Re: [mailop] Seeing broken Content-Type headers from sendgrid

[Ryan Harris via mailop]

Hello Tobi,

Your friendly sendgrid community member here. Could you send me headers off
list? Would love to see what you are experiencing.

Thanks for your help.


Ryan

On Mon, Apr 29, 2019, 6:02 AM Tobi via mailop  wrote:

> We're currently seeing quite a bunch of messages from
> no-re...@sendgrid.net which contain broken Content-Type headers like
>
> > Content-Type: multipart/report; report-type=delivery-status;
> > Date: Mon, 29 Apr 2019 10:09:15 UTC
> >  boundary="2821519d3987dfb8"
> > Content-Transfer-Encoding: binary
>
> boundary belongs to Content-Type.
> This will cause problems with any message parsing application that
> expects proper mime structure.
>
> Anyone else seeing such broken headers from sendgrid?
>
> --
> tobi
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just Make It Stop

[Ryan Harris via mailop]

Hi John,

Feel free to hit me up off list. I can help.


Ryan

On Thu, Dec 13, 2018, 10:23 AM John Levine  My elderly father is no longer able to handle his own e-mail, so I'm
> doing it.  He gets a mountain of junk mail, from every organization
> with which he has ever done business, from the local community theater
> to auto parts.
>
> I don't want to close his mailbox because he gets useful mail such as
> the water bill and notices about doctors' appointments, and mail from
> actual human friends.  (We read him those.)  But he will never respond
> to e-mailed solicitations because he will never see them.  They're a
> pure waste of electrons, and of my time.  I've wasted a lot of time
> clicking a lot of opt-out links, and would prefer not to waste much
> more.
>
> I can tell that the majority of the junk is from Mailchimp and
> Constant Contact, with a lot also from Sendgrid and Exact Target.
> Anyone I can contact there to Just Make It Stop?
>
> R's,
> John
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] GoDaddy TakeDown requests

[Ryan Harris via mailop]

Hello,

I sent a takedown request to ab...@godaddy.com, also filled out an abuse
form on a domain they are hosting which is phishing/malware. No response
and domain is still up.

Does anyone have suggestions on how to get GoDaddy to respond to a take
down request?


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BGP Announcements

[Ryan Harris via mailop]

Thanks Ken and David. It's helpful to get your insight.

On Fri, Apr 6, 2018 at 5:47 AM, David Hofstee 
wrote:

> Hi Ryan,
>
> If spamfilters use machine learning, like the ones at Google, Microsoft,
> Yahoo, Proofpoint (and Cloudmark) then they tend to have a lot of inputs.
> Including "reputation" on AS and IP which may be dependent on changes in
> routing. Because that is one of the tricks that spammers use. This can
> cause weird false-positives (good email being filtered). You may not even
> know that you are doing something wrong, but you may still end up on the
> bad side of filtering because of that.
>
> Thing is, these ML engines are hard to "introspect" (its rules are not
> laid out, but are the result of self tuning internal parameters). It
> decides itself what is bad and not bad. Not even the people managing the
> filter may be able to tell exactly unless they have an example. Or tune it,
> for that matter.
>
> So watch those... I would not worry about the rest.
>
> Yours,
>
>
> David
>
> On 6 April 2018 at 12:21, Ken O'Driscoll via mailop 
> wrote:
>
>> On Thu, 2018-04-05 at 12:21 -0600, Ryan Harris via mailop wrote:
>> > Could this cause other issues I'm not thinking of?
>>
>> I think you just need to make sure that whatever you're doing wouldn't
>> look
>> like hijacking to a (moderately intelligent) machine learning algorithm.
>> And if you're keeping it all under the same AS then it probably wouldn't.
>>
>> I've never personally encountered a problem which was purely caused by
>> reassigning netblocks under the same org.
>>
>> Ken.
>>
>> --
>> Ken O'Driscoll / We Monitor Email
>> t: +353 1 254 9400 | w: www.wemonitoremail.com
>>
>> Need to understand deliverability? Now there's a book:
>> www.wemonitoremail.com/book
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>
>
>
> --
> --
> My opinion is mine.
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] BGP Announcements

[Ryan Harris via mailop]

Hi Mailop,

If we advertised (announced) IP space with a /20 CIDR via BGP for months,
then stopped that advertisement for 7 days and re-advertised but with 2
different /21 CIDR ranges, would this produce a negative effect to our IPs
reputation?

I would think that due to the previous /20 range being advertised
(announced) on BGP this would be a moot issue, but wanted to reach out and
inquire if the change in CIDR or the blackout 7 day period of no
announcement would cause any issues with our reputation or acceptance of
email from those IP ranges.

Could this cause other issues I'm not thinking of?

Thanks for your time and help.


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] BGP Announcements

[Ryan Harris via mailop]

Forgot a key factor, after the 7 day blackout period we would re-advertise
for less than a month before using IPs; hence concern over CIDR change or
the lack of 90 days advertising (announcing) the /21s via BGP.

On Thu, Apr 5, 2018 at 12:20 PM, Ryan Harris  wrote:

> Hi Mailop,
>
> If we advertised (announced) IP space with a /20 CIDR via BGP for months,
> then stopped that advertisement for 7 days and re-advertised but with 2
> different /21 CIDR ranges, would this produce a negative effect to our IPs
> reputation?
>
> I would think that due to the previous /20 range being advertised
> (announced) on BGP this would be a moot issue, but wanted to reach out and
> inquire if the change in CIDR or the blackout 7 day period of no
> announcement would cause any issues with our reputation or acceptance of
> email from those IP ranges.
>
> Could this cause other issues I'm not thinking of?
>
> Thanks for your time and help.
>
>
> Ryan
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Best practices for Google Postmaster Tools?

[Ryan Harris via mailop]

Hello,

> > 1) Is there an upper limit on how many authenticated domains can be
> added for tracking?
>
> I have 160+ domains and didn't hit a limit so far
>
Consider also applying dual dkim. It can be helpful to see all of your IPs
reputation under a single, or handful of domains.


> > 2) Does anyone know if an API is planned/in the works for GPT?
>
> Yes
>
> https://wordtothewise.com/2017/10/tell-us-use-gmail-postmaster-tools/
>
> https://wordtothewise.com/2017/10/google-postmaster-tools-last-chance/
>
> https://wordtothewise.com/2017/11/gmail-survey-rough-analysis/
>
> no ETA, we tried to make some noise to raise priority, and hope to get
> some news in the coming weeks, but no guarantee
>
Every year it sounds like an API is "just around the quarter." At this
point I think it's a story in a backlog that wont see the light of day for
a long time.

> 3) Given the current lack of an API, does Google frown on scraping data
> from GPT?
>
> Some big ESPs do it. They still seem alive today.
>
> > We'd like to make more use of it, but the support around it is sparse
> right now, and the information I've been able to find on how other ESPs are
> implementing the data is also quite limited.
>
> You might want to consider joining M3AAWG
>
Scraping is doable and allowed (I assume so long as you don't hammer away
at their site), but it's scraping and can be painful at times. How senders
are using postmaster.google.com data is a discussion that frequently
happens at MAAWG.


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] New Service Snowshoes for Customers through Sparkpost, Sendgrid, MailChimp Mandrill, SendMail, MailGun, MailJet, Amazon AWS, and more

[Ryan Harris via mailop]

Hello,

Further investigation on their website led to  FB profile which led to "plr
profits club." A search on that business, as well as David Henry came up
with an account which has been suspended. It does not appear they are
sending on behalf of their own customers on our platform, merely on behalf
of themselves and hiding as plr profits club. I did see they were using
URLs that went to the inboxingpro domain.

Thanks for hollering about the logos Anne. Our legal team is looking into
that as well.


Ryan

On Mon, Sep 25, 2017 at 8:51 AM, Richelo Killian  wrote:

> Pretty sure it will be very short lived.
>
> From the demo, looks like they are using MailWizz (
> http://www.mailwizz.com/) SaaSified, modified a bit to work with those
> API senders, and presented as a solution.
>
> Pretty sure the fine folks at the mentioned ESP’s will catch on quickly.
>
> Most that can be done now is to notify them of this site, and hope they
> shut them down ASAP.
>
> Over 10 years in this business, and never cease to be amazed at the length
> these idiots will go to get their spam out there!
>
> Kind Regards,
>
> Richelo Killian
>
> On September 25, 2017 at 16:40:46, Anne P. Mitchell Esq. (
> amitch...@isipp.com) wrote:
>
> I just became aware of a business that is taking advantage of the free
> services offered by MailChimp Mandrill, Sendmail, MailGun, MailJet,
> SparkPost, Sendgrid, and others to get their customers around filters,
> essentially creating a snowshoe scenario using the APIs of these ESPs.
>
> (See screenshot for the ESPs they are featuring on their site - and I'm
> sure they are using others such as CC - and pretty much any ESP that offers
> an API and a free account.)
>
> Here is some of their sales pitch:
>
> "It’s a little-known fact that some specialist email service providers
> allow you to send emails using a free allocation each month Free emails
> from these email service providers range from 3k per month to a massive
> 150k per month! We have created 6 pre-configured API connections to 6 email
> service providers that provide a free monthly allowance Connecting just 2
> accounts can provide you with 250k emails per month That’s a massive 8000
> emails per day for FREE!
>
> And this is where the magic happens...
>
> We have created complex algorithms in the app that allows you to use these
> email credits for FREE
> You simply set the number of emails the app sends per hour and per month
> If you connect multiple providers the app is configured to send
> the maximum allowance to each provider per hour
> Because you can set the monthly cap,  YOU NEVER EXCEED THE MONTHLY
> ALLOWANCE!
>
> And remember...
>
> ​These services are the best performing email services providers in the
> world
> So, providing you comply with the sending rules and don’t send spam
> You have an extremely valuable resource for free providing
> outstanding email delivery that would cost hundreds of dollars per month
> using other email service providers
>
> Need to send more than 8,000 emails per day?
>
> ​If you have a bigger list and need to send more than 8000 emails per
> day...
> You can connect to 12 of the world’s leading email services providers
> using pre-configure APIs and templates
> The app has built in parallel sending capacity so you can send up to
> 100,000 emails per hour should you wish to!
>
> This is how the pro email marketers set up, do you think any of the major
> brands use monthly services like aweber and get response?
>
> No, they use dedicated email service providers whose sole aim is to
> deliver emails
> Using our app to connect to multiple providers you can ensure you get
> the best possible delivery with NO DOWNTIME AND SEND UNLIMTED EMAILS FOR AS
> LITTLE AS $9 FOR 100,000 EMAILS!
> And remember, you can store unlimited subscribers for free and connect up
> to 12 email service providers below which will save you hundreds of dollars
> per year"
>
> (To those of you representing the businesses in the screenshot, they are
> using your trademarks without permission.)
>
> Here is the website:
>
> https://www.inboxingpro.com/sales-offer/
>
> Any thoughts on how to deal with this?
>
> Anne
>
> Anne P. Mitchell,
> Attorney at Law
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> CEO/President, Institute for Social Internet Public Policy
> Legal Counsel: The CyberGreen Institute
> Member, Cal. Bar Cyberspace Law Committee
> Member, Colorado Cyber Committee
> Member, Elevations Credit Union Member Council
> Member, Board of Directors, Asilomar Microcomputer Workshop
> Ret. Professor of Law, Lincoln Law School of San Jose
> Ret. Chair, Asilomar Microcomputer Workshop
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/

Re: [mailop] Concurrent Messages and Proper Time to Keep a Connection Open

[Ryan Harris via mailop]

What are you optimizing for?  Connection time/overhead?


Optimizing for connection reuse since the overhead of creating connections
is actually high for us. So we want to send as many messages as we can over
a single connection before closing it.

Naturally we don't want to cause unrest within the ecosphere by keeping
connections open for too long.


It would seem kind of pointless to keep a connection open for 10 minutes to
save 2s of connection time, for example.


Agreed, but when you are sending high volumes of email, optimizing the
opening of a connection and reuse of a connection is worth us investigating.


Not that we're the best neighbors in this regard, but we don't reuse
connections for the vast majority of endpoints, just the highest by volume,
and we only keep connections open for potential reuse for 30s.


Appreciate the additional details.


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Concurrent Messages and Proper Time to Keep a Connection Open

[Ryan Harris via mailop]

Hello,

I was curious if anyone had documentation or knew appropriate times to keep
an SMTP connection open and when to close that connection. Would connecting
via telnet to an ISP and watching when that connection closes, be the
source of truth on how long an SMTP connection should be lasting with that
particular ISP? Or would it be best just to hit up postmasters at various
ISPs?

Doing some optimization to our mail server and this question came up.
Wondering how best to find how long to keep an SMTP connection time open
per recipient server. ISPs get angry if you just keep a connection open
forever, but curious if there is an optimal time to close.

Thanks for any help or tips.


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Google IP on Spamhaus

[Ryan Harris via mailop]

Hello,

SendGrid has a client who is also using an IP on google's network. This IP
is blacklisted on an SBL.

Does anyone know how to get google's attention to reach out about a
Spamhaus SBL?

Thanks for everyones time and help!


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Sendgrid people

[Ryan Harris via mailop]

Hello,

Ryan Harris, Manager of Compliance with SendGrid here. I wanted to close
the loop on this thread. We spoke with our client Nationbuilder and
informed them that their client was no longer able to send with SendGrid
due to bad practices and violating our ToS. Nationbuilder agreed and
terminated their client.

As a reminder if anyone has received unwanted email please reach out to
ab...@sendgrid.com. We actively monitor our abuse feed there.


Ryan

On Tue, May 2, 2017 at 7:53 AM, Michelle Sullivan 
wrote:

> Someone want to contact me offlist about one of your customers (
> nationbuilder.com) spamming on behalf of another (the Maltese political
> parties)...?
>
> They've just gone into election mode... and they are spamming me
> personally to a "non published" address (one used solely as registration of
> a domain)..
>
> Reports from other people are being sent to the data protection
> commissioner... people keep asking me if they can add all their spam to the
> SORBS entries.
>
> Regards,
>
> --
> Michelle Sullivan
> http://www.mhix.org/
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Do we need a new list for reporting spam? (Was Re: Admin: This is not a place to report Spam. )

[Ryan Harris via mailop]

It might be helpful to understand why people want to post on email forums
rather than an abuse desk. Is it to gain public attention on the matter? Is
there a bit of shaming going on and the reporter wants the community to
know they are fed up with the ESP? Are people reporting on public forums
b/c they want to know if others are experiencing the same problem?

I think there are good reasons to post spam on a forum, though the ones I
see seem to be more about shaming and wanting quick action, rather than
something more overarching and community reaching.

It almost sounds like a community FBL should be set up rather than an email
forum. I suppose people could use spamcop, though they provide very limited
information to ESPs.

I really like the idea of using DNS to inform the community where to send
abuse reports. Sometimes I see issues Ops teams needing to receive reports
from those querying whois records. This can cause routing issues sometimes.
Also there isn't typically an abuse only contact in whois records. Seems
Tech, Admin, Registrant are what crops up in a whois lookup.


Ryan

On Mon, Apr 10, 2017 at 12:13 PM, Laura Atkins 
wrote:

>
> On Apr 10, 2017, at 10:15 AM, Michael Wise via mailop 
> wrote:
>
>
> ARF.
> And a way to establish contacts automatically.
>
>
> I KNOW! Let’s put it in DNS!
>
> _abusecontact.example.com  TXT 3600 abuse
> _abusecontact.example.net TXT 3600 ab...@example.com
>
> That will solve EVERYTHING!
>
>  Biggest issue in some places (*cough*) is getting the traffic sent OUT.
>
>
> Isn’t that part of what X-ARF is supposed to address?
>
> laura
>
> --
> Having an Email Crisis?  800 823-9674 <(800)%20823-9674>
>
> Laura Atkins
> Word to the Wise
> la...@wordtothewise.com
> (650) 437-0741
>
> Email Delivery Blog: http://wordtothewise.com/blog
>
>
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] SORBS on the list?

[Ryan Harris via mailop]

I replied off-line. Thanks everyone.

On Thu, Dec 1, 2016 at 1:44 PM, Michelle Sullivan 
wrote:

> Michael Ellis wrote:
>
>> Hi,
>>>
>>> Anyone from SORBS on the list? You have a /17 blacklisted for Zombie
>>> activity from 2004 I need to speak to you about.
>>>
>>>
>>> Michelle Sullivan is here I believe. Sorbs is her baby
>>
>>
> Thanks Michael...
>
> Ryan, log a support ticket in the ISP-Support queue and if the support
> person answering you doesn't/isn't able to help ask them to refer the case
> up to me. (Mailing me directly will not help as I can't do anything without
> a support ticket in *all* cases.)
>
> Michelle
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] SORBS on the list?

[Ryan Harris via mailop]

Hi,

Anyone from SORBS on the list? You have a /17 blacklisted for Zombie
activity from 2004 I need to speak to you about.


Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Breathe....

[Ryan Harris via mailop]

Thanks Frank! Appreciate you reminding us to play well with one another.

On Sep 16, 2016 8:34 AM, "Michael Ellis"  wrote:

> > I do not want to talk for the moderator/list owner but we have
> > representatives from all the different types of mail systems, small, big
> > and huge, that are engaged on this list.
> >
> > Please be careful when you approach a problem you are facing, stick to
> the
> > facts, avoid adversarial language.
> >
> > I think we want to keep everyone engaged. I know some issues are
> > frustrating...
> >
> > Thanks
>
>
> +1 from me. It may be frustrating at times but I have never seen anything
> but kindness from everyone here.
>
> Michael Ellis
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] btinternet.com deliverability issues

[Ryan Harris via mailop]

I have had a similar experience with btinternet.com. I tried reaching out
to postmas...@btinternet.com (also due to bounces). I received a reply
right away which made me hopeful, but they asked I reach out to
investigatio...@btinternet.com and then I was met with radio silence.

D:


Ryan

On Wed, Aug 3, 2016 at 9:47 AM, Dickie LaFlamme  wrote:

> We've experienced the same issues with Btinernet. A customer who we've
> been working closely with is fully authenticated and BT still soft bounces
> their mail. When you get in contact with any postmaster address they will
> send one reply back and then never respond again.
>
> Here are the two addresses I've found:
>
> postmas...@btinternet.com
> ipmc24hrsurveillanced...@bt.com
>
> Would love to hear if anyone has any luck in talking with them.
>
> Thanks,
>
> Dickie LaFlamme / Deliverability Specialist ​/ Dyn​
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] google now rejecting google apps domain mail when forwarded?

[Ryan Harris via mailop]

Hi Zube,

I've also noticed an issue similar to this. Some abuse reports we get go
through a Google Apps domain. I've noticed receiving an initial abuse@
sample through google apps works just fine and the message is delivered.
However, if I reply to that email, or if I forward it along, Google gives
me a bounce back message stating they can't send the message b/c it's spam.
Only if I remove the previous content entirely can I reply to these emails.
This does not seem to effect the initial messages delivery, only when I
reply/forward the email will Google Apps let me know the message cannot be
delivered.

Unsure if this is exactly related to what you are bringing up, though it
sounds similar and it's a change I've noticed in the last 2-3 weeks.


Ryan

On Tue, Aug 2, 2016 at 1:11 PM, Zube  wrote:

> Starting this weekend, mail sent from a google apps domain to a user
> on my server who has her email forwarded to a google.com address has
> the email deferred forever with a possibly spurious message:
>
> **
> relay=alt4.gmail-smtp-in.l.google.com. [64.233.186.27], dsn=4.0.0,
> stat=Deferred: 421-4.7.0 [129.82.129.115  15] Our system has
> detected an unusual rate of
> **
>
> I've seen the rate-limiting message before when spam has gotten
> through, but it was always temporary and in this case, it is
> almost certainly not related to spam.
>
> Consider an unused account on the google apps domain (blah) and
> a newly created alias on my server (pm) that forwards to a testing
> account at google that receives essentially no mail.  blah mails to
> pm, my server accepts it and tries to send it along to the testing
> account, but google instantly gives the above rate-limiting message
> and the mail stays in the queue forever.
>
> This problem is almost certainly not a problem with blah since
> it's never used.  It can't be with the pm alias because it hadn't
> existed before.  It can't be with my mail server in general because
> gmail is still accepting mail from it; from a local account, I can
> send without issue.  The cruncher is that if I send to pm from
> a @gmail.com account rather than a google apps domain account,
> everything gets forwarded just fine.
>
> I've come to understand that email forwarding is going away and I
> should start preparing people for it.  But the odd error message and
> that fact that it still works from gmail.com addresses has me more
> than a little perplexed.
>
> Did something recently change with google and accepting mail from
> their apps domains?
>
> Any clues greatly appreciated.
>
> Cheers,
> Zube
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] domain research tools?

[Ryan Harris via mailop]

Domaintools.com is pretty nice. If you pay for their service they have a
reverse whois that can show you other domains that are most likely
connected to the shady domain you are looking at.


Ryan

On Thu, Jul 28, 2016 at 7:37 AM, Kurt Jaeger  wrote:

> Hi!
>
> > Do you do any domain research in the course of your work? If so, what
> tools
> > do you use for research [...]
>
> http://www.domaintools.com/
>
> has some services, for some EUR/$.
>
> --
> p...@opsec.eu+49 171 3101372 4 years to
> go !
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Symantec in the house?

[Ryan Harris via mailop]

Hello,

Ryan from Sendgrid here hoping to speak with Symantec off list. Apparently
something in our headers is upsetting/breaking your system?

Ryan

Ryan
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Multiple DKIM signatures -- any benefit or detriment?

[Ryan Harris via mailop]

I thought that to get the google FBL you have to have a dual DKIM
signature. One that signifies your client, and another that signifies the
ESP sending the mail. This is how Gmail knows how to parse abuse results.

I believe there are other ISPs that ask you to utilize a dual DKIM
signature if you want to receive their FBLs.


Ryan

On Fri, May 20, 2016 at 3:17 PM, Brandon Long via mailop 
wrote:

> Well, the first 5, for now.  We can always raise that, but haven't seen a
> need yet.
>
> Brandon
> On May 20, 2016 1:54 PM, "Michael Rathbun"  wrote:
>
>> On Fri, 20 May 2016 16:36:48 -0400, Jim Popovitch 
>> wrote:
>>
>> >> Anyone flagging multiple signatures as problematic is probably
>> clueless.
>> >
>> >
>> >It's not problematic, but since only 1 signature at a time can be
>> >validated any remaining sigs become basically untrusted ascii data.
>>
>> Gmail definitely evaluates all the signatures.
>>
>> mdr
>> --
>> There's a funny thing that happens when you know the correct
>> answer.  It throws you when you get a different answer that
>> is not wrong.-- Dr Bowman (Freefall)
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Help - Anyone know a GitHub People

[Ryan Harris via mailop]

Responded Off list

On Thu, Feb 25, 2016 at 5:25 AM, Rich Kulawiec  wrote:

> On Thu, Feb 25, 2016 at 07:17:56PM +0800, ?? wrote:
> > I am a postmaster of Netease Inc.(NASDAQ: NTES), we are a professional
> > email service provider in China with domains 163.com, 126.com, yeah.net
> > and etc.
>
> I can't speak for GitHub, but I've had most of those domains blacklisted
> for over a decade because of (a) nonstop spam, phishing, and other forms
> of email abuse (b) failure to respond to abuse reports (c) failure to
> support RFC-2142 mandated role addresses.
>
> ---rsk
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spike in "554 Transaction failed" from Microsoft properties

[Ryan Harris via mailop]

Hello,

We started seeing "554 Transaction failed" rise on the 3rd, the peak
occurred on the 5th like Frank announces. Now there appears to be very low
amount of "554 Transaction failed" today and appears to be normalizing.


Ryan

On Wed, Feb 10, 2016 at 12:50 AM, David Hofstee  wrote:

> Hi Michael,
>
> To put a number on small: From my side, 0.2% is not arriving. Yours
> sincerely,
>
>
> David Hofstee
>
> Deliverability Management
> MailPlus B.V. Netherlands
> -Oorspronkelijk bericht-
> Van: mailop [mailto:mailop-boun...@mailop.org] Namens Michael Wise
> Verzonden: woensdag 10 februari 2016 02:49
> Aan: frnk...@iname.com; mailop@mailop.org
> Onderwerp: Re: [mailop] Spike in "554 Transaction failed" from Microsoft
> properties
>
> It's Not Just You.
> It's being actively investigated, and it appears the impact is small...
> But rest assured it is most certainly being looked at.
>
> Aloha,
> Michael.
> --
> Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been
> Processed." | Got the Junk Mail Reporting Tool ?
>
>
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of
> frnk...@iname.com
> Sent: Friday, February 5, 2016 10:36 PM
> To: mailop@mailop.org
> Subject: Re: [mailop] Spike in "554 Transaction failed" from Microsoft
> properties
>
> Thanks for the additional data points -- so it isn't just me.
>
> What's nasty is that the messages are kicked back to the sender, not just
> delayed.
>
> Frank
>
> -Original Message-
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Frank Bulk
> Sent: Friday, February 05, 2016 5:27 PM
> To: mailop@mailop.org
> Subject: [mailop] Spike in "554 Transaction failed" from Microsoft
> properties
>
> Today we had an abnormal number of messages that failed to deliver to
> Microsoft properties due to "554 Transaction failed".
>
> We had 31 today, but only 6 over the previous 7 days.
>
> Now some are email blasts from churches, so perhaps they are emailing
> specific content, but I don't know what the "554 Transaction failed" means.
>
> Frank
>
> Here's a sanitized list from today:
>
>  5 08:52:28.00 [104824074] Failed 
>  18208 <000501d16024$d63bafa0$82b30ee0$@net> "Site
>
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Zz%2bIzRcOA5l%2bjALWkM%2f6ldcrVwviqIzHxoWI97c7oAI%3d
> (207.46.8.167) said in response to MAIL FROM (554 Transaction
> failed)"
>  5 08:55:19.00 [104824142] Failed  
> 183286 <56B4B7C3.49.03428@GERRIT-PC> "Site
> https://na01.safelinks.protection.outlook.com/?url=msn.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=yeET3nRGkfNKjqnW6xQh2p%2b66plN%2fw%2bdEHSUSFMP5Ys%3d
> (207.46.8.167) said
> in response to MAIL FROM (554 Transaction failed)"
>  5 09:07:09.00 [104825044] Failed 
> "[127.0.0.1]
> Site
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Zz%2bIzRcOA5l%2bjALWkM%2f6ldcrVwviqIzHxoWI97c7oAI%3d
> (207.46.8.199) said in response to MAIL FROM (554
> Transaction failed)"
>  5 12:05:35.00 [104837331] Failed 
> "[199.120.69.25] Site
> https://na01.safelinks.protection.outlook.com/?url=live.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=dvlk2p56HE4bfdWLj%2ba2xWIzVSHcK0sKG3ARwLD4CsI%3d
> (207.46.8.167) said in response to MAIL FROM
> (554 Transaction failed)"
>  5 14:37:36.00 [104845849] Failed 
> "[127.0.0.1]
> Site
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Zz%2bIzRcOA5l%2bjALWkM%2f6ldcrVwviqIzHxoWI97c7oAI%3d
> (65.55.33.135) said in response to MAIL FROM (554
> Transaction failed)"
>  5 14:37:36.00 [104845849] Failed 
> "[127.0.0.1]
> Site
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Zz%2bIzRcOA5l%2bjALWkM%2f6ldcrVwviqIzHxoWI97c7oAI%3d
> (65.55.33.135) said in response to MAIL FROM (554
> Transaction failed)"
>  5 14:37:36.00 [104845849] Failed 
> "[127.0.0.1]
> Site
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96445b8b0708d32ec123d0%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Zz%2bIzRcOA5l%2bjALWkM%2f6ldcrVwviqIzHxoWI97c7oAI%3d
> (65.55.33.135) said in response to MAIL FROM (554
> Transaction failed)"
>  5 14:37:36.00 [104845849] Failed 
> "[127.0.0.1]
> Site
> https://na01.safelinks.protection.outlook.com/?url=hotmail.com&data=01%7c01%7cmichael.wise%40microsoft.com%7c01a56ea54d96