going to 
be countered by spammers, so it's a constant uphill battle. :(

> My diagnosis of MSFT's problem in doing anything effective is that the
> fundamental model of the service does not entertain the notion of a strong
> focus on being a constructive member of the net.community.  I don't know the
> current situation, but our quest to discover who actually reads and acts upon
> messages to postmas...@microsoft.com or ab...@microsoft.com eventually
> returned the answer "nobody, really".  
> 
> mdr

They're no longer bouncing from those addresses?  I guess that's 
progress of a sort.

I agree with your diagnosis -- it does seem like they really don't 
care, and that they have an exploitive attitude about internet mail.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Randolf Richardson, Postmaster via mailop]

> On 19/01/2024 00:33, Randolf Richardson, Postmaster via mailop wrote:
> > The blacklists seem to be blocking mostly the ones that send 
> > directly from @.onmicrosoft.com addresses, which 
> > should make filtering easy if we can confirm for certain that no 
> > legitimate eMail has these as the sender -- that is, not in the 
> > "Return-Path:" header and not in the "From:" header.
> 
> I have a legitimate email today from @example.onmicrosoft.com (both
> envelope sender and From: header) that is a cross-organisation meeting
> invite. Normally all of their email uses their domain but some Microsoft
> software is using this internal domain for meeting invites.
> 
> Indiscriminate blocking is going to unexpectedly reject real email.

This is an important observation -- thanks for sharing it.

Unfortunately, this ultimately means that there's one less avenue of 
defense for mail server operators, and it almost feels like an effort 
on Microsoft's part to make their onmicrosoft.com domain gradually 
immune to filters. :(

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
> Ok sorry not "most" but "some may"...
> 
> My checkpoint rep said that they get their reputation lists from other
> companies... is it wrong ?

It's possible that Check Point are just an aggregator and don't actually
have first-hand data. But I don't think of Check Point when somebody
says DNSBL, which may be my own failure :-D

As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
SORBS, UCEProtect, PSBL at least all have their own data, I would
even go so far as to guess "exclusively".

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[hg user via mailop]

Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?

On Fri, Jan 19, 2024 at 10:55 AM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:

> > Since most RBLs exchange data,
>
> Source?
>
> --
> Atro Tossavainen, Chairman of the Board
> Infinite Mho Oy, Helsinki, Finland
> tel. +358-44-5000 600, http://www.infinitemho.fi/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Benny Pedersen via mailop]

Atro Tossavainen via mailop skrev den 2024-01-19 10:48:

Since most RBLs exchange data,


Source?


sign up to dnswl.org, in that stage blacklists are checked, if accepted, 
blacklists is then ignored :)


i dont know if others doing this, i really dont care

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Sophos

[Lili Crowley via mailop]

Hey there -

Can someone from Sophos contact me off list?

Thanks!

*Lili Crowley*

she/her

Postmaster



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

[Simon Arlott via mailop]

On 19/01/2024 00:33, Randolf Richardson, Postmaster via mailop wrote:
>   The blacklists seem to be blocking mostly the ones that send 
> directly from @.onmicrosoft.com addresses, which 
> should make filtering easy if we can confirm for certain that no 
> legitimate eMail has these as the sender -- that is, not in the 
> "Return-Path:" header and not in the "From:" header.

I have a legitimate email today from @example.onmicrosoft.com (both
envelope sender and From: header) that is a cross-organisation meeting
invite. Normally all of their email uses their domain but some Microsoft
software is using this internal domain for meeting invites.

Indiscriminate blocking is going to unexpectedly reject real email.

-- 
Simon Arlott

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Graeme Fowler via mailop]

On 19 January 2024 06:13:20 hg user via mailop  wrote:

Since most RBLs exchange data


Small pedantic point: DNSBLs, not RBLs.

Trend Micro would still assert that the term RBL is their trademark (so far 
as I know), plus a non-small percentage of known DNS block lists could not 
be even marginally described as "real time".


Graeme (wearing massive floppy felt pedant hat with huge gold tassels 
attached to make the point) :)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

> Since most RBLs exchange data,

Source?

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop