Re: [mailop] problem setting up open-dmarc

[Odhiambo Washington via mailop]

On Wed, Feb 7, 2024 at 1:58 AM John Covici via mailop 
wrote:

> Hi.  I am trying to make sure my mail server is properly
> authenticated, and I have spf and dkim set up -- seemingly correctly
> -- but I am not sure about dmarc.  I have downloaded and installed the
> open-dmarc package and I have the text record I will have to put in
> the zone,  but I don't know what to put in
> /etc/openmarc/opendmarc.conf -- its quite a large file and I am not
> sure what I really need in it.
>
> Thanks in advance for any suggestions.
>

Once you've published SPF and DKIM records in DNS and setup your MTA to
sign outbound emails, that should be enough.
You can find tools to help generate SPF, DKIM and DMARC records on this
page: https://easydmarc.com/tools/
The one additional thing you'll need to do depends on the MTA you use -
DKIM signing. Google can help you with that, or if you say what MTA you are
using, you'll be assisted by this group.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Odhiambo Washington via mailop]

On Wed, Feb 7, 2024 at 12:37 AM Lyle Giese via mailop 
wrote:

> Are you/your company a subscriber to Spamhaus?
>
> If you abuse free access, this can happen.
>
> See for further information:
>
> https://www.spamhaus.org/organization/dnsblusage/
>
> Lyle Giese
>
I don't think it has gotten to that. Very little queries from this server.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Odhiambo Washington via mailop]

On Wed, Feb 7, 2024 at 12:53 AM Mark Milhollan 
wrote:

> On Tue, 6 Feb 2024, Odhiambo Washington wrote:
>
> >Today morning I woke up to all emails being rejected as I was using
> >zen.spamhaus.org in my dnslists.
> >Almost all incoming emails - even from gmail.com - were being rejected.
> >Did I maybe miss something?
>
> Are you using your own resolver (like BIND, Knot Resolver, or Unbound)
> rather than a public resolver (like Cloudflare, Google, or Quad9)?  You
> must else Spamhaus will return 127.255.255.254.  If your software
> blindly treats an A/TXT result as indicating the host is listed then the
> policy refusal result, 127.255.255.254/"Error: open resolver; ...", will
> make it seem like the host is listed.
>

I have my local instance of unbound resolver.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Odhiambo Washington via mailop]

On Wed, Feb 7, 2024 at 5:09 AM John Levine  wrote:

> It appears that Odhiambo Washington via mailop  said:
> >-=-=-=-=-=-
> >-=-=-=-=-=-
> >
> >Today morning I woke up to all emails being rejected as I was using
> >zen.spamhaus.org in my dnslists.
> >Almost all incoming emails - even from gmail.com - were being rejected.
> >Did I maybe miss something?
>
> Are you using a public DNS resolver like 1.1.1.1 or 8.8.8.8?  DNSBLs like
> Spamhaus don't work with them.  You have to use your own resolver or at
> least one your own network runs.
>

I am running my own local instance of unbound. It doesn't use any
forwarders.

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] problem setting up open-dmarc

[Alan Hodgson via mailop]

On Tue, 2024-02-06 at 17:46 -0500, John Covici via mailop wrote:
> Hi.  I am trying to make sure my mail server is properly
> authenticated, and I have spf and dkim set up -- seemingly
> correctly
> -- but I am not sure about dmarc.  I have downloaded and installed
> the
> open-dmarc package and I have the text record I will have to put in
> the zone,  but I don't know what to put in
> /etc/openmarc/opendmarc.conf -- its quite a large file and I am not
> sure what I really need in it.

You don't need to do anything with opendmarc to send authenticated
mail. It's used to check incoming email from other people.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] problem setting up open-dmarc

[Randolf Richardson, Postmaster via mailop]

Which mail server software and OS are you using?  Are you receiving 
some error messages (e.g., in syslog)?

I'm using Postfix on Debian, and I'd be happy to try to help you get 
things working no matter which software you're using.

The OpenDMARC package supports running as a milter, which is 
supported by most technologies.

If you can use a UNIX Domain socket you'll get better performance, 
but the permissions can be a bit of a challenge (which is why a lot 
of administrators set it up to listen on 127.0.0.1 and use TCP 
sockets instead -- I prefer UNIX Domain sockets because there's 
slightly less overhead than with TCP, but overall there generally 
won't really be a noticeable performance hit).

For my installation, /etc/opendmarc.conf has roughly half-a-dozen 
default settings, most of which I didn't need to alter.  Adding one 
line to /etc/postfix/main.cf got it all working after I made sure the 
permissions were where they needed to be for the UNIX Domain socket:

smtpd_milters = unix:/var/run/opendmarc/opendmarc.sock

This is the order that may be helpfult you that works well fo rme:

smtpd_milters =
 unix:/var/run/opendkim/opendkim.sock
 unix:/var/run/opendmarc/opendmarc.sock
 unix:/var/run/clamav/clamav-milter.ctl

Feel free to share a comment-stripped copy of your opendmarc.conf 
file here (and make sure you don't have any passwords in it; there 
shouldn't be, but do check it first before attaching to be sure), and 
I (and I'm sure other MailOp members as well) will be happy to help.

> Hi.  I am trying to make sure my mail server is properly
> authenticated, and I have spf and dkim set up -- seemingly correctly
> -- but I am not sure about dmarc.  I have downloaded and installed the
> open-dmarc package and I have the text record I will have to put in
> the zone,  but I don't know what to put in
> /etc/openmarc/opendmarc.conf -- its quite a large file and I am not
> sure what I really need in it.
> 
> Thanks in advance for any suggestions.
> 
> -- 
> Your life is like a penny.  You're going to lose it.  The question is:
> How do
> you spend it?
> 
>  John Covici wb2una
>  cov...@ccs.covici.com
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] It's almost getting funny out there now..

[Randolf Richardson, Postmaster via mailop]

[Sarcasm]
Oh, but their customers would never send spam -- they pay for mail 
services, and their credit cards aren't even lost, forged, or stolen!
[/Sarcasm]

They really do need to work on customer intake, but the inflow of 
billions of dollars is likely pushing a lot of heavy rocks through 
the streams. :(

> For the record, looking at the 'too big to block' stats, and definitely 
> the o365 spam is leading the pack..
> 
> IPs that are temporarily rate limited because of too many invalid 
> recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs)
> 
> Of course, not 100% relative, as their retry algorithms can be vastly 
> different.. but the point is, it is getting to crazy levels.
> 
> And so much obvious stuff..
> 
> But just sharing one of the latest.. (Caution, headers can be forged)
> 
> X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.143.76.89)
> 
> host 103.143.76.89
> 89.76.143.103.in-addr.arpa domain name pointer unpggl.onmicrosoft.com
> 
> But of course the IP is on OBHost LLC
> 
> X-EL-THREAT: NO
> X-EL-SUSPECT: NO
> X-Vade-Score: 0
> X-Vade-State: 0
> X-MS-Exchange-SenderADCheck: 2
> X-Microsoft-Antispam-Untrusted: BCL:0;
> X-Microsoft-Antispam-Message-Info-Original:
> X-Forefront-Antispam-Report-Untrusted: .. :NSPM; ..
> X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
> TenantId=b86cf7d6-acf7-4a9b-8515-21b3b6e45fa1;Ip=[103.143.76.89];Helo=[bishopstown-cs.ie]
> 
> All of these spam protections can't help at o365 outbound, but yet 
> simple email filters can inbound?
> 
> Just a once a month rant, when billion dollar companies are not 
> responsible for the threats leaving their networks..
> 
> 
> 
> 
> 
> -- 
> "Catch the Magic of Linux..."
> 
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
> A Wizard IT Company - For More Info http://www.wizard.ca
> "LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop


-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus SBL listing fonts.googleapis.com

[Randolf Richardson, Postmaster via mailop]

> It appears that Andreas Schamanek via mailop  said:
> >
> >Hi mailops,
> >
> >Thought some might be interested, though those affected sure already 
> >know:
> >
> >On January 25 I was alerted to false positives due to Spamhaus SBL 
> >listing IP addresses of fonts.googleapis.com.

The IP addresses for "fonts.googleapis.com" are:
142.250.217.106
2607:f8b0:400a:800::200a

> Are those IPs supposed to send mail?  If not, why would an SBL listing, even
> a mistaken one, matter?

I did some digging, and this is what I found with regard to a few of 
Google's domain names (since Andreas Schamanek's original query to 
this mailing list didn't mention any of the senders' domain names):

1. the SPF record for "googleapis.com" hard fails everything 
(so I 
wouldn't be expecting any eMails from addresses at googleapis.com):

SPF policy analysis --> hardfail with -all

https://www.openspf.ca/tools/analyze-spf.perl?z=googleapis.com

2. the SPF record for "google.com" doesn't allow mail from the 
aforementioned IPv4 address of 142.250.217.106, but it does allow 
mail from the IPv6 address 2607:f8b0:400a:800::200a:

SPF policy analysis --> pass for 2607:f8b0:4000::/36

https://www.openspf.ca/tools/analyze-spf.perl?z=google.com

3. the SPF record for "gmail.com" yields the same inclusion as 
for 
"google.com" (which is not surprising), and gives a pass only for the 
IPv6 address:

SPF policy analysis --> pass for 2607:f8b0:4000::/36

https://www.openspf.ca/tools/analyze-spf.perl?z=gmail.com

So, it doesn't seem to matter about eMail from fonts.googleapis.com 
(there's no SPF record for this third-level "fonts") as there 
obviously shouldn't be any coming from that domain name at either the 
second-level (as per policy) or the third-level (as per an educated 
guess based on the fact that Google publishes SPF records).

SPF policy test -- soft fail (yellow) for "fonts.googleapis.com"

https://www.openspf.ca/why.perl?id=nobody%40fonts.googleapis.com=142.250.217.106

SPF policy test -- hard fail (red) for "googleapis.com"

https://www.openspf.ca/why.perl?id=nobody%40googleapis.com=142.250.217.106

As for eMail from other domains on those IP addresses, it's 
difficult to say, but since both the IPv4 and IPv6 addresses 
mentioned are owned by Google (according to WHOIS queries), I think 
it's reasonable to assume that, for their main domain names, Google 
doesn't intend to send eMail from the IPv4 address and may have 
included the IPv6 address as a side-effect of being concise by 
specifying larger netblocks in their SPF records.  (Of course, for 
more certainty it would be prudent to ask Google's NOC directly.)

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, Beautiful British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] It's almost getting funny out there now..

[John Levine via mailop]

It appears that Michael Peddemors via mailop  said:
>Obviously.. ;) Unless you are renting from OBHost LLC
>
>But you can see the offender is using a onmicrosoft.com PTR record..

Please don't tell ua that you are using names from PTR records without
checking that they resolve back to the same IP.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[John Levine via mailop]

It appears that Odhiambo Washington via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Today morning I woke up to all emails being rejected as I was using
>zen.spamhaus.org in my dnslists.
>Almost all incoming emails - even from gmail.com - were being rejected.
>Did I maybe miss something?

Are you using a public DNS resolver like 1.1.1.1 or 8.8.8.8?  DNSBLs like
Spamhaus don't work with them.  You have to use your own resolver or at
least one your own network runs.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] It's almost getting funny out there now..

[Michael Peddemors via mailop]

Obviously.. ;) Unless you are renting from OBHost LLC

But you can see the offender is using a onmicrosoft.com PTR record..

hehehe.. passing off as if microsoft, sure you have people that can do 
cease and desist ..


Not the first time we see offenders using microsoft PTR's.

On 2024-02-06 16:19, Michael Wise wrote:


103.143.76.89 is not a Microsoft IP.
At all.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Michael Peddemors via 
mailop
Sent: Tuesday, February 6, 2024 1:52 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] It's almost getting funny out there now..

For the record, looking at the 'too big to block' stats, and definitely
the o365 spam is leading the pack..

IPs that are temporarily rate limited because of too many invalid
recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs)

Of course, not 100% relative, as their retry algorithms can be vastly
different.. but the point is, it is getting to crazy levels.

And so much obvious stuff..

But just sharing one of the latest.. (Caution, headers can be forged)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.143.76.89)

host 103.143.76.89
89.76.143.103.in-addr.arpa domain name pointer unpggl.onmicrosoft.com

But of course the IP is on OBHost LLC

X-EL-THREAT: NO
X-EL-SUSPECT: NO
X-Vade-Score: 0
X-Vade-State: 0
X-MS-Exchange-SenderADCheck: 2
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
X-Forefront-Antispam-Report-Untrusted: .. :NSPM; ..
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=b86cf7d6-acf7-4a9b-8515-21b3b6e45fa1;Ip=[103.143.76.89];Helo=[bishopstown-cs.ie]

All of these spam protections can't help at o365 outbound, but yet
simple email filters can inbound?

Just a once a month rant, when billion dollar companies are not
responsible for the threats leaving their networks..





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com/ @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca/
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] It's almost getting funny out there now..

[Michael Wise via mailop]

103.143.76.89 is not a Microsoft IP.
At all.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?

-Original Message-
From: mailop  On Behalf Of Michael Peddemors via 
mailop
Sent: Tuesday, February 6, 2024 1:52 PM
To: mailop@mailop.org
Subject: [EXTERNAL] [mailop] It's almost getting funny out there now..

For the record, looking at the 'too big to block' stats, and definitely
the o365 spam is leading the pack..

IPs that are temporarily rate limited because of too many invalid
recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs)

Of course, not 100% relative, as their retry algorithms can be vastly
different.. but the point is, it is getting to crazy levels.

And so much obvious stuff..

But just sharing one of the latest.. (Caution, headers can be forged)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.143.76.89)

host 103.143.76.89
89.76.143.103.in-addr.arpa domain name pointer unpggl.onmicrosoft.com

But of course the IP is on OBHost LLC

X-EL-THREAT: NO
X-EL-SUSPECT: NO
X-Vade-Score: 0
X-Vade-State: 0
X-MS-Exchange-SenderADCheck: 2
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
X-Forefront-Antispam-Report-Untrusted: .. :NSPM; ..
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=b86cf7d6-acf7-4a9b-8515-21b3b6e45fa1;Ip=[103.143.76.89];Helo=[bishopstown-cs.ie]

All of these spam protections can't help at o365 outbound, but yet
simple email filters can inbound?

Just a once a month rant, when billion dollar companies are not
responsible for the threats leaving their networks..





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com/ @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca/
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DMARC external destination verification ignored?

[Ángel via mailop]

On 2024-02-06 at 15:55 +, Vitali wrote:
> 
> Are they violating the RFC or is there a new DMARC report exception
> if both domains share the MX root domain?
> 
> Thank you.
> Vitali

It would have been preferable that you shared that domain, but it does
seem to violate the RFC.
The only pecuiar bit I see is that _report._dmarc.emailzustellbarkeit.d
e IS set.

$ dig  _report._dmarc.emailzustellbarkeit.de txt
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52922
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; ANSWER SECTION:
_report._dmarc.emailzustellbarkeit.de. 7200 IN TXT "v=DMARC1"


but the RFC is clear that the wildcard need to be on *._report._dmarc.e
mailzustellbarkeit.de, a record on
 _report._dmarc.emailzustellbarkeit.de wouldn't match

(and, if strictly conforming, there should also be a semicolon after
"DMARC1")


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] problem setting up open-dmarc

[Michael Peddemors via mailop]

Some days.. it's like F* DMARC.. hehehe..

Anything that created a multi-million dollar industry of consultants on 
how to set up DMARC, well.. email should NOT be that difficult..


I still remember when email administrators didn't know how to set up DNS 
correctly.. (oh wait, some still do)


You went the path of SPF, and even went a step farther with DKIM.. I 
would not sweat DMARC yet.. (next it will be the rest of the ARC stuff)


I know, probably not a popular opinion on this list but.. IMHO

Unless you are a big budget email sender, don't stress to much.  Maybe 
tomorrow we will need something like DMARC, but thankfully not yet today.



On 2024-02-06 14:46, John Covici via mailop wrote:

Hi.  I am trying to make sure my mail server is properly
authenticated, and I have spf and dkim set up -- seemingly correctly
-- but I am not sure about dmarc.  I have downloaded and installed the
open-dmarc package and I have the text record I will have to put in
the zone,  but I don't know what to put in
/etc/openmarc/opendmarc.conf -- its quite a large file and I am not
sure what I really need in it.

Thanks in advance for any suggestions.




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus SBL listing fonts.googleapis.com

[Ángel via mailop]

On 2024-02-06 at 21:52 +0100, Andreas Schamanek wrote:
> Thanks, that's the aspect my foggy brain missed. It only matters for 
> those who check URIs, especially if found in the body, or more 
> precisely the IPs of the hostnames of these URIs.
> 
> (...)
> 
> So, I still got questions :) like why did these IPs end up on SBL in 
> the first place, and why does Spamhaus check against them?

Since you noticed this, you must be receiving emails containing urls to
fonts.googleapis.com (most probably inside some CSS rule to explicitly
set an specific typeface).

Just like whoever is sending you this, some spammers will be doing the
same. And thus, fonts.googleapis.com ends up listed. 

I see little reason to hotlink a font in an email, but either those
doing that care a lot about the typeface, or they are blindly copying
their website CSS which contains those urls.

Checking of the urls included in the mail was probably intended for
linkable urls (and, maybe, images), but if the email contains more
urls, checking them is one more point that can be used on the war of
discerning ham from spam.

I think there is a spamassassin setting you could use so that
fonts.googleapis.com bypass the filter.

Regards


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] problem setting up open-dmarc

[John Covici via mailop]

Hi.  I am trying to make sure my mail server is properly
authenticated, and I have spf and dkim set up -- seemingly correctly
-- but I am not sure about dmarc.  I have downloaded and installed the
open-dmarc package and I have the text record I will have to put in
the zone,  but I don't know what to put in
/etc/openmarc/opendmarc.conf -- its quite a large file and I am not
sure what I really need in it.

Thanks in advance for any suggestions.

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici wb2una
 cov...@ccs.covici.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Looking for feedback on the Certified Senders Alliance (CSA)

[Gellner, Oliver via mailop]

On 06.02.2024 at 21:06 Al Iverson via mailop wrote:

I also observed them ejecting a company from their
organization for not following their rules. I can't really go into
specifics on that one.

CSA actually publishes the names of the companies whose membership has recently 
been suspended on their website: https://certified-senders.org/participants/


On Tue, Feb 6, 2024 at 10:57 AM Anael MOBILIA via mailop
 wrote:

Hello,


I'm looking for feedback on the Certified Senders Alliance (CSA).


My current reasoning : at job, we provide a SaaS solution for cash
collection & credit management.

This implies to send emails to end customers in order to exchange about
incoming invoices. We sent emails to servers all around the globe,
actually mostly in Europe.

Email volume is not so big as today (~350k per month) but is still
increasing.


I'm looking to maintain high quality reputation / deliverability and
equally to ensure we provide state-of-the-art technical service.

Best-practices (SPF, DKIM, DMARC, user consent, Unsubscribe, email
quality, RBL, Google / Microsoft tools registration, ...) are already
implemented, but I'm still searching to go further.


I was recently told about the CSA / Certified Senders Alliance which is
a paid service which is warranting that members apply a set of legal and
technical criteria (best practices in fact) and could help to improve
email deliverability on some "too big to fail" (looking for example to
O365). This could be an additional asset for email companies which don't
take only technical statement for ensuring email deliverability.


Some members of this mailing list are active within the CSA and their support 
will probably also answer your questions. I think there is no reason to believe 
that they are not keeping their promises - it’s just that in the end it means 
paying money to be included onto a whitelist or get access to the FBL of 
participating mailbox providers.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Mark Milhollan via mailop]

On Tue, 6 Feb 2024, Odhiambo Washington wrote:


Today morning I woke up to all emails being rejected as I was using
zen.spamhaus.org in my dnslists.
Almost all incoming emails - even from gmail.com - were being rejected.
Did I maybe miss something?


Are you using your own resolver (like BIND, Knot Resolver, or Unbound) 
rather than a public resolver (like Cloudflare, Google, or Quad9)?  You 
must else Spamhaus will return 127.255.255.254.  If your software 
blindly treats an A/TXT result as indicating the host is listed then the 
policy refusal result, 127.255.255.254/"Error: open resolver; ...", will 
make it seem like the host is listed.



/mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] It's almost getting funny out there now..

[Michael Peddemors via mailop]

For the record, looking at the 'too big to block' stats, and definitely 
the o365 spam is leading the pack..


IPs that are temporarily rate limited because of too many invalid 
recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs)


Of course, not 100% relative, as their retry algorithms can be vastly 
different.. but the point is, it is getting to crazy levels.


And so much obvious stuff..

But just sharing one of the latest.. (Caution, headers can be forged)

X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 103.143.76.89)

host 103.143.76.89
89.76.143.103.in-addr.arpa domain name pointer unpggl.onmicrosoft.com

But of course the IP is on OBHost LLC

X-EL-THREAT: NO
X-EL-SUSPECT: NO
X-Vade-Score: 0
X-Vade-State: 0
X-MS-Exchange-SenderADCheck: 2
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
X-Forefront-Antispam-Report-Untrusted: .. :NSPM; ..
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
TenantId=b86cf7d6-acf7-4a9b-8515-21b3b6e45fa1;Ip=[103.143.76.89];Helo=[bishopstown-cs.ie]


All of these spam protections can't help at o365 outbound, but yet 
simple email filters can inbound?


Just a once a month rant, when billion dollar companies are not 
responsible for the threats leaving their networks..






--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Looking for feedback on the Certified Senders Alliance (CSA)

[Anne Mitchell via mailop]

> On Feb 6, 2024, at 12:59 PM, Al Iverson via mailop  wrote:
> 
> I have worked with people from the CSA over the past few years, mostly
> on webinar training sessions, and they seem kind and seem to care
> about email. I also observed them ejecting a company from their
> organization for not following their rules. I can't really go into
> specifics on that one. I don't have hard data regarding CSA
> participation improving your deliverability results, but I do like
> them as people and I believe them to be legitimate.

Agree 100% with Al here; in fact spoke very recently with someone in management 
over there and I have nothing but respect for what they are doing and what they 
are about.

Anne

__
Get the Good Sender Seal of Approval!  Our Good Senders List™ email 
certification is respected around the world so that the email you send goes to 
the inbox, not the junk folder.  Learn more at gettotheinbox.com

Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Get to the Inbox by SuretyMail
Creator of the term 'deliverability' and founder of the deliverability industry
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Board of Directors, Denver Internet Exchange


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Graeme Fowler via mailop]

On 6 February 2024 20:51:59 Odhiambo Washington via mailop 
 wrote:
Today morning I woke up to all emails being rejected as I was using 
zen.spamhaus.org in my dnslists.

Almost all incoming emails - even from gmail.com - were being rejected.

Did I maybe miss something


Are you checking the return codes from the lookup for validity, or just 
rejecting on a return code existing?


If you're using public resolvers, or your own resolvers are over the query 
threshold that's documented by SH, you'll need to register. Their docs are 
very clear and helpful.


Graeme
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Lyle Giese via mailop]

Are you/your company a subscriber to Spamhaus?

If you abuse free access, this can happen.

See for further information:

https://www.spamhaus.org/organization/dnsblusage/

Lyle Giese

On 2/6/24 14:50, Odhiambo Washington via mailop wrote:
Today morning I woke up to all emails being rejected as I was using 
zen.spamhaus.org  in my dnslists.
Almost all incoming emails - even from gmail.com  - 
were being rejected.

Did I maybe miss something?

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions: 
http://www.catb.org/~esr/faqs/smart-questions.html]


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] zen.spamhaus.org

[Marco Moock via mailop]

Am 06.02.2024 um 23:50:14 Uhr schrieb Odhiambo Washington via mailop:

> Today morning I woke up to all emails being rejected as I was using
> zen.spamhaus.org in my dnslists.
> Almost all incoming emails - even from gmail.com - were being
> rejected. Did I maybe miss something?

Most likely your IP is banned from the DNS by spamhaus because of too
many DNS requests to them.
Check the response code, spamhaus offers an explanation for all of
them..
Some MTAs like sendmail also offer to only reject on special A records
received by the dnsbl to avoid mails being rejected because you are
ratelimited at spamhaus.

-- 
Gruß
Marco

Spam und Werbung bitte an ichschickerekl...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Support contact for Shaw.ca

[Scott Undercofler via mailop]

Replied of list. Sent from my iPhoneOn Feb 6, 2024, at 1:42 PM, Aric Archebelle-Smith via mailop  wrote:Hi all,I'm also looking for a contact for Shaw.ca, but it is not related to the changes due to the SMTP smuggling vulnerability. I've reached out to postmas...@shaw.ca, but have not received a response. Beginning in late January, we received user reports that mail was not being delivered to Shaw.ca addresses. Users did not receive a non-delivery notification, but our logs show the following rejection: status=sent (250 2.0.0 xxx...@pobox.com sender rejected.)If anyone could point me in the right direction, it'd be greatly appreciated.Cheers,Aric Archebelle-Smith___mailop mailing listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus SBL listing fonts.googleapis.com

[Andreas Schamanek via mailop]

On Tue, 6 Feb 2024, at 15:24, John Levine via mailop wrote:

On January 25 I was alerted to false positives due to Spamhaus SBL 
listing IP addresses of fonts.googleapis.com.


Are those IPs supposed to send mail?  If not, why would an SBL 
listing, even a mistaken one, matter?


Thanks, that's the aspect my foggy brain missed. It only matters for 
those who check URIs, especially if found in the body, or more 
precisely the IPs of the hostnames of these URIs.


That's what their SpamAssassin Plugin for DQS does, cf. 
https://github.com/spamhaus/spamassassin-dqs


Rules URIBL_SBL_A and SH_BODYURI_REVERSE_SBL cause a very high rate of 
FPs (with default settings). The descriptions are


  Contains URL's A record listed in the Spamhaus SBL blocklist
  [URIs: fonts.googleapis.com]

  The corresponding A record of an URI contained in the body is
  listed in SBL [142.250.74.202]

So, I still got questions :) like why did these IPs end up on SBL in 
the first place, and why does Spamhaus check against them?


--
-- Andreas

 :-)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] zen.spamhaus.org

[Odhiambo Washington via mailop]

Today morning I woke up to all emails being rejected as I was using
zen.spamhaus.org in my dnslists.
Almost all incoming emails - even from gmail.com - were being rejected.
Did I maybe miss something?

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Support contact for Shaw.ca

[Aric Archebelle-Smith via mailop]

Hi all,

I'm also looking for a contact for Shaw.ca, but it is not related to the 
changes due to the SMTP smuggling vulnerability. I've reached out to 
postmas...@shaw.ca, but have not received a response.

Beginning in late January, we received user reports that mail was not being 
delivered to Shaw.ca addresses. Users did not receive a non-delivery 
notification, but our logs show the following rejection: `status=sent (250 
2.0.0 xxx...@pobox.com sender rejected.)`

If anyone could point me in the right direction, it'd be greatly appreciated.

Cheers,
Aric Archebelle-Smith
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus SBL listing fonts.googleapis.com

[John Levine via mailop]

It appears that Andreas Schamanek via mailop  said:
>
>Hi mailops,
>
>Thought some might be interested, though those affected sure already 
>know:
>
>On January 25 I was alerted to false positives due to Spamhaus SBL 
>listing IP addresses of fonts.googleapis.com.

Are those IPs supposed to send mail?  If not, why would an SBL listing, even
a mistaken one, matter?

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Spamhaus SBL listing fonts.googleapis.com

[Andreas Schamanek via mailop]

Hi mailops,

Thought some might be interested, though those affected sure already 
know:


On January 25 I was alerted to false positives due to Spamhaus SBL 
listing IP addresses of fonts.googleapis.com. According to our spam 
filter stats this, as expected, did not last long. But it seems to 
have recurred early February 3, and the listings persist until today.


I tried to contact Spamhaus via their customers contact form but 
haven't received any reply yet (also no automatic one).


So, maybe somebody reading this can actually do something about it.
Thanks in advance,

--
-- Andreas

 :-)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Looking for feedback on the Certified Senders Alliance (CSA)

[Al Iverson via mailop]

I have worked with people from the CSA over the past few years, mostly
on webinar training sessions, and they seem kind and seem to care
about email. I also observed them ejecting a company from their
organization for not following their rules. I can't really go into
specifics on that one. I don't have hard data regarding CSA
participation improving your deliverability results, but I do like
them as people and I believe them to be legitimate.

Cheers,
Al Iverson

On Tue, Feb 6, 2024 at 10:57 AM Anael MOBILIA via mailop
 wrote:
>
> Hello,
>
>
> I'm looking for feedback on the Certified Senders Alliance (CSA).
>
>
> My current reasoning : at job, we provide a SaaS solution for cash
> collection & credit management.
>
> This implies to send emails to end customers in order to exchange about
> incoming invoices. We sent emails to servers all around the globe,
> actually mostly in Europe.
>
> Email volume is not so big as today (~350k per month) but is still
> increasing.
>
>
> I'm looking to maintain high quality reputation / deliverability and
> equally to ensure we provide state-of-the-art technical service.
>
> Best-practices (SPF, DKIM, DMARC, user consent, Unsubscribe, email
> quality, RBL, Google / Microsoft tools registration, ...) are already
> implemented, but I'm still searching to go further.
>
>
> I was recently told about the CSA / Certified Senders Alliance which is
> a paid service which is warranting that members apply a set of legal and
> technical criteria (best practices in fact) and could help to improve
> email deliverability on some "too big to fail" (looking for example to
> O365). This could be an additional asset for email companies which don't
> take only technical statement for ensuring email deliverability.
>
>
> I'm looking for any feedback on the Certified Senders Alliance and any
> experience regarding deliverability change when becoming a member.
>
> I have looked on the archive of the list, some exchanges occurred years
> ago, but I didn't find (recent) feedback on this.
>
>
> Bests regards,
>
> Anael MOBILIA
>
>
> --
> IT Team My DSO Manager
>
> 22 chemin du Vieux Chêne, Bât. D, 38240 Meylan FRANCE
> www.mydsomanager.com
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop



-- 

Al Iverson / Deliverability blogging at https://www.spamresource.com
Subscribe to the weekly newsletter at https://ml.spamresource.com
DNS Tools: https://xnnd.com / (312) 725-0130 / Chicago (Central Time)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Looking for feedback on the Certified Senders Alliance (CSA)

[Anael MOBILIA via mailop]

Hello,


I'm looking for feedback on the Certified Senders Alliance (CSA).


My current reasoning : at job, we provide a SaaS solution for cash 
collection & credit management.


This implies to send emails to end customers in order to exchange about 
incoming invoices. We sent emails to servers all around the globe, 
actually mostly in Europe.


Email volume is not so big as today (~350k per month) but is still 
increasing.



I'm looking to maintain high quality reputation / deliverability and 
equally to ensure we provide state-of-the-art technical service.


Best-practices (SPF, DKIM, DMARC, user consent, Unsubscribe, email 
quality, RBL, Google / Microsoft tools registration, ...) are already 
implemented, but I'm still searching to go further.



I was recently told about the CSA / Certified Senders Alliance which is 
a paid service which is warranting that members apply a set of legal and 
technical criteria (best practices in fact) and could help to improve 
email deliverability on some "too big to fail" (looking for example to 
O365). This could be an additional asset for email companies which don't 
take only technical statement for ensuring email deliverability.



I'm looking for any feedback on the Certified Senders Alliance and any 
experience regarding deliverability change when becoming a member.


I have looked on the archive of the list, some exchanges occurred years 
ago, but I didn't find (recent) feedback on this.



Bests regards,

Anael MOBILIA


--
IT Team My DSO Manager

22 chemin du Vieux Chêne, Bât. D, 38240 Meylan FRANCE
www.mydsomanager.com

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] DMARC external destination verification ignored?

[Vitali via mailop]

Hi list,

I've found this case where DMARC reports are sent to an external destination 
without the verification TXT record being published.

```

❯dig _dmarc.[redacted] txt +short

"v=DMARC1; p=none; rua=mailto:dm...@emailzustellbarkeit.de;

```

The external destination domain does not publish a `v=DMARC1;` TXT record for 
that domain.

```

❯dig[redacted]._report._dmarc.emailzustellbarkeit.de txt

[...]

;; QUESTION SECTION:

;[redacted]._report._dmarc.emailzustellbarkeit.de. INTXT

;; AUTHORITY SECTION:

emailzustellbarkeit.de.1614INSOAns5.kasserver.com. hostmaster.kasserver.com. 
2401241842 28800 7200 1209600 7200

[...]

```

The only common factor is the root domain of the MX record.

```

❯dig[redacted]mx +short

10 w01ad564.kasserver.com.

❯dig emailzustellbarkeit.de mx +short

10 w01b9b8a.kasserver.com.

```

Some ISPs that send reports are Microsoft (Outlook), Seznam, emailsrvr. I 
already reached out to emailsrvr but didn't get a response yet.

Are they violating the RFC or is there a new DMARC report exception if both 
domains share the MX root domain?

Thank you.Vitali

Sent with [Proton Mail](https://proton.me/) secure email.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] ebay postmaster contact

[Marco Moock via mailop]

Am 29.01.2024 um 14:05:30 Uhr schrieb Michael Peddemors via mailop:

> And of course, this 'could' be caused by backscatter on their
> servers, if the emails originated from your server ;)
> 
> Ensure your domains have SPF records of course, but we need more 
> information on the list to determine if this is forgeries, or an eBay 
> inherent problem.

It is not a bounce, it is a legit email from ebay from an existing ebay
account that matches the actions the user does (like receiving a oder
confirmation and invoice after an order).
If have already contacted the owner of the account and he confirmed
that the mail address root@out.domain isn't listed in his ebay
preferences.

-- 
Gruß
Marco

Spam und Werbung bitte an ichschickerekl...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Outbound Spam Seemingly Has Morphed

[L. Mark Stone via mailop]

Thanks for diving deeper there. 

One other issue is that the recipient addresses do not exist on our system. 

But more importantly, at the time of posting there were no subdomain DNS 
records for the sender’s domain. We’ve seen bad actors leverage legitimate 
company’s unprotected subdomains before. 

We remain comfortable blocking that subdomain. 

All the best,
Mark
___
L. Mark Stone
Sent from my iPhone

> On Feb 6, 2024, at 5:17 AM, Gellner, Oliver via mailop  
> wrote:
> 
> On 05.02.2024 at 13:55 L. Mark Stone via mailop wrote
> 
>> Overnight in our logs, we are starting to see Microsoft spam like this:
>> Feb  5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from 
>> mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]: 
>> : Sender address triggers FILTER 
>> smtp-amavis:[127.0.0.1]:10024; from= 
>> to= proto=ESMTP 
>> helo=
>> We have banned the Bing subdomain above.
> 
> Hello Mark,
> 
> what kind of spam did come from this domain? I checked some of those messages 
> and they seem to be news aggregations mixed together with advertisements, 
> created by a bot that Microsoft calls Start. Not very valuable, but I guess 
> the users subscribed to this on the Microsoft Bing news page.
> 
> --
> BR Oliver
> 
> 
> dmTECH GmbH
> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
> Telefon 0721 5592-2500 Telefax 0721 5592-2777
> dmt...@dm.de * www.dmTECH.de
> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
> 
> Datenschutzrechtliche Informationen
> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
> ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder 
> sich bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen 
> unter anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren 
> Rechten sowie die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
> hier.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] DKIM signed with parent domain

[Marco Moock via mailop]

Am 27.01.2024 um 13:46:34 Uhr schrieb Gellner, Oliver via mailop:

> If I as a customer or business partner would receive emails which are
> coming from apa...@webserver1.company.tld then I‘d be under the
> impression that this company lost control of their infrastructure.
> But maybe that’s just me.

It depends on the situation.
We have a big site with distributed administration, but a central mail
relay.
Many server send logs to the admins and the admins are not always on
mail servers in our site.
We sometimes don't even have control over then DNS zones because they
operate their own DNS.

Some machines also use common names, like registration.example.org. We
know use DKIM with a parent domain and Google seems to accept that.
But we noticed that Google doesn't enforce its hard DKIM/SPF policies
anymore here.

-- 
Gruß
Marco

Spam und Werbung bitte an ichschickerekl...@cartoonies.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Microsoft Outbound Spam Seemingly Has Morphed

[Gellner, Oliver via mailop]

On 05.02.2024 at 13:55 L. Mark Stone via mailop wrote

> Overnight in our logs, we are starting to see Microsoft spam like this:
> Feb  5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from 
> mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]: 
> : Sender address triggers FILTER 
> smtp-amavis:[127.0.0.1]:10024; from= 
> to= proto=ESMTP 
> helo=
> We have banned the Bing subdomain above.

Hello Mark,

what kind of spam did come from this domain? I checked some of those messages 
and they seem to be news aggregations mixed together with advertisements, 
created by a bot that Microsoft calls Start. Not very valuable, but I guess the 
users subscribed to this on the Microsoft Bing news page.

--
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop