Re: [mailop] DMARC forensic reports

2017-06-08 Thread Gil Bahat via mailop 
I believe Tim draegan from DMARCian would probably have all of them covered
in between his clients and so will Agari and Returnpath. They might be
willing to share.

On Jun 8, 2017 21:24, "Laura Atkins"  wrote:

Thank you to everyone who responded!


On Jun 8, 2017, at 10:33 AM, John Levine  wrote:

In article  you
write:

Is there a way to find out / determine who is sending DMARC forensic
reports?


Other than sending broken DMARC and seeing who reports back (as noted,
mailing lists are a good start) I'm not aware of any.


That’s what I thought, but wasn’t sure.

If people want, I can make a summary of the addresses that have sent
them to me and we can swap them around.  I have about 62000 reports.


Sounds like work. But if the list gets generated, I’ll take a copy :)

laura

-- 
Having an Email Crisis?  800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741

Email Delivery Blog: http://wordtothewise.com/blog







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from GoDaddy?

2017-05-09 Thread Gil Bahat via mailop 
Hi,

I am trying to report a phishing incident (someone spoofing docusign with a
cousin domain docusgn.com, malicious link also hosted on godaddy) and your
web interface fails to accept the report. please contact me off-list.

Regards,

Gil Bahat,
DevOps/Postmaster,
Magisto Ltd.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from proofpoint on the list?

2017-03-13 Thread Gil Bahat via mailop 
One of my clients experiences a mutual drop from proofpoint (both sending
to proofpoint and receiving from proofpoint to gapps). Please contact me
off-list.

Regards,

Gil Bahat
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Naver and Hanmail assistance?

2017-01-30 Thread Gil Bahat via mailop 
Unless you have physical presence in korea, KISA will not admit you. Even
if you do, there are apparently legal ramifications to sending spam in
korea which must be accounted for.

If that doesn't deter you, you can do the following:

1. Create the most encompassing yet still valid SPF record for your IP
space. publish that under DomainA.tld
2. Have another SPF record published for DomainB.tld
3. Admit DomainA.tld to KISA
4. When sending to korean recipients, send from the DomainA envelope. When
sending to non-korean recipients, send from the DomainB envelope.

as for daum, looking at mailop archives, here's my posting as of about 1.5
years ago:

"FWIW I managed to get a speedy reply by appealing to them directly at
http://cs.daum.net. you will need an @daum.net or @hanmail.net account,
they are free to register although a few hurdles need to be gotten past
(e.g. a korean captcha which I fulfilled using google virtual korean
keyboard). block has been removed in less than 24 hours after approaching
them this way.

Gil"


On Mon, Jan 30, 2017 at 9:07 PM, Zack Aab  wrote:

> I had good luck by subscribing to naver and opening a ticket. You may need
>> to pass a Korean captcha, which you can do by redrawing characters in any
>> draw-based input method
>
>
> Thanks for the response!
>
> I did submit a ticket with Naver, and the reply I got was essentially "get
> on KISA" which is something we're having separate issues with because of
> their SPF policy: to whitelist, KISA requires the SPF record to have no
> include statements and be un-CIDR'd, which makes our record invalid due to
> length.
> My ticket with Hanmail didn't get past the robot/form reply stage.
>
> Any input is appreciated!
>
>
> *Zack Aab | *Deliverability Strategist
> M: 706.870.1061
> *Inbox Pros | *678.214.3739
> 1995 North Park Place I Suite 200 | Atlanta, GA 30339
>
> [image: Reply monitoring image]
> 
> [image: Powered by Sigstr]
> 
>
> On Mon, Jan 30, 2017 at 11:32 AM, Gil Bahat  wrote:
>
>> I had good luck by subscribing to naver and opening a ticket. You may
>> need to pass a Korean captcha, which you can do by redrawing characters in
>> any draw-based input method
>>
>> On Jan 30, 2017 5:57 PM, "Zack Aab"  wrote:
>>
>>> Hi all,
>>>
>>> I'm working with a very high volume sender who sends to Korea and we're
>>> having a tough time with Hanmail and Naver.
>>> We've done all of the DNS work but are still having some trouble, so I
>>> was hoping somebody could help me with the latest requirements and/or
>>> contact information.
>>>
>>> Any info is greatly appreciated.
>>>
>>> Thanks!
>>>
>>> Zack Aab
>>>
>>> ___
>>> mailop mailing list
>>> mailop@mailop.org
>>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>>
>>>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Naver and Hanmail assistance?

2017-01-30 Thread Gil Bahat via mailop 
I had good luck by subscribing to naver and opening a ticket. You may need
to pass a Korean captcha, which you can do by redrawing characters in any
draw-based input method

On Jan 30, 2017 5:57 PM, "Zack Aab"  wrote:

> Hi all,
>
> I'm working with a very high volume sender who sends to Korea and we're
> having a tough time with Hanmail and Naver.
> We've done all of the DNS work but are still having some trouble, so I was
> hoping somebody could help me with the latest requirements and/or contact
> information.
>
> Any info is greatly appreciated.
>
> Thanks!
>
> Zack Aab
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Offtopic: How does an taiwanese IRT work / ppt.cc URL shortening

2017-01-29 Thread Gil Bahat via mailop 
I would email TWNIC and ask them whether they are aware what is the right
abuse contact for HINET. it's pretty obvious that a NIC cannot conduct
investigations in registered networks, but it is likely that they do have a
valid contact.
You're right that it's silly to advertise a pointless IRT record...

Gil

On Sun, Jan 29, 2017 at 10:58 AM, Benoit Panizzon 
wrote:

> Hi all
>
> My spamtraps are being hit by chinese spam advertizing the URL on the
> shortening service ppt.cc for several day now, with an incredible rate!
>
> Source is obviously a botnet as source IP's are spread around the globe.
>
> So it's time to look into the issue and send some personal email to the
> abuse desk of the operator of this shortening service and his hoster to
> find out what they do about it and how they could help stop the abuse.
>
> In the WOT comments, I also found that they didn't remove redirection
> to malicious sites that were reported nearly two years ago. One more
> reason to get in contact with them and see what they think about
> helping the internet community by stopping such abuse.
>
> The service is hosted by taiwan based ISP hinet.net
>
> So let's find the appropriate abuse contact.
>
> inetnum:125.224.0.0 - 125.231.255.255
> netname:HINET-NET
> descr:  Data Communication Business Group,
> descr:  Chunghwa Telecom Co.,Ltd.
> descr:  No.21, Sec.1, Xinyi Rd., Taipei City
> descr:  10048, Taiwan
> country:TW
> admin-c:HN27-AP
> tech-c: HN27-AP
> mnt-by: MAINT-TW-TWNIC
> mnt-irt:IRT-TWNIC-AP
>
> Good, they have published an IRT contact handle:
>
> irt:IRT-TWNIC-AP
> address:Taipei, Taiwan, 100
> e-mail: hostmas...@twnic.net.tw
> abuse-mailbox:  hostmas...@twnic.net.tw
> admin-c:TWA2-AP
> tech-c: TWA2-AP
> auth:   # Filtered
> remarks:Please note that TWNIC is not an ISP and is not
> empowered
> remarks:to investigate complaints of network abuse.
>
> What? Did I get that right? Their IRT Contact, responsible for abuse
> complaints has a comment that they do not investigate abuse complaints?
>
> No wonder abuse from their network never ceases...
>
> I suppose no-one else had any success with contacting them about any
> abuse case.
>
> Cheers!
>
> --
> -Benoît Panizzon-
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Engine(s) used to detect suspicious attachments?

2017-01-02 Thread Gil Bahat via mailop 
Hi,

Do providers document which engine(s) they're using to flag suspicious
attachments?
I am having a case where a client is forwarding attachments which are
deemed dangerous by the destination (in this particular case it's gmail but
it might as well be any other), but no engine on virustotal flags these as
suspect. I believe the repercussions for sending purported malware on
deliverability can be very bad, but I suspect that no inbound spam
filtering will prevent the problem.

thoughts/suggestions welcome.

Regards,

Gil Bahat,
Director of Online Operations,
Magisto Ltd.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamcannibal?

2016-12-09 Thread Gil Bahat via mailop 
That is correct. At least from my personal perspective, the solution was to
find out if any major destination was making decisions based on this list.

After engaging that sole meaningful provider, I'm happy to report they
dropped spamcannibal. So unless someone picked it up, you can likely safely
ignore any spamcannibal listing.

The list maintainer couldn't care less about my concerns and that's his
prerogative, just like it's mine to try and convince it's few remaining
users to drop it.

On Dec 9, 2016 6:13 PM, "Al Iverson"  wrote:

Every blacklist operator has done something that has pissed somebody off at
some point. I recognize their right to exist, and tend not to judge, even
if they don't run things they way I would. Life is more pleasant and
stress-free that way.

Because even though you might say "why would you ever use that piece of
crap" about any blacklist -- and you could even be correct some of the time
-- but somebody does use it somewhere, so it exists and one has to deal
with it sometimes.

Cheers,
Al


--
Al Iverson
www.aliverson.com
(312)725-0130 <(312)%20725-0130>

On Fri, Dec 9, 2016 at 10:44 AM, Gil Bahat via mailop 
wrote:

> +1 unreasonable for an indiscriminate block on all of Amazon SES. Why
> would anyone want to use such a BL is beyond me given that there are many,
> much better alternatives.
>
> On Dec 9, 2016 5:30 PM, "Vladimir Dubrovin via mailop" 
> wrote:
>
> 25.11.2016 22:50, Al Iverson пишет:
>
> Hi Otto,
>
> Long time no talk. Hope things are going well.
>
> The Spam Cannibal maintainer is a reasonable guy. He doesn't spread
> his contact info far and wide, perhaps because he doesn't want to
> argue with spammers. So, I would feel bad about sharing his details
> publicly. But I will forward your post to him and invite him to follow
> up with you. Hope that helps.
>
>
> I really doubt it. This reasonable guys blacklisted our (Mail.Ru) front
> servers due to same reason ('Generic PTR'). Yes, we have few hundreds of
> front servers, because we host >50% of mailboxes for russian-speaking users
> so we need to count our servers somehow. If you use Spamcannibal you will
> probably have deliverability problems.
>
>
>
> Best regards,
> Al Iverson
>
> --
> Al Iversonwww.aliverson.com(312)725-0130 <(312)%20725-0130>
>
>
> On Fri, Nov 25, 2016 at 8:14 AM, Otto J. Makela   
> wrote:
>
> Sending this to a couple of secret societies, apologies if you see this twice.
>
> Is there any point in trying to contact Spamcannibal?
>
> One of our clients (we're the Finnish NREN, so an university in Finland)
> was notified via Shadowserver that a swathe of their unused IP space is
> listed on Spamcannibal:
> https://www.shadowserver.org/wiki/pmwiki.php/Services/Blacklist
>
> Since the network in question has no assigned addresses, there are no DNS
> records for it. We suspect that the netblock was momentarily snatched from
> them via BGP (or some other routing trick) and then used to send spam.
> We'd really like to know more, like get spamples or at least time stamps.
>
> When I tried to get in touch with Spamcannibal about one IP address via
> their contact form, submitting the form resulted in the glib message:
>
> xxx.xxx.xxx.xxx not eligible for removal: GENERIC PTR
>
> So, anyone know if the form went through, does someone have a contact there,
> and is there any point in doing so?
>
> --
>/* * * Otto J. Makela   * * * * * * * * * */
>   /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
>  /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
> /* * * Computers Rule 0100 01001011 * * * * * * */
>
> ___
> mailop mailing 
> listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> ___
> mailop mailing 
> listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
> --
> Vladimir Dubrovin
> [image: @Mail.Ru]
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamcannibal?

2016-12-09 Thread Gil Bahat via mailop 
+1 unreasonable for an indiscriminate block on all of Amazon SES. Why would
anyone want to use such a BL is beyond me given that there are many, much
better alternatives.

On Dec 9, 2016 5:30 PM, "Vladimir Dubrovin via mailop" 
wrote:

25.11.2016 22:50, Al Iverson пишет:

Hi Otto,

Long time no talk. Hope things are going well.

The Spam Cannibal maintainer is a reasonable guy. He doesn't spread
his contact info far and wide, perhaps because he doesn't want to
argue with spammers. So, I would feel bad about sharing his details
publicly. But I will forward your post to him and invite him to follow
up with you. Hope that helps.


I really doubt it. This reasonable guys blacklisted our (Mail.Ru) front
servers due to same reason ('Generic PTR'). Yes, we have few hundreds of
front servers, because we host >50% of mailboxes for russian-speaking users
so we need to count our servers somehow. If you use Spamcannibal you will
probably have deliverability problems.





Best regards,
Al Iverson

--
Al Iversonwww.aliverson.com
(312)725-0130


On Fri, Nov 25, 2016 at 8:14 AM, Otto J. Makela   
wrote:

Sending this to a couple of secret societies, apologies if you see this twice.

Is there any point in trying to contact Spamcannibal?

One of our clients (we're the Finnish NREN, so an university in Finland)
was notified via Shadowserver that a swathe of their unused IP space is
listed on Spamcannibal:
https://www.shadowserver.org/wiki/pmwiki.php/Services/Blacklist

Since the network in question has no assigned addresses, there are no DNS
records for it. We suspect that the netblock was momentarily snatched from
them via BGP (or some other routing trick) and then used to send spam.
We'd really like to know more, like get spamples or at least time stamps.

When I tried to get in touch with Spamcannibal about one IP address via
their contact form, submitting the form resulted in the glib message:

xxx.xxx.xxx.xxx not eligible for removal: GENERIC PTR

So, anyone know if the form went through, does someone have a contact there,
and is there any point in doing so?

--
   /* * * Otto J. Makela   * * * * * * * * * */
  /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */
 /* Mail: Mechelininkatu 26 B 27,  FI-00100 Helsinki */
/* * * Computers Rule 0100 01001011 * * * * * * */

___
mailop mailing 
listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing 
listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
Vladimir Dubrovin
[image: @Mail.Ru]

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why "not comply with best practices" on SpamRats?

2016-06-15 Thread Gil Bahat via mailop 
I think we agree or else there I didn't phrase myself correctly (sorry, not
a native english speaker):

1. Using a regex over DNS pattern is a 'proxy' method for using a more
trusted method of identifying PBL space.
2. No 'Big' player uses it.
3. 'Big' players are the most performance sensitive out of all mail
recipients out there and most targeted by attacks.
4. Deriving from 1+2+3 - Using said regex pattern cannot be reasonably
justified by performance considerations.
5. Netease (one of the largest mail services in the world) would have been
flagged by it.
6. Deriving from 4+5, the practice attests to lazyness or apathy to false
positives by the operator deploying it.

Gil

On Wed, Jun 15, 2016 at 12:36 PM, Michelle Sullivan 
wrote:

> Gil Bahat via mailop wrote:
>
>>  public PBL registry. Do you see any big recipients
>> (gmail/hotmail/yahoo/netease/etc) 'optimizing' by such a regex?
>>
>
> I would also beg to differ if you think at least 3 of those you mention
> would use any of the public DNSbls as a sole decision point...  Nor would
> they use 'such a regex'... even the other massive one that immediately
> comes to mind that you didn't mention that does use a DNSbl on the border
> as a sole decision point for "quick rejects" doesn't use a Dynamic/Policy
> blocklist of any type - despite recommendations by technical experts and
> live statistics being taken showing a 25%(ish) efficiency gain with zero
> false positives all because there is a "chance" of false positives.
>
> --
> Michelle Sullivan
> http://www.mhix.org/
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why "not comply with best practices" on SpamRats?

2016-06-15 Thread Gil Bahat via mailop 
If you are knowingly giving up all of netease mail (or SES mail in the
other example), when you could have a very reasonable setup that doesn't do
so, you are being indifferent and uncaring about your users' email needs.
Your users will pay a price and netease will pay a price. the fact that a
certain indicator suggests something is 99% spam, doesn't mean the 1%
non-spam is not worth 'fighting' for. again, up to reasonable extents.
working with a proper local PBL data file, which should weigh a few megs?
you'd have to be google for that to really make a noticeable difference AND
evidently google doesn't need to use regexps.

I have a dream that one day senders will start implementing an RHSBL for
users logging in to their service. once a recipient finds themselves
blacklisted and their users refused service on big ecommerce sites due to
unreasonable email ground rules and some of the heat senders receive will
fall back at them, then we'll see some progress around that.

Gil

On Wed, Jun 15, 2016 at 10:30 AM, Noel Butler 
wrote:

> On 15/06/2016 16:59, Gil Bahat via mailop wrote:
>
> I beg to differ. Spamhaus offers the PBL in rsync format for big enough
> sites and i'm sure that if the cost is somehow a major factor, you could
> have a proper public PBL registry. Do you see any big recipients
> (gmail/hotmail/yahoo/netease/etc) 'optimizing' by such a regex? no, you
> don't, and their performance requirements are much more stringent than
> yours. That could be a good indication you're cutting corners and having
> someone else pay the price for it.
>
> Gil
>
>
> I'm very aware S.H. sell rsync connections, doesnt make any difference.
>
> I, like most here I would think, will do whatever they want to protect
> their own network, that comes first, above all else, and if I or others
> choose to deny access to our resources to people we don't know who are
> using an address format common with those that dont typically have a need
> to send direct mail, then so be it. I see nobody paying the price for
> anything, since pretty much all of those connections will not be legitimate
> mail senders that is my experience in over 20 years. Also, you are not to
> know that gmail or hotmail etc dont do some for of scoring based on a
> myriad of ways to decide to either inbox or junk box, maybe they dont,
> maybe they do, its irrelevant because they are not my networks so I have no
> need to know, just as they have no need to know all the methods we use else
> the bad guys get an advantage.
>
>
> --
> If you have the urge to reply to all rather than reply to list, you best
> first read  http://members.ausics.net/qwerty/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why "not comply with best practices" on SpamRats?

2016-06-15 Thread Gil Bahat via mailop 
I beg to differ. Spamhaus offers the PBL in rsync format for big enough
sites and i'm sure that if the cost is somehow a major factor, you could
have a proper public PBL registry. Do you see any big recipients
(gmail/hotmail/yahoo/netease/etc) 'optimizing' by such a regex? no, you
don't, and their performance requirements are much more stringent than
yours. That could be a good indication you're cutting corners and having
someone else pay the price for it.

Gil

On Wed, Jun 15, 2016 at 9:48 AM, Noel Butler  wrote:

> On 15/06/2016 16:09, Gil Bahat via mailop wrote:
>
> Prudency aside, this is one of the things wrong in the email world. I
> don't get it why recipients do something which is patently lax (having a
> naive regex) when a more appropriate solutions exist (spamhaus PBL) with a
> 'screw the sender, it's their problem, they'll bear the wrath of their
> users' - obviously allowing recipients to do this even for one of the
> largest senders in the world (126/163/yeah.net with over 700m users!).
>
>
> Its more about stopping spam, not just deliberate spam, but the
> accidental, as in malware infected PC's , contacting DNSBL's uses network
> resources, why take seconds when you can decide in nano seconds, no need to
> keep throwing hardware at the problem, when you can cull it there and then,
> our DNSBL's and anti spam-anti virus systems work 40% less through blocking
> these types of hosts, since they are for the most part malware/virus
> infected machines.
>
> In an ideal world all ISP's would block port 25 outbound except for
> official mail servers and make users use submission port, that would go
> along way to curbing the noise, but not eliminate it.
>
> --
> If you have the urge to reply to all rather than reply to list, you best
> first read  http://members.ausics.net/qwerty/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why "not comply with best practices" on SpamRats?

2016-06-14 Thread Gil Bahat via mailop 
Prudency aside, this is one of the things wrong in the email world. I don't
get it why recipients do something which is patently lax (having a naive
regex) when a more appropriate solutions exist (spamhaus PBL) with a 'screw
the sender, it's their problem, they'll bear the wrath of their users' -
obviously allowing recipients to do this even for one of the largest
senders in the world (126/163/yeah.net with over 700m users!).

Gil

On Wed, Jun 15, 2016 at 9:03 AM, Noel Butler  wrote:

> On 15/06/2016 13:52, Suresh Ramasubramanian wrote:
>
>> That too is a workable approach. Though market forces usually deal
>> with poorly managed bls over time.
>>
>>
> Its not just DNSBL's as has been pointed out by people other than myself
> who use similar rules locally, the safest bet is to accept this is how the
> world works in many places, and slightly changing the DNS should resolve
> all the problems, in fact, now it has been explained by several people in
> many different ways I hope the OP has understood (yes I accept language
> barriers can be problematic) and has already begun changing their A/PTRs to
> something that is less eye catching to remote sites.
>
>
> --
> If you have the urge to reply to all rather than reply to list, you best
> first read  http://members.ausics.net/qwerty/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] why "not comply with best practices" on SpamRats?

2016-06-14 Thread Gil Bahat via mailop 
I wouldn't recommend this approach. If your email carries high business
value, even a relatively small ISP could justify the time investment needed
to resolve the situation. when we had issues with spamcannibal BL and the
operator was unyielding, I went the time to research which of the providers
using it were too reliant on it, and convinced them to drop the list - it
was a local mail provider in hungary, with relative notability in-territory.

in the larger scope of mail volume? sure, doesn't matter. but why hurt even
one country's performance just because there are millions of other mail
users? that doesn't make sense.

On Wed, Jun 15, 2016 at 6:33 AM, Suresh Ramasubramanian  wrote:

> Or just don't bother about some random  DNSBL  with ill defined criteria
>
> If Spamhaus lists you, or a few other such list you, then sure you have
> problems.  Other than that there's several dozen others around with a
> comparatively minuscule userbase if at all.
>
> --srs
>
> > On 15-Jun-2016, at 8:36 AM, 陈俊平  wrote:
> >
> > SpamRats using is not clear, we may figure it out by our continuing
> discussions. Or catch the notice of SpamRats.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] "One-Click" List-Unsubscribe URIs

2016-06-09 Thread Gil Bahat via mailop 
FWIW I understood that the policy of large recipients is to already
'demand' and 'assume' that the URLs in List-Unsubscribe behave as 1-clicks
and that mailto: links can also be triggered from backend systems. That was
the requirement that I passed to our R&D. I'd be happy if anyone from a
large recipient can comment on that - not sure what would happen if it
didn't indeed function like this, or if there are separate streams and this
shuts off only a specific stream or what happens if the users regrets
unsubscribing and re-activates it.

Regards,

Gil Bahat,
Director of Online Operations,
Magisto Ltd.

On Thu, Jun 9, 2016 at 12:32 PM,  wrote:

> Hi List,
>
> I'm working on a document about a topic that came out of an open
> roundtable discussion at M³AAWG, it is more or less a way for mail
> senders to signal that a URI in the List-Unsubscribe Header has
> "One-Click" functionality and therefore can be triggered by backend
> systems to provide MUA users a better way to unsubscribe from bulk
> commercial mail that is reputable enough.
>
> We as an ESP implemented it for our customers so if you are curious
> about it, there is a chance that you already getting traffic with this
> feature enabled.
>
> I'm writing here because I'm looking for more input about it and if it
> interesting enough for ISPs or MUA provider.
>
> It's a public document and I welcome requests with updates...
> https://github.com/Lockhead/oneclick/blob/master/draft-herkula-oneclick.txt
>
> For people on the road a copy of the document is attached to this
> mail...
>
>
> Kind regards,
>
> / Tobias Herkula
>
> --
> optivo GmbH
> Head of Deliverability & Abuse Management
> Wallstraße 16
> 10179 Berlin
> Germany
>
> Tel: +49(0)30-768078-129
> Fax: +49(0)30-768078-499
>
> Email:mailto:t.herk...@optivo.com
> Website:  http://www.optivo.com
> Linkedin: http://www.linkedin.com/in/tobiasherkula
>
> Commercial register: HRB 88738 District Court Berlin-Charlottenburg
> Executive board: Dr. Rainer Brosch, Thomas Diezmann
> Vat reg. no.: DE813696618
>
> optivo A company of Deutsche Post DHL Group
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What in the name of all that is evil is this new spam technique?

2016-05-06 Thread Gil Bahat via mailop 
It's called bounceio 'domain monetization' and it's not new at all. They
will send bounces specifically back to the sender address and not the
return path address. Like any spam operation, it's UCE. Unlike any other
spam operation, not enough people mark them as spam, so their email still
gets accepted. I asked our ESP to avoid sending email to any domain with a
BIO server in the MX.

Gil
On May 6, 2016 11:43 PM, "Aaron C. de Bruyn"  wrote:

A user sent a message to the django-users list asking for help.  I replied
and about 5 minutes later I got a 'bounce' message that is basically a
bounce message laden with spam.

http://imgur.com/Ohn6sPE

Is this a new method of delivering spam?  Get 'someone' like
j...@piccloud.com to sign up for the mailing list, then delete the account
and have piccloud.com send spam thinly-disguised as bounce messages?

-A

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Yahoo deferred with a page not found

2016-04-26 Thread Gil Bahat via mailop 
We've been GL'ed by yahoo for over a year now and I pretty much gave up all
hope of ever getting it fixed, despite the fact that we send time-sensitive
emails. We get a mix of the postmaster-21 notice and another notice with a
vague/generic text.

Gil
On Apr 27, 2016 1:23 AM, "Renaud Allard via mailop" 
wrote:



On 27/04/16 00:00, Brandon Long via mailop wrote:

> Big companies are big, never underestimate the challenges involved.  We
> recently went through ours to find out that the editors had drifted the
> content of several of the links we pointed to in smtp responses to the
> point where they were not relevant at all.  At least they all still
> existed, or redirected to new pages which were tangentially related, I
> guess.
>
>
I also work for a big company, and I quite understand the challenges making
anything move even a tiny bit and even for the best reason. But I know that
when poking the right people at the right time, you can get some changes
done, even if it takes some (long) time to get the real move.

Now, to be honest, we recently got some messages from a big provider (I
think you all know who we are talking about) hinting at the fact they might
have understood that they should not silently drop email which were
accepted by their MTA.

Changes never happen if no one points out at problems.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop