[mailop] FacebookMail Contact?
Hello Team, Is there any one from Facebook or got their contacts? The domain facebookmail.com is making a lot of SMTP connections to my MX servers and doing "SMTP RCPT TO" to many sorted and invalid accounts, whose requests are so many that it results in a DDOS-like attack. I appreciate a lot for any info you provide, thank you very much :) -Junping Chen Postmaster, Netease Inc.(NASDAQ: NTES)___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
Hi all, Today I got reply from SpamRats, they delisted our IP from blacklist. Recently part of people on this list suggest Netease changing our PTR to match "the best practise", some suggest SpamRats should change its rules, some suggest take no move or others. To make a easy world, we will choose the former, changing our PTR from "mNNN-NNN.domain" to "mail-NNN.domain". As the SpamRats testing page tells, the new PTR format does match "the best practise" and results in a PASS rather than a FAIL on SpamRats' page http://www.spamrats.com/lookup.php?ip=123.58.177.180 : Using Old PTR we got: Does IP Address comply with reverse hostname naming convention... Failed! Using New PTR we got: Does IP Address comply with reverse hostname naming convention... Passed! Thank you guys for all discusions and suggestions, -Junping Chen Netease Inc.((NASDAQ: NTES))___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
Correct, in fact the number "163" is the very first dial-up line phone number on 1990s in China, at that time the first thing/icon that Chinese cyber citizen knows and remembers is the number "163" - they dialed this number everytime before they start surfing the Internet. That's also why my employer woke up at mid-night 1997 from his bed and registered these domains 163.com and 163.net(163.net was then sold to the biggest local ISP ChinaNet who used the "163" for dial-up number the earliest), and many domains more afterwards, and start the first free email service business until now. AH!! We are digressing here.. Netease only use static IP for delivering emails and all has a rDNS, tho we know different receiver/RBL provider uses different rule to recognize whether a rDNS is dynamic or static, the rules how SpamRats using is not clear, we may figure it out by our continuing discussions. Or catch the notice of SpamRats. Thanks, -Junping At 2016-06-15 08:16:05, "Suresh Ramasubramanian" wrote: >Chinese has a lot of ideograms where Chinese characters can be expressed as a >numerical equivalent. All these (163, 126 and many others) names are based on >that concept. > >--srs > >> On 15-Jun-2016, at 5:09 AM, Noel Butler wrote: >> >> When I saw 126 the first thing that cokes to mind was the hacker crew from >> 20 odd years ago , the main opponents of phr0zen crew.. :) > >___ >mailop mailing list >mailop@mailop.org >https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
liuxi...@126.com is a hacked account and abused to send out spams, it's disabled yesterday after our system recognizes. Netease operates email service on several domains including 163.com,126.com,yeah.net,vip.163.com,vip.126.com,188.com,etc. We try all means to stop spam but as we all know it leaks sometimes. You can report spam by patching it and send to abuse@domain to help us learn, thank you :) -Junping At 2016-06-15 04:48:35, "Jim Popovitch" wrote: >On Tue, Jun 14, 2016 at 12:16 PM, Suresh Ramasubramanian > wrote: >> >> 163 is an email provider that I doubt provides dynamic IP space of any sort. >> And as Junping says, 700 million mailboxes. Well north of 30 million, like >> I said :) > >Where does 123.com fit into all this? http://paste.debian.net/plainh/4f41f8c4 > > >-Jim P. > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
Helpful thoughts Steve, many thanks again to you and to all :) Today Netease has 700+ million users and a lot of servers as well as IPs, you can see all IPs and ranges from the SPF record of domain 163.com, sothat we use the format "mxx-xx.domain" for reverse dns for balance. We keep reverse dns of our IPs to comply with standards and best practises, well, SpamRats doesn't elaborate the saying "best practise" on their page which'd create confusion. If I have no luck to receive SpamRats' reply then I will try changing the reverse dns of 123.58.177.172, for example: dig +short -x 123.58.177.172 m172-177.vip.163.com.<== present mail-wmsvr2.vip.163.com.<== new Regards, -Junping 在 2016-06-14 20:47:41,"Steve Freegard" 写道: On 14/06/16 13:16, "陈俊平 via mailop.org" wrote: Here're some reverse dns of big senders, they also use the format "x-x.xx.domain". $ dig +short -x 98.136.219.65 ng5-vm13.bullet.mail.gq1.yahoo.com. Doesn't contain any octets of the IP address $ dig +short -x 209.85.218.44 mail-oi0-f44.google.com. Has a single octet of the IP address but clearly shows mail- as the function. My own heuristics would allow this, can't speak for others. $ dig +short -x 17.171.37.67 mdn-txn-msbadger0502.apple.com. Again - no octets of the IP address appear within the name. Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
Here're some reverse dns of big senders, they also use the format "x-x.xx.domain". $ dig +short -x 98.136.219.65 ng5-vm13.bullet.mail.gq1.yahoo.com. $ dig +short -x 209.85.218.44 mail-oi0-f44.google.com. $ dig +short -x 17.171.37.67 mdn-txn-msbadger0502.apple.com. Things are strange that all these three reverse dns records do not result in error on SpamRats' page, you can see it at http://www.spamrats.com/lookup.php?ip=98.136.219.65 . PS. I badly wish to receive the official reply from SpamRats asap, haha :) PPS. I'm missing some posts forwarded from this list, hope it's just some delay... -Junping At 2016-06-14 19:43:22, "Suresh Ramasubramanian" wrote: >On 14-Jun-2016, at 5:04 PM, Noel Butler wrote: >> >> It's not just that, are you trying to tell us that your MX record is >> m172-177.vip.163.com ? >> I doubt it, if your domain is foo.com then use mail.foo.com and have > >On a single Linux vps maybe. Possible. > >On a system of non trivial size that evidently needs a load balancer vip .. >good luck. >___ >mailop mailing list >mailop@mailop.org >https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] why "not comply with best practices" on SpamRats?
Thanks guys, as Suresh mentioned, Netease has a large number of users and a lot of IP addresses, each one has been put a reverse DNS record and its reverse DNS has a A record pointing back to the same IP. As the one hitting SpamRats' RBL, its PTR and the A of the reverse DNS looks fine, right? $ dig +short -x 123.58.177.172 m172-177.vip.163.com.<-- The reverse DNS points to the FQDN of my SMTP server $ dig +short a m172-177.vip.163.com. 123.58.177.172 <-- The A record points back to the same IP Regards, -Junping At 2016-06-14 18:57:33, "Suresh Ramasubramanian" wrote: >MOn 14-Jun-2016, at 3:53 PM, Paul Smith wrote: >> >> Changing the reverse DNS to the 'real' forward DNS name of the mail server >> is the best idea. > >Excellent. Did you try to look that up? >___ >mailop mailing list >mailop@mailop.org >https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] why "not comply with best practices" on SpamRats?
Hello All, One of my IP address 123.58.177.172 got blacklisted on SpamRats' RBL, when tried removing it from the blacklist I got a rejection as below: >> Does IP Address comply with reverse hostname naming convention... Failed! >> RATS-Dyna - On the list. To be removed go here >> >> The IP address you have specified does not comply with best practices. >> Currently, the reverse DNS for this IP address is: m172-177.vip.163.com. For >> more information, please review the above "List Specifications" section, or >> this best practice documentation. This IP address is definitely a static one(rather than a dynamic IP) and it has a proper PTR record(not violating the RFC 1035) as: $ dig -x 123.58.177.172 172.177.58.123.in-addr.arpa. 86400 IN PTR m172-177.vip.163.com. So I am wondering why SpamRats says "not comply with best practices", while I've contacted their admin on Help page, are there any guys got such kind of warnings? I appreciate any info and discussion, thank you very much. Best Wishes, -Junping Chen Netease Inc.___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Help - Anyone know a GitHub People
The closing of connections are strange, it could be due to the GFW or some networking problem. We published some MX-proxy servers oversea for domains 163.com,126.com,yeah.net,vip.163.com,vip.126.com,188.com,etc, such as: $ dig +short 163mx01.mxmail.netease.com. 220.181.14.143 220.181.14.135 220.181.14.136 220.181.14.137 220.181.14.138 220.181.14.139 220.181.14.140 220.181.14.141 220.181.14.142 $ dig +short 163mx01.mxmail.netease.com. @8.8.8.8 43.230.90.5 $ The networking is better when senders are delivering from oversea to China mainland. For all postmasters, you'd try these proxy servers if you have delivering problems. But for the GitHub problem, we are seeing emails delivered normally into yeah.net/vip.163.com/vip.126.com/188.com and other sites. Only 163.com/126.com could miss their emails in a certain probability(yes not all of them), the logfiles tell that there're no inbound connections(or being closing unexpectedly before reaching our servers). More and more 163.com/126.com users are complaining about missing their GitHub emails. For now, we really need a GitHub postmaster/engineer to help. Anxiously, -Junping Chen At 2016-02-25 19:45:39, ml+mai...@esmtp.org wrote: >Maybe they run into something like this? > >220 126.com Anti-spam GT for Coremail System (126com[20140526]) >EHLO >Connection to 126mx02.mxmail.netease.com closed by foreign host. > >It takes a long time to get any reply... and then your sever >simply closes the connection. > > >And from a different system: > >220 126.com Anti-spam GT for Coremail System (126com[20140526]) >EHLO >250-mail >250-PIPELINING >250-AUTH LOGIN PLAIN >250-AUTH=LOGIN PLAIN >250-coremail >1Uxr2xKj7kG0xkI17xGrU7I0s8FY2U3Uj8Cz28x1U7Ic2I0Y2UFWs58gUCa0xDrj >250-STARTTLS >250-SIZE 73400320 >250 8BITMIME >mail from:<> >250 Mail OK >rcpt to: >Connection closed by foreign host. > >Hmm... > >___ >mailop mailing list >mailop@mailop.org >https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Help - Anyone know a GitHub People
Greetings team, For Github contact issue - Thank you Franck et al very much for all your helps, if you have a contact at GitHub, please help to introduce:) For Netease spamming issue - Netease are having nearly 700 million users now, users send out all kinds of emails, a majority of them are personal emails or normal emails sent by good users, while some(small amounts of) spams or unsolicited advertisements leaking out. To fight spams/UBEs/spammers, we, Netease anti-spam team, do put lots of effort to filter and block them, and are open to receive abuse reports, you may send leaking spams to RFC-2142 reporting mailboxes(such as ab...@163.com,ab...@126.com,ab...@corp.netease.com) or some other mailboxes published in our DNS Whois infos(such as nsad...@corp.netease.com), or our Customer Services pages(such as http://help.163.com). If you are blocking netease domains, your users may miss normal emails. If possible, please send me some spams/email records and remove our domains from your blockinglist. Our filters will learn to stop them. Thank you very much. Regards, -Junping Chen At 2016-02-26 04:59:34, "Geordie Guy" wrote: >Yeah I've just noticed this reply to the original. Blacklisting now too. > >Sent from my mobile. Please excuse any unusual brevity or typos while I'm on >the go. > >> On 25 Feb 2016, at 11:29 PM, Rich Kulawiec wrote: >> >>> On Thu, Feb 25, 2016 at 07:17:56PM +0800, ?? wrote: >>> I am a postmaster of Netease Inc.(NASDAQ: NTES), we are a professional >>> email service provider in China with domains 163.com, 126.com, yeah.net >>> and etc. >> >> I can't speak for GitHub, but I've had most of those domains blacklisted >> for over a decade because of (a) nonstop spam, phishing, and other forms >> of email abuse (b) failure to respond to abuse reports (c) failure to >> support RFC-2142 mandated role addresses. >> >> ---rsk >> >> ___ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > >___ >mailop mailing list >mailop@mailop.org >https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Help - Anyone know a GitHub People
Hi Geordie, Please send me some NDR message samples and we will look into it. To stop being forged, as we know, I‘d recommand again that you add SPF(with rejecting policy),DKIM or even DMARC. These DNS records would help our system to identify whether an email is forged or not. We discard forged emails without a NDR. Or we can discuss and figure out a solution, thoughts? With Best Regards, -Junping Chen At 2016-02-26 04:58:45, "Geordie Guy" wrote: If you're the postmaster for 163.com can you please look at your NDR policies? I get NDRs daily from people forging from on my domain to 163.com users that don't exist. Sent from my mobile. Please excuse any unusual brevity or typos while I'm on the go. On 25 Feb 2016, at 10:23 PM, 陈俊平 wrote: Hello team, I am a postmaster of Netease Inc.(NASDAQ: NTES), we are a professional email service provider in China with domains 163.com, 126.com, yeah.net and etc. Recently we seems to miss a lot of GitHub emails(such as GitHub Reigister Verify Emails), as our logfiles tell, Github dose not send out these emails. I'd tried posting a support request at page https://github.com/contact , sending emails to ab...@github.com,h...@github.com,supp...@github.com, and some other ways to reach out to GitHub team. Unluckily I get no reply so far. Now I turned to this list for help, please help to forward this message if you knew someone in GitHub. Thank you very very much! Best Wishes, -Junping Chen chenjunp...@corp.netease.com Netease Inc.(NASDAQ: NTES) ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Help - Anyone know a GitHub People
Hello team, I am a postmaster of Netease Inc.(NASDAQ: NTES), we are a professional email service provider in China with domains 163.com, 126.com, yeah.net and etc. Recently we seems to miss a lot of GitHub emails(such as GitHub Reigister Verify Emails), as our logfiles tell, Github dose not send out these emails. I'd tried posting a support request at page https://github.com/contact , sending emails to ab...@github.com,h...@github.com,supp...@github.com, and some other ways to reach out to GitHub team. Unluckily I get no reply so far. Now I turned to this list for help, please help to forward this message if you knew someone in GitHub. Thank you very very much! Best Wishes, -Junping Chen chenjunp...@corp.netease.com Netease Inc.(NASDAQ: NTES) ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop