Re: [mailop] Domains discrimination

[Michael Rathbun via mailop]

On Thu, 11 Jul 2024 17:21:29 -0400, "Scott Q. via mailop" 
wrote:

>I know it's not easy to handle hundreds of millions ( billions ) of
>e-mail accounts but they should suffer the same consequences as
>everyone else if they can't keep abusers in check. 

The system here has an extensive list of local addresses that could not have
signed up to receive email.  Sending to one of them gets the connecting IP
banned for at least 1440 minutes (with escalations to 2^14 minutes) of refused
connections on any port the server listens to.

Some of these began receiving mail within hours of the domain showing an MX
record, when it was established 27 years back.

I had paid little attention to the volume of spam from @gmail accounts,
through the Google system until a long-time co-conspirator began sending me ND
notices he had gotten for stuff he sent me from his gmail account.  We whack
at least one per day, at the moment; judging by the recidivism rate, it's
likely that a major part of their farm would be in the 
> 530 4.7.0 Connection refused 
territory.

Imagine if everybody did this.


>Just my 2 cents.

And raise you 1.

mdr
-- 
   Sometimes half-ass is exactly the right amount of ass.
   -- Wonderella

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] getting unblocked at outlook?

[Michael Rathbun via mailop]

On Thu, 11 Jul 2024 16:42:55 -0400, Bill Cole via mailop 
wrote:

>As far as I've ever been able to tell, S3150 means "Our Pseudo-AI thinks 
>you stink!" and the way out is to find the link on that page for senders 
>with  problems, jump through the hoops, respond to any requests for 
>info, and eventually get a reply from "Hotmail Sender Support" using the 
>magic phrase "not eligible for mitigation."  This incantation does not 
>mean what it seems. It is actually a signal that you have reached the 
>point where you can get a solution (usually?) by replying with the magic 
>phrase "PLEASE ESCALATE THIS TO SOMEONE WHO CAN ACTUALLY ASSIST ME" 
>which may or may not need to be in all caps.

This essentially represents my understanding of the net effect of the systems
being build when I worked there.

>This may sound like I'm joking, but I am not. 

This is sound reverse-engineering.

>   No one has ever claimed 
>to have an explanation for why a S3150 blockage happens or what exactly 
>the 'mitigation' consists of.

Not that I have seen.  You might need a GUTS clearance to find out.

mdr
-- 
   Those who can make you believe absurdities 
   can make you commit atrocities.
-- Voltaire

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] safe-mail.net

[Mark Delany via mailop]

On 11Jul24, Cody Millard via mailop apparently wrote:
> What is "A RR" ?

Sounds like they're talking about DNS A RRs (Address records).

Circa 1986 the DNS community introduced the MX RR with a view to transitioning 
away from
how a mail client would look up an address RR directly for a target domain and 
connect to
that.

Nearly 1/2 a century later, it's still the case that most mail clients will 
look for
address RRs in the absence of an MX.

> > A RR for incoming messages. do you know why they design this? for better
> > anti-abuse control?

It could be just laziness.

As for anti-abuse benefits, I recently re-activated a 1/4 century old dormant 
domain to
see how much spam was still sent to it. It was quite a lot. But, I did note 
that when that
domain only advertised A/ RRs the volume was slightly lower, by about 
10-15%.

So avoiding MX RRs might provide some marginal anti-spam benefit, but I guess 
it's also
possible that more recent mail clients or mail client libraries may not fall 
back to
address RRs in the absence of an MX and thus such a domain might miss genuine
email.


Mark.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] safe-mail.net

[Jeff Pang via mailop]

On 2024-07-12 10:55, Cody Millard via mailop wrote:

What is "A RR" ?



A resource record.

--
Jeff Pang
jeffp...@aol.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] safe-mail.net

[Cody Millard via mailop]

What is "A RR" ?

On 7/11/2024 9:07 PM, Jeff Pang via mailop wrote:
As a old email provider, safe-mail.net has even no MX records, but 
using A RR for incoming messages. do you know why they design this? 
for better anti-abuse control?


Thanks.


--
Cody Millard
https://email.broker




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] safe-mail.net

[John Levine via mailop]

It appears that Jeff Pang via mailop  said:
>As a old email provider, safe-mail.net has even no MX records, but using 
>A RR for incoming messages. do you know why they design this? for better 
>anti-abuse control?

Most likely they stumbled around decades ago setting up the DNS, found that 
worked,
and haven't changed it.

The spec is quite clear that in the absence of an MX record, you
pretend there is a MX 0 pointing at the A record. It has no effect I
can think of on abuse management.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] safe-mail.net

[Jeff Pang via mailop]

As a old email provider, safe-mail.net has even no MX records, but using 
A RR for incoming messages. do you know why they design this? for better 
anti-abuse control?


Thanks.

--
Jeff Pang
jeffp...@aol.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination ... and Gmail

[Scott Q. via mailop]

Once a company reaches critical mass, they've been allowed to
think they can get away with the bare minimum, or, anything.

That's how MS got hacked and ... did nothing about it until Congress
stepped in and slapped them publicly.

Now, "security" is all that Satya Nadella is talking about at MS
apparently. Until then you needed to be an E5 subscriber to even view
access logs. 

I don't like government intervention but these big guys can be
national threats due to their size and the effects they can have over
everyone else..

Scott

On Thursday, 11/07/2024 at 18:40 Michael Peddemors via mailop wrote:



Yes, as we all know.. threat teams and spam filtering teams spend a
LOT 
of resources on those.. but when you see exactly the same samples year

after year, you have to question their motivation.. (right now 'their'

meaning specifically Gmail and o265)

And 'rejecting' the messages IS possible, but it's whack a mole, and 
telling the bad guys you know how to stop their messages (eg via a
5xx) 
means they simply adept.

Tried 4xx responses, thinking maybe they (gmail) look at the queues,
but 
as Brandon once said.. it's such a small drop in the bucket.. don't
know 
if they look at their queues unless a gmail paying customer
complains..)

And a few phishing actors that found they were being blocked, simply 
moved to using compromised/free gmail accounts.. And of course, the 
sources are always obfuscated.

Oh, and ..

Subject: 1st page Of Google

  .. always gets through ;0

Marketers with domains on Google (paying) always get their emails out,

users of Gsuite, Groups, and other Google tools, the emails get out.

The thing is, for most people, these are all in the Spam
folder.  Which 
makes you wonder, if the simplest of spamassassin default rules can 
catch it, how is it that the big guys can't? Especially with the 
resources they can put to it if they wanted..

I mean.. the nigerian spam leakage has been leaking from them for 20 
years.. some of those obvious ones, should trigger automatic
suspension 
of the accounts, right?

Millions of dollars in loses can be attributed to these types of
scams, 
and frankly Comsumer Protection agencies should be all over them.. you

can make up your own reasons why they aren't.

So, maybe you are right.. maybe the industry as a whole has to step up

and say enough is enough.. but again.. 'Too big to block'.  If
anyone 
blocked Gmail, they wouldn't be around very long.

Maybe the next step is to simply filter all gmail, to a Gmail folder, 
and let the users decide for themselves.

We have to give credit where credit is due, the RBL operators have
been 
fighting the good fight for a long time, but we can't expect that to
be 
the solution.

End of the week for me.. was planning on a "State of Union" email this

week, but since the large amount of Gmail spam was part of that
report, 
opted to respond to your email instead.


On 2024-07-11 14:21, Scott Q. via mailop wrote:
> What irks me is that Gmail's / MS365's IPs never seem to get
blacklisted 
> by Spamhaus for example. Spamcop actually had the courage to list 
> MS365's because they also send tons of spam and ironically enough, 
> everyone is upset at Spamcop because how dare they. Yeah, we should
just 
> let these guys get even bigger and spam even more people because
surely 
> then, they will care enough to stop the abuse.
> 
> I know it's not easy to handle hundreds of millions ( billions ) of 
> e-mail accounts but they should suffer the same consequences as
everyone 
> else if they can't keep abusers in check.
> 
> Just my 2 cents.
> 
> 
> On Thursday, 11/07/2024 at 16:54 John Levine via mailop wrote:
> 
> It appears that Scott Q. via mailop  > said:
>  >-=-=-=-=-=-
>  >-=-=-=-=-=-
>  >
>  >Surprisingly, most of the Spam that makes it through
these days is
>  >from Gmail. I'm not sure if they gave up completely on
fighting the
>  >spammers that sign-up but I'm always increasing the
score assigned to
>  >Gmail originating e-mails because of this.
>  >
>  >99% of them are SEO offers and whatnot, surely it can't
be that hard
>  >to block this type of outgoing message.
> 
> I also get a great deal of B2B spam from Google.  While I
am no
> happier about
> it than you are, I would not assume it's because they don't
care.
> 
> I get the spsm to the same ill chosen addresses* over and
over so I
> assume someone
> is selling spamming kits with a Gmail signup and a list of
> victims.  Would be nice
> to figure out who and where they are.
> 
> R's,
> John
> 
> * - I mean, business development spam to the head of an
anti-spam
> organization with a budget you need a magnifying glass to
see? Really?
> Yup.
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop
> 
> 
> 
> ___
> mailop m

Re: [mailop] Domains discrimination ... and Gmail

[Michael Peddemors via mailop]

Yes, as we all know.. threat teams and spam filtering teams spend a LOT 
of resources on those.. but when you see exactly the same samples year 
after year, you have to question their motivation.. (right now 'their' 
meaning specifically Gmail and o265)


And 'rejecting' the messages IS possible, but it's whack a mole, and 
telling the bad guys you know how to stop their messages (eg via a 5xx) 
means they simply adept.


Tried 4xx responses, thinking maybe they (gmail) look at the queues, but 
as Brandon once said.. it's such a small drop in the bucket.. don't know 
if they look at their queues unless a gmail paying customer complains..)


And a few phishing actors that found they were being blocked, simply 
moved to using compromised/free gmail accounts.. And of course, the 
sources are always obfuscated.


Oh, and ..

   Subject: 1st page Of Google

 .. always gets through ;0

Marketers with domains on Google (paying) always get their emails out, 
users of Gsuite, Groups, and other Google tools, the emails get out.


The thing is, for most people, these are all in the Spam folder.  Which 
makes you wonder, if the simplest of spamassassin default rules can 
catch it, how is it that the big guys can't? Especially with the 
resources they can put to it if they wanted..


I mean.. the nigerian spam leakage has been leaking from them for 20 
years.. some of those obvious ones, should trigger automatic suspension 
of the accounts, right?


Millions of dollars in loses can be attributed to these types of scams, 
and frankly Comsumer Protection agencies should be all over them.. you 
can make up your own reasons why they aren't.


So, maybe you are right.. maybe the industry as a whole has to step up 
and say enough is enough.. but again.. 'Too big to block'.  If anyone 
blocked Gmail, they wouldn't be around very long.


Maybe the next step is to simply filter all gmail, to a Gmail folder, 
and let the users decide for themselves.


We have to give credit where credit is due, the RBL operators have been 
fighting the good fight for a long time, but we can't expect that to be 
the solution.


End of the week for me.. was planning on a "State of Union" email this 
week, but since the large amount of Gmail spam was part of that report, 
opted to respond to your email instead.



On 2024-07-11 14:21, Scott Q. via mailop wrote:
What irks me is that Gmail's / MS365's IPs never seem to get blacklisted 
by Spamhaus for example. Spamcop actually had the courage to list 
MS365's because they also send tons of spam and ironically enough, 
everyone is upset at Spamcop because how dare they. Yeah, we should just 
let these guys get even bigger and spam even more people because surely 
then, they will care enough to stop the abuse.


I know it's not easy to handle hundreds of millions ( billions ) of 
e-mail accounts but they should suffer the same consequences as everyone 
else if they can't keep abusers in check.


Just my 2 cents.


On Thursday, 11/07/2024 at 16:54 John Levine via mailop wrote:

It appears that Scott Q. via mailop mailto:qm...@top-consulting.net>> said:
 >-=-=-=-=-=-
 >-=-=-=-=-=-
 >
 >Surprisingly, most of the Spam that makes it through these days is
 >from Gmail. I'm not sure if they gave up completely on fighting the
 >spammers that sign-up but I'm always increasing the score assigned to
 >Gmail originating e-mails because of this.
 >
 >99% of them are SEO offers and whatnot, surely it can't be that hard
 >to block this type of outgoing message.

I also get a great deal of B2B spam from Google.  While I am no
happier about
it than you are, I would not assume it's because they don't care.

I get the spsm to the same ill chosen addresses* over and over so I
assume someone
is selling spamming kits with a Gmail signup and a list of
victims.  Would be nice
to figure out who and where they are.

R's,
John

* - I mean, business development spam to the head of an anti-spam
organization with a budget you need a magnifying glass to see? Really?
Yup.
___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
ht

Re: [mailop] Domains discrimination

[Jeff Pang via mailop]

On 2024-07-12 04:31, Slavko via mailop wrote:
Dňa 11. júla 2024 19:20:23 UTC používateľ John Levine via mailop 
 napísal:

It appears that Ralph Seichter via mailop  said:

Personally, I don't factor the price of domains into the block/pass
decisions,


You should.  There is a very strong correlation between cheap and bad.


Of course, more cheap domain allow more often register new with the
same total price per the same timespan. That means, that more cheap
domains will be more often abused for bad actions.


can we setup a policy that new domains get low reputation? for example, 
domain names registered within six months have higher scores in spam 
control.


regards.

--
Jeff Pang
jeffp...@aol.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with handling backscatter

[Slavko via mailop]

Dňa 11. júla 2024 20:01:17 UTC používateľ Jesse Hathaway via mailop 
 napísal:

>1.  Why are the non-delivery notifications sent to
> rather than to ?

NDR have to be send to Return-Path of original message, thus it depends
what was in its MAIL FROM. IMO including foreign (google) IP range opens
big hole in SPF.

Do you see in bounces from what IP was original send?

>2.  Does the backscatter email show evidence of miss configuration on my
>side?

Backscatter is fault of NDR's sending MTA/MSA, which doesn't properly verifies
Return-Path or accepts mails and then fails to delivery it (instead of rejecting
at SMTP time). You didn't reveal sending host, but if it is not your host, it 
is not
your mistake. You are just victim.

>3.  What mitigations do folks recommend to drop these types of messages?

As i see, SPF nor DMARC is helping you, and they will not help, if remote
MTA doesn't reject on that base.

There are public RBLs which contains backscatter MTA, i don't use any,
thus i cannot comment their quality.

The BATV was inventend to solve that problem, you sign own Return-Path
and then check this signature in bounces and reject when bounce (NDR)
is send  to unsigned RCPT as bounce to message not send by you.. But it
was never standardised and is not always applicable (i use it).

If you decide to apply it, do it in two stages, first start to sign Return-Path
and then, after some days, start rejecting (to allow to receive bounces
for yet unsigned messages). You can temporary reject unsigned bounces
in between, but if you are under attack, it will do more harm than help.

Don't afraid to apply ratelimit for bounces by recipient address.

regards

-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Scott Q. via mailop]

What irks me is that Gmail's / MS365's IPs never seem to get
blacklisted by Spamhaus for example. Spamcop actually had the courage
to list MS365's because they also send tons of spam and ironically
enough, everyone is upset at Spamcop because how dare they. Yeah, we
should just let these guys get even bigger and spam even more people
because surely then, they will care enough to stop the abuse.

I know it's not easy to handle hundreds of millions ( billions ) of
e-mail accounts but they should suffer the same consequences as
everyone else if they can't keep abusers in check. 

Just my 2 cents.


On Thursday, 11/07/2024 at 16:54 John Levine via mailop wrote:



It appears that Scott Q. via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Surprisingly, most of the Spam that makes it through these days is
>from Gmail. I'm not sure if they gave up completely on fighting the
>spammers that sign-up but I'm always increasing the score assigned to
>Gmail originating e-mails because of this. 
>
>99% of them are SEO offers and whatnot, surely it can't be that hard
>to block this type of outgoing message.

I also get a great deal of B2B spam from Google.  While I am no
happier about
it than you are, I would not assume it's because they don't care.

I get the spsm to the same ill chosen addresses* over and over so I
assume someone
is selling spamming kits with a Gmail signup and a list of
victims.  Would be nice
to figure out who and where they are.

R's,
John

* - I mean, business development spam to the head of an anti-spam
organization with a budget you need a magnifying glass to see? Really?
Yup.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with handling backscatter

[Michael Peddemors via mailop]

There are SO many things wrong with this don't know even where to start..

Received: from shopify.com ([89.190.156.188])
Duplicate Return-Path
X-Original-Message-ID: 
<668ef133.170a0220.9c6db.ca0esmtpin_added_bro...@mx.google.com>


(google.com: domain abaimiddle.school.test-google-a.com configured 
89.190.156.188 as internal address)


But in the end, this appears to obviously be a Google problem..

But easy to see why you are confused. Typically, any service that 
generates backscatter would quickly find itself on a spam RBL. But when 
the 'Too Big to Block' do it.. it's frustrating.


But I don't know if this is technically traditional 'backscatter' issue.

IF it is passed off to Google to handle the email delivery, and SBC 
correctly rejects it during the SMTP phase with a user does not exist, 
this is more like internal Google blowback. (Still as it isn't returning 
it to the original sender, it is backscatter)  We have seen other cases 
of backscatter from them.


Can you add a little more details to be sure? Are you using Google 
services at all?


wikimedia.org descriptive text "v=spf1 include:_cidrs.wikimedia.org 
include:_spf.google.com ip4:74.121.51.111 ~all"




On 2024-07-11 13:01, Jesse Hathaway via mailop wrote:

We received a thousand or so of the attached backscatter emails this
morning, each one to a different recipient, but with the same
return-path, . I don't have much experience dealing
with backscatter, so I was hoping for some guidance from this list.

Questions:

1.  Why are the non-delivery notifications sent to
  rather than to ?
2.  Does the backscatter email show evidence of miss configuration on my
 side? I don't believe so, but we did recently stand up some new
 postfix servers, whereas our existing servers run exim.
3.  What mitigations do folks recommend to drop these types of messages?

Thanks, Jesse


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[John Levine via mailop]

It appears that Scott Q. via mailop  said:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>Surprisingly, most of the Spam that makes it through these days is
>from Gmail. I'm not sure if they gave up completely on fighting the
>spammers that sign-up but I'm always increasing the score assigned to
>Gmail originating e-mails because of this. 
>
>99% of them are SEO offers and whatnot, surely it can't be that hard
>to block this type of outgoing message.

I also get a great deal of B2B spam from Google.  While I am no happier about
it than you are, I would not assume it's because they don't care.

I get the spsm to the same ill chosen addresses* over and over so I assume 
someone
is selling spamming kits with a Gmail signup and a list of victims.  Would be 
nice
to figure out who and where they are.

R's,
John

* - I mean, business development spam to the head of an anti-spam
organization with a budget you need a magnifying glass to see? Really?
Yup.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] getting unblocked at outlook?

[Bill Cole via mailop]

On 2024-07-11 at 15:52:53 UTC-0400 (Thu, 11 Jul 2024 15:52:53 -0400)
Michael W. Lucas via mailop 
is rumored to have said:


Just started getting these today. Looks like one of my colo neighbors
behaved badly. No useful info at the suggested link, no contact
given. Any suggestions on how to get my address unblocked?


host
outlook-com.olc.protection.outlook.com[52.101.68.28] said: 550 
5.7.1
Unfortunately, messages from [23.139.82.3] weren't sent. Please 
contact
your Internet service provider since part of their network is on 
our block

list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[DU2PEPF00028D10.eurprd03.prod.outlook.com 
2024-07-11T16:43:51.745Z

08DC9DEBD6582F32] (in reply to MAIL FROM command)



As far as I've ever been able to tell, S3150 means "Our Pseudo-AI thinks 
you stink!" and the way out is to find the link on that page for senders 
with  problems, jump through the hoops, respond to any requests for 
info, and eventually get a reply from "Hotmail Sender Support" using the 
magic phrase "not eligible for mitigation."  This incantation does not 
mean what it seems. It is actually a signal that you have reached the 
point where you can get a solution (usually?) by replying with the magic 
phrase "PLEASE ESCALATE THIS TO SOMEONE WHO CAN ACTUALLY ASSIST ME" 
which may or may not need to be in all caps.


At this point, you may need to wait up to a day for a response. It 
probably is advantageous if you have an existing SNDS & JMRP account and 
if in getting to that point you've provided a true AND plausible story 
of what sort of mail you send and its volume. If your pleas convince the 
MS Gnomes of your virtue, you will be "mitigated."


This may sound like I'm joking, but I am not. Even when working both 
ends of the sender/receiver relationship (as we manage customers' MS365 
environments as well as running mail systems for customers) the reasons 
for blockage, failure to get results at the first level, and ultimate 
success are opaque. They may as well be magic. I have had success with 
this multiple times over he past few years, but many others here and in 
other fora seem not to have been as fortunate. No one has ever claimed 
to have an explanation for why a S3150 blockage happens or what exactly 
the 'mitigation' consists of.




--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Slavko via mailop]

Dňa 11. júla 2024 19:20:23 UTC používateľ John Levine via mailop 
 napísal:
>It appears that Ralph Seichter via mailop  said:
>>Personally, I don't factor the price of domains into the block/pass
>>decisions, 
>
>You should.  There is a very strong correlation between cheap and bad.

Of course, more cheap domain allow more often register new with the
same total price per the same timespan. That means, that more cheap
domains will be more often abused for bad actions. But how useful that
correlation is? Does it mean that all cheap domains are bad? No, that
just means, that bad actors are not willing to spent more money than
needed. Or do you believe, that 1000 € per domain will solve SPAM? I
doubt.

The statistic is two side sworm, one is its precise calculation, and second
is its proper interpretation. Yoý mentioned correlation between cheap
and bad, but i will guess that this correlation is between bad and cheap
(no, correlation is not commutative)...

regards


-- 
Slavko
https://www.slavino.sk/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Help with handling backscatter

[Mark Alley via mailop]

On 7/11/2024 3:01 PM, Jesse Hathaway via mailop wrote:

We received a thousand or so of the attached backscatter emails this
morning, each one to a different recipient, but with the same
return-path,. I don't have much experience dealing
with backscatter, so I was hoping for some guidance from this list.

Questions:

1.  Why are the non-delivery notifications sent to
   rather than to?
2.  Does the backscatter email show evidence of miss configuration on my
 side? I don't believe so, but we did recently stand up some new
 postfix servers, whereas our existing servers run exim.
3.  What mitigations do folks recommend to drop these types of messages?

Thanks, Jesse


Is BATV an option for you?

- Mark Alley
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] getting unblocked at outlook?

[Archange via mailop]

Just started getting these today. Looks like one of my colo neighbors
behaved badly. No useful info at the suggested link, no contact
given. Any suggestions on how to get my address unblocked?


host
 outlook-com.olc.protection.outlook.com[52.101.68.28] said: 550 5.7.1
 Unfortunately, messages from [23.139.82.3] weren't sent. Please contact
 your Internet service provider since part of their network is on our block
 list (S3150). You can also refer your provider to
 http://mail.live.com/mail/troubleshooting.aspx#errors.
 [DU2PEPF00028D10.eurprd03.prod.outlook.com 2024-07-11T16:43:51.745Z
 08DC9DEBD6582F32] (in reply to MAIL FROM command)


This is the standard Microsoft thing. You need to go through 
http://go.microsoft.com/fwlink/?LinkID=614866, which now requires a 
Microsoft account. This link is available in the page at the address in 
the error message.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] getting unblocked at outlook?

[Scott Q. via mailop]

https://sendersupport.olc.protection.outlook.com/snds/
  

On Thursday, 11/07/2024 at 15:52 Michael W. Lucas via mailop wrote:



Just started getting these today. Looks like one of my colo neighbors
behaved badly. No useful info at the suggested link, no contact
given. Any suggestions on how to get my address unblocked?


host
outlook-com.olc.protection.outlook.com[52.101.68.28] said: 550
5.7.1
Unfortunately, messages from [23.139.82.3] weren't sent.
Please contact
your Internet service provider since part of their network is
on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[DU2PEPF00028D10.eurprd03.prod.outlook.com
2024-07-11T16:43:51.745Z
08DC9DEBD6582F32] (in reply to MAIL FROM command)

Thanks,
==ml

-- 
Michael W. Lucashttps://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc...
### New books: DNSSEC Mastery, Letters to ed(1), Prohibition Orcs ###
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Scott Q. via mailop]

Surprisingly, most of the Spam that makes it through these days is
from Gmail. I'm not sure if they gave up completely on fighting the
spammers that sign-up but I'm always increasing the score assigned to
Gmail originating e-mails because of this. 

99% of them are SEO offers and whatnot, surely it can't be that hard
to block this type of outgoing message.

Scott

On Thursday, 11/07/2024 at 15:48 Hans-Martin Mosner via mailop wrote:




Am 11.07.24 um 21:20 schrieb John Levine via mailop:
 

 

It appears that Ralph Seichter via mailop [1] said:  

 Personally, I don't factor the price of domains into the block/pass
decisions,  

 You should. There is a very strong correlation between cheap and bad.
 

 And there are very rational reasons for that:



* Keeping the spam volume from your customers low requires an active
abuse desk team which costs money.
* A truly effective handling of spamming customers includes
terminating their contracts if necessary, which cuts revenues.
* To be able to recognize bad apples early, you need to have some
sort of KYC policy, which on one hand costs money to implement, on the
other hand might deter not only the crooks who want to avoid being
traceable, but also ordinary customers with a desire for privacy.
Of course, there are counterexamples, providers which aren't cheap but
whose customers still emit a nasty amount of spam (maybe providing
bulletproof "pink contracts" to their bad customers), and
organizations run on volunteer and cooperative work which provide free
or cheap services to a restricted audience.



Overall, the association of a domain name or IP address with the
organizations providing them isn't unreasonable.



Cheers,
Hans-Martin






Links:
--
[1] mailto:ra...@ml.seichter.de
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Help with handling backscatter

[Jesse Hathaway via mailop]

We received a thousand or so of the attached backscatter emails this
morning, each one to a different recipient, but with the same
return-path, . I don't have much experience dealing
with backscatter, so I was hoping for some guidance from this list.

Questions:

1.  Why are the non-delivery notifications sent to
 rather than to ?
2.  Does the backscatter email show evidence of miss configuration on my
side? I don't believe so, but we did recently stand up some new
postfix servers, whereas our existing servers run exim.
3.  What mitigations do folks recommend to drop these types of messages?

Thanks, Jesse
--- Begin Message ---

** Address not found **

Your message wasn't delivered to ebuergler@sbcglobal​.net because the address 
couldn't be found, or is unable to receive mail.



The response from the remote server was:
550 5.2.1 ... Addressee unknown, relay=[108.177.16.9]
Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; wiki@wikimedia.org
Arrival-Date: Wed, 10 Jul 2024 13:38:11 -0700 (PDT)
X-Original-Message-ID: <668ef133.170a0220.9c6db.ca0eSMTPIN_ADDED_BROKEN@mx.google.com>

Final-Recipient: rfc822; ebuergler@sbcglobal.net
Action: failed
Status: 5.2.1
Remote-MTA: dns; ff-ip4-mx-vip2.prodigy.net. (144.160.159.22, the server for
 the domain sbcglobal.net.)
Diagnostic-Code: smtp; 550 5.2.1 ... Addressee unknown, relay=[108.177.16.9]
Last-Attempt-Date: Thu, 11 Jul 2024 08:46:42 -0700 (PDT)
--- Begin Message ---
Hi KOSUDL,

Thanks for adding an email to your Wikipedia account, registered from IP 
address 41.140.152.187.

Please click on the link below to confirm this as the email address you'd like 
to link to your account "KOSUDL":

https://en.wikipedia.org/wiki/Special:ConfirmEmail/37dc24cda5d650e817bfa8217414481c

Note: this confirmation code expires at 20:15, 17 July 2024.

Thanks,

Wikipedia



To cancel the email address confirmation (because you did not register the 
account or for any other reason), click on this cancellation link:

https://en.wikipedia.org/wiki/Special:InvalidateEmail/37dc24cda5d650e817bfa8217414481c--- End Message ---
--- End Message ---
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] getting unblocked at outlook?

[Michael W. Lucas via mailop]

Just started getting these today. Looks like one of my colo neighbors
behaved badly. No useful info at the suggested link, no contact
given. Any suggestions on how to get my address unblocked?


host
outlook-com.olc.protection.outlook.com[52.101.68.28] said: 550 5.7.1
Unfortunately, messages from [23.139.82.3] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[DU2PEPF00028D10.eurprd03.prod.outlook.com 2024-07-11T16:43:51.745Z
08DC9DEBD6582F32] (in reply to MAIL FROM command)

Thanks,
==ml

-- 
Michael W. Lucashttps://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
 Absolute FreeBSD, Butterfly Stomp Waltz, TLS Mastery, etc...
### New books: DNSSEC Mastery, Letters to ed(1), Prohibition Orcs ###
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Hans-Martin Mosner via mailop]

Am 11.07.24 um 21:20 schrieb John Levine via mailop:

It appears that Ralph Seichter via mailop  said:

Personally, I don't factor the price of domains into the block/pass
decisions,

You should.  There is a very strong correlation between cheap and bad.


And there are very rational reasons for that:

 * Keeping the spam volume from your customers low requires an active abuse 
desk team which costs money.
 * A truly effective handling of spamming customers includes terminating their 
contracts if necessary, which cuts revenues.
 * To be able to recognize bad apples early, you need to have some sort of KYC 
policy, which on one hand costs money to
   implement, on the other hand might deter not only the crooks who want to 
avoid being traceable, but also ordinary
   customers with a desire for privacy.

Of course, there are counterexamples, providers which aren't cheap but whose customers still emit a nasty amount of spam 
(maybe providing bulletproof "pink contracts" to their bad customers), and organizations run on volunteer and 
cooperative work which provide free or cheap services to a restricted audience.


Overall, the association of a domain name or IP address with the organizations 
providing them isn't unreasonable.

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[John Levine via mailop]

It appears that Ralph Seichter via mailop  said:
>Personally, I don't factor the price of domains into the block/pass
>decisions, 

You should.  There is a very strong correlation between cheap and bad.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Cloud hosts for responsible mail servers?

[John Levine via mailop]

It appears that Jeff Pang via mailop  said:
>This is what claude-3.5-sonnet answered for att email domains.

For reasons already explained, Don't Do That.

I tried the more reliable approach of looking for domains
on the ns1.attdns.com name server:

attdns.net. 172800  in  ns  ns1.attdns.com.
attsportsnet.net.   172800  in  ns  ns1.attdns.com.
bellsouth.net.  172800  in  ns  ns1.attdns.com.
cingular.net.   172800  in  ns  ns1.attdns.com.
directv.net.172800  in  ns  ns1.attdns.com.
flash.net.  172800  in  ns  ns1.attdns.com.
lsserv.net. 172800  in  ns  ns1.attdns.com.
mobilephone.net.172800  in  ns  ns1.attdns.com.
nvbell.net. 172800  in  ns  ns1.attdns.com.
sbis.net.   172800  in  ns  ns1.attdns.com.
wans.net.   172800  in  ns  ns1.attdns.com.

webhosting.org. 3600in  ns  ns1.attdns.com.

acswireless.com.172800  in  ns  ns1.attdns.com.
ameritech.com.  172800  in  ns  ns1.attdns.com.
appshop.com.172800  in  ns  ns1.attdns.com.
att-online-info.com.172800  in  ns  ns1.attdns.com.
att-promotions.com. 172800  in  ns  ns1.attdns.com.
attagententry.com.  172800  in  ns  ns1.attdns.com.
attbelieves.com.172800  in  ns  ns1.attdns.com.
attbusiness.com.172800  in  ns  ns1.attdns.com.
attccc.com. 172800  in  ns  ns1.attdns.com.
attcompute.com. 172800  in  ns  ns1.attdns.com.
attconnects.com.172800  in  ns  ns1.attdns.com.
attdns.com. 172800  in  ns  ns1.attdns.com.
attdreaminblack.com.172800  in  ns  ns1.attdns.com.
attemea.com.172800  in  ns  ns1.attdns.com.
attexperts.com. 172800  in  ns  ns1.attdns.com.
attjbr01.com.   172800  in  ns  ns1.attdns.com.
attnetclient.com.   172800  in  ns  ns1.attdns.com.
attpolicyforum.com. 172800  in  ns  ns1.attdns.com.
attproxy.com.   172800  in  ns  ns1.attdns.com.
attpublicpolicy.com.172800  in  ns  ns1.attdns.com.
attpurchasing.com.  172800  in  ns  ns1.attdns.com.
attsportsnet.com.   172800  in  ns  ns1.attdns.com.
atttest.com.172800  in  ns  ns1.attdns.com.
attuc.com.  172800  in  ns  ns1.attdns.com.
attwirelessonline.com.  172800  in  ns  ns1.attdns.com.
attws.com.  172800  in  ns  ns1.attdns.com.
bellsouthonline.com.172800  in  ns  ns1.attdns.com.
bellsouthsurplus.com.   172800  in  ns  ns1.attdns.com.
buydirecttv.com.172800  in  ns  ns1.attdns.com.
carrieriq.com.  172800  in  ns  ns1.attdns.com.
cingularrefill.com. 172800  in  ns  ns1.attdns.com.
cingularwireless.com.   172800  in  ns  ns1.attdns.com.
directtv.com.   172800  in  ns  ns1.attdns.com.
directtvcabledeals.com. 172800  in  ns  ns1.attdns.com.
directv-email.com.  172800  in  ns  ns1.attdns.com.
directv-mail.com.   172800  in  ns  ns1.attdns.com.
directv.com.172800  in  ns  ns1.attdns.com.
directvadsales.com. 172800  in  ns  ns1.attdns.com.
directvbundles.com. 172800  in  ns  ns1.attdns.com.
directvdealer.com.  172800  in  ns  ns1.attdns.com.
directvdealsnow.com.172800  in  ns  ns1.attdns.com.
directvdev.com. 172800  in  ns  ns1.attdns.com.
directvlistens.com. 172800  in  ns  ns1.attdns.com.
directvmonitoring.com.  172800  in  ns  ns1.attdns.com.
dtvhs.com.  172800  in  ns  ns1.attdns.com.
enhancedptt.com.172800  in  ns  ns1.attdns.com.
fastaccess.com. 172800  in  ns  ns1.attdns.com.
fastaccessdsl.com.  172800  in  ns  ns1.attdns.com.
getdirecttv.com.172800  in  ns  ns1.attdns.com.
getdirectv.com. 172800  in  ns  ns1.attdns.com.
myprepaidrefill.com.172800  in  ns  ns1.attdns.com.
pacbell.com.172800  in  ns  ns1.attdns.com.
pbinet.com. 172800  in  ns  ns1.attdns.com.
prepaidserviceguide.com.172800  in  ns  ns1.attdns.com.
sbctest.com.172800  in  ns  ns1.attdns.com.
snet.com.   172800  in  ns  ns1.attdns.com.
tfoundry.com.   172800  in  ns  ns1.attdns.com.
unefon.com. 172800  in  ns  ns1.attdns.com.
watchityourway.com. 172800  in  ns  ns1.attdns.com.
webhosting.com. 172800  in  ns  ns1.attdns.com.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Bill Cole via mailop]

On 2024-07-10 at 14:44:50 UTC-0400 (Thu, 11 Jul 2024 02:44:50 +0800)
Jeff Pang via mailop 
is rumored to have said:


Hi

Is there domain name discrimination in the email industry?


Absolutely. Domain names carry reputations. They make it easier to 
discriminate between spam and ham. "Discrimination" is not a bad thing 
per se.


For example, com, net, and org are considered to have higher 
reputations, while info, xyz, and top are considered to have lower 
ratings. The latter do attract a lot of spam because they are cheaper 
in the first year. Will this lower the ratings of these domain names?


As many others have answered: of course.

There are often solid legitimate reasons for reputation. The stat that 
matters is not how much of all spam comes from domains in a TLD, but 
rather how much of the mail from those domains is spam. In SpamAssassin 
we have 2 distinct TLD lists used for sender domains and for URIs in 
mail. Those lists are based on what mail is seen by the systems that 
share their masscheck results with us. If a TLD shows up in a 
significant quantity of "ham" we will remove it from those lists.


The complaints I have seen about that from innocent parties who chose 
their domains poorly usually focus on how their obscure little TLD 
doesn't appear on the list of TLDs sourcing a lot of spam. That's an 
irrelevancy, as no system is receiving all spam.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Brandon Long via mailop]

On Thu, Jul 11, 2024, 3:41 AM Jaroslaw Rafa via mailop 
wrote:

> verification of each domain they want to
> register.
>
> The .eu.org free domains have been there since many years and from what I
> know, are rarely abused. But I guess some people immediately stop thinking
> when they hear about "free domains"...
>


Describe an automated system which uses real time data to make decisions,
be told that it totally is not possible for there to be abuse, spend some
time looking into it and find clear abuse and give a possible reason, watch
it be completely ignored and doubled down on.

I mean, automated systems aren't perfect, they have bugs, there are always
choices on coefficients and thresholds, and trade offs to be made.  And
manual edits can be made, but that way lies madness over the long term,
many of which are traps laid long ago and eventually discovered and
exploited.

Definitely a benefit of smaller systems that have fewer escalations and
outbreaks and smaller impact, at least on the receiving end.  The impact of
being abused can take a very long time to forever to be resolved because of
those manual edits.

I'm glad the system has evolved and you are having fewer issues.

Brandon

>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Faisal Misle via mailop]

Wow... a lot of brands abandoning their branded TLDs. I guess they 
realized it may be niche and with potential for confusion and not worth 
the upkeep expense.


On 7/11/24 7:01 PM, John Levine via mailop wrote:

It appears that Viktor Dukhovni via mailop  said:

On Wed, Jul 10, 2024 at 04:51:05PM -0400, John Levine via mailop wrote:


I agree that overall, the new TLD program has been a failure and makes
a mockery of ICANN's claim to operate as a public charity in the
interests of the public.

Strong words indeed...  The bubble does appear to have burst however,
and gradually mostly "brand" TLDs are realising that they've wasted
their money and are not renewing.  From 2020-01 there have been 78
departures (most recent first): ...

So far 134 vanity TLDs have handed the keys back to ICANN. They went
through the entire expensive process to apply, got approved, set up
servers and signing and such, and got the TLD added to the root, then
decided, naahh. I figure that's about a million dollars of destroyed
value per domain:

https://www.icann.org/resources/pages/gtld-registry-agreement-termination-2015-10-09-en

There are 326 more domains that have 5 or less names, which I assume
are not in use and not likely to be any time soon. A few seem to have
been tried for experiments and abandonded, e.g.
https://paranoids.yahoo and https://mail.yahoo redirect to real Yahoo
web sites. The paranoids server has the wrong SSL cert which suggests
they've forgotten about it.

Perhaps related, the number of domains in .COM has been shrinking for
the past year and a half, which means the total number of registered
domains is shrinking since none of the few that are still growing
(.org, oddly) are big enough to matter. ICANN is predictably freaking
out.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[John Levine via mailop]

It appears that Viktor Dukhovni via mailop  said:
>On Wed, Jul 10, 2024 at 04:51:05PM -0400, John Levine via mailop wrote:
>
>> I agree that overall, the new TLD program has been a failure and makes
>> a mockery of ICANN's claim to operate as a public charity in the
>> interests of the public.
>
>Strong words indeed...  The bubble does appear to have burst however,
>and gradually mostly "brand" TLDs are realising that they've wasted
>their money and are not renewing.  From 2020-01 there have been 78
>departures (most recent first): ...

So far 134 vanity TLDs have handed the keys back to ICANN. They went
through the entire expensive process to apply, got approved, set up
servers and signing and such, and got the TLD added to the root, then
decided, naahh. I figure that's about a million dollars of destroyed
value per domain:

https://www.icann.org/resources/pages/gtld-registry-agreement-termination-2015-10-09-en

There are 326 more domains that have 5 or less names, which I assume
are not in use and not likely to be any time soon. A few seem to have
been tried for experiments and abandonded, e.g.
https://paranoids.yahoo and https://mail.yahoo redirect to real Yahoo
web sites. The paranoids server has the wrong SSL cert which suggests
they've forgotten about it.

Perhaps related, the number of domains in .COM has been shrinking for
the past year and a half, which means the total number of registered
domains is shrinking since none of the few that are still growing
(.org, oddly) are big enough to matter. ICANN is predictably freaking
out.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] B1gmail experience

[Jeff Pang via mailop]

Hello

As a mailop I would like to test every kind of mail system. I know some 
old providers are using b1gmail system. B1gmail now has OSS version as 
the following link. Does anyone have experience on running/using b1gmail 
software? I’d like to know your thoughts on it.


https://github.com/b1gMail-OSS/b1gMail

Thanks

--
Jeff Pang
jeffp...@aol.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Bill Cole via mailop]

On 2024-07-10 at 15:10:45 UTC-0400 (Thu, 11 Jul 2024 03:10:45 +0800)
Jeff Pang via mailop 
is rumored to have said:


On 2024-07-11 02:58, Michael Rathbun via mailop wrote:
On Thu, 11 Jul 2024 02:44:50 +0800, Jeff Pang via mailop 


wrote:

Is there domain name discrimination in the email industry? For 
example,
com, net, and org are considered to have higher reputations, while 
info,
xyz, and top are considered to have lower ratings. The latter do 
attract

a lot of spam because they are cheaper in the first year. Will this
lower the ratings of these domain names?


Sometimes, if you happen to note that 97.6% of ".xyz" traffic is 
spam,


Where can I see this statistics or similar reports? Thank you.


Run a mail system and generate your own.

No two sites see the same mail. Below the scale of the top hundred or so 
mailbox providers, there's no "representative" sample. The skews of each 
site's user populations results in the nature of their spam and ham 
being unique.





--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] [ADMIN] Re: Cloud hosts for responsible mail servers?

[Graeme Fowler via mailop]

Following on from Bill’s comment I would strongly advise the following:

* If someone asks a question on the list and you do not know the answer, DO NOT 
turn to *any* generative AI instance, ask the question, and post the output as 
an answer - attributed or otherwise.

On another forum in which I have an interest we’ve already seen LLMs spit out 
regurgitated material from forum posts (which were not correct) as answers to 
prompts, which members have then posted as answers. They were wrong in the 
first place, and the more they get crunched up by the LLMs which are harvesting 
the entire content of the web, the more wrong they become.

Mailop has a pretty long history of subject matter experts being just that - 
experts, offering their time and knowledge to improve mail interoperability. 
Please let’s keep it that way and not pollute it with the hallucinations of 
expensive energy-hungry silicon!

Graeme (wearing list admin hat)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Bill Cole via mailop]

On 2024-07-10 at 15:11:01 UTC-0400 (Wed, 10 Jul 2024 12:11:01 -0700)
Mark E Jeftovic via mailop 
is rumored to have said:


legit crypto


There's some sort of typo there but I'm not sure what you could possibly 
have meant by this phrase...



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Cloud hosts for responsible mail servers?

[Bill Cole via mailop]

On 2024-07-10 at 18:12:20 UTC-0400 (Thu, 11 Jul 2024 06:12:20 +0800)
Jeff Pang via mailop 
is rumored to have said:


This is what claude-3.5-sonnet answered for att email domains.


It is a grossly unwise choice to look to ANY LLM for factual answers and 
it is actively misleading to present what they say as an answer to any 
question.



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com 
addresses)

Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Ralph Seichter via mailop]

* Jaroslaw Rafa via mailop:

> The .eu.org free domains have been there since many years and from
> what I know, are rarely abused. But I guess some people immediately
> stop thinking when they hear about "free domains"...

Personally, I don't factor the price of domains into the block/pass
decisions, or I would not be suspicious of .auto . Spammers can afford
to use costly domains (how often they actually do is debatable).

-Ralph
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Jeff Pang via mailop]

On 2024-07-11 18:38, Jaroslaw Rafa via mailop wrote:



The .eu.org free domains have been there since many years and from what 
I
know, are rarely abused. But I guess some people immediately stop 
thinking

when they hear about "free domains"...


maybe you could get a rafaeu.org instead. org domain seems to have high 
reputation on sending email. :)


--
Jeff Pang
jeffp...@aol.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Domains discrimination

[Jaroslaw Rafa via mailop]

Dnia 10.07.2024 o godz. 21:24:23 Ralph Seichter via mailop pisze:
> 
> If sombody tries to send mail from something.xxx or otherthing.auto, for
> example, they should expect having to work hard for their mail getting
> accepted. I reject this type of domain until by means of directing

I don't know much about .xxx or .auto, but just recently I interacted with a
totally legitimate business operating from .online domain. If I used an
email provider who blocks "strange" domains, and not my own server, I
wouldn't be able to do a transaction with them.

BTW, the "TLD" that I use, .eu.org, also seems to be somewhat discriminated
(I wrote here many times about my mails being constantly put to Spam folder
by Google - since some time the issue disappeared, for similarly unknown
reason as it appeared in the first place), and the only explanation I heard
(on this list as well) for discriminating this domain was that registration
in .eu.org is free.

People don't understand that money isn't the single factor that decides if
the TLD is attractive to spammers or not. Yes, domains in .eu.org are free,
but it's not easy to get them. You have to first set up your own DNS servers
for the domain you want to register (you won't pass the registration without
two functional DNS servers serving the domain), and then you have to WAIT.
It can even take two, three weeks before your domain is actually registered. 
This isn't attractive for a spammer. The spammers want their domains
registered FAST, and this is no less important factor than the price alone. 
They don't want weeks-long manual verification of each domain they want to
register.

The .eu.org free domains have been there since many years and from what I
know, are rarely abused. But I guess some people immediately stop thinking
when they hear about "free domains"...
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Namecheap on this list to stop a cat and mouse playing scamer?

[Slavko via mailop]

Ahoj,

Dňa Thu, 11 Jul 2024 08:37:05 +0200 Benoît Panizzon via mailop
 napísal:

> The sender domain usually just got registered before the emails are
> sent and is being deleted shortly after.

did you try to identify new domains with zrd.dq.spamhaus.net,
fresh.fmb.la or fresh*.spameatingmonkey.net ? 

I use first two in rspamd and both seems to be pretty good in their job
(while not perfect, of course). I noticed only one false positive, it
was 2-3 years ago from fmb.la -- they mark facebook.com as new :-D

The Spamhaus ZRD is really good in "today" registered, while FMB.la is
good in registered "few days ago".

regards

-- 
Slavko
https://www.slavino.sk


pgpfbRRkIwTXQ.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop