[mailop] DMARC report generators
I guess companies are using hand-rolled DMARC report generators that don't pay attention to standards... just on my personal domains, I see multiple kinds of failures. Today I've had several with an invalid Message-Id header (no brackets, I see this from multiple sites so I guess some common report generator is doing this), Trustwave sending from an IP with invalid DNS, and this oddity from GoSecure: From: dmarc-rep...@gosecure.net To: dmarc-rep...@cmadams.net Date: Sat, 20 Jan 2024 18:17:16 + Date: Sat, 20 Jan 2024 10:17:16 -0800 Subject: Report domain: cmadams.net Submitter:gosecure.net Report-ID:3E142D0B10BBC11A97A7146A82662F23 I realized I was blocking reports as spam because of the various errors. Oops. -- Chris Adams ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Spamhaus contact?
> On 2024-01-19 at 15:42:49 UTC-0500 (Fri, 19 Jan 2024 12:42:49 -0800) > Randolf Richardson, Postmaster via mailop > > is rumored to have said: > > > Spamhaus makes the DROP data available (which I believe is also > > included in their SBL), which is useful for using firewalls to just > > block or ignore connections from the worst offenders: > > > > DROP Advisory Null List :: The Spamhaus Don't Route Or Peer > > Lists > > https://www.spamhaus.org/drop/ > > > > UCE Protect also has level 3 listings for the worst offenders, > > although I don't recall the list being downloadable for firewall use: > > > > UCEPROTECT Blacklist Policy LEVEL 3 > > https://www.uceprotect.net/en/index.php?m=3=5 > > It is important to understand that theses are RADICALLY DIFFERENT > DATASETS. > > Spamhaus DROP is a fairly small list of address blocks (supplemented by > the even smaller EDROP) that one can expect NO friendly traffic from. NO > ONE should see any collateral damage from using DROP. I didn't know about EDROP. I'll have to look into that. Thanks! > UCEPROTECT L3 is an intentional collateral damage list. If one COULD use > it as a router blocking list, one would not perceive the Internet to be > functional. Indeed. Blocking with UCEPROTECT-L3 would certainly be a BOFH move. -- Postmaster - postmas...@inter-corporate.com Randolf Richardson, CNA - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Spamhaus contact?
Dnia 19.01.2024 o godz. 12:42:49 Randolf Richardson, Postmaster via mailop pisze: > UCE Protect also has level 3 listings for the worst offenders, > although I don't recall the list being downloadable for firewall use: > > UCEPROTECT Blacklist Policy LEVEL 3 > https://www.uceprotect.net/en/index.php?m=3=5 UCEPROTECT Level 3 is totally unreliable and gives a lot of false positives. UCEPROTECT themselves ever warn against using this list for blocking. Nobody should be seriously using UCEPROTECT levels 2 and 3. Only level 1 is something that has any reliability. Also, many email operators consider UCEPROTECT being just a money-making scheme, as it is very easy to get listed by them and they request large fees for so called "express delisting". -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?
On 2024-01-14 15:28, Alexander Huynh via mailop wrote: From a spam point of view, signing up for a domain is a barrier of entry which some may consider too much trouble. This may play into why there's a larger distribution of unwanted mail on the freely-provided `*.onmicrosoft.com` subdomains. It may be useful to add that I administer a MS365 tenant, having migrated to it recently at $DAYJOB. I don't consider myself particularly skilled, so consider this a very "low-hanging-fruit" assessment. These are the situations where you'll need the onmicrosoft moniker: 1) Brand new tenant, as others have mentioned. It starts with account@.onmicrosoft.com. You're supposed to set up your domain and take it from there. 2) Forward e-mail from on-premise to cloud. When your domain points to your on-premise SMTP, you can then relay it to .mail.onmicrosoft.com. Notice that it then generates the same identifier under .*mail*.onmicrosoft.com. As far as I recall, this one is not even set up for outbound e-mail, just for inbound. 3) You *can* disable outbound for .onmicrosoft.com, and you should after you set it up - for example, our organization has bilingual domains, and as soon as I enable the option for our members to pick the domain when sending through Outlook on the Web, onmicrosoft also showed up there. Confusing and unnecessary. 4) You can NOT remove the onmicrosoft.com domain from the account, nor you can change the one you pick when creating the tenant. It is an internal reference, but that's it. This is all to say: there's no valid reason I can see for anyone to use their onmicrosoft.com domain for outbound e-mail. Even if you're relaying, you'll use .mail.onmicrosoft.com, and that's inbound only. Spammers rely on the ease of creating a 365 trial account, and .onmicrosoft.com being there and ready for action, and the fact that all e-mail admins hesitate to block the big providers. As a result, thanks to this discussion, that'll be my first thing to do on Monday. Kind regards, Alberto Abrao ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Spamhaus contact?
On 2024-01-19 at 15:42:49 UTC-0500 (Fri, 19 Jan 2024 12:42:49 -0800) Randolf Richardson, Postmaster via mailop is rumored to have said: Spamhaus makes the DROP data available (which I believe is also included in their SBL), which is useful for using firewalls to just block or ignore connections from the worst offenders: DROP Advisory Null List :: The Spamhaus Don't Route Or Peer Lists https://www.spamhaus.org/drop/ UCE Protect also has level 3 listings for the worst offenders, although I don't recall the list being downloadable for firewall use: UCEPROTECT Blacklist Policy LEVEL 3 https://www.uceprotect.net/en/index.php?m=3=5 It is important to understand that theses are RADICALLY DIFFERENT DATASETS. Spamhaus DROP is a fairly small list of address blocks (supplemented by the even smaller EDROP) that one can expect NO friendly traffic from. NO ONE should see any collateral damage from using DROP. UCEPROTECT L3 is an intentional collateral damage list. If one COULD use it as a router blocking list, one would not perceive the Internet to be functional. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
