Re: [mailop] Mails to microsoft

[G. Miliotis]

On 16/2/2017 00:40, John Levine wrote:

OVH used to be hopeless but after some firm whacks they have started
to clean up, and their delivery while not great is not hopeless.


Define "whacks"?



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mi den 15. Feb 2017 um 18:06 schrieb Al Iverson:
> On Wed, Feb 15, 2017 at 11:23 AM, Klaus Ethgen  wrote:
> 
> >> If Hertzner cared they could sign up for the MS SNDS program and see a 
> >> list of all the IPs that were currently blocked.
> >
> > So you want them to sign up for every existing mail provider to check
> > regularly if they might have been blocked cause the mail provider do not
> > like them as they have blue colored servers.
> 
> Yes, that is what most of us who are paid to send email do. Email
> Service Providers (ESPs) help their clients monitor this sort of
> thing, by signing up for SNDS, using seedlist testing from companies
> like Return Path and 250OK, monitor for blacklistings, and so forth.

Well, I did not speak about blacklists. That, every mail provider, paid
or not paid, should care about.

I spoke about more or less big competing mail providers with a more or
less crazy way to sign up (if ever).

The point is, that microsoft tries to play god and forces all others to
play their way. Even if there are much bigger mail providers out there.

I was myself a so called "paid to send email" and not only once. So I
think I know what to monitor and what not. Getting proactive with all
thousands of mailproviders out there is nothing you can handle; Maybe
with a big team, but no mail provider will pay a team big enough. My
experiences are more that the one who has to care about mail is a single
one or a pretty small group.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlilZioACgkQpnwKsYAZ
9qxsAwwAgo+qMy2L5Oc/monUuhTRfRp6lrMA3K9OQ0/5RPzUW8xs95baXy5mbRRK
2WvkT5Se5r5xbREt91d5EpIATA54bjD1r0dqf2gz8a/NpC94loxwg+lhyZV9ePTn
DD1iGYED5N30aB+VdE5Ntc4xeBENwYMilgyaCfxNxh2bfWmwLlLrISM+BlIVeKSX
sgwcPdaIjJPC4igHuTghkFFqArnNdcLbrwfB3ZtbM7wTPEjffWpLkGCSIZGIL59H
buyZilacCdUacJ6B4GeTOjw431KQmjoR6KLy7KcZOl54m70BY3J/zu0fMc+byVqT
lhHFno0DCzAQXlQUyEHWHfPPejxm6e+si4rPGHo+LgvMEsCxXC/L/lrc3vIDshe4
GsZtx2AYP6aNAPN54PBzrzntJZd5dH0NOnNSNHQthfjqNRyQ+CXDHAxYx1ZPfWON
PGXf/pSbFcP/s9UWNzhLMy/3j5/7u++gwxl6LXtwRxKIHStyw4wR8BbRHtCHmDK7
jDwDmsJR
=WFpn
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Phil Pennock]

On 2017-02-15 at 22:40 -, John Levine wrote:
> I like DO for web hosting and their provisioning is great, but I
> wouldn't try to send mail from DO.

DO block port 25 outbound on IPv6.  So I wouldn't, either.

(I was going to put a monitoring box on a new DO VPS, away from my
regular colo, but this and other IPv6 issues means I have to keep DO for
inbound-connection-only stuff and I probably won't be bringing up any
more VMs there.)

-Phil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John Levine]

>One thing I'm wondering: If deliverability with Hetzner is already bad is
>there any chance to deliver anything at all from a OVH/DigitalOcean/AWS ip?
>(just to get a sense of how problematic Hetzner is)

OVH used to be hopeless but after some firm whacks they have started
to clean up, and their delivery while not great is not hopeless.

Ditto AWS, partly because they cleaned up, partly because they now
have enough well known legit senders that the collateral damage from
broad blocks would be unbearable.

I like DO for web hosting and their provisioning is great, but I
wouldn't try to send mail from DO.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Al Iverson]

On Wed, Feb 15, 2017 at 12:46 PM, G. Miliotis  wrote:
> On 15/2/2017 19:06, Al Iverson wrote:
>>
>> Yes, that is what most of us who are paid to send email do. Email
>> Service Providers (ESPs) help their clients monitor this sort of
>> thing, by signing up for SNDS, using seedlist testing from companies
>> like Return Path and 250OK, monitor for blacklistings, and so forth.
>
>
> Just because you provide that service doesn't mean most people can afford it
> or should in fact be forced to use it. Your argument sounds like "if you
> can't pay guys like me, you shouldn't be sending mail". And that's, at the
> very least, elitist, IMHO.

I think you are perhaps confusing me with somebody else. I didn't
build Microsoft's SNDS, Google Postmaster Tools, or any of the
delivery monitoring tools offered by 250OK or Return Path. Nor do I
represent any of these companies. I am an employee of an email service
provider who uses tools like these to monitor email deliverability for
our clients.

If Hetzner doesn't choose to do the same...that's a bummer. Not my
bummer, though.

I'm not saying you have to monitor deliverability to many thousands of
ISPs, but it is fairly easy to identify the top 5, top 10, or top 25
domains most customers send to.

You don't like this. I get that. Thank spam for ruining it for
everyone. You can either cry and shake your fist at the heavens to no
avail, or you can deal with it. I choose to just deal with it.

Cheers,
Al Iverson

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[G. Miliotis]

On 15/2/2017 19:06, Al Iverson wrote:

Yes, that is what most of us who are paid to send email do. Email
Service Providers (ESPs) help their clients monitor this sort of
thing, by signing up for SNDS, using seedlist testing from companies
like Return Path and 250OK, monitor for blacklistings, and so forth.


Just because you provide that service doesn't mean most people can 
afford it or should in fact be forced to use it. Your argument sounds 
like "if you can't pay guys like me, you shouldn't be sending mail". And 
that's, at the very least, elitist, IMHO.


If I'm running a list for an e-shop with 5000 recipients I can possibly 
afford you. If I'm a local e-shop with 50-100 people on a list, I won't. 
And I argue it sucks that I'd be forced to. Also, if I don't deliver to 
e.g. 10 of my recipients that's 10% of my list.


Small scale servers and cloud providers are flourishing for a reason: 
they provide a service that is needed and they're actually helping small 
businesses get off the ground. If you have to pay the equivalent of 
protection money to send email, that is most definitely a sad state of 
affairs.


--GM



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[G. Miliotis]

On 15/2/2017 18:46, Laura Atkins wrote:


The statement I was replying to said MS should announce what they’re 
blocking. I pointed out that MS does provide that information to the 
appropriate parties. The sign up process is about ownership and 
confirming that the person asking for the data has some operational 
responsibility and can make changes if they so choose.
That is inaccurate. MS provides information to the provider themselves 
(hetzner), not its prospective customers, i.e. everyone. I was 
discussing the latter.
You don't need ownership verification to identify the provider, there 
are NICs for this.


And, yes, many network providers sign up at “all the mailbox 
providers” to keep tabs on their networks.
In fact, Hetzner does sign up. I can see them in SNDS for all my Hetzner 
servers.



--GM

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

On 17-02-15 08:45 AM, Felix Schwarz via mailop wrote:


Am 15.02.2017 um 17:08 schrieb Laura Atkins:

If Hertzner cared they could sign up for the MS SNDS program and see a list of
all the IPs that were currently blocked.


They do that already (as Hetzner customers can see when registering a Hetzner
IP in SNDS). AFAIK they also monitor IP blacklists for their IP range.

One thing I'm wondering: If deliverability with Hetzner is already bad is
there any chance to deliver anything at all from a OVH/DigitalOcean/AWS ip?
(just to get a sense of how problematic Hetzner is)

Felix


From our observations.. depends..

Both OVH and Hetzner provide 'rwhois/SWIP' for parts of their ranges, 
and those parts are less problematic. The parts with no 'rwhois' are 
problematic.


Digital Ocean/AWS, and for that matter any cloud provider that 'rents' 
IP(s) for short time intervals, will be problematic, especially if they 
don't bother to SWIP/rwhois that you are allocated those IP(s).


And as more operators get into this space (Azure here in North America) 
and many others worldwide..


If you don't have the IP(s) long enough to justify SWIP/rwhois, then 
probably don't want email from you ;)


But it comes down to this, if your hosting provider doesn't bother to 
monitor the outbound activity, they will likely be a bad place for you 
to make a home for legitimate services..




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Al Iverson]

On Wed, Feb 15, 2017 at 11:23 AM, Klaus Ethgen  wrote:

>> If Hertzner cared they could sign up for the MS SNDS program and see a list 
>> of all the IPs that were currently blocked.
>
> So you want them to sign up for every existing mail provider to check
> regularly if they might have been blocked cause the mail provider do not
> like them as they have blue colored servers.

Yes, that is what most of us who are paid to send email do. Email
Service Providers (ESPs) help their clients monitor this sort of
thing, by signing up for SNDS, using seedlist testing from companies
like Return Path and 250OK, monitor for blacklistings, and so forth.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Kurt Jaeger]

Hi!

> There's what, 3 major providers? Hotmail, Gmail, Yahoo.
> 
> That's not a lot to sign up for.

baidu, web.de, gmx.de, t-online.de, the french players,
.

There's a lot out there...

-- 
p...@opsec.eu+49 171 3101372 3 years to go !

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Laura Atkins]

> On Feb 15, 2017, at 8:23 AM, Klaus Ethgen  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Am Mi den 15. Feb 2017 um 17:08 schrieb Laura Atkins:
>> 
>>> On Feb 15, 2017, at 6:51 AM, G. Miliotis  wrote:
>>> 
>>> On 15/2/2017 16:12, David Schweikert wrote:
 In other words: if Hetzner doesn't behave well according to accepted
 common rules, they should be publicly marked as such, so that it becomes
 a problem between Hetzner and Microsoft
>>> 
>>> MS doesn't care about hetzner's customers and vice versa.
>>> 
>>> Now if MS actually took responsibility for their blocks and effectively 
>>> announced that "here's a list of cloud and server providers where we've 
>>> blocked /16's" or a count of how many blocks they have per ISP, that would 
>>> make hetzner move. Cause the customers could point at that and say, "screw 
>>> you, I'm not buying your server, I can't talk to hotmail???.
>> 
>> If Hertzner cared they could sign up for the MS SNDS program and see a list 
>> of all the IPs that were currently blocked. 
> 
> So you want them to sign up for every existing mail provider to check
> regularly if they might have been blocked cause the mail provider do not
> like them as they have blue colored servers.

The statement I was replying to said MS should announce what they’re blocking. 
I pointed out that MS does provide that information to the appropriate parties. 
The sign up process is about ownership and confirming that the person asking 
for the data has some operational responsibility and can make changes if they 
so choose. 

And, yes, many network providers sign up at “all the mailbox providers” to keep 
tabs on their networks. 

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Felix Schwarz via mailop]

Am 15.02.2017 um 17:08 schrieb Laura Atkins:
> If Hertzner cared they could sign up for the MS SNDS program and see a list of
> all the IPs that were currently blocked. 

They do that already (as Hetzner customers can see when registering a Hetzner
IP in SNDS). AFAIK they also monitor IP blacklists for their IP range.

One thing I'm wondering: If deliverability with Hetzner is already bad is
there any chance to deliver anything at all from a OVH/DigitalOcean/AWS ip?
(just to get a sense of how problematic Hetzner is)

Felix

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Eric Henson]

There's what, 3 major providers? Hotmail, Gmail, Yahoo.

That's not a lot to sign up for.


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Klaus Ethgen
Sent: Wednesday, February 15, 2017 10:23 AM
To: mailop@mailop.org
Subject: Re: [mailop] Mails to microsoft

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mi den 15. Feb 2017 um 17:08 schrieb Laura Atkins:
> 
> > On Feb 15, 2017, at 6:51 AM, G. Miliotis  wrote:
> > 
> > On 15/2/2017 16:12, David Schweikert wrote:
> >> In other words: if Hetzner doesn't behave well according to 
> >> accepted common rules, they should be publicly marked as such, so 
> >> that it becomes a problem between Hetzner and Microsoft
> > 
> > MS doesn't care about hetzner's customers and vice versa.
> > 
> > Now if MS actually took responsibility for their blocks and effectively 
> > announced that "here's a list of cloud and server providers where we've 
> > blocked /16's" or a count of how many blocks they have per ISP, that would 
> > make hetzner move. Cause the customers could point at that and say, "screw 
> > you, I'm not buying your server, I can't talk to hotmail???.
> 
> If Hertzner cared they could sign up for the MS SNDS program and see a list 
> of all the IPs that were currently blocked. 

So you want them to sign up for every existing mail provider to check regularly 
if they might have been blocked cause the mail provider do not like them as 
they have blue colored servers.

Sorry to be a bit cynic but that is the same cynic.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C -BEGIN PGP 
SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlikgGcACgkQpnwKsYAZ
9qyu+wv/W13SgqkuPabLtuD0ePOCqdFuMIVSM0I311WiDDgoZybrVAUJb7bHQ7hd
nE6LefSwVswuTGj3zDy234nktgNmSrXRmhfwfsYJVptPEZpDOG4J9hOks4yEE7c3
wZmR05TTqKphXnvYWZ44p0fJ20g0TcIhol81tdTQaUYxbEsk/SM/x6UxQzeqR/tQ
ATE6puiUsSAy7Hd2Xt94FuNe3iuwXmdhiqyvFLQaw9JrRWBhu5zwUiBFrnk8x/R4
cBYolnSAKSdDhqd8m9qKEXWnfx2D3Rmqnb6WgU/LTXQSLo4HNP3wcRb3mDIISzJu
Pn/5Y/k6GAELmAWsi+mr3vdsRiLysCeYnWiSMoOikkiYTVaNht3avVt0xTSJl43y
ocfJtBVHEY8872czf7u1ZpatuKcOYA/6No4NkJ1OGJBiNjcoNbGz6apXmlotMF2u
kj1iq86k+GxDBbGImRYs9dTRPNyIMAn/6W+r3ezJpYnOwwN32Q2O7fkiT9fOB55V
8kRgNBvd
=legx
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mi den 15. Feb 2017 um 17:08 schrieb Laura Atkins:
> 
> > On Feb 15, 2017, at 6:51 AM, G. Miliotis  wrote:
> > 
> > On 15/2/2017 16:12, David Schweikert wrote:
> >> In other words: if Hetzner doesn't behave well according to accepted
> >> common rules, they should be publicly marked as such, so that it becomes
> >> a problem between Hetzner and Microsoft
> > 
> > MS doesn't care about hetzner's customers and vice versa.
> > 
> > Now if MS actually took responsibility for their blocks and effectively 
> > announced that "here's a list of cloud and server providers where we've 
> > blocked /16's" or a count of how many blocks they have per ISP, that would 
> > make hetzner move. Cause the customers could point at that and say, "screw 
> > you, I'm not buying your server, I can't talk to hotmail???.
> 
> If Hertzner cared they could sign up for the MS SNDS program and see a list 
> of all the IPs that were currently blocked. 

So you want them to sign up for every existing mail provider to check
regularly if they might have been blocked cause the mail provider do not
like them as they have blue colored servers.

Sorry to be a bit cynic but that is the same cynic.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlikgGcACgkQpnwKsYAZ
9qyu+wv/W13SgqkuPabLtuD0ePOCqdFuMIVSM0I311WiDDgoZybrVAUJb7bHQ7hd
nE6LefSwVswuTGj3zDy234nktgNmSrXRmhfwfsYJVptPEZpDOG4J9hOks4yEE7c3
wZmR05TTqKphXnvYWZ44p0fJ20g0TcIhol81tdTQaUYxbEsk/SM/x6UxQzeqR/tQ
ATE6puiUsSAy7Hd2Xt94FuNe3iuwXmdhiqyvFLQaw9JrRWBhu5zwUiBFrnk8x/R4
cBYolnSAKSdDhqd8m9qKEXWnfx2D3Rmqnb6WgU/LTXQSLo4HNP3wcRb3mDIISzJu
Pn/5Y/k6GAELmAWsi+mr3vdsRiLysCeYnWiSMoOikkiYTVaNht3avVt0xTSJl43y
ocfJtBVHEY8872czf7u1ZpatuKcOYA/6No4NkJ1OGJBiNjcoNbGz6apXmlotMF2u
kj1iq86k+GxDBbGImRYs9dTRPNyIMAn/6W+r3ezJpYnOwwN32Q2O7fkiT9fOB55V
8kRgNBvd
=legx
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Laura Atkins]

> On Feb 15, 2017, at 6:51 AM, G. Miliotis  wrote:
> 
> On 15/2/2017 16:12, David Schweikert wrote:
>> In other words: if Hetzner doesn't behave well according to accepted
>> common rules, they should be publicly marked as such, so that it becomes
>> a problem between Hetzner and Microsoft
> 
> MS doesn't care about hetzner's customers and vice versa.
> 
> Now if MS actually took responsibility for their blocks and effectively 
> announced that "here's a list of cloud and server providers where we've 
> blocked /16's" or a count of how many blocks they have per ISP, that would 
> make hetzner move. Cause the customers could point at that and say, "screw 
> you, I'm not buying your server, I can't talk to hotmail”.

If Hertzner cared they could sign up for the MS SNDS program and see a list of 
all the IPs that were currently blocked. 

laura 

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[G. Miliotis]

On 15/2/2017 16:12, David Schweikert wrote:

In other words: if Hetzner doesn't behave well according to accepted
common rules, they should be publicly marked as such, so that it becomes
a problem between Hetzner and Microsoft


MS doesn't care about hetzner's customers and vice versa.

Now if MS actually took responsibility for their blocks and effectively 
announced that "here's a list of cloud and server providers where we've 
blocked /16's" or a count of how many blocks they have per ISP, that 
would make hetzner move. Cause the customers could point at that and 
say, "screw you, I'm not buying your server, I can't talk to hotmail".


I bet they'd care then.

--GM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[David Schweikert]

On Wed, Feb 15, 2017 at 00:00:51 +, Phil Pennock wrote:
> > I'm not sure if I'm special if I would like my mails to get delivered
> > when my server is not doing anything wrong?
> 
> Rent on a storefront in a well-policed clean part of town is higher than
> rent on a back-alley where the streets are being reclaimed by the swamp.
> 
> There is a reason for this.
> 
> If your mail-server is sited in a swamp, you will have deliverability
> issues, no matter how well run that one server is.  No matter how cheap
> the swamp is or how many people are slumming it in shacks there.

From a sender perspective, it isn't clear that it is a swamp, and that's
the main problem, in my opinion. Hetzner is a very large german hoster,
and it isn't recognisable for a small domain sysadmin, that he/she
shouldn't choose them.

Unlike Spamhaus or any other public RBL, you can't easily check what
netblock is blacklisted at hotmail (and others). Transparency is
important, and makes it possible for senders to act, if they are listed.
Also, it makes the recipients accountable for what they block.

In other words: if Hetzner doesn't behave well according to accepted
common rules, they should be publicly marked as such, so that it becomes
a problem between Hetzner and Microsoft, and not the problem of small
domain sysadmins that are collateral damage of the blacklisting.

I'd also like to mention that even implementing mail authentication with
SPF/DKIM/DMARC, didn't help me not being blocked by hotmail and
live.com.

Cheers
David

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Phil Pennock]

On 2017-02-14 at 16:28 +0100, Sebastian Wiesinger wrote:
> I'm not sure if I'm special if I would like my mails to get delivered
> when my server is not doing anything wrong?

Rent on a storefront in a well-policed clean part of town is higher than
rent on a back-alley where the streets are being reclaimed by the swamp.

There is a reason for this.

If your mail-server is sited in a swamp, you will have deliverability
issues, no matter how well run that one server is.  No matter how cheap
the swamp is or how many people are slumming it in shacks there.

IP address-space is not all equal, and idealistic attempts to treat it
as such keep running into scaling issues of bell-curve populations and
human nature.  The SYN packets might get through, but much more than
that is more open to question.

I outright reject connections from address-space in the Spamhaus DROP
list; you won't even get an SMTP banner, the firewalls just block that
space outright.  So not even the SYN gets through.

There are shades and degrees of badness.  You can be not on the DROP
list, but if you're in known dynamic cloud-space then you might be
_required_ to use DKIM, to assert a domain identity, because IP
reputation in something where an IP change is an API call away is
worthless.  (I used to have that check, it's currently disabled pending
a refactoring of some stuff).

And past that, places which allow spam to flow for 48 hours at a time
are going to have a strongly negative baseline reputation for the
netblock and you're then stuck doing everything you can to try to
convince desired recipients that your mail might stand out as different.

I can't say it enough, _every_ postmaster needs to read "Sender
Reputation in a Large Webmail Service" by Bradley Taylor:

  https://research.google.com/pubs/author70.html

-Phil

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Sebastian Wiesinger]

* John R Levine  [2017-02-14 15:06]:
> >These kind of deliverability problems where causing so much pain to my
> >(few) users, that I decided to move my mail domain to gmail about a year
> >ago. That was the only reason. It's the death of small mail servers.
> 
> I get mail from plenty of small mail servers, but the people who run them
> understand that they are not special, and they need to run their mail
> servers in ways that don't cause pain to their recipients.

I would say my mailserver is not causing pain to anyone. :) I take
great lengths to make sure it's running smoothly and without any
problems to my users AND to the recipients. It's rather people
blocking it for the neighborhood its located in that are causing me
pain...

I'm not sure if I'm special if I would like my mails to get delivered
when my server is not doing anything wrong?

Sebastian

-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John R Levine]

These kind of deliverability problems where causing so much pain to my
(few) users, that I decided to move my mail domain to gmail about a year
ago. That was the only reason. It's the death of small mail servers.


I get mail from plenty of small mail servers, but the people who run them 
understand that they are not special, and they need to run their mail 
servers in ways that don't cause pain to their recipients.


Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Evert Mouw]

Hi,

Op 14-2-2017 om 03:23 schreef Andreas Ziegler:

regarding Hetzner:
if there is any spam, from hacked accounts for example, Hetzner contacts
you and if you don't react and solve the issue within 48h they block
your server.
so much for incompetent, you're blaming the wrong ones.

A *lot* of spam can be send in 48 hours.

When XS4all detects that you are part of a zombie network, they block you 
immediately, and contact you later. You have to explain the steps you took 
before they unblock you. A great service to avoid ending up on blocklists ;)

Regards, Evert

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Evert Mouw]

Hi,

Op 14-2-2017 om 11:20 schreef David Schweikert:

These kind of deliverability problems where causing so much pain to my
(few) users, that I decided to move my mail domain to gmail about a year
ago. That was the only reason. It's the death of small mail servers.

I'm running a 3-user mail server from my home in in The Netherlands, using 
XS4all (one of the best ISP's over here). I've had no problems for the last 10 
years or so. So YMMV. Also, I like this mailing list very much. The mailops of 
big companies show up, which gives confidence in an open communication culture.

That being said, I don't like netblocks either if such a block does not 
correspondent with a physical network.

Regards, Evert

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[David Schweikert]

Hi John,

On Mon, Feb 13, 2017 at 16:52:00 -, John Levine wrote:
> Your server is in 176.9/16.  On my network, I've blocked all mail from
> that /16 formany years, with never a user complaint.  If the mail logs
> are a guide, Hetzner's customers consist entirely of dusty botted web
> servers. 

I remember wanting to send you a mail a while ago from my hetzner-hosted
mail server, and the mail was blocked, so you have at least one user:
you :)

Anyway: personally I think that these blocks cause more harm than the
spam mails themselves. A lot of collateral damage.

These kind of deliverability problems where causing so much pain to my
(few) users, that I decided to move my mail domain to gmail about a year
ago. That was the only reason. It's the death of small mail servers.

Cheers
David

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Sebastian Wiesinger]

* John Levine  [2017-02-13 17:54]:
> Your server is in 176.9/16.  On my network, I've blocked all mail from
> that /16 formany years, with never a user complaint.  If the mail logs
> are a guide, Hetzner's customers consist entirely of dusty botted web
> servers. 
> 
> If you want people to accept your mail, find a more competent
> provider.  Often there is a reason that cheap hosting is so cheap.

FWIW I know Hetzner since almost a decade as a customer and
personally. They rent dedicated machines and sadly many people fail to
correctly run and administer these. I know that they react to abuse, I
have received abuse complaints through Hetzner myself that I was able
to clear up (people still sometimes think portscans are evil).

I can say that Hetzner as a company is highly competent, having met
and worked with people there for a long time.

So I don't think blocking a whole /16 with probably ten thousands of
individual customers would be wise for most people (might still work
for you). Sure you will see a lot of bad stuff in your logs but that
is probably true for many net blocks (at least it is for my
mailserver). I for my part also see a lot of good stuff coming from
that netblock and that is because I'm from Germany and many people
that send me mail here in Germany host at Hetzner.

Coming back to the topic, I don't even know if that is the reason for
the Microsoft blacklist and that is what annoys me the most.

Regards

Sebastian

-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Andreas Ziegler]

John Levine schrieb am 13.02.2017 um 17:52:
> Your server is in 176.9/16.  On my network, I've blocked all mail from
> that /16 formany years, with never a user complaint.  If the mail logs
> are a guide, Hetzner's customers consist entirely of dusty botted web
> servers. 

really brave.
we have many customer servers in that range - it seems i was lucky so
far i didn't ran into your big childish /16 block.

regarding Hetzner:
if there is any spam, from hacked accounts for example, Hetzner contacts
you and if you don't react and solve the issue within 48h they block
your server.
so much for incompetent, you're blaming the wrong ones.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John Levine]

In article <20170213124355.gb11...@danton.fire-world.de> you write:
>I'm facing the same problem. My mailserver sent *two* mails to
>Microsofts hotmail.com MX servers in the last few weeks and both of
>them were personal mails, no spam, no forwardings. Suddenly my server
>is on the blacklist. Microsoft support won't tell me why the server is
>on the blacklist and also won't remove it. I only get prefabricated
>texts back.

Your server is in 176.9/16.  On my network, I've blocked all mail from
that /16 formany years, with never a user complaint.  If the mail logs
are a guide, Hetzner's customers consist entirely of dusty botted web
servers. 

If you want people to accept your mail, find a more competent
provider.  Often there is a reason that cheap hosting is so cheap.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[G. Miliotis]

On 13/2/2017 14:43, Sebastian Wiesinger wrote:

All in all it seems with Microsoft nowadays you can get listed
without any explanation or way forward to remove yourself from the
blacklist. My plea that I would love to comply with the rules if only
I knew which ones I apparently violated has not made any difference.


It's amazing how a third party can effectively dictate who you do 
business with, isn't it? You may like everything about Hetzner (or any 
other provider) but if you want to have some kind of peace of mind with 
your SMTP, you have to remember there is an implicit blacklist 
somewhere. And if you hit it, good luck.


Naturally, MS won't tell you who's blacklisted or whose reputation is 
bad before you buy, because they're operating through security by 
obscurity. They need to protect their little antispam black box. Long 
term, it's not going to work. It's not working now, either. All of my 
clients complain about a slew of false positives, mail going to spam 
folders and so on. We all know this is a battle we're losing. So, it's 
everyone for themselves. And MS is way ahead in jumping off the email 
community solidarity ship. Despite Michael's valiant efforts. You know 
how it goes, in a zombie chase you don't need to outrun the zombies; you 
only need to outrun the guy behind you.


MS doesn't need your 2 emails/week and they don't affect their bottom 
line. You're NOT their customer and neither are the recipients 
(especially in hotmail). So you don't get to deliver them, because 
reasons. And you don't get to waste support resources, because duh. I'd 
probably do the same, considering how grim the spam situation is.


But that doesn't mean I have to like it. I'm getting everyone I see away 
from the big freemail providers, especially hotmail. It may not be 
making a big difference overall, but it certainly has made my life with 
my customers and friends much easier. Now if android wasn't Google's 
bitch, I'd be getting rid of those gmail accounts, as well. I guess we 
can't have EVERYTHING, right?


--GM



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Sebastian Wiesinger]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

* Klaus Ethgen  [2017-02-04 11:18]:
> Hello,
> 
> I seen, that here are some microsoft mail admins. So I try this once
> more bevore I give up with microsoft at all.
> 
> I have a private mail server in hetzner network (5.9.7.51). This server
> is well managed and only my mails and a few others are routed over them.
> I can assure that no spam is coming from them (or accepted there).

I'm facing the same problem. My mailserver sent *two* mails to
Microsofts hotmail.com MX servers in the last few weeks and both of
them were personal mails, no spam, no forwardings. Suddenly my server
is on the blacklist. Microsoft support won't tell me why the server is
on the blacklist and also won't remove it. I only get prefabricated
texts back.

I was registered for SNDS and now also registered for the JMRP for
what its worth...

I took the liberty to mail Michael directly because I'm really out of
ideas. All in all it seems with Microsoft nowadays you can get listed
without any explanation or way forward to remove yourself from the
blacklist. My plea that I would love to comply with the rules if only
I knew which ones I apparently violated has not made any difference.

Best Regards

Sebastian

- -- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
-BEGIN PGP SIGNATURE-

iQF6BAEBCgBkBQJYoaoLMxSAABUAFXBrYS1hZGRyZXNzQGdudXBnLm9yZ3Nl
YmFzdGlhbkBrYXJvdHRlLm9yZykaaHR0cHM6Ly93d3cua2Fyb3R0ZS5vcmcvcGdw
LXBvbGljeS5zaHRtbAAKCRBYotlKk6C5zuxICACfmiwR0KABu2TRFjB5K1fnmlnF
NkzlhNDVtpgfF7/p5lPN635+29w2EjyGxJy5Ou9ZNeAkNK9J5ilK/nHvO4NOSI7+
chur9tE2yE57Wb2e6TKFtEIbPNE2iQGTcXZ720r/X2djELYaJbFAeDdswgoJlrAG
AIC83CkITsn6YBlLtguuYzUNsFcUVcBrBum7QnhgXTiS4kDrbe5UiS5tF8UBtAHJ
BZvQcumDYCQd8QzeZh7MDEk/uVTN4BxhToOmpnQHTn+UewQ9nZFmYW4lMVNZY+J8
qj84Rv/fR4X33OJP2TLWjtpaWXCj46je63Z9O3CwA87sUkz1Eu+9cuul/EdV
=lzD0
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Andreas Ziegler]

John Levine schrieb am 09.02.2017 um 05:30:
> If you want your mail delivered, you have to filter out the spam, even
> if it's forwarded.

sure - i didn't say i don't do that.
maybe i should simply set stricter rules for forwards than for local
mailboxes...

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Dave Warren]

On 2017-02-09 01:16, Paul Smith wrote:

I never understand why users won't just collect mail from the 'proper'
mail server rather than having to forward it all to gmail/hotmail. A
large portion of our support issues are to do with this forwarding.


In my experience, it's because Gmail/Hotmail/whatever offers a much 
better user experience. Whether it's the webmail interface or app 
experience, or just the consistent experience (vs their personal mail) 
varies depending on the user.


I agree that I find this quite annoying, but just the same, from an 
end-user's perspective, I can understand it, especially when said 
interfaces have the ability to send "From" foreign addresses (including 
using valid SMTP credentials, thereby avoiding SPF/DKIM failures).


Just the same, when someone chooses to treat an external service as a 
client, they should set it up like a client (pull via IMAP or POP, send 
via SMTP).




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Laura Atkins]

> On Feb 9, 2017, at 9:47 AM, John Levine  wrote:
> 
> In article <1573147.t2hcmj7...@skynet.simkin.ca> you write:
>> Forwarding does not break DMARC. A DMARC pass requires that either SPF or 
>> DKIM 
>> pass, not both.
> 
> If a domain only authenticates with SPF, not DKIM, and publishes a
> DMARC policy, then forwarding will break DMARC.  I don't think I've
> seen this scenario; places that publish DMARC policies tend to use
> DKIM.

I did an analysis for a client a few months ago and found that there were some 
major ISPs that would (apparently randomly) break DKIM, leading to DMARC 
failures on forwarding. I’ve also seen other major ISPs ignore said breaks if 
they believe the sending IPs are forwarders. 

laura

-- 
Having an Email Crisis?  800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: http://wordtothewise.com/blog  






___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Philip Paeps]

On 2017-02-09 08:54:09 (-0800), Alan Hodgson  wrote:
> On Thursday 09 February 2017 10:15:17 Philip Paeps wrote:
> > Also note that DMARC breaks forwarding like this (or forwarding
> > breaks DMARC, depending on your religious affiliation).  You can get
> > around SPF as long as your envelope matches your relay but for
> > DMARC, the From: domain also needs to be aligned.
> 
> Forwarding does not break DMARC. A DMARC pass requires that either SPF
> or DKIM pass, not both.

I stand corrected.  Thank you for refreshing my memory.  It's been a
while since I looked at DMARC in detail.

> Forwarding only breaks DMARC if you modify the message and break the
> DKIM signature. Mailing lists that modify the Subject header or body,
> for instance, break DMARC. Normal forwarding does not.

Correct.

Stupid forwarders only break SPF, not DKIM.  So DMARC will not break any
more than SPF already will.

> Forwarding is still a terrible idea, of course. Spam has killed
> forwarding, IMO.

Absolutely agreed -- unless you have complete control over the receiving
end.  I don't mind phi...@freebsd.org forwarding to phi...@trouble.is
because I can whitelist the forwarder.  Forwarding *@trouble.is to a
mailbox @google.com or @hotmail.com or @yahoo.com on the other hand
would be a catastrophically bad idea.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John Levine]

In article <1573147.t2hcmj7...@skynet.simkin.ca> you write:
>Forwarding does not break DMARC. A DMARC pass requires that either SPF or DKIM 
>pass, not both.

If a domain only authenticates with SPF, not DKIM, and publishes a
DMARC policy, then forwarding will break DMARC.  I don't think I've
seen this scenario; places that publish DMARC policies tend to use
DKIM.

Forwarding spam is a much much bigger reputation problem than broken DMARC.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Alan Hodgson]

On Thursday 09 February 2017 10:15:17 Philip Paeps wrote:
> Also note that DMARC breaks forwarding like this (or forwarding breaks
> DMARC, depending on your religious affiliation).  You can get around SPF
> as long as your envelope matches your relay but for DMARC, the From:
> domain also needs to be aligned.
> 

Forwarding does not break DMARC. A DMARC pass requires that either SPF or DKIM 
pass, not both.

Forwarding only breaks DMARC if you modify the message and break the DKIM 
signature. Mailing lists that modify the Subject header or body, for instance, 
break DMARC. Normal forwarding does not.

Forwarding is still a terrible idea, of course. Spam has killed forwarding, 
IMO.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Eric Henson]

If you do a "reply-all" to Brandon's email, you'll see he works for Google. 

Have you ever had a security issue with a microsoft.com website? Can you 
provide a news article or other source confirming that their servers were 
compromised? I could see there possibly being an issue with the advertising on 
MSN.com, but not on one of their business pages.

Javascript is a very standard internet technology. You could snapshot a virtual 
machine, fill out the form, and then roll back your snapshot. Or do something 
similar with a smartphone. 


-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Klaus Ethgen
Sent: Thursday, February 9, 2017 5:11 AM
To: mailop@mailop.org
Subject: Re: [mailop] Mails to microsoft

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Brandon,

First, thanks for your objective mail.

Are you speaking for for Microsoft or for another company? I cannot get that 
from your mail address.

Am Mi den  8. Feb 2017 um 21:48 schrieb Brandon Long via mailop:
> Generally speaking, we've seen issues with Hetzner as well, and their 
> netblock and asn reputations are crap in our systems as well,

I could believe that. Hetzner is a big hoster and it is expectable to have some 
bad nodes in their network.

On the other hand, what I seen from Hetzner until now is that they are on a 
good technical level and very responsible if cou contact them.
However, their answer might not always be what you would like. That has 
positive and negative impacts.

> but we generally have some smarts for allowing for the possibility of 
> good eggs in a bad block.  It's not perfect, especially given what we 
> tend to see, which is compromised boxes that can go from minimal to 
> zero mail to millions in a heartbeat.

As I also manage my mail server(s) very strict and tight, I understand what you 
mean. Although I would never ever block postmaster mails.
(Hmm.. to be true, I do for one reason but I really don't think that one real 
mail admin will use .domain toplevel as HELO. So beat me if you have a legal 
reason for that.)

> Your block seems relatively clean.

Nice to hear. What do you mean by "relatively"?

Do you have an address where I could test it and where you see the logs/outcome?

> I would also point out that it's easier to attract bees with honey 
> than with vinegar.  Casting aspersions and assumptions of bad faith 
> may make you feel better, but are not likely to get you much help.

You are right, sorry.

> The complaints about javascript are also cute.

What is "cute" about caring for security? Javascript is a pestilence in the 
present days web and you open up for all bad you could imagine if you enable it 
feather-headed. And, sorry, but I had enough bad experiences with Microsoft in 
the past to not trust them running code on my system(s).

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C -BEGIN PGP 
SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlicTkYACgkQpnwKsYAZ
9qyQ5wv/R7vrcoyK8uJXTk4bSfMD8wmc5A92KOXyTOsuW8bSZ1ycXvYbEEIqZIHs
YcrwskfNx42c6MglEJOQZnoYNzGAJkHjMwZu29dkzBRhPVfiKujwTAs8S9PSQktG
vL0AvCShJedaq+iX2ZgtmLrVD/Tj5s0+QDhzsFEjDUFKxcMtq+aKCYNkjazo3eMZ
m8CoEksgqffAt3FZ7a61G5dWCiS1g7fPlXqgVOtQVZPNlxcuHciLb7yUbxE9nzsi
hgNfk4SGKWaGY/mpDXY/Zh9NIbbJmzBMfAx4YNxaXouepPNyp3yc1r8hFQGKRK3D
UDWAtDAsmEIPdFnKvKy0DPEno0d5+JjE/Oa165gv8WkMgXqVOUhFV53UZUDnB3LO
4K73IiVjH4PQUVLXiFK8b/dNXDQXCogvkYn751Qio6tFKQ8LBco/TUazjAGEnjWX
Fl9Gm73Hl0cnG5hxjeU1U8WIzo8rsQ1Z+1pcT/7wnyqOlmLZ0B/O59/3NNY5xj+Y
TxrkH3cj
=YHr0
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello Brandon,

First, thanks for your objective mail.

Are you speaking for for Microsoft or for another company? I cannot get
that from your mail address.

Am Mi den  8. Feb 2017 um 21:48 schrieb Brandon Long via mailop:
> Generally speaking, we've seen issues with Hetzner as well, and their
> netblock and asn reputations are crap in our systems as well,

I could believe that. Hetzner is a big hoster and it is expectable to
have some bad nodes in their network.

On the other hand, what I seen from Hetzner until now is that they are
on a good technical level and very responsible if cou contact them.
However, their answer might not always be what you would like. That has
positive and negative impacts.

> but we generally have some smarts for allowing for the possibility of
> good eggs in a bad block.  It's not perfect, especially given what we
> tend to see, which is compromised boxes that can go from minimal to
> zero mail to millions in a heartbeat.

As I also manage my mail server(s) very strict and tight, I understand
what you mean. Although I would never ever block postmaster mails.
(Hmm.. to be true, I do for one reason but I really don't think that one
real mail admin will use .domain toplevel as HELO. So beat me if you
have a legal reason for that.)

> Your block seems relatively clean.

Nice to hear. What do you mean by "relatively"?

Do you have an address where I could test it and where you see the
logs/outcome?

> I would also point out that it's easier to attract bees with honey than
> with vinegar.  Casting aspersions and assumptions of bad faith may make you
> feel better, but are not likely to get you much help.

You are right, sorry.

> The complaints about javascript are also cute.

What is "cute" about caring for security? Javascript is a pestilence in
the present days web and you open up for all bad you could imagine if
you enable it feather-headed. And, sorry, but I had enough bad
experiences with Microsoft in the past to not trust them running code on
my system(s).

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlicTkYACgkQpnwKsYAZ
9qyQ5wv/R7vrcoyK8uJXTk4bSfMD8wmc5A92KOXyTOsuW8bSZ1ycXvYbEEIqZIHs
YcrwskfNx42c6MglEJOQZnoYNzGAJkHjMwZu29dkzBRhPVfiKujwTAs8S9PSQktG
vL0AvCShJedaq+iX2ZgtmLrVD/Tj5s0+QDhzsFEjDUFKxcMtq+aKCYNkjazo3eMZ
m8CoEksgqffAt3FZ7a61G5dWCiS1g7fPlXqgVOtQVZPNlxcuHciLb7yUbxE9nzsi
hgNfk4SGKWaGY/mpDXY/Zh9NIbbJmzBMfAx4YNxaXouepPNyp3yc1r8hFQGKRK3D
UDWAtDAsmEIPdFnKvKy0DPEno0d5+JjE/Oa165gv8WkMgXqVOUhFV53UZUDnB3LO
4K73IiVjH4PQUVLXiFK8b/dNXDQXCogvkYn751Qio6tFKQ8LBco/TUazjAGEnjWX
Fl9Gm73Hl0cnG5hxjeU1U8WIzo8rsQ1Z+1pcT/7wnyqOlmLZ0B/O59/3NNY5xj+Y
TxrkH3cj
=YHr0
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Philip Paeps]

On 2017-02-09 03:24:09 (+0100), Andreas Ziegler  wrote:
> btw, does anyone know if the big providers take into account that some
> spam is only forwarded, not originating?  we have many customers who
> want to forward their mail from someth...@myname.com to their
> gmail/hotmail/etc. mailboxes - which sometimes leads to problems if
> they receive many spam mails

Oooh... don't do that!

One of my users had a couple of catch-all domains (*@domain.example)
forwarding at their webmail account at a large provider.  After a couple
of dictionary spam runs, my mailserver's reputation was not so great
with that provider.

Definitely check for spam if you're forwarding.

Also note that DMARC breaks forwarding like this (or forwarding breaks
DMARC, depending on your religious affiliation).  You can get around SPF
as long as your envelope matches your relay but for DMARC, the From:
domain also needs to be aligned.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Paul Smith]

On 09/02/2017 02:24, Andreas Ziegler wrote:

btw, does anyone know if the big providers take into account that some
spam is only forwarded, not originating?
we have many customers who want to forward their mail from
someth...@myname.com to their gmail/hotmail/etc. mailboxes - which
sometimes leads to problems if they receive many spam mails

Just don't...

POP3 collection works fine (I know gmail can do this), but forwarding 
will get your mail server blocked. We send our customers' forwarded mail 
through a 'sacrificial' mail server because we know it'll get 
blocked/rate-limited etc, and don't want it to affect normal mail. This 
happens even though we pass the mail through a spam filter first 
(although less than if we didn't) - but then, false positives from our 
spam filter never reach the user at all...


I never understand why users won't just collect mail from the 'proper' 
mail server rather than having to forward it all to gmail/hotmail. A 
large portion of our support issues are to do with this forwarding.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Rathbun]

On 9 Feb 2017 04:30:21 -, "John Levine"  wrote:

>  For some of my users, I run
>the forwarded mailt through spamassassin, send it with SMTP if the
>score is low, put it in a folder for later POP pickup if the score is
>high.

I will set up a periodic POP session service for my users that will suck their
mail from the remote account, with optional local filtering features.  IMAP
not available but then again, if the remote account offers IMAP access, there
is no major reason to transfer the mail to local storage.

Users are welcome to access their mail remotely through web interface, POP or
IMAP.  Absolutely no forwarding for anything other than spamtrap feeds.

mdr
-- 
There's a funny thing that happens when you know the correct
answer.  It throws you when you get a different answer that
is not wrong.-- Dr Bowman (Freefall)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John Levine]

>we have many customers who want to forward their mail from
>someth...@myname.com to their gmail/hotmail/etc. mailboxes - which
>sometimes leads to problems if they receive many spam mails

If you want your mail delivered, you have to filter out the spam, even
if it's forwarded.

Michael's suggestions about pulling the mail with POP or IMAP rather
than pushing it with SMTP are also good.  For some of my users, I run
the forwarded mailt through spamassassin, send it with SMTP if the
score is low, put it in a folder for later POP pickup if the score is
high.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Rathbun]

On Thu, 9 Feb 2017 03:24:09 +0100, Andreas Ziegler 
wrote:

>btw, does anyone know if the big providers take into account that some
>spam is only forwarded, not originating?

I know of at least one very large provider that makes no attempt to identify
spam as forwarded, and where IPs that emit a certain persistent percentage of
spam over a particular span of time will first have their traffic be marked as
spam, and some time later see it refused absolutely at the edge.  

>we have many customers who want to forward their mail from
>someth...@myname.com to their gmail/hotmail/etc. mailboxes - which
>sometimes leads to problems if they receive many spam mails

They might want to explore whether their provider or their client can access
the remote account by POP or IMAP rather than forwarding.  Many fewer issues
for all concerned will arise.

mdr
-- 
   "There will be more spam."
  -- Paul Vixie



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Andreas Ziegler]

not only microsoft-related, a suggestion to those managing more than one
server:
use only one of them to send out the mail and use it as a relay for the
others.
from my experience this leads to better results, even if there are
hacked accounts from time to time - the big providers seem to be OK with
an IP sending some spam if it sends loads of "good" mail most of the
time - but if a server only sends 10 mails a day it gets blacklisted
much faster.

btw, does anyone know if the big providers take into account that some
spam is only forwarded, not originating?
we have many customers who want to forward their mail from
someth...@myname.com to their gmail/hotmail/etc. mailboxes - which
sometimes leads to problems if they receive many spam mails

Andreas


Brandon Long via mailop schrieb am 08.02.2017 um 21:48:
> 
> 
> On Sun, Feb 5, 2017 at 2:44 AM, Klaus Ethgen  > wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Am Sa den  4. Feb 2017 um 18:55 schrieb Andreas Schamanek:
> [One who witlessly blocks all hetzner IPs]
> > > I host lua-l, a large mailing list both in terms of subscribers and
> > > postings, on Hetzner.  The only people we ever have deliverability
> > > problems with are Gmail, and that's only for an hour or two at a time.
> >
> > Same for my private server at Hetzner. And those rare temporary delays
> > when delivering to Gmail might not even be reputation based but rather
> > due to Gmail's internal mechanics.
> 
> Microsoft is the only one I have problems. It is true that I seen
> sometimes delays to google but they are rare and nothing I worry about.
> 
> I hear from others that they mails gets in the spam folder on google but
> I never seen that with mine.
> 
> Moreover, some time ago I drove a spam^W mailserver for a company and
> even with that we had no problems with google. (Yahoo was more a
> factor.)
> 
> 
> Generally speaking, we've seen issues with Hetzner as well, and their
> netblock and asn reputations are crap in our systems as well, but we
> generally have some smarts for allowing for the possibility of good eggs
> in a bad block.  It's not perfect, especially given what we tend to see,
> which is compromised boxes that can go from minimal to zero mail to
> millions in a heartbeat.
> 
> Your block seems relatively clean.
> 
> I would also point out that it's easier to attract bees with honey than
> with vinegar.  Casting aspersions and assumptions of bad faith may make
> you feel better, but are not likely to get you much help.
> 
> The complaints about javascript are also cute.
> 
> Brandon
> 
>  
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Brandon Long via mailop]

On Sun, Feb 5, 2017 at 2:44 AM, Klaus Ethgen  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Am Sa den  4. Feb 2017 um 18:55 schrieb Andreas Schamanek:
> [One who witlessly blocks all hetzner IPs]
> > > I host lua-l, a large mailing list both in terms of subscribers and
> > > postings, on Hetzner.  The only people we ever have deliverability
> > > problems with are Gmail, and that's only for an hour or two at a time.
> >
> > Same for my private server at Hetzner. And those rare temporary delays
> > when delivering to Gmail might not even be reputation based but rather
> > due to Gmail's internal mechanics.
>
> Microsoft is the only one I have problems. It is true that I seen
> sometimes delays to google but they are rare and nothing I worry about.
>
> I hear from others that they mails gets in the spam folder on google but
> I never seen that with mine.
>
> Moreover, some time ago I drove a spam^W mailserver for a company and
> even with that we had no problems with google. (Yahoo was more a
> factor.)
>

Generally speaking, we've seen issues with Hetzner as well, and their
netblock and asn reputations are crap in our systems as well, but we
generally have some smarts for allowing for the possibility of good eggs in
a bad block.  It's not perfect, especially given what we tend to see, which
is compromised boxes that can go from minimal to zero mail to millions in a
heartbeat.

Your block seems relatively clean.

I would also point out that it's easier to attract bees with honey than
with vinegar.  Casting aspersions and assumptions of bad faith may make you
feel better, but are not likely to get you much help.

The complaints about javascript are also cute.

Brandon
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

On 17-02-08 08:30 AM, Michael Peddemors wrote:

Ouch, as much as the Hotmail/Outlook spam might bother because of course
it is harder to sort the good/bad, that is easier to do at source than
at destination..


Oh, speaking of Hotmail..
Still appears that emails coming from cross-tenant still break RFC's..
Duplicate Return Paths..

Return-Path: 
Received: from snt004-omc3s33.hotmail.com (HELO 
SNT004-OMC3S33.hotmail.com) (65.55.90.172)



spamdiagnosticmetadata: NSPM 
Content-Type: multipart/alternative;
boundary="_000_BM1PR01MB0737270F24F2EEA103EE2EF0DE400BM1PR01MB0737INDP_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Feb 2017 20:31:45.6644
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BO1IND01HT012
Bcc:
Return-Path: devendramishra2...@outlook.com
^^^
(That should be stripped at the original receiving server, if it isn't 
the final destination)


X-OriginalArrivalTime: 06 Feb 2017 20:32:24.0421 (UTC) 
FILETIME=[1FDEF950:01D280B8]




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

Ouch, as much as the Hotmail/Outlook spam might bother because of course 
it is harder to sort the good/bad, that is easier to do at source than 
at destination..


But, in my travels around the world, it is amazing how in many countries 
Hotmail is still used by professionals.


But saying it is the biggest spam sending network out there is a 
stretch..  Biggest spam sending networks are of course still the ISP's 
that host the 'Internet of Things', with all the Bots and compromised 
devices, but after that it is the hosting companies which allow such 
activity, and after that it is the compromised email accounts, with the 
Gmail/Hotmail/Yahoo/OtherBigProvider abuse still well below all the rest..


Don't get me wrong, can they do better?  Yes..
Of course, the motivation to move to that next level might not be 
there.. What of course worries the most, is that we see some companies 
actually going the other way..


And of course, right now there are a lot of other operators out there 
that can help.. eg.. Digital Ocean. umm.. pretty sure that these should 
be on the network.. 


104.131.6.184   (M)   1   mta-wk-0.mk1.xzare.com
104.131.9.50(M)   1   mta-wk-3.mk3.ipruz.com
   104.131.9.186(M)   1   mta-wk-3.mk3.xzare.com
104.131.14.157  (M)   1   mta-wk-6.mk2.qkena.com
104.131.23.182  (M)   1   mta-wk-4.mk3.xzare.com
104.131.36.140  (M)   2   mta-wk-1.mk1.qkena.com
104.131.47.231  (M)   1   mta-wk-2.mk2.xzare.com
104.131.64.129  (M)   1   mta-wk-0.mk3.xzare.com
104.131.110.138 (M)   1   mta-wk-1.mk3.qkena.com
104.131.119.22  (M)   1   mta-wk-1.mk0.ipruz.com
104.131.130.73  (M)   1   mta-wk-1.mk0.uulio.com
   104.131.130.91   (M)   1   mta-wk-0.mk0.uzoin.com
104.131.152.194 (M)   1   mta-wk-6.mk0.uzoin.com
104.131.153.40  (M)   2   mta-wk-7.mk0.uzoin.com
104.131.161.215 (M)   1   mta-wk-0.mk0.ipruz.com
104.131.181.250 (M)   1   mta-wk-2.mk3.qkena.com
104.131.188.101 (M)   2   mta-wk-4.mk0.ipruz.com
104.236.1.255   (M)   1   mta-wk-4.mk1.qkena.com
104.236.18.51   (M)   1   mta-wk-2.mk0.ipruz.com
104.236.88.21   (M)   2   mta-wk-7.mk3.qkena.com
   104.236.88.75(M)   1   mta-wk-3.mk2.qkena.com
104.236.92.186  (M)   1   mta-wk-2.mk2.qkena.com
104.236.111.245 (M)   1   mta-wk-2.mk3.xzare.com
104.236.120.11  (M)   2   mta-wk-4.mk0.qkena.com
104.236.129.80  (M)   1   mta-wk-4.mk1.uzoin.com
104.236.135.106 (M)   1   mta-wk-0.mk1.mavfa.com
104.236.139.20  (M)   1   mta-wk-4.mk2.uzoin.com
104.236.140.25  (M)   1   mta-wk-6.mk2.mavfa.com
104.236.142.240 (M)   1   mta-wk-1.mk0.mavfa.com
104.236.144.68  (M)   1   mta-wk-6.mk1.mavfa.com
104.236.148.237 (M)   1   mta-wk-4.mk3.uulio.com
104.236.152.79  (M)   1   mta-wk-4.mk3.mavfa.com
104.236.153.183 (M)   2   mta-wk-5.mk1.uzoin.com
104.236.155.215 (M)   1   mta-wk-2.mk3.uzoin.com
104.236.156.19  (M)   1   mta-wk-5.mk1.mavfa.com
104.236.169.247 (M)   1   mta-wk-5.mk3.mavfa.com
104.236.179.128 (M)   1   mta-wk-2.mk1.uulio.com
104.236.182.25  (M)   1   mta-wk-5.mk0.mavfa.com
104.236.185.46  (M)   1   mta-wk-7.mk3.uulio.com
   104.236.185.54   (M)   1   mta-wk-2.mk1.uzoin.com
104.236.187.124 (M)   1   mta-wk-4.mk0.mavfa.com
   104.236.187.166  (M)   1   mta-wk-0.mk2.uulio.com
107.170.196.30  (M)   1   mta-wk-5.mk1.uulio.com
107.170.217.7   (M)   1   mta-wk-1.mk3.uulio.com
107.170.237.224 (M)   2   mta-wk-2.mk2.mavfa.com
107.170.251.122 (M)   1   mta-wk-6.mk1.uulio.com
107.170.255.50  (M)   1   mta-wk-1.mk3.mavfa.com
138.197.4.72  1   mta-wk-5.mk2.xzare.com
138.197.10.2011   mta-wk-1.mk2.qkena.com
138.197.12.22 1   mta-wk-2.mk1.qkena.com
138.197.27.1251   mta-wk-7.mk1.xzare.com
138.197.29.2291   mta-wk-6.mk3.xzare.com
138.197.35.26 1   mta-wk-6.mk1.xzare.com
   138.197.35.67  1   mta-wk-1.mk2.xzare.com
138.197.37.21 1   mta-wk-6.mk3.ipruz.com
   138.197.37.51  1   mta-wk-5.mk1.ipruz.com
   138.197.37.253 2   mta-wk-5.mk2.ipruz.com
138.197.39.18 1   mta-wk-0.mk0.xzare.com
   138.197.39.46  1   mta-wk-1.mk0.xzare.com
138.197.41.84 1   mta-wk-4.mk1.xzare.com
   138.197.41.96  1   mta-wk-5.mk1.xzare.com
138.197.43.1091   mta-wk-5.mk3.ipruz.com
   138.197.43.143 1   mta-wk-2.mk1.ipruz.com
138.197.44.72 1   mta-wk-0.mk2.qkena.com

Re: [mailop] Mails to microsoft

[John Levine]

>> Approximately 400 million Hotmail/Outlook users disagree with you.
>
>Hmm... 300 million spamers and 100 million users? Or is it even worse?
>
>I only know one real person who has an account over there. All others
>coming from that network are spam, spam and spam.

As we say in the US, you should try and get out more.  You might also
consider the possibility that not every one of their users has a
hotmail.com or outlook.com address, since like all large mail systems
they handle a lot of hosted third party mail.


>Microsoft is one of the biggest spam sending networks out there.

Considering how large their networks are, that's hardly surprising.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Mo den  6. Feb 2017 um 17:50 schrieb John Levine:
> In article <20170206143318.wy6afi7dx332c...@ikki.ethgen.ch> you write:
> >They can try. But in the end it will hit back to them. I recommend just
> >everyone _not_ to have emails on microsoft. If they don't care about
> >their customers, that is their problem.
> 
> Approximately 400 million Hotmail/Outlook users disagree with you.

Hmm... 300 million spamers and 100 million users? Or is it even worse?

I only know one real person who has an account over there. All others
coming from that network are spam, spam and spam.

Microsoft is one of the biggest spam sending networks out there.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliaxAIACgkQpnwKsYAZ
9qwjqgv/WZCXVJXIYu7bOsgZZPDZ96hoYamyjPH9q6TceYMGg/fb8xe32Nt2hsvI
F9ubsLcnEQf7XwFuyIWC54Q8/D+uPkNCoZtC/0TGNwPZsEUKjbVgx/fsjJTi8LOV
cEqRpzEiX+HwISdFp5go/yzL3eWygA3Y8cMZKlGRJy6OuSNxqYH74jdUtc4jowa5
NGeQ5h7cmmDH7rXTVPAKorDexwuiuGlBGaA323yiw/Ak1Lr75/XpPXaawDl7LnTA
YeyUfaOpiAEFMOVsnW1xtIllbM9H2I8Mo3pQIJ0phUz2TfgKiXkMyvdlWNC+pwhV
6q+Cj3VpQ1TFnw1YuBGN8kzTkIBP1b/UYngBT5F72564xnLM1CfwD4kXzYRwv3AF
/12VWfu2WbhYKq1+Z5bEX/Ud7VQN0rSukccRsBOz668SwwDIsgf0c79dmvp5fsAv
4VSQ6/4KltL+jbdMgC87Zq3PCVZieCHZyaE4+Wm7leW5mEhpjTpRO4deLWvpAWP3
P8g1ZfUF
=Jm8l
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Philip Paeps]

On 2017-02-06 15:05:18 (+0200), G. Miliotis  wrote:
> On 5/2/2017 12:35, Klaus Ethgen wrote:
> > Well, that is a fully ignorance of the world. There is many mailservers
> > in hetzner network (as well as there are some malicious hosts). Taking
> > all hetzner network in kin liability is something I will not tell on
> > this open list.
> 
> You will find it hard to get a hetzner block removed by microsoft.
> I've been trying on and off for over a year now.

Note that Microsoft (and others) treat some Hetzner networks with more
suspicion than others.  Some of the space in 5.9/16 in particular has a
terrible reputation.

While Hetzner's abuse handling is reasonably good for an ISP their size,
they are fighting an impossible battle.  Most of the IP "reputation"
lists are fully automated and sometimes a netblock will get blacklisted
before abuse can shut the customer down.

> You can set up a relay on another provider only for the microsoft
> domains and configure your MTA accordingly.

Or simply try another Hetzner netblock/datacentre.  I currently have
three machines on different Hetzner netblocks that have no problem
delivering to Microsoft.

Philip

-- 
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John Levine]

In article <20170206143318.wy6afi7dx332c...@ikki.ethgen.ch> you write:
>They can try. But in the end it will hit back to them. I recommend just
>everyone _not_ to have emails on microsoft. If they don't care about
>their customers, that is their problem.

Approximately 400 million Hotmail/Outlook users disagree with you.

Good luck with that.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Michael Peddemors]

On 17-02-06 05:05 AM, G. Miliotis wrote:

On 5/2/2017 12:35, Klaus Ethgen wrote:

Well, that is a fully ignorance of the world. There is many mailservers
in hetzner network (as well as there are some malicious hosts). Taking
all hetzner network in kin liability is something I will not tell on
this open list.


You will find it hard to get a hetzner block removed by microsoft. I've
been trying on and off for over a year now.
You can set up a relay on another provider only for the microsoft
domains and configure your MTA accordingly.
I don't approve of MS' methods but they are the gorilla and they screw
you if they want. Plus, it's their servers. Just don't believe any
"we're working with the community" claims they make on their texts. It's
BS (business), so no reason to have that expectation.

--GM


One of the things to consider, while there might be a lot of abusive 
spam sources using their networks, your success may depend on whether 
your segment is one of those that Hetzner allows/supplies SWIP/rwhois 
listings...


Generally this appears to depend on the data centres..

inetnum:213.133.96.0 - 213.133.111.255
netname:HETZNER-RZ-NBG-NET
descr:  Hetzner Online AG
descr:  Datacenter Nuernberg

inetnum:213.239.212.0 - 213.239.215.255
netname:HETZNER-RZ-NBG-NET
descr:  Hetzner Online AG
descr:  Datacenter Nuernberg

Don't get individual customer network ranges...

route:  213.239.192.0/18
descr:  HETZNER-RZ-NBG-BLK2
origin: AS24940
mnt-by: HOS-GUN

On this range, they seem to allow/give customers SWIP/rwhois listings..

Make sure that you get 'rwhois/SWIP' from them for your IP(s) and it 
might help your case.. This way you can point out while the IP(s) may be 
delegated by them as an upstream provider, you are taking responsibility 
for your portion of that network.




--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi GM,

Am Mo den  6. Feb 2017 um 14:05 schrieb G. Miliotis:
> On 5/2/2017 12:35, Klaus Ethgen wrote:
> > Well, that is a fully ignorance of the world. There is many mailservers
> > in hetzner network (as well as there are some malicious hosts). Taking
> > all hetzner network in kin liability is something I will not tell on
> > this open list.
> 
> You will find it hard to get a hetzner block removed by microsoft. I've been
> trying on and off for over a year now.
> You can set up a relay on another provider only for the microsoft domains
> and configure your MTA accordingly.

Yes, I seen that in the past to and heard that from many other sources
too. For me, I will just ignore them and recommend my friend to change.

> I don't approve of MS' methods but they are the gorilla and they screw you
> if they want.

They can try. But in the end it will hit back to them. I recommend just
everyone _not_ to have emails on microsoft. If they don't care about
their customers, that is their problem.

> Plus, it's their servers.

That is fully true. They can do what they want. But the consequences
will be that more and more other mail hoster care the same about
microsoft as they do to them.

Luckily, present days microsoft is a small provider who gets more and
more marginalized. There are much bigger ones.

> Just don't believe any "we're working with the community" claims they
> make on their texts. It's BS (business), so no reason to have that
> expectation.

Fully agree.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliYiSgACgkQpnwKsYAZ
9qz/RgwAoH4kDHSxmcFr+GqvcVQfxrR8OJ4xcDaBbrtcbNUj8OARNllCM9rP0ifW
2Ddf3kDfTAMWRsZmfQQxf9Ktx0xIzuLD8YIhWVfAmKkUyfIzL+9gRd+A2/NAd0wa
HXAUTx9d+1oRLbXd09YO9e9eQr00x0qQUksm8WyKlXzNYNo+yxcTyNQasxiJ8L4R
XBweZWDGYq2n5W83YaeGO9KcQTdwEcdflRIb2BA5aIhQw+xWx2wd3VeNCnck8orZ
rWFr0bLz3FWlZAYhZB+NpLMEdPqfw5TeUymBLPDfjeozEh/Lx7LIKFX6ffrYfGbJ
j1XERox642kGfYTa8S187bXI0c50m9W0QUxmpexoaukFSQ533CFsOo2z6KsnwVKG
Rym3PFh7U5sEJmcM84OFN0WyO4MEWXWg53ZvIJvHzLoy1WyL6J0sXx9myKBY8VGZ
MY8ybXpqUxUB7pZ63fV5XYyLoIdEF+UzLZPbxI1ClD8nbP7+h056v2cJ+g/xHjBh
tvVUZsgo
=gC+B
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[G. Miliotis]

On 5/2/2017 12:35, Klaus Ethgen wrote:

Well, that is a fully ignorance of the world. There is many mailservers
in hetzner network (as well as there are some malicious hosts). Taking
all hetzner network in kin liability is something I will not tell on
this open list.


You will find it hard to get a hetzner block removed by microsoft. I've 
been trying on and off for over a year now.
You can set up a relay on another provider only for the microsoft 
domains and configure your MTA accordingly.
I don't approve of MS' methods but they are the gorilla and they screw 
you if they want. Plus, it's their servers. Just don't believe any 
"we're working with the community" claims they make on their texts. It's 
BS (business), so no reason to have that expectation.


--GM


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Sa den  4. Feb 2017 um 18:55 schrieb Andreas Schamanek:
[One who witlessly blocks all hetzner IPs]
> > I host lua-l, a large mailing list both in terms of subscribers and
> > postings, on Hetzner.  The only people we ever have deliverability
> > problems with are Gmail, and that's only for an hour or two at a time.
> 
> Same for my private server at Hetzner. And those rare temporary delays 
> when delivering to Gmail might not even be reputation based but rather 
> due to Gmail's internal mechanics.

Microsoft is the only one I have problems. It is true that I seen
sometimes delays to google but they are rare and nothing I worry about.

I hear from others that they mails gets in the spam folder on google but
I never seen that with mine.

Moreover, some time ago I drove a spam^W mailserver for a company and
even with that we had no problems with google. (Yahoo was more a
factor.)

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliXAhYACgkQpnwKsYAZ
9qwBbAv9HWCkznApJI2EwhAEph+y9SAAAdsu2PDvK9Ulo4zQh9+4M8rAwjdBTn1X
Jir/6SCpj7esRtYytnBrOwLfdZmG1aQ3k+2Am2xPxIZlIXpMQEw6okPhiQC+sWC7
mu3GM3lgnhkxjQuj3Ts6mg/musnz5cmyCIIKzggfTUe+vdklY1LqaWVyeggsTpTq
L3PZ6Jwt2qvh8bSHHtptoAtDZmU/ou8e0/veDqOIlCKuYJuLkx+kXb5BcXsIX6Cn
CTZNzPk84nc7JzwHApndYrDX5/PfO5jYo+0CXqbupTsECq/O3Rau6FYRc9oHgpx5
nbbQEhHuc7bdZkx9s80F0Zwl+yTkwXjSaVyaGYgBnj6FLL/cER+/WVQMG3wZDEIY
4/ro3AWYFzki+DIE1NglAtbP0BGFmVeKQEOe9YjnTqqeoV4XeVQz+aBOnXW/gLO5
355azM/Wola3pWrx2fn8v62CBfuKMUBnTZnZR4+Cj4xJHkYXKq1FaX2g/Y4CCc2Z
US9CCKMC
=KBLE
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Am Sa den  4. Feb 2017 um 16:18 schrieb Paul Kincaid-Smith:
> > Ps. I will not go to a javascript overloaded page in the web that does
> >not do or add any usefull thinks. For my understanding, for mail
> >related stuff, postmaster@domain is the main contact for such thinks
> >(or abuse@..., but this is not standarised).
> 
> It would be wonderful if getting to the right people at Microsoft's mail
> operations team were easy, without friction, but it's not. For now, that's
> just the way it is. Michael Wise (who works in a different department at
> Microsoft) has kindly provided you with a link
>  and a process so you
> can reach the right team there.

Well, I do not trust microsoft enough to switch javascript on on their
pages. And without, this page has nothing useful on it.

I have not the time to handle with all hurdles, some marginal providers
put in the way of sane mail providers. But Microsoft shows the most
ignorance I have ever seen.

> The choice is yours. Being stubborn won't solve your problem. If you want
> to send mail from your Hetzner server to recipients at Hotmail, then follow
> their process.

I will do what was suggested on SwiNOG and suggest my friend to use a
mail provider who earn that name.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliXAOoACgkQpnwKsYAZ
9qxs/gv/RdChO9FjpWHGDnuO6fPMnDtPWz8isSAx/ylZmkhtIDyKhG+RS5HFPIT4
0xGkWuRtB11KqvjlxIxo2yBKzGhh6FZOWtuU1v3rlmW2mI4Sw3C6jE/i3xOqB52x
P5OmwKNBjlg//1CV1dcA9DVLvsUk5NGGcWN2H+knBSCNIKe4/ddDM4A4r7wHlZUa
ERqJWQi7vg8l2SZ12QtuLnOGOE+WdNZIM3cV6u5hl90GMtlyuXMqukKZXX3pbjiB
qEeQu+df0qH9LOZhkAChC8/vS+WXcRsiQxcEcVxHjJNw5CSftLO78Azs9kPYeVXL
D+k4+9iqz8u/AYkURdMdo3kXKkkWHdvBTopwrmrRB6e0IADI02mYqYOopA7b161s
+3wJM50xPI9MDjO3S6VATmlXb7doPq8wtcQasGEGQg33dXYsRXDsY9PgDcyIh4+P
00DVmXHt9ALJSgPzmWjXI1X0upl82H+Nei4jz/AQns6LQH+6RAvB9FrT9+Swxs/V
MOnkdIkJ
=VLFw
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am Sa den  4. Feb 2017 um 16:42 schrieb John Levine:
> In article <20170204100707.z5qygog6vzs5d...@ikki.ethgen.ch> you write:
> >I have a private mail server in hetzner network (5.9.7.51). ...
> 
> Considering how much spam gushes out of Hetzner, it's surprising that
> anyone accepts your mail at all.  On my network I've had all of 5.9/16
> blocked for years with zero complaints from my users.

Well, I seen much, much more spam coming from live.com and gmx. But it
is stupiud to block them without any other logic.

> If it's important to you that people accept your mail, you might
> consider finding a host with better managed networks.  But if it's
> not important to you, it's not important to anyone else.

Well, that is a fully ignorance of the world. There is many mailservers
in hetzner network (as well as there are some malicious hosts). Taking
all hetzner network in kin liability is something I will not tell on
this open list.

Regards
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliW/8oACgkQpnwKsYAZ
9qwOZgwAhjCfhG13BxTafa3pwfbytaxb3oOF/FA3qC9reoEzC697g9VkuSSYoXbj
GqPh5uC/0k1VxT/nWcQEGVpOaTCkcN+4h5cGZvrqiXdYmbEgtti/jbw8D7T5YQ9e
8jwRlmfeRpwssEWJBQtcgBRWRaDDddEy1UuBFveA8htzlas2UTiOBZZUsHrbE8/F
xgiJPc1NFkEoZHAZDHB8b3kdFBVb+ceoLK8vulajGIBe9AKh5VDx/IUIrSP4vTfU
HhbBJT1UwCP/eDQ2ophfeBHJVrhsnQvWp35OTRXX4pYEN6XCbzKto5fFpZNZU5DI
4rLAnuFGcezVPO3GsAKwjQuePuob64SbDCe3sjo/wpyZGZUkbcdoZ+XblcGHREnY
IZf7ZVN+NO6Mcb/vnuM7g26ygItsR/1JekB3PqQZXQnQAntWZeSo1T9xM7kS1bWO
snp2o/12fopAnCcqEv5MFZZA5gXvUQUdK9qUVG4KjnWNobi32ILWBk0ZnAJuBrvZ
3yvEbmfh
=EswF
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Andreas Schamanek]

On Sat, 4 Feb 2017, at 15:51, Rob Kendrick wrote:

> On Sat, Feb 04, 2017 at 03:42:53PM -, John Levine wrote:
> > In article <20170204100707.z5qygog6vzs5d...@ikki.ethgen.ch> you write:
> > >I have a private mail server in hetzner network (5.9.7.51). ...
> > 
> > Considering how much spam gushes out of Hetzner, it's surprising that
> > anyone accepts your mail at all.  On my network I've had all of 5.9/16
> > blocked for years with zero complaints from my users.
> > 
> > If it's important to you that people accept your mail, you might
> > consider finding a host with better managed networks.  But if it's
> > not important to you, it's not important to anyone else.
> 
> I host lua-l, a large mailing list both in terms of subscribers and
> postings, on Hetzner.  The only people we ever have deliverability
> problems with are Gmail, and that's only for an hour or two at a time.

Same for my private server at Hetzner. And those rare temporary delays 
when delivering to Gmail might not even be reputation based but rather 
due to Gmail's internal mechanics.

> As somebody reporting spam, I find Hetzner extremely responsible

I am also reporting spam and feeding BLs. Hetzner is definitely 
dealing with reports responsibly and also responsive. Moreover, I am 
not seeing more spam from Hetzner than from other large providers. 
Anyway, that's generally no reason to block whole networks.

I am not sure if the support team of a provider the size of Hetzner 
can be compared to those of Microsoft, Google, Amazon etc., but my 
personal experience suggests that Hetzner is very responsive, they 
actually reply to mail(!) whereas getting valuable support from 
Microsoft and Gmail is usually a PITA.

-- 
-- Andreas

:-)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Rob Kendrick]

On Sat, Feb 04, 2017 at 03:42:53PM -, John Levine wrote:
> In article <20170204100707.z5qygog6vzs5d...@ikki.ethgen.ch> you write:
> >I have a private mail server in hetzner network (5.9.7.51). ...
> 
> Considering how much spam gushes out of Hetzner, it's surprising that
> anyone accepts your mail at all.  On my network I've had all of 5.9/16
> blocked for years with zero complaints from my users.
> 
> If it's important to you that people accept your mail, you might
> consider finding a host with better managed networks.  But if it's
> not important to you, it's not important to anyone else.

I host lua-l, a large mailing list both in terms of subscribers and
postings, on Hetzner.  The only people we ever have deliverability
problems with are Gmail, and that's only for an hour or two at a time.

As somebody reporting spam, I find Hetzner extremely responsible: they
provide quick responses and follow-ups saying what has been done.  Also,
to be a Hetzner customer you need to provide a scan of government-issued
ID; if they kick you it's for life.

On the other hand, I can't ever recall receiving an email from an OVH or
AWS EC3 IP address I ever wanted.

B.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[John Levine]

In article <20170204100707.z5qygog6vzs5d...@ikki.ethgen.ch> you write:
>I have a private mail server in hetzner network (5.9.7.51). ...

Considering how much spam gushes out of Hetzner, it's surprising that
anyone accepts your mail at all.  On my network I've had all of 5.9/16
blocked for years with zero complaints from my users.

If it's important to you that people accept your mail, you might
consider finding a host with better managed networks.  But if it's
not important to you, it's not important to anyone else.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mails to microsoft

[Paul Kincaid-Smith]

Hello Klaus,

> Ps. I will not go to a javascript overloaded page in the web that does
>not do or add any usefull thinks. For my understanding, for mail
>related stuff, postmaster@domain is the main contact for such thinks
>(or abuse@..., but this is not standarised).

It would be wonderful if getting to the right people at Microsoft's mail
operations team were easy, without friction, but it's not. For now, that's
just the way it is. Michael Wise (who works in a different department at
Microsoft) has kindly provided you with a link
 and a process so you
can reach the right team there.

The choice is yours. Being stubborn won't solve your problem. If you want
to send mail from your Hetzner server to recipients at Hotmail, then follow
their process.

-- Paul Kincaid-Smith

On Sat, Feb 4, 2017 at 3:07 AM, Klaus Ethgen  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Hello,
>
> I seen, that here are some microsoft mail admins. So I try this once
> more bevore I give up with microsoft at all.
>
> I have a private mail server in hetzner network (5.9.7.51). This server
> is well managed and only my mails and a few others are routed over them.
> I can assure that no spam is coming from them (or accepted there).
>
> The SPF record is in place and current. There is no dkim and there will
> be no dkim in near future. However, the TLS is in a DANE record and the
> domains (most of them) secured by DNSSEC.
>
> I have one friend who have emails on hotmail. Getting mails from him (as
> well as many spams from hotmail and live.com) is routed fine to my
> domain(s). But when I try to reply, the mail is bouncing back with the
> non saying message
>550 SC-001 (COL004-MC3F22) Unfortunately, messages from 5.9.7.51
> weren't sent. Please contact your Internet service provider since part of
> their network is on our block list. You can also refer your provider to
> http://mail.live.com/mail/troubleshooting.aspx#errors.
>
> I tried to contact postmas...@hotmail.com but even that mail bounced
> back and was not accepted by microsoft even that this is the only mail
> address that must not bounce in any cases by RFC.
>
> So I have no way to contact microsoft about that issue. And microsoft is
> the only provider, that has such a badly managed system.
>
> I can assure that my server is not on any known lists and microsoft is
> really the only one that makes this troubles. And the mails I send are
> pure text mails with PGP signature.
>
> So, if someone from microsoft reads here, you might have a look into
> your logs. On private (not on the list) I can even provide you with logs
> or the account on hotmail.com (live.com). But please use a address that
> is accepting mails.
>
> When I discussed that issue on swinog mailing list, I got many answers
> that this is known about microsoft and some of the replies (and even my
> answers) was not nice about microsoft and mail. But keep that beside if
> possible and hopefully the issue can be solved here.
>
> Regards
>Klaus
>
> Ps. I will not go to a javascript overloaded page in the web that does
> not do or add any usefull thinks. For my understanding, for mail
> related stuff, postmaster@domain is the main contact for such thinks
> (or abuse@..., but this is not standarised).
> - --
> Klaus Ethgen   http://www.ethgen.ch/
> pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
> Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
> -BEGIN PGP SIGNATURE-
> Comment: Charset: ISO-8859-1
>
> iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliVp8UACgkQpnwKsYAZ
> 9qxbzgv+K/cIGzoLls/QfCfw4zgo8rWwl6aZxIBIIzQqJ7shfheVfelYYQ/y/rJI
> htkspHEmegGr4SFFVDlD4P2uPy1ZRop0ix0fqwuPuvNFgRXoqZEyia3nkXmjtP6h
> TxqLuud/piV71l0zkWZIveijqa3nGNTrKHkrO9yHgCbxAR60J25LzAl6/cBQ5lp5
> xZoUEpGMrpIidHEK/ikbGDJY8I4Kses+6gUqi4BKABrIG0h1OpgOOD5RUskEqR21
> KAeh2AwCXGZdv1JAtWopfFpcua5In/7XVVaESNVJNgKeOVgemQKw5BxDeEV22HmT
> BU4QrS3O+05tnxS81FsVrugwrbjtWbyO0UlHTh+C0WZ/oBk2fTJ+qyhcFhpzpK2e
> avsXBWsmD9xAOgAnCWetplHXpvju5S2gs6ZhFHKyohaiadWO0t12xZBKnerqLLZo
> mKNiZBdLeL2ajttYe4boBmlnTa0u6otKx3bALSsrPOYTkwjtoD7ogA6VIsIfwKhW
> iQm9tZro
> =AAbp
> -END PGP SIGNATURE-
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Mails to microsoft

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello,

I seen, that here are some microsoft mail admins. So I try this once
more bevore I give up with microsoft at all.

I have a private mail server in hetzner network (5.9.7.51). This server
is well managed and only my mails and a few others are routed over them.
I can assure that no spam is coming from them (or accepted there).

The SPF record is in place and current. There is no dkim and there will
be no dkim in near future. However, the TLS is in a DANE record and the
domains (most of them) secured by DNSSEC.

I have one friend who have emails on hotmail. Getting mails from him (as
well as many spams from hotmail and live.com) is routed fine to my
domain(s). But when I try to reply, the mail is bouncing back with the
non saying message
   550 SC-001 (COL004-MC3F22) Unfortunately, messages from 5.9.7.51 weren't 
sent. Please contact your Internet service provider since part of their network 
is on our block list. You can also refer your provider to 
http://mail.live.com/mail/troubleshooting.aspx#errors.

I tried to contact postmas...@hotmail.com but even that mail bounced
back and was not accepted by microsoft even that this is the only mail
address that must not bounce in any cases by RFC.

So I have no way to contact microsoft about that issue. And microsoft is
the only provider, that has such a badly managed system.

I can assure that my server is not on any known lists and microsoft is
really the only one that makes this troubles. And the mails I send are
pure text mails with PGP signature.

So, if someone from microsoft reads here, you might have a look into
your logs. On private (not on the list) I can even provide you with logs
or the account on hotmail.com (live.com). But please use a address that
is accepting mails.

When I discussed that issue on swinog mailing list, I got many answers
that this is known about microsoft and some of the replies (and even my
answers) was not nice about microsoft and mail. But keep that beside if
possible and hopefully the issue can be solved here.

Regards
   Klaus

Ps. I will not go to a javascript overloaded page in the web that does
not do or add any usefull thinks. For my understanding, for mail
related stuff, postmaster@domain is the main contact for such thinks
(or abuse@..., but this is not standarised).
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAliVp8UACgkQpnwKsYAZ
9qxbzgv+K/cIGzoLls/QfCfw4zgo8rWwl6aZxIBIIzQqJ7shfheVfelYYQ/y/rJI
htkspHEmegGr4SFFVDlD4P2uPy1ZRop0ix0fqwuPuvNFgRXoqZEyia3nkXmjtP6h
TxqLuud/piV71l0zkWZIveijqa3nGNTrKHkrO9yHgCbxAR60J25LzAl6/cBQ5lp5
xZoUEpGMrpIidHEK/ikbGDJY8I4Kses+6gUqi4BKABrIG0h1OpgOOD5RUskEqR21
KAeh2AwCXGZdv1JAtWopfFpcua5In/7XVVaESNVJNgKeOVgemQKw5BxDeEV22HmT
BU4QrS3O+05tnxS81FsVrugwrbjtWbyO0UlHTh+C0WZ/oBk2fTJ+qyhcFhpzpK2e
avsXBWsmD9xAOgAnCWetplHXpvju5S2gs6ZhFHKyohaiadWO0t12xZBKnerqLLZo
mKNiZBdLeL2ajttYe4boBmlnTa0u6otKx3bALSsrPOYTkwjtoD7ogA6VIsIfwKhW
iQm9tZro
=AAbp
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop