Re: [mailop] DMARC question

2016-06-28 Thread Michael Wise via mailop 

To the last question ... Yes. Unfortunately.
Happens all the time, and while it's not frequent, it's a headache.

Aloha,
Michael.
-- 
Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been 
Processed." | Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Hal Murray
Sent: Tuesday, June 28, 2016 9:07 AM
To: mailop@mailop.org
Cc: Hal Murray 
Subject: Re: [mailop] DMARC question


Al Iverson  said:
>> best done by implementing SRS/PRVS/BATV: it creates time-limited
> Do this for years on a high traffic environment with lots of mail and 
> lots of users and lots of individual bounces to track, then you'll 
> find that you're fending off zillions of connection attempts, spammers 
> trying to deliver to those one time addresses, as they get out in the 
> wild, end up found by spambots, etc. ...

Is that also a gold mine of information?

What fraction of that crap comes from ESPs as compared to spambots/zombies?  
What fraction of the zombies are already on major block lists?

Are there occasional legitimate attempts to use a stale address?



--
These are my opinions.  I hate spam.




___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7cedd174eb99e748161c9a08d39f6f41c2%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2bago8ijJ09CjI4ZOKOPfBEQZ4WLRFxC5ayc0Vz7SXeU%3d
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DMARC question

2016-06-28 Thread Hal Murray 

Al Iverson  said:
>> best done by implementing SRS/PRVS/BATV: it creates time-limited
> Do this for years on a high traffic environment with lots of mail and lots
> of users and lots of individual bounces to track, then you'll find that
> you're fending off zillions of connection attempts, spammers trying to
> deliver to those one time addresses, as they get out in the wild, end up
> found by spambots, etc. ... 

Is that also a gold mine of information?

What fraction of that crap comes from ESPs as compared to spambots/zombies?  
What fraction of the zombies are already on major block lists?

Are there occasional legitimate attempts to use a stale address?



-- 
These are my opinions.  I hate spam.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DMARC question

2016-06-26 Thread Al Iverson 
On Sat, Jun 25, 2016 at 2:29 PM, Sander Smeenk via mailop
 wrote:
> Quoting Terry Barnum (terry...@gmail.com):
>
>> I've been checking our newly configured DMARC status on the
>> (excellent) dmarcian.com site. We're being joe jobbed every 2 weeks so
>> I'm hoping DMARC severely cuts into that spammer's delivery success. I
>> still hate getting all the undeliverable bounce notices though.
>
> In addition to what has been said, keeping "false bounces" at bay is
> best done by implementing SRS/PRVS/BATV: it creates time-limited
> "envelope from"-addresses and you can reject any null-sender message
> directed at a non-{srs,prvs,batv}-addresses...

Do this for years on a high traffic environment with lots of mail and
lots of users and lots of individual bounces to track, then you'll
find that you're fending off zillions of connection attempts, spammers
trying to deliver to those one time addresses, as they get out in the
wild, end up found by spambots, etc. The amount of traffic we get like
this borders on the insane. Retiring per-recipient bounce addresses
keeps the traffic out of the mailboxes, but your rejected connection
attempts will go up what I would guess to be exponentially. It's a
trade off, not a magic fix.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DMARC question

2016-06-25 Thread Michelle Sullivan 

Sander Smeenk via mailop wrote:

Quoting Terry Barnum (terry...@gmail.com):


I've been checking our newly configured DMARC status on the
(excellent) dmarcian.com site. We're being joe jobbed every 2 weeks so
I'm hoping DMARC severely cuts into that spammer's delivery success. I
still hate getting all the undeliverable bounce notices though.

In addition to what has been said, keeping "false bounces" at bay is
best done by implementing SRS/PRVS/BATV: it creates time-limited
"envelope from"-addresses and you can reject any null-sender message
directed at a non-{srs,prvs,batv}-addresses...




Which violates the RFCs, and causes all sorts of problems.

Null Sender addressed email != bounces

Null sender addressed email is any email that is automated where one 
wishes to avoid mailing loops such as bounce messages and robot 
generated messages... Or webform triggered registration email validation 
emails where not an insignificant number are deliberately fake and/or 
have typos... for example.


--
Michelle Sullivan
http://www.mhix.org/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DMARC question

2016-06-25 Thread Sander Smeenk via mailop 
Quoting Terry Barnum (terry...@gmail.com):

> I've been checking our newly configured DMARC status on the
> (excellent) dmarcian.com site. We're being joe jobbed every 2 weeks so
> I'm hoping DMARC severely cuts into that spammer's delivery success. I
> still hate getting all the undeliverable bounce notices though.

In addition to what has been said, keeping "false bounces" at bay is
best done by implementing SRS/PRVS/BATV: it creates time-limited
"envelope from"-addresses and you can reject any null-sender message
directed at a non-{srs,prvs,batv}-addresses...

-Sndr.
-- 
| Recursive, adj.; See Recursive
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DMARC question

2016-06-24 Thread Lena 
> I'm curious if someone can explain why a few sites
> have a "local_policy" that overrides our DMARC settings.

Perhaps because DMARC breaks discussion mailing lists
like this one.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DMARC question

2016-06-24 Thread Rolf E. Sonneveld 

Hi, Terry,

On 24-06-16 09:14, Terry Barnum wrote:
I've been checking our newly configured DMARC status on the 
(excellent) dmarcian.com  site. We're being 
joe jobbed every 2 weeks so I'm hoping DMARC severely cuts into that 
spammer's delivery success. I still hate getting all the undeliverable 
bounce notices though.


I'm curious if someone can explain why a few sites have a 
"local_policy" that overrides our DMARC settings. The reporting 
Providers for these are 126.com and 163.com. It's only 8 messages or 
so in the last 4 days so not a huge deal but I'm curious. 


[...]

because DMARC still is only an advise on what to do with mail that 
doesn't pass a DMARC check. At the end of the day, it is still the 
'receiver' that decides what to do with mail that doesn't pass DMARC 
verification (but may still be legitimate, solicited mail). You may want 
to have a look at 
https://datatracker.ietf.org/doc/draft-ietf-dmarc-interoperability/ to 
see why...


/rolf
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop