Re: [mailop] Help with block at Shaw.ca

[Richard W via mailop]

Since Shaw is now owned by Rogers, would that be a Yahoo issue?

Richard

On 2024-05-21 12:37 p.m., Christine Borgia via mailop wrote:
Shaw.ca is completely blocking our transactional mail and we haven't 
been able to make contact there. Wondering if there is anyone here that 
I can talk to about it?


Thx!
Chris

--
*Christine Borgia*
Staff Deliverability Specialist
Shopify 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

[Richard W via mailop]

41.212.32.14 is PBL only.  Other IPs in the /24 have other listings

Richard

On 2024-03-31 12:02 p.m., Slavko via mailop wrote:

Dňa 31. marca 2024 17:06:30 UTC používateľ Richard W via mailop 
 napísal:

That Spamhaus listing is PBL, not an indication of bad.  Your ISP must have 
decided, or Spamhaus decided you shouldn't be sending mail. Looks like the 
whole /24 is on PBL.


PBL is not (bigest) problem, the worse part is XBL & SBL...

I guess, that despite of PBL, the mail (ML) server has stable
IP (as indicated by "all DNS auth", thus i expect PTR too), thus
that cannot be bad actor previously used that IP. If not, then
any effort will be reset on nect IP change...

regards



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone from Google - Sudden Gmail bounces??

[Richard W via mailop]

That Spamhaus listing is PBL, not an indication of bad.  Your ISP must 
have decided, or Spamhaus decided you shouldn't be sending mail. Looks 
like the whole /24 is on PBL.


As for 41.212.32.190, yes there was spam runs from that IP three to ten 
days ago. Malicious script.


Richard

On 2024-03-31 8:47 a.m., Bill Cole via mailop wrote:

On 2024-03-31 at 10:21:40 UTC-0400 (Sun, 31 Mar 2024 17:21:40 +0300)
Odhiambo Washington via mailop 
is rumored to have said:

I have just had several email bounces from a mailing list that I have 
been

running since 2005.
I have contacted Google using this form

and gotten a reference number 7-289335971.

The strangest thing is that I have gotten only 37 bounces whereas my
mailing list has several hundreds of gmail.com addresses.

The bounce text looks like this:

```
  john...@gmail.com
    host alt2.gmail-smtp-in.l.google.com [142.251.9.26]
    SMTP error from remote mail server after end of data:
    550-5.7.1 [41.212.32.14] The IP you're using to send mail is not
authorized to
    550-5.7.1 send email directly to our servers. Please use the SMTP 
relay

at your
    550-5.7.1 service provider instead. For more information, go to
    550 5.7.1  https://support.google.com/mail/?p=NotAuthorizedError
j21-20020a508a9500b0056bacdf79e0si3584946edj.443
- gsmtp
```
Now, this server - 41.212.32.14 - is authorized (by ALL DNS requirements
and policies)  to handle mail for lists.kictanet.or.ke which is the 
domain

name used for the mailing lists.

Why would this happen?


Something bad seems to have gained the ability to use that IP...

See https://check.spamhaus.org/listed/?searchterm=41.212.32.14

Google is not known to specifically use Spamhaus listings, so this is 
likely to indicate that both organizations have independently deemed 
your IP to be badly behaving.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Debt Collection Client Email Servers

[Richard W via mailop]

One also has to consider the quality of the data received. What kind of 
lender would accept an email address such as hotm...@hotmail.com as 
legit? (not the real address I'm seeing on mail from the noted IP 
addresses, but similar).


Richard

On 2024-03-25 6:50 a.m., Kent McGovern via mailop wrote:
"Biggest issue we have is that the number of false spam complaints due 
to the nature of the industry."


They aren't false spam complaints in the eyes of the people receiving 
the email.


Kent McGovern

On Sun, Mar 24, 2024 at 10:52 PM Michael Irvine via mailop 
mailto:mailop@mailop.org>> wrote:


Thank you. I will be opening a ticket with them to have it change.
Biggest issue we have is that the number of false spam complaints
due to the nature of the industry.  Hard to keep the domain as good
without talking directly to the postmasters.



Thanks,

**

*Michael Irvine *




 Original message 
From: Michael Peddemors via mailop mailto:mailop@mailop.org>>
Date: 3/22/24 17:09 (GMT-06:00)
To: mailop@mailop.org 
Subject: Re: [mailop] Debt Collection Client Email Servers

CAUTION: This email originated from outside of the organization. Do
not click any links or open attachments unless you recognize the
sender and know the content is safe.



If they are 'dedicated', doesn't matter if they are coming from
SendGrid, the PTR should reflect your clients domain.

host 149.72.234.90
90.234.72.149.in-addr.arpa domain name pointer
wrqvzxrx.outbound-mail.sendgrid.net
.

And given the amount of abuse of SendGrid servers, anything you can do
to differentiate from their generic naming conventions will help you.


On 2024-03-22 12:07, Michael Irvine via mailop wrote:
> Hello postmasters,
>
> One of our clients has been sending a debt collection campaign using
> email as the last resort of communication. These emails are more
> transactional and use a campaign mailing system to give some analytics.
>
> Context:
>
> We have 2 standard emails that go our daily. These emails describe the
> debt and how they can help.
>
> IP Addresses:
>
> 149.72.234.90
>
> 149.72.238.176
>
> 168.245.18.103
>
> NOTE: IPs are dedicated from SendGrid
>
> Subject line:
>
> Unifin is here to help with your [DEBTDESCRIPTION1] account.
>
> NOTE: [DEBTDESCRIPTION1] is the name of the debt company.
>
>  From Addresses are:
>
> olivia.ander...@unifinrs.com 
>
>
> emily.thomp...@unifinrs.com 
>
>
> Reply-to email is:
>
> myacco...@unifininc.com 
>
>
> Please reach out to me directly if there is additional information needed.
>
> Thank you,
>
> Michael Irvine | Great Computer Solutions
>
> m...@greatsys.com 
>
>
> ___
> mailop mailing list
> mailop@mailop.org 
> https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com 
@linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca

"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] SpamHaus listings

[Richard W via mailop]

I've never understood why people post for help but withhold information. 
They seem to be afraid to reveal the affected IP. Why? Afraid we'll all 
run to block it?


Given the IP, others can tell you what we are seeing from that IP and 
possibly what is causing listings with different BLs.


I don't participate in guessing games. Too old and grumpy for that.  I 
just move on.


Richard

On 2024-03-22 5:32 p.m., Robert L Mathews via mailop wrote:

On Mar 22, 2024, at 10:58 AM, Matus UHLAR - fantomas via mailop 
 wrote:


the result code and the spamhaus search didn't provide any relevant info.


Hmmm. Not relevant to you, perhaps, but it may be relevant to someone else who can help. 
I can't imagine how anyone could begin helping you without knowing the exact 
"127.0.x.x" Spamhaus code as a starting point.

When you ask for help, and people ask for more details, it isn't helpful to say "that isn't 
relevant" or "that info isn't useful" or whatever. As the bible [1] says, "If your 
diagnostic theories were such hot stuff, would you be consulting others for help?" People wouldn't ask 
for a detail if they didn't think it might help them to help you.



I got contacted off-list so I hope I have enough hints to avoid for next time.


This is also not ideal. The list is a place to share knowledge and help other 
people having similar issues. (The sacred text has a chapter on this, too [2].)

So... What were the hints you got? What do you think was wrong in the first 
place? How can other people who might stumble across this thread in the future 
fix it?


[1] http://www.catb.org/~esr/faqs/smart-questions.html#symptoms
[2] http://www.catb.org/~esr/faqs/smart-questions.html#followup


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Opinions on what qualifies as a "false positive" RBL listing that should be fixed?

[Richard W via mailop]

Perhaps an acknowledgement it is a problem and a willingness to fix it 
would help.


Richard

On 2024-02-15 3:36 p.m., Robert L Mathews via mailop wrote:

On Feb 15, 2024, at 1:10 AM, Riccardo Alfieri via mailop  
wrote:


That is exactly the root cause in this case. That .org address hit a bunch of 
typotraps, with different typoed domains, not recycled ones. That shows lack of 
COI from the library. From the robots POV the behaviour is not that much 
different from other spam operations.


That all makes sense, and I agree it's reasonable that such behavior gets 
senders automatically listed in various blocklists.

I was mostly surprised that after reviewing it, Spamhaus's policy is that this behavior 
(not using COI and hitting spamtraps as a result, for messages that in other respects are 
wanted by recipients and transactional) is sufficient to maintain an HBL listing with a 
notation of "This email address is used for malicious activities".

If any sender who doesn't use COI can potentially end up with a listing on the Spamhaus 
HBL for "malicious activities", it doesn't seem to justify the suggested 8 
SpamAssassin points. I would (perhaps naively) expect such a listing to be removed when 
it turned out to be also blocking legitimate mail.

But I guess that's more of a "my problem as a Spamhaus customer" thing than a 
mailop thing!


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamcop from a forwarding standpoint

[Richard W via mailop]

Andy has the right answer here, but sometimes there are some other 
tweeks I do. Send me a couple of report numbers and I'll look, or I can 
force the user to mailhost records. service @ spamcop.net


Richard

On 2024-01-25 3:30 a.m., Andy Smith via mailop wrote:

Hi,

On Thu, Jan 25, 2024 at 09:58:17AM +0100, Cyril - ImprovMX via mailop wrote:

Unfortunately for us, Spamcop believe we are the one sending spam when they
trace back the Received headers, because we are the last hop before landing
to that user's inbox.

Is there a way to tell in the headers that we are merely forwarding emails
(we do have spam protection in place, but some of them always manage to get
through) ?


There's no way for you to do this, because SpamCop has no way to
know that you are "part of" the recipient's infrastructure.

SpamCop instructs its users not to ever report forwarded email if
you like I should think you could continue marking every report as
resolved or not applicable due to the fact that it's forwarded and
SpamCop would side with you (I've no special knowledge on this).

Something that a SpamCop user CAN do is register (with them) the
forwarding path, and then SpamCop will know about that. Here's the
help for that:

 
https://forum.spamcop.net/forum/7-mailhost-configuration-of-your-reporting-account/

That's something only the SpamCop user can do though, and if they're
not understanding the issue and blindly hitting "report" then that
won't help you.

The exact same problem happens when people report spam that they
received through a mailing list. The SpamCop user needs to be a bit
careful.

Thanks,
Andy


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Richard W via mailop]

>> On Spamhaus' suggestion, I built a reverification system late last 
year and

>> tested it on a small group of users. Yesterday, I kicked off a
>> reverification to a much larger segment of users.
>
> Looking forward to seeing this in our traps.

Yeah, we're seeing that from 66.175.222.12

Richard

On 2024-01-15 1:09 p.m., Atro Tossavainen via mailop wrote:

We're an email groups service, like Google Groups. Based on evidence
provided by Spamhaus, it appears that some groups that migrated from Yahoo
Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses.


That might be the explanation for why some of your customers' lists
contain addresses that ceased to exist before groups.io started to.
It does look rather suspicious when that happens.


On Spamhaus' suggestion, I built a reverification system late last year and
tested it on a small group of users. Yesterday, I kicked off a
reverification to a much larger segment of users.


Looking forward to seeing this in our traps.

This is a third-party observation that has nothing to do with Spamhaus.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Contact to sasktel.net?

[Richard W via mailop]

sasktel.net is provided by megamailservers.com.  They have nothing 
in-house dealing with mail


Richard

On 2023-03-17 10:36 a.m., Sidsel Jensen via mailop wrote:

Hi
Does anyone in here perhaps have a contact to sasktel.net ? I'm trying 
to solve a delivery issue.

Kind Regards,
Sidsel Jensen
Architect of Deliverability and Abuse @ Open-Xchange

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] h-email.net

[Richard W via mailop]

My guess is these are spam support services, not spam sending services. 
They might be drop boxes or service signup boxes.  I've checked the /24 
and /22 around these IPs and natch, nadda in SpamCop for them


Richard

On 2023-03-03 6:16 p.m., Jan Schaumann via mailop wrote:

Jarland Donnell via mailop  wrote:

A quick parse of my logs suggests that it's a spam-only operation, so likely
won't correlate to any particular front-end mail service. I mean just 100%
correlation with spam in my logs, and not a small amount of logs either.


Interesting that e.g., Spamhaus doesn't have it in its
RBL, nor do many others.  Weird.

*shrug*

-Jan
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Student trying to attend M3AAWG

[Richard W via mailop]

Finally??  I think 19 hours from first mention to securing a confirmed 
pass is pretty amazing.


Richard

On 2023-02-18 4:11 p.m., Alex Liu via mailop wrote:

Finally got a pass :) thanks everyone for your help!!

On Fri, Feb 17, 2023 at 19:00 Alex Liu > wrote:


Hi Everyone,

My name is Alex and I’m a student at UCSD. I recently found out
about M3AAWG. It’s agenda is very really related to what I’ve been
doing (my research:https://alexliu0809.github.io/publications/#/
). However, it seems
like registration is not open to students who are not part of a
member company. Is there still a way to register for it (e.g.,
through an invitation)? Any help would be appreciated. Thanks!
-- 
Regards,

*Enze "**Alex" **Liu*
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu 
University of California, San Diego

--
Regards,
*Enze "**Alex" **Liu*
PhD Student
Department of Computer Science and Engineering
e7...@eng.ucsd.edu 
University of California, San Diego

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] I received a scam letter from Paypal

[Richard W via mailop]

I've seen a number of these.  What helps me catch them is they are 
always to a scraped address, not my tagged address used with PP.


Richard

On 2022-12-28 12:14 p.m., Cyril - ImprovMX via mailop wrote:

Hi everyone!

If I recall correctly, there was already a discussion here on something 
similar, but I'd like to share my story here.


Yesterday, I received an email from Paypal with the subject "Reminder - 
You have paid an invoice".


The content of the email is the following:

first.png

There are a few things to note that are surprising :

  * The email is really coming from Paypal (serv...@paypal.com
)
  * The SPF/DKIM AND DMARC are valid
  * All the links inside the email point to Paypal.com, even though I
haven't clicked on the "View ad Pay Invoice"
  * The sending IP (66.211.170.90) is from Paypal: mx4.phx.paypal.com
 (https://check.mx/ptr/66.211.170.90
)


And a few inconsistencies :

  * The subject says, "You have paid an invoice", but the body says,
"Please pay your invoice"
  * The bottom indicates that Paypal "will always contain your full
name", but the top indicates "Hello, PayPal Customer"
  * I haven't tried the phone number but pretty sure that's where the
scammers are sitting.

Here's the validation from GMail:

second.png

What I'm saying here, is what the hell? How a scam can come from Paypal 
like this?
This is a serious issue, and they need to fix this because I'm not sure 
my parents would catch the scam here, all seems legit!


Stay safe, and happy holidays!

Best,
Cyril

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Calix 844 Router Compromise

[Richard W via mailop]

How about an IP where some of this spam was sent from, so we can use it 
for comparison to other spam and identify others affected?  Provided a 
link to a page that requires log in doesn't help.


Sorry for being hit. I'm sure it didn't make for a pleasant day

Richard

On 2022-10-29 12:09 p.m., Kenneth Vedder via mailop wrote:

Hi All,

We had some of our Calix 844G routers compromised by a SOCKS5 
vulnerability this weekend. They were sending out spam. Calix is aware 
of the compromise in their firmware. The information doesn't seem to be 
posted publicly and I am a fan of open sharing of vulnerability info. 
Anyone who has these routers and are in the same boat as me can login to 
calix and find more information on the vulnerability at:

https://www.calix.com/bin/calix/servlets/docdownload?fileId=/content/dam/calix/doc-library/systems/prem/bulletins/gf-sb/premises_sb-22-005/Premises_SB-22-005_gc-socks5-exploit.pdf
 


They plan to release a firmware fix by end of day October 31st.

Hope this message doesn't break any rules. Have a good weekend folks.

Ken

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Curious, any one seeing fake SpamCop reports over the weekend?

[Richard W via mailop]

I suspect this is a virus that is pulling subject lines and email 
addresses from the infected computer and sending the spam to those. I've 
heard of quite a few receiving 'spamcop' related ones.


I've been receiving a number from other various abuse and role addresses 
with different subjects for a few week.  Usually has a attachment, I 
suspect trying to spread itself.


And the report numbers in the links are so old I can't even look up when 
they were sent or to who. We only hang on for 90 days.


Richard

On 2022-06-13 9:10 a.m., Michael Peddemors via mailop wrote:

Real strange, fake abuse addresses..

ab...@singlehop.com
abuset...@veeble.org

Spamcop links are to 404..

Just not sure how the content can be malicous, maybe it is just a broken 
system over the weekend?


Reporting one of our addresses as the authenticated address, but shows 
it coming from a CloudFlare IP.. And looks to have forged information.


Any one else notice it over the weekend?


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone on list from Spamcop

[Richard W via mailop]

Give me a shout at deput...@spamcop.net or service@ and I'll take a look

Richard

On 2022-05-23 9:46 a.m., Lyle Lamb via mailop wrote:

Hell there,
Is there anyone with Spamcop on list? If so can you please connect with 
me off list in regards to some listing we are seeing with a subset of 
our IPs?

Thank you,
Lyle Lamb
Keap Postmaster

https://files.infusionsoft.com/signature-photos/email-sig-profile-file-1548778752229.jpeg
*Lyle Lamb*

*KeapPostmaster*
postmas...@keap.com 
*Linkedin *

*/"Every man dies, not every man really lives." /**- William Wallace***

https://assets.infusionsoft.com/image/upload/v1548756375/keap/keap-pages/signature-generator/logo.png 


*HQ 1-866-800-0004 
*Infusionsoft Facebook 
Infusionsoft Twitter 
Infusionsoft Linkedin 




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WTaF? I just got spammed BY Active Campaign

[Richard W via mailop]

Isn't Shopify Canadian?  Hand it off to the CRTC

Richard

On 2022-04-26 4:27 p.m., Anne Mitchell via mailop wrote:




On Apr 26, 2022, at 3:59 PM, Michael Rathbun via mailop  
wrote:

On Tue, 26 Apr 2022 15:30:28 -0600, Anne Mitchell via mailop
 wrote:


WTaF??


I presume they are encouraging you to spam your legal services through them,
rather than on the cover and spine of the local Yellow Pages™?


It's worse than that, the spam is for *no* sort of business even remotely related to 
anything I do - it's for "my" Shopify store!  I've never had an ecomm store in 
my life, let alone a Shopify store.

And, it went to my normal ISIPP address, I mean, you'd think they'd know...

Anne

---
Outsource your email deliverability headaches to us, and get to the inbox, 
guaranteed!
www.GetToTheInbox.com

Anne P. Mitchell,  Esq.
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, MAPS: Mail Abuse Prevention System (now the anti-spam 
division of TrendMicro)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Best mailbox provider for personal domain?

[Richard W via mailop]

I use Easydns with several domains.  I have used mailmaps on one and 
easymail on another for several years.  I am happy with both.


Richard

On 2022-04-09 3:54 p.m., Chris Woods via mailop wrote:



On Sat, 9 Apr 2022, 21:38 Mark E. Jeftovic via mailop, 
mailto:mailop@mailop.org>> wrote:


Hi Tara,

We bundle 3 and 5 IMAP boxes with standard and pro dns packages
(domain reg + DNS + email) for $35/year and $55/year

And yes, we support + addressing.

We've also implemented SRS on your email forwarders.

- mark

On 2022-04-09 12:26 PM, Tara Natanson via mailop wrote:

Thank you all for your responses.   I am happy to pay some, but
switching to google workspace with what I need would be 36$/month
so looking for a cheaper option than that. Yes Google says there
is a no-cost option available but I did look into it and it won't
work.

Biggest problem I'm having is that no one states in their
advertising or FAQs if they support "+" addressing.

Is anyone using the following services and can confirm if they
support  "+" addressing or not?
Dreamhost
 ZOHO
FASTMAIL -
iCloud-

Tara

On Sat, Apr 9, 2022 at 9:50 AM Byron Lunz mailto:byronl...@gmail.com>> wrote:

Announcements about this from Google say that a "no cost
option" will soon be announced, so it probably makes sense to
wait a bit longer to see what that is. It *might* be a
recommendation to move your domain to Google Domains, where
you can get up to 100 email addresses forwarded to your free
Gmail address. 

On Fri, Apr 8, 2022 at 6:43 AM Tara Natanson via mailop
mailto:mailop@mailop.org>> wrote:

A while back there was a thread about the best place to
host small biz domain email but I'm looking for something
even smaller.

I've got my personal domain hosted on gmail.  It's been
there for more than 10 years and was grandfathered into
their free hosting tier.  In June GMAIL is doing away with
this plan and going to charge 5$/address per domain per
month.  I've got dozens of addresses setup so this really
isn't a good/affordable option anymore.

Where would you recommend hosting your domain so that you
can pop/imap, use "+" addressing, isn't spammer friendly,
and basically works similar to gmail? I no longer have a
website setup, so mail is the only thing I care about. I'm
fine with a solution that has me setting up a new gmail
account and just popping the mail to there, but what are
folks using these days?  (assuming I have no desire to run
my own server)

Thanks in advance for any recommendations!

Tara Natanson



Hello Tara,

I've used Dreamhost for 15 years for family and a few friends' personal 
email and web sites. DH accounts support inbound plus addressing - just 
tested sending from gmail to one of my accounts.


Dreamhost now do ingress and egress mail filtering via Mailchannels MXes 
(in my experience it occasionally catches a handful of false positives, 
worth checking the spam folder periodically but it's made a decent 
positive improvement to spam reaching inboxes. They also proactively 
monitor for any mailbox compromise or outbound spam through accounts.


I recently recommitted on a three year plan as I blagged a decent price. 
Current introductory pricing for new customers is pretty good. I've 
hosted with them since 2007 and their service has been pretty solid 
throughout without price hikes.


Their tech support is much better than it used to be - they started to 
scale up around 2009/2010 and struggled with some growing pains, but 
they dealt with it and shared hosting service has been good for years. 
(see dreamhoststatus.com ) They've 
implemented some nice security improvements behind the scenes and still 
offer things like SSH which can be useful. Their mail hosting was also 
migrated to bigger, newer infrastructure a while back which improved 
performance.


Support is ticket-based unless you pay for premium support, but they're 
actually helpful and responsive after a ticket is assigned to someone. 
I've very rarely needed to contact support over the last 15 odd years. 
Obviously all their hosting is in the US which may have GDPR/data export 
implications for commercial use.


Shameless referral link: https://www.dreamhost.com/r.cgi?264181 
 though feel free to go direct.


I host other personal and business services with various providers, 
including Mythic Beasts who have always provided gold standard service. 
But that's for VPSes I still have to manage and maintain. Compared to a 
specialist dedi/VPS provider, Dreamhost shared won't win s

Re: [mailop] Roundcube client IPs → dovecot, postfix

[Richard W via mailop]

On 2021-12-28 11:27 a.m., Steven Champeon via mailop wrote:


I hope to die before that logic extends to hiding what channel you are
tuned into on a TV or radio for "privacy reasons". Infrastructure is
infrastructure, it's not like every packet you send has a social security
number or bank account routing number in it. Ridiculous.



Those that advocate IP addresses are PII still drive around with a 
license plate on their car.  That's even more PII out in the open as 
that is a static IP.


Richard
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Important SpamCop Announcement

[Richard W via mailop]

Emails have gone to each of the mirror operators we have on record. This 
is just a public notice for any that we may miss, but also to serve as a 
warning that if you have hardcoded an IP to use your favorite mirror 
that will stop working.


During a recent program and service level review, deficiencies were 
noted in the operations of the SpamCop Blocking List. As a result, the 
Talos Team has determined we should move away from the current model of 
using third party volunteer block list mirrors in favor of a fully 
managed in-house solution.


This means that all third-party volunteer SpamCop block list mirror 
servers will be removed from our DNS rotation on Monday, April 19, 2021. 
This does not mean the server will stop working, just that it will no 
longer be announced as a public mirror or accessed by the public. It 
will continue to work as a fully functioning private mirror of the 
SpamCop Blocking List.


At some future date we may change the protocol used to download the full 
list. We recognize the contribution of our mirror volunteers and plan to 
continue providing access at no charge. If you would like to continue 
your access to the full SpamCop Blocking List to run a private mirror, 
please let us know at service@admin[.]spamcop[.]net prior to April 12 so 
we can notify you of any changes.


Thanks, Richard
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Just trying to see if I can still post.

[Richard W via mailop]

Michael, I sent you a reply offlist

Richard

On 2020-10-08 9:59 p.m., Michael Wise via mailop wrote:

Seems to be working now.

I was curious about how to get a list of the CIDR ranges for 
DigitalOcean, AS14061


The WHOIS command didn’t do it for me, and neither did going to the 
website they suggest.


Aloha,

Michael.

--

*Michael J Wise*
MicrosoftCorporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Open a ticket for Hotmail  ?

*From:* mailop  *On Behalf Of *Michael Wise 
via mailop

*Sent:* Thursday, October 8, 2020 8:47 PM
*To:* mailop@mailop.org
*Subject:* [EXTERNAL] [mailop] Just trying to see if I can still post.

I had a question about a certain owner of IP address blocks in the /16 
range, and wanted to find out how to get a list of their blocks, but for 
some reason the post wouldn’t go out. Maybe this will.


Aloha,

Michael.

--

*Michael J Wise*
MicrosoftCorporation| Spam Analysis

"Your Spam Specimen Has Been Processed."

Open a ticket for Hotmail 
 
?



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Earthlink / Mindspring

[Richard W via mailop]

Can someone from Earthlink / Mindspring mail contact me please?  Re 
SpamCop listings.


Thanks, Richard

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] New SendGrid IP(s) detected sending phishing last 24 hours..

[Richard W via mailop]

When I checked this morning there was like 662 different Sendgrid IPs 
hit our traps in the previous 24 hours.


Richard

On 2020-08-12 2:47 p.m., Michael Peddemors via mailop wrote:

Volume picking up, not decreasing..


149.72.37.171    x3    wrqvnrxb.outbound-mail.sendgrid.net
149.72.58.197    x6    wrqvpxcr.outbound-mail.sendgrid.net
149.72.64.32    x3    wrqvqhnh.outbound-email.sendgrid.net
149.72.73.203    x7    wrqvqwcb.outbound-mail.sendgrid.net
149.72.90.203    x1    wrqvrxcb.outbound-mail.sendgrid.net
167.89.100.165    x2    o1.hv1e.shared.sendgrid.net
167.89.100.168    x1    xtrwsqxv.outbound-mail.sendgrid.net
167.89.100.174    x2    o2.lv1e.shared.sendgrid.net
167.89.100.223    x1    xtrwsqdf.outbound-mail.sendgrid.net
167.89.17.173    x1    xtrwkkxd.outbound-mail.sendgrid.net
167.89.55.59    x1    xtrwptpb.outbound-mail.sendgrid.net
168.245.106.159    x1    xvfrsxwf.outbound-mail.sendgrid.net
168.245.15.34    x1    o16824515x34.outbound-mail.sendgrid.net
168.245.17.93    x1    xvfrkkrd.outbound-mail.sendgrid.net
168.245.5.65    x1    xvfrhrqk.outbound-mail.sendgrid.net




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Microsoft Block list (S3150)

[Richard W via mailop]

As others have pointed out, you are not Microsoft's customer and they 
have no obligation to provide service to you.  If their customers, the 
people you are trying to send mail to, are not complaining about your 
mail not reaching them they have no incentive to react.  If their 
customers start to walk or threaten to walk, then they might consider 
changing.


Their customers are happy.  That's all they care about

Richard

On 2020-06-29 3:11 p.m., Scott Mutter via mailop wrote:
Maybe the answer is that not enough other mail server administrators are 
shining a light on just how poorly Microsoft (and any other big named 
provider) does in regards to incidents like this.


In my particular case at the moment, Microsoft is blocking one of our 
mail server IPs.


Microsoft has not provided any evidence that anything bad has ever come 
from this IP address.  (Which the pros/cons of disclosing this have 
already been discussed)


The IP is not listed on any other public spam blacklist.

The IP has a Senderscore of 99 - which I think still means something?

All-in-all I'm just not seeing why Microsoft is blocking the IP.  Show 
me some proof and I'll believe you.


Outside of that, what am I suppose to do to resolve whatever that issue 
might be?  Since you won't tell me what the issue is.  I guess you just 
want us to lie on the ticket replies and say "We've resolved these 
issues" even though I didn't do anything.  This is how the problem just 
keeps snowballing into larger and larger problems.


Now is the IP blocked because of a larger class-C, class-B, or some 
subnet block?  That'd be nice to know.  But even if it is, if you're not 
seeing any activity from the specific IP address I'm referring to, why 
can't you just whitelist that IP from the subnet block?


It's impossible to get a hold of anyone using Microsoft website contact 
form links that knows a lick about how their own mail servers work.  If 
you tell them that you're IP is blocked they try to figure out why you 
can't access http://outlook.com


All the while, our users see us as being the bad guys.  They don't 
believe that Microsoft/Hotmail/Outlook can be a bad guy because they're 
too big.  I would be half a good mind to tell our users to sign up for 
this Mailops mailing list, just so they can read all of the horror 
stories that happen with Microsoft/Hotmail/Outlook mail server blocks.


On Mon, Jun 29, 2020 at 2:57 PM Hans-Martin Mosner via mailop 
mailto:mailop@mailop.org>> wrote:


Am 29.06.20 um 21:30 schrieb Michael Wise via mailop:


__ __

A **VERY** strong economic argument.

__ __


I know. I'm mainly venting my frustration, knowing too well that my
activity won't flip a single bit in Redmond.

Hoping that some organization would do the right thing because it's
the right thing to do has become pretty futile (not saying that
there ever was much hope...)

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org 
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SpamCop and listwashing

[Richard W via mailop]

I did make contact with Andy through the deputies' queue.  In this case 
is is one big provider that has been ignoring a well known spammer on 
their network that sends our hundreds of messages per day "I have 
removed the user"


Richard

On 2019-08-27 4:54 a.m., Andy Smith via mailop wrote:

Hello,

Are there any representatives of SpamCop here?

Last week or so I noticed that I can no longer send SpamCop reports
to a large hosting provider. The option now shows up as:

abuse#example@devnull.spamcop.net

with no explanatory text.

In the past when I have seen this, I have assumed that SpamCop was
unable to find a reporting address, or the address bounces, or the
provider has told SpamCop to stop sending them reports.

Since…

a) I know this used to work, and
b) this is a pretty big provider that I am often sending reports to, and
c) I know that provider is represented on this list

…yesterday I sent the representative of that provider a direct email
asking why they are no longer accepting SpamCop reports.

Today they kindly replied to let me know that they still welcome
SpamCop reports but SpamCop has decided that their customers have
been listwashing and for that reason SpamCop will not send them any
further reports.

I don't know any more details, particularly I don't know the scale
involved here. I suppose I could see an argument that if there's a
huge number of reports then the provider is letting their customers
listwash when they should be enforcing AUP on them. But is that
SpamCop's fight?

 From my end as the reporter I'm not really seeing much of an uptick
in reports to this large provider, and I do sometimes get a response
from them to say they're dealing with stuff, so I'd prefer that I
could continue sending reports.

So, should SpamCop be in the business of caring whether providers
[allow their customers to] listwash? Until today I had always been
under the impression that SpamCop was merely putting reporters in
contact with providers, not making value judgements on the quality
of the abuse desk.

Given the choice of either not reporting or risking listwashing, I
think I would rather risk the listwash. I can do my own analysis to
decide whether to stop reporting and start blocking more
aggressively.

If SpamCop really wants to take a stance on listwashing then I would
much rather they gave an option on their reporting page. At the
moment there are some providers who do not accept the anonymised
SpamCop reports and for these SpamCop leaves the checkbox unchecked.
When you check it, it pops up a warning saying that your real email
address will be passed along if you continue. Perhaps they could do
similar for the providers they deem to allow too much listwashing?

Fundamentally, the way it is now, it is not possible to distinguish
providers who refuse reports from providers who SpamCop refuses to
report to, and I think that is not ideal.

In fact, I have used SpamCop's ability to send reports or not as
part of my stance on how aggressively to deal with email from
various providers before, thinking that it's always down to the
provider. I now realise that may have been an incorrect assumption.

What are the list's thoughts?

Is there some other service other than SpamCop that I should be
using to send reports? I do not have time to check headers and send
emails to individual abuse addresses on individual samples of spam.
Checking SpamCop's workings and then hitting send is much more
convenient, but this has really dented my confidence in it.

On the other side as a very small hoster, I occasionally receive
SpamCop reports about my customers and generally find them
actionable and useful so this is a real shame.

(I did already also fill in SpamCop's contact form to query this
situation, but wondered whether there were any SpamCop reps here and
also if my views on this are in a minority.)

Cheers,
Andy

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Richard W]

If you wanna hit me up at deputies at spamcop.net I can look at exactly 
what you're seeing and I can have a look at what we can do to get around it.


To SpamCop, a URL is a URL.  Unless told otherwise, it can't tell the 
difference between a URL for wiener pills from the one you put to your 
boss's personal page in your sig.  It will offer to report all URLs it 
can find/identify unless it has been told to ignore a particular string.


As for header, technically it shouldn't grab a URL from a header, but 
the big guys are filling headers with so much crap these days it's hard 
to tell the header from the body.  SpamCop looks for a blank line and 
treats everything after that as body.


See lots of blank lines in headers now where they shouldn't be which 
only serves to trip up scripts trying to follows the lowly old RFCs.


Richard

On 2018-02-06 10:28 AM, Michael Peddemors wrote:
Want to hit me offline, notice that SpamCop considers URL's in 550 
errors as 'spamvertizing'


  
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us athttp://www.linuxmagic.com  @linuxmagic

A Wizard IT Company - For More Infohttp://www.wizard.ca  
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.


604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] spamalarm.org

[Richard W]

> Might be legit.  But:

I can confirm we (SpamCop) have never heard of them or have any 'deals'
with them.

Check out there data input:  "Recipient address", "Specified sender".

Clicking "Continue" opens a page with variable progress bars as the data
is "sent to" blacklist operators, ISPs, network agencies.  No place to
input headers, no place to input message body.

Thanks to me nob...@example.com will never get spam from
spam...@hotmail.com again  ;-)

> I'm highly skeptical.

I'm not.  It's a scam and probably data mining.

Richard

On 2017-10-26 5:56 AM, Rich Kulawiec wrote:
> 
> Might be legit.  But:
> 
>   - does not know the difference between "spam" and "SPAM"
>   - gets the definition of spam wrong
>   - it's not clear how they plan to conduct message analysis
>   on the basis of the information they collect
>   - purports to be able to initiate legal action on behalf
>   of reporters, which it can't
>   - purports to be able to initiate legal action in jurisdictions
>   where there's not possible 
>   - operates a whitelist with a $50 listing fee
> 
> I'm highly skeptical.
> 
> ---rsk
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamcop: 'this is not spam' feedback form broken?

[Richard W]

Actually that is a sample template, not a feedback/submission form.
Above the box is a mailto link to respond to.  Under that:
"If you cannot use the above link, the template text is provided here
for use in your preferred email application:"

Under the box is a link to a form to send a note.

I've gigged the user on this report.  Our system did pick it up as 'not
spam' and did not include it in SCBL operation stats.

Richard

On 2017-01-02 4:36 AM, Benoit Panizzon wrote:
> Hello out there
> 
> As abuse desk, when you get reports from spamcop, they contain a link
> where you can submit feedback to the reporter.
> 
> Actually there is an abuse desk from another ISP which reported a
> couple spam reports we sent him back as spam to spamcop. I double
> checked. The email address is listed as abuse contact @ RIPE.net for
> the source ip of those spam mails in question.
> The subject was quite clear, stating the IP in question and the fact
> that it was an report about abuse from that IP.
> 
> So I wanted to
> 
> 1: Mark those submissions to spamcop to be not spam, to prevent spamcop
>blocking the ip used to submit those reports.
> 2: Send a note to the reporter to get in contact with us to clear the
>issue, maybe the contact data @ RIPE is wrong.
> 
> The actual link would be:
> 
> https://www.spamcop.net/w3m?i=z6612423089zd1ec901493c314afac5615a808adbab3z
> 
> But when I select 'this message is not spam' I get to a page where I
> can leave a note, but which does not have any 'submit' button. So I am
> unable to submit that note.
> 
> Is this a known issue?
> 
> -Benoît Panizzon-
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] With all the talk about bots.. Just sharing today's pattern..

[Richard W]

How are you making a IoT connection with this spam?  This is just
today's Necurs bot spew.  Changes every day.

Richard

On 2016-11-02 1:38 PM, Spam Auditor wrote:
> While most of this is originating from the IoT, this latest has an
> interesting pattern..
> And it is coming from all the DUL (well dynamic and static broadback
> access points) so most of it is of course in the spam folders already.
> 
> However, it is quite a large usage of the botnet so thought I would share..
> Of course, it might be different tomorrow..
> 
> Return-Path: 
> 
> * All the MAIL FROM are from [a-z]+[0-9]{3,6}@
> 
> Received: from 72-28-165-077-static.aik.sc.atlanticbb.net (HELO
> 72-28-165-077-static.aik.sc.atlanticbb.net) (72.28.165.77)
> Received: from Pickup by server.mail.sc.atlanticbb.net with Microsoft
> SMTP Server id 15.0.6017.3; Wed, 02 Nov 2016 10:34:20 -0400
> 
> * All with two headers.. second being 'Pickup'
> * All coming from Windows OS
> 
> From: "Margaret Woodward" 
> To: "name" 
> Message-ID: <-834501632.0788999.3870775544676.JavaMail.wasadmin@local>
> Subject: Transactions
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>  boundary="=_Part_5683153_4166401428.3525678117443"
> 
> * Headers all look standardized
> 
> Return-Path: woodward5...@sc.atlanticbb.net
> Date: Wed, 02 Nov 2016 10:34:20 -0400
> 
> * Duplicate Return-Path generated by Bot?
> 
> X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
> X-KSE-ServerInfo: server.mail.sc.atlanticbb.net, 9
> X-KSE-Antivirus-Interceptor-Info: scan successful
> X-KSE-Antivirus-Info: Clean, bases: 11/02/2016 1:34:00 AM
> X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
> X-KSE-ServerInfo: server.mail.sc.atlanticbb.net, 9
> X-KSE-AntiSpam-Interceptor-Info: white sender email list
> X-KSE-AttachmentFiltering-Interceptor-Info: protection disabled
> 
> * All of them have the same Karpersky Style headers..
> * All of them have 'white sender email list'
> * All of them have 'protection disabled'
> 
> I leave it up to the reader to discern whether the headers are forged,
> or taking advantage of the these headers..
> 
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop