Re: [mailop] Spamhaus Blocking SBLCSS - Need assistance

[Olaf Petry - Hornetsecurity]

Hi,

>> Now we are getting blocked by Spamhaus SBLCSS with almost all of our ip 
>> addresses.
You don't get blocked by SBLCSS but only listed. Any recipient / provider is 
responsible for using the list on its own.

According to the Spamhaus site, you get listed because:
- Email showing indications of unsolicited nature;
- Broad-spectrum aggregated views of email deliveries;
- Having poor list-hygiene;
- Sending out bad email due to a compromise (compromised account, webform or 
CMS);
- Other indicators of low reputation or abuse.

According to your description (sending newsletter, different customer) your IPs 
are predestined to get listed there if you don't take care.
Have you checked each of this points? Did you contact Spamhaus support?

As you name no affected IP or range or sending hostname it is difficult to give 
you a hint.

Mit freundlichen Grüßen / Kind Regards
Olaf Petry


From: mailop  On Behalf Of Jan Mollenhauer via mailop
Sent: Thursday, March 14, 2019 2:28 PM
To: mailop@mailop.org
Subject: [mailop] Spamhaus Blocking SBLCSS - Need assistance

Hello,

we are an email service provider. Our customers use our software to send 
newsletter.
Our software and servers are configured with all best practices like SPF, DKIM, 
DMARC, RDNS. We have also processes implemented for processing bounces, 
feedbackloops, unsubscribes and DOI subscriptions.

Now we are getting blocked by Spamhaus SBLCSS with almost all of our ip 
addresses.
The IPs are from different networks and being used by different customers of us 
over multiple servers and for different subscribers.

The only thing they have in common is that all IPs are registered by our 
company.

We already tried the delisting process but with no luck and no further response 
from Spamhaus.
The delisting process ist now being blocked. With message: CSS removal denied. 
xxx.xxx.xxx.xxx cannot be removed at this time.

Maybe someone from Spamhaus is listening to this and can contact us or somone 
else can give some guidance?

Any help appreciated.


Best regards

--
Jan Mollenhauer

http://atpscan.global.hornetsecurity.com/index.php?atp_str=VbQbLPaBjvZyi7ZkkM65OBOXpx2FF8E6oBNTfGMzRYKxTMwHwS9VwUiIpWClvmoO5xTzdi-VnyapL1SGI5m4MTfI3x_ucyYlIRA5DSQqJ6k7iwKak3_OfQu7C9xHhKH_sGuZsftuOs0xHSWjoZswGxF57Y39tmm4ADNuaksHrWBhaeFkdKR256ROGUy_5_r2OkDPxmNCcV0CmU03tTJejm-9uLBUZz_onSlRXBf8GkZ-YgXvT5DpmvvMwNmi5Bv__ai7ZXlA-ys4Fcxubjg12NfyxqKoMaMRctcp9AOUgYkkG7MBz8H_LXXLfyM6OiNlY2I1NmYyNjZjYmQjOjojt2-jqdrWSE2H14CFkpvcaw

BACKCLICK GmbH
Brabandtstrasse 8
38100 Braunschweig
Telefon: +49 531 615 63 - 200
Fax: +49 531 615 63 - 179
http://atpscan.global.hornetsecurity.com/index.php?atp_str=z2OGpzdLrqayOvrky5REkW-9DaIwt5J90Z-GBcE9wyw8n6aQfhegqzlt1aHg5sS3EJPRp-j7QvEvfoxZmINSVS3VuBHl_Jakd4MIlk3uuOtZybMDD_wLc5zbn07uakgJ46p8gw9ZvTUNhPCQgQFXkbfdc4aU-D8bOxanT3n104VXBapU_sKa9oiD5icanu_nztFdLrZncwMJGZRRV5RUxSUBCYR5PpecbfiM8yAA7BK_1xloeuSQvbyg0WKRf737FilLs0tosqjGItGsU96ufxi5w4uoMRNGZ34qz8Cu1SM6OiM0MDUzNTEzODM5Y2MjOjojIw-ew5gsWCJdVT0JbQhWeQ
mailto:j.mollenha...@backclick.de


smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Olaf Petry - Hornetsecurity]

N¬ŠÆ§Kó0K"‚w™ë,jµó€8ößÏu۝ìM÷Ó¿w@¼
S¢f¢–Šfj)h¦Šà™¨¥¢™šŠZ)¢¸¹¸ÞrÔD™¨¥¢—¦j)kz
+‚+£   Ãjד¹ï  j}´×Ý|Ó}ùûM4Ð*'µéí-©à¹¨uàÄ
‰íz{Sʗ­{¦V¢ÈZ®Ç­___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] emailreg.org is down

[Olaf Petry - Hornetsecurity]

N¬ŠÆ§Kó0K"‚w™ë,j¹@ÔÄï‘@ã®ûQAãÑz
P¸Ûo¢f¢–Šfj)h¦Šà™¨¥¢™šŠZ)¢¸¹¸ÞrÔD™¨¥¢—¦j)kz
+‚+£   Ãjד¹ï  j}´×ÝyÓ®wûM4Ð*'µéí-©à¹¨uàÄ
‰íz{Sʗ­{¦V¢ÈZ®Ç­___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Amazon AWS as 'spam sending farm' via phished account?

[Olaf Petry - Hornetsecurity]

Hi Benoît,

>> How about blocking the Amazon AWS IP ranges? Are there any legitimate
>> emails being send by them?
We see less than 1 clean between 1 million (or 1 billion?) emails from there, 
so guess what :-)
Our fast reacting abuse desk whitelists single IPs on demand from those ranges. 

Olaf Petry
Hornetsecurity GmbH

-Original Message-
From: mailop  On Behalf Of Benoit Panizzon
Sent: Monday, October 29, 2018 12:02 PM
To: mailop@mailop.org
Subject: [mailop] Amazon AWS as 'spam sending farm' via phished account?

Hi List

We increasingly notice, that when an account got phished, it is being
abused to send spam from usually one or two Amazon AWS US IP Addresses
simultaneously, staying below our account auto-block thereshold.

Quite some time in the past, when I first observed this, contacted the
Amazon Abuse Desk, including the infos they provide in their WHOIS
entry in the past, but newer ever got any kind of reaction.

Now I am curious, do others also make this observation?

How about blocking the Amazon AWS IP ranges? Are there any legitimate
emails being send by them?

Well I could try to block them only for Authenticated SMTP submission,
not for MX operation.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  
http://atpscan.global.hornetsecurity.com/index.php?atp_str=07zaR0I5KHZHSQhtydYdX1oYKg72Ia9jsYDDP9_dXJo-pQdIAARnuUIbfQtvKEAuvwT1W6bOub-guncDQACzPQ5h_YRQMIPEaxble352w6fj28OGRSl4OGqLTNcjoBbkenql71mWjJy9ZlzK3PLgYLv_FIuNxNjrchqOYqRotss8XdluF2bd9cFQkfUgO38BoRQZRakoDxxYriEg1Jqbicaio6c7gISqaV-l0VTj3XlsZZ0-2dM03FpqbkDy0sfDBarAu4eyE4XBCuPrxZFBiQtF1O6asZcL2yM6OiM2NTA2ODczYTcxNWMjOjoj0JzzuvgNKYlkBICLfYtu6w
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Postmaster contact for 1&1

[Olaf Petry - Hornetsecurity]

Official note I got from 1and1 Abuse Technican a few months ago:

Be aware that all mails that we forward on customer request and that are 
recognized as spam will be relayed via a host with rDNS mout-xforward..

Your sample IP is such a relay, so you may feel free to block emails from those 
relays at all, respect the result of blacklists (which often will list those 
IPs, I guess) or ignore the result of blacklists for those hostname in general.

Mit freundlichen Grüßen / Kind Regards
Olaf Petry

Von: mailop [mailto:mailop-boun...@mailop.org] Im Auftrag von Scott Undercofler
Gesendet: Mittwoch, 14. Februar 2018 15:16
An: Stefan Haunß 
Cc: mailop@mailop.org
Betreff: Re: [mailop] Postmaster contact for 1&1

https://www.spamhaus.org/query/ip/82.165.159.133

That’s what I get sending from their outbound. It’s not consistent so I assume 
not all of their space is listed.

On Feb 14, 2018, at 4:00 AM, Stefan Haunß 
> wrote:


On 02/14/2018 10:51 AM, Suresh Ramasubramanian wrote:

His users might want to receive mail from 1&1 users, and 1&1 outbounds being on 
spamhaus stops this from happening?
"might want"...I don't know him so I want more details...


In cases like this, it is up to 1&1 to work out the block, rather than 
expecting operators to put in place a whitelist.

of course 
http://postmaster.1and1.com
 is public and if you read the
following section carefully "IP Addresses for 1&1 Mail Servers" one
might come to the conclusion that there is no problem...


--srs

On 14/02/18, 3:17 PM, "mailop on behalf of Stefan Haunß" 
 on behalf of 
shau...@bfk.de> wrote:

   Scott,

   if you could describe your problem a bit more detailed you might get
   helped. why do you care of outbound IPs listed on spamhaus? are you a
   1and1 customer?

   Cheers,
   Stefan


   On 02/14/2018 06:13 AM, - - wrote:
Y'all have your outbound listed on spamhaus and I'm taking a lot of heat
for deliverability issues from your space. Please contact me or request
spamhaus removal for your outbounds. Your courteous support staff hung
up on me when I tried to explain that the AUP code I had would not make
sense to your deliverabilty team.

Thanks in advance.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


   ___
   mailop mailing list
   mailop@mailop.org
   https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
BFK edv-consulting GmbH   
http://www.bfk.de
Kriegsstraße 100  tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
Managing Director: Christoph Fischer HRB105469 Mannheim
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Postmaster contact for 1&1

[Olaf Petry - Hornetsecurity]

About which IPs are you talking about exactly?

There are different outgoing relay- groups at 1and1. Especially the one which 
relays all forwarded (untrusted) emails of their customers is listed quite 
often as the forwarded emails are mostly spam. The general relay IPs routing 
all customer created emails should not be listed.

Anyway we exclude any of their relay IPs from blacklisting to avoid trouble.

Mit freundlichen Grüßen / Kind Regards
Olaf Petry

-Ursprüngliche Nachricht-
Von: mailop [mailto:mailop-boun...@mailop.org] Im Auftrag von Suresh 
Ramasubramanian
Gesendet: Mittwoch, 14. Februar 2018 10:51
An: Stefan Haunß ; mailop@mailop.org
Betreff: Re: [mailop] Postmaster contact for 1&1

His users might want to receive mail from 1&1 users, and 1&1 outbounds being on 
spamhaus stops this from happening?

In cases like this, it is up to 1&1 to work out the block, rather than 
expecting operators to put in place a whitelist.

--srs

On 14/02/18, 3:17 PM, "mailop on behalf of Stefan Haunß" 
 wrote:

Scott,

if you could describe your problem a bit more detailed you might get
helped. why do you care of outbound IPs listed on spamhaus? are you a
1and1 customer?

Cheers,
Stefan


On 02/14/2018 06:13 AM, - - wrote:
> Y'all have your outbound listed on spamhaus and I'm taking a lot of heat
> for deliverability issues from your space. Please contact me or request
> spamhaus removal for your outbounds. Your courteous support staff hung
> up on me when I tried to explain that the AUP code I had would not make
> sense to your deliverabilty team. 
> 
> Thanks in advance. 
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Olaf Petry - Hornetsecurity]

Hello,

BTW I guess most unsubscribe header belong to the one-click-unsubscribe, see 
rfc 8058
Whitepaper: 
https://certified-senders.org/wp-content/uploads/2017/07/CSA_one-click_list-unsubscribe.pdf


Mit freundlichen Grüßen / Kind Regards
Olaf Petry

-Ursprüngliche Nachricht-
Von: mailop [mailto:mailop-boun...@mailop.org] Im Auftrag von Andy Smith
Gesendet: Mittwoch, 7. Februar 2018 03:17
An: mailop@mailop.org
Betreff: Re: [mailop] Anyone on this list from SpamCop?

Hello,

On Tue, Feb 06, 2018 at 03:34:34PM -0800, Laura Atkins wrote:
> > On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> > Putting a URL in a List-Unsubscribe header is an entirely reasonable
> > thing to do, and lots of ESPs do it.  
> 
> Lots of non-ESPs do it, too. 
> 
> List-Unsubscribe: 

When it comes to SpamCop it is never offering to report URLs found
in a List-Unsubscribe header so it must have been taught to ignore
those.

It is also ignoring URLs in the header X-Spam-Report, the default
SpamAssassin report header. The problem comes when a custom report
header is used, e.g.:
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop