Re: [mailop] OVH Bulk Mailer? Anyone know this one?
Am 07.08.20 um 19:14 schrieb Alain Gaudreau via mailop: > > I disagree Hans-Martin. > I sympathize with you. Constantly fighting mail blocks is certainly as tiring as constantly fighting mail abuse. > > > > We have been using ovh for years and years and enforce strict abuse policies > on our clients who are mostly notaries, > lawyers, dental clinics and so on that have specific needs of having their > data hosted in their own jurisdiction for > privacy concerns, etc. > I know that OVH has legit customers as well. Reason enough not to fully block on the IP level but log and check the list regularly. With > 95% obvious crap, my motivation isn't stellar, though. > > > > If you are going to block the entire address space, you would also need to > block most of the vps providers out there > which are all as difficult to deal with in terms of abuse be it email or > various other brute force and ddos attacks > who generally ignore reports. > I do. OVH is just a very big player and the topic of the original post. > > > > I have personally reported hundreds of abuse incidents originating from > dozens of major players in the hosting and > cloud industries that generally disregard the reports or return generic > messages that they cannot be held responsible > for data passing through their network. > And that's a widespread problem. If they hide their clients' identity from me so I can not complain to their client or keep my block list finely tuned to just list the spammers, they have no reason to complain if I instead tune it coarsely. > > > > There are still many mailops out there aside from Microsoft/Google that apply > strict policies and get swept up in wide > range ip bans for nothing pushing clients to migrate to MS/Google and giving > them even more control over the market. > MS/Google and many others still have their share of emitted spam. But those are mostly abused mailboxes, not spam operations, so a temporary block of a compromised server until the abuse report has been acted upon is most often all that's needed. OVH on the other hand tolerates spammer operations for much too long, regularly providing them with fresh IP addresses all around their network. They are not the only ones who do that, but one of the biggest ones. > > > > We need to find better, smarter ways to fight undesirables than simply carpet > banning large blocks of ip’s and killing > off smaller operators one after another especially now, during this global > pandemic where most companies are suffering > massive financial losses and depend on email as their primary means of > communication with their suppliers and clients. > Yes. Listing individual IPs has been tried, and it fails because some big players hand out lots of addresses (often not even contiguous) to snowshoe spammers. I'm not for killing smaller operators (unless they're spammers, and even then killing their business is sufficient in my opinion) but I'd like to be able to poke the largest ones until they realize they need to handle their abusive customers differently. And if that doesn't work (apparently it does not) then I want to at least keep most of the spam out of my users' inboxes. My users need working e-mail, too, and they are often not tech-savvy enough to reliably detect fraud and phishing which would also hurt them financially. > > > > Perhaps the time has come to change how we have all been doing it for decades > with the current hundreds of RBL’s and > local block lists and put in place a low cost or no cost to mailops neutral > world wide “governing body” built on fast > response, information for mailops and best practices. > Would be nice, but from just wishing it won't become a reality. > > > > Over the past decades, the only time we have had spam/bulk mail go through > our systems has been due to compromised > wordpress/joomla/etc websites that communicate with external smtp servers > that bypassed for the most part our mail > filtering systems entirely which meant waiting for that server’s ip to be > blocked on some RBL or through MS to get > notified of the issue then factor in the time it takes for the team to > investigate and shut down the offending web > site/account, it all adds up to slow response and more junk floating out > there. > Yes, that's why you should pressure your provider to accept and handle abuse reports. They need to put some energy into this (for example, a blanket "we will forward your report to the customer" will make me prefer to block without reporting) but after some time their spamming customers will find their situation uncomfortable and will leave. After that happens I'm ok with my reports being forwarded to the folks responsible for the compromised server. > > > > If we had a widely adopted “central” organisation with better, faster, more > detailed mail reports or a database on > greymail and undesirables we could cut down the response time and > consequently the
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
Am 07.08.20 um 22:54 schrieb Alain Gaudreau via mailop: > @Chris > > My vision of it is larger and includes a blacklist with the ability to > exclude and grey list certain hosts within the large blocks controlled by ovh > and the lot. I'm working on a system which may in the long run include such a mechanism. This is implemented a postfix policy daemon, don't know if exim and sendmail can use similar policy handlers. Right now it can match on sender and SMTP client names, IP addresses, and ASN numbers of hosts, their MX and NS records, with combinations of conditions and exceptions, so it's pretty powerful already and helps me to keep out some prolific spammers who regularly acquire new domain names and hosting. I'll probably add some SPF handling that could be used in rules, although I'm not fond of SPF (it breaks forwarding which a good number of our users use.) In combination with exceptions it may still come in handy. Rules are currently configured using files, I'm changing that to have rules in a database together with logs and a web user interface so that users can see log records of mails they have received or that were destined for them but rejected, and can add their own rules and exceptions. The next step would be a kind of distributed reputation system which would allow users to share opinions about senders (good and bad). I'm thinking about using some kind of blockchain based technology which would avoid having a central source of opinions and a single point of failure. However, designing it such that it can have a good trust model, protection against spammers gaming the system, and provision of privacy is not easy, so don't expect something in the near future. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
@Chris My vision of it is larger and includes a blacklist with the ability to exclude and grey list certain hosts within the large blocks controlled by ovh and the lot. I never said we should abandon everything that has been done up until now but we definitely need to make it better, faster and allow for real-time detailed information for mailops adhering to the system that want to stay on top of their reputation. I see it where an upstanding host could be registered, monitored and assigned a lower risk value so rather than discarding/discriminating altogether based on the uplink's ip block, it could be accepted and submitted to the receiving host's spam filtering system regardless of the uplink's ip range thereby putting more responsibility on the actual host which let's face it, has little to no influence on large corporations like ovh but can still be reputable and deserve a fighting chance. With that, we could have complete blockage of company X's ip range through a central list and still allow traffic to flow from upstanding smaller hosts within their larger block that do comply with the requirements to adhere to the system. Oh I can imagine many of the conspiracy theorists out there can conjure up 1001 scenarios but email has become such an essential service worldwide in some ways almost surpassing the good old telephone for B2B/Commercial, that at some point there has to be something done to ensure there is a healthy and competitive market out there while applying proper netiquette and regional laws regarding unsolicited email. Solutions I.D.S. Alain Gaudreau Président 514-907-0057 -Original Message- From: mailop On Behalf Of Chris via mailop Sent: August 7, 2020 2:13 PM To: mailop@mailop.org Subject: Re: [mailop] OVH Bulk Mailer? Anyone know this one? On 2020-08-07 13:14, Alain Gaudreau via mailop wrote: > Perhaps the time has come to change how we have all been doing it for > decades with the current hundreds of RBL’s and local block lists and > put in place a low cost or no cost to mailops neutral world wide > “governing body” built on fast response, information for mailops and best > practices. I think the very fact that we have recalcitrant providers whose repute has universally gotten so low and stimulated widespread blocking as OVH has, proves that what you propose, even if implemented, couldn't possibly work. Especially considering offshore bullet-proof providers. If OVH or other large providers can get away with being the way they are, what makes you think any centralized thing would work any better? As a corollary, what would make a provider comply if you've eliminated the mechanisms we have now? that do work to a significant extent Eg: DNSBLs (local or public)? Nothing. And this doesn't begin to get into the vast wave of "centralized governing body" conspiracy theories or one-world-order or human rights violation squealing that would inevitable ensue. And I say that as someone trying to run a mail server on OVH too. One day when I get 'round to it and the blockage gets sufficiently a nuisance, I'll move it to a more reputable VPS. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
On 2020-08-07 13:14, Alain Gaudreau via mailop wrote: Perhaps the time has come to change how we have all been doing it for decades with the current hundreds of RBL’s and local block lists and put in place a low cost or no cost to mailops neutral world wide “governing body” built on fast response, information for mailops and best practices. I think the very fact that we have recalcitrant providers whose repute has universally gotten so low and stimulated widespread blocking as OVH has, proves that what you propose, even if implemented, couldn't possibly work. Especially considering offshore bullet-proof providers. If OVH or other large providers can get away with being the way they are, what makes you think any centralized thing would work any better? As a corollary, what would make a provider comply if you've eliminated the mechanisms we have now? that do work to a significant extent Eg: DNSBLs (local or public)? Nothing. And this doesn't begin to get into the vast wave of "centralized governing body" conspiracy theories or one-world-order or human rights violation squealing that would inevitable ensue. And I say that as someone trying to run a mail server on OVH too. One day when I get 'round to it and the blockage gets sufficiently a nuisance, I'll move it to a more reputable VPS. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
I disagree Hans-Martin. We have been using ovh for years and years and enforce strict abuse policies on our clients who are mostly notaries, lawyers, dental clinics and so on that have specific needs of having their data hosted in their own jurisdiction for privacy concerns, etc. If you are going to block the entire address space, you would also need to block most of the vps providers out there which are all as difficult to deal with in terms of abuse be it email or various other brute force and ddos attacks who generally ignore reports. I have personally reported hundreds of abuse incidents originating from dozens of major players in the hosting and cloud industries that generally disregard the reports or return generic messages that they cannot be held responsible for data passing through their network. There are still many mailops out there aside from Microsoft/Google that apply strict policies and get swept up in wide range ip bans for nothing pushing clients to migrate to MS/Google and giving them even more control over the market. We need to find better, smarter ways to fight undesirables than simply carpet banning large blocks of ips and killing off smaller operators one after another especially now, during this global pandemic where most companies are suffering massive financial losses and depend on email as their primary means of communication with their suppliers and clients. Perhaps the time has come to change how we have all been doing it for decades with the current hundreds of RBLs and local block lists and put in place a low cost or no cost to mailops neutral world wide governing body built on fast response, information for mailops and best practices. Over the past decades, the only time we have had spam/bulk mail go through our systems has been due to compromised wordpress/joomla/etc websites that communicate with external smtp servers that bypassed for the most part our mail filtering systems entirely which meant waiting for that servers ip to be blocked on some RBL or through MS to get notified of the issue then factor in the time it takes for the team to investigate and shut down the offending web site/account, it all adds up to slow response and more junk floating out there. If we had a widely adopted central organisation with better, faster, more detailed mail reports or a database on greymail and undesirables we could cut down the response time and consequently the number of undesirables and downtime for legitimate clients and mailops dramatically and even force the mailops/uplink providers that would normally ignore reports to pay attention. Microsofts JMRP and SNDS are great tools although lacking in usability and information, something along those lines with a searchable database for our registered mail servers and more detailed information on the reports would be perfect. Its a vast undertaking of course but in the end, might be our best bet to fight spam, shady companies and maintain a healthy market for smaller upstanding operators regardless of their ip space, uplink provider or geolocation. Solutions I.D.S. Alain Gaudreau < <mailto:al...@suroit.net> agaudr...@solutionsids.ca> Président 514-907-0057 From: mailop On Behalf Of Hans-Martin Mosner via mailop Sent: August 5, 2020 9:22 AM To: mailop@mailop.org Subject: Re: [mailop] OVH Bulk Mailer? Anyone know this one? Unless you or your users happen to be customers of those few mostly french companies who use OVH for customer communication, blocking them is a pretty sensible thing to do. They still host spammers, they still ignore abuse reports, so nothing has changed in the last year. Cheers, Hans-Martin Am 5. August 2020 15:03:04 schrieb "Otto J. Makela via mailop" mailto:mailop@mailop.org> >: On 21/05/2019 12.37, Otto J. Makela via mailop wrote: Is there any point in receiving any email from any OVH space, since discussions on this list would seem to indicate they have no functioning abuse enforcement? Numerous netblocks registered to them [...] seem to be permanent spammer havens. Has the situation improved at all in the last year, or shall I keep denying access for OVH large blocks? 5.135.0.0/16 5.196.0.0/16 51.38.0.0/16 51.68.0.0/16 51.75.0.0/16 51.77.0.0/16 51.83.0.0/16 51.89.0.0/16 51.91.0.0/16 51.178.0.0/16 51.254.0.0/15 54.36.0.0/16 54.37.0.0/16 54.38.0.0/16 91.121.0.0/16 91.134.0.0/16 92.222.0.0/16 145.239.0.0/16 147.135.128.0/17 149.202.0.0/16 164.132.0.0/16 176.31.0.0/16 188.165.0.0/16 193.70.0.0/17 213.32.0.0/17 -- /* * * Otto J. Makela mailto:o...@iki.fi> > * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 0100 01001011 * * * * * * */ ___ mailop mailing list mailop@mailop.org
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
While there are unfortunately good email operators on the OVH network, unfortunately our data shows a lot more abuse than good.. BTW, speaking of OVH, anyone know these guys? 167.114.98.1512 guesser8.wdemg4.com 167.114.98.2273 guesser1.wdemg.com NetRange: 167.114.0.0 - 167.114.255.255 CIDR: 167.114.0.0/16 NetName:OVH-ARIN-8 NetHandle: NET-167-114-0-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType:Direct Allocation OriginAS: AS16276 Organization: OVH Hosting, Inc. (HO-2) RegDate:2014-08-28 Updated:2014-09-02 Ref:https://rdap.arin.net/registry/ip/167.114.0.0 OrgName:OVH Hosting, Inc. OrgId: HO-2 Address:800-1801 McGill College City: Montreal StateProv: QC PostalCode: H3A 2N4 Country:CA RegDate:2011-06-22 Updated:2017-01-28 Ref:https://rdap.arin.net/registry/entity/HO-2 And SendGrid, see you are still leaking a lot of phishing.. still no progress? On 2020-08-05 6:21 a.m., Hans-Martin Mosner via mailop wrote: Unless you or your users happen to be customers of those few mostly french companies who use OVH for customer communication, blocking them is a pretty sensible thing to do. They still host spammers, they still ignore abuse reports, so nothing has changed in the last year. Cheers, Hans-Martin Am 5. August 2020 15:03:04 schrieb "Otto J. Makela via mailop" : On 21/05/2019 12.37, Otto J. Makela via mailop wrote: Is there any point in receiving any email from any OVH space, since discussions on this list would seem to indicate they have no functioning abuse enforcement? Numerous netblocks registered to them [...] seem to be permanent spammer havens. Has the situation improved at all in the last year, or shall I keep denying access for OVH large blocks? 5.135.0.0/16 5.196.0.0/16 51.38.0.0/16 51.68.0.0/16 51.75.0.0/16 51.77.0.0/16 51.83.0.0/16 51.89.0.0/16 51.91.0.0/16 51.178.0.0/16 51.254.0.0/15 54.36.0.0/16 54.37.0.0/16 54.38.0.0/16 91.121.0.0/16 91.134.0.0/16 92.222.0.0/16 145.239.0.0/16 147.135.128.0/17 149.202.0.0/16 164.132.0.0/16 176.31.0.0/16 188.165.0.0/16 193.70.0.0/17 213.32.0.0/17 -- /* * * Otto J. Makela * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 0100 01001011 * * * * * * */ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
On 8/5/20 2:47 PM, Otto J. Makela via mailop wrote: On 21/05/2019 12.37, Otto J. Makela via mailop wrote: Is there any point in receiving any email from any OVH space, since discussions on this list would seem to indicate they have no functioning abuse enforcement? Numerous netblocks registered to them [...] seem to be permanent spammer havens. Has the situation improved at all in the last year, or shall I keep denying access for OVH large blocks? It is about the same as blocking Hetzner or AWS or any VPS provider. You will definitely stop some spam, and lose some ham altogether. There are definitely real, legitimate servers in OVH space. But, your servers, your rules. smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
Dnia 5.08.2020 o godz. 15:47:10 Otto J. Makela via mailop pisze: > > Is there any point in receiving any email from any OVH space, If you are interested in receiving mail from me, then there probably is... :) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
Unless you or your users happen to be customers of those few mostly french companies who use OVH for customer communication, blocking them is a pretty sensible thing to do. They still host spammers, they still ignore abuse reports, so nothing has changed in the last year. Cheers, Hans-Martin Am 5. August 2020 15:03:04 schrieb "Otto J. Makela via mailop" : On 21/05/2019 12.37, Otto J. Makela via mailop wrote: Is there any point in receiving any email from any OVH space, since discussions on this list would seem to indicate they have no functioning abuse enforcement? Numerous netblocks registered to them [...] seem to be permanent spammer havens. Has the situation improved at all in the last year, or shall I keep denying access for OVH large blocks? 5.135.0.0/16 5.196.0.0/16 51.38.0.0/16 51.68.0.0/16 51.75.0.0/16 51.77.0.0/16 51.83.0.0/16 51.89.0.0/16 51.91.0.0/16 51.178.0.0/16 51.254.0.0/15 54.36.0.0/16 54.37.0.0/16 54.38.0.0/16 91.121.0.0/16 91.134.0.0/16 92.222.0.0/16 145.239.0.0/16 147.135.128.0/17 149.202.0.0/16 164.132.0.0/16 176.31.0.0/16 188.165.0.0/16 193.70.0.0/17 213.32.0.0/17 -- /* * * Otto J. Makela * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 0100 01001011 * * * * * * */ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
On 21/05/2019 12.37, Otto J. Makela via mailop wrote: > Is there any point in receiving any email from any OVH space, > since discussions on this list would seem to indicate they have > no functioning abuse enforcement? > > Numerous netblocks registered to them [...] > seem to be permanent spammer havens. Has the situation improved at all in the last year, or shall I keep denying access for OVH large blocks? 5.135.0.0/16 5.196.0.0/16 51.38.0.0/16 51.68.0.0/16 51.75.0.0/16 51.77.0.0/16 51.83.0.0/16 51.89.0.0/16 51.91.0.0/16 51.178.0.0/16 51.254.0.0/15 54.36.0.0/16 54.37.0.0/16 54.38.0.0/16 91.121.0.0/16 91.134.0.0/16 92.222.0.0/16 145.239.0.0/16 147.135.128.0/17 149.202.0.0/16 164.132.0.0/16 176.31.0.0/16 188.165.0.0/16 193.70.0.0/17 213.32.0.0/17 -- /* * * Otto J. Makela * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 0100 01001011 * * * * * * */ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
Don't get me started on OVH IP Space. Aside from all the blocks delegated with no rwhois, hiding behind GDPR as an excuse not to provide information on the operator.. Aside from known spammers where the domains are so obviously used for fraud. Aside from the poor OVH abuse handling. Just makes me sorry for those legitimate operators on their IP Space. And of course, for those trying to make a difference, it gets real frustrating when reporting bad actors has no impact. But there are other moves afoot for companies like that. For instance, in Canada, if the sources are OVH in Canada, and you don't get response to abuse complaints, you can take it up with the CRTC, they are particularly interested... Remember, there are laws that implicate those that empower/enable illegal activities as well. But until something like class action law suits, or large government fines, don't expect things to change. Life is short, sometimes the only way companies pay attention, is when enough people stop accepting mail from their IP space, and customers start talking with their feet. But, yeah.. there are a lot of honest people still using their service. However, even they appear not to be able to get much help from the abuse teams.. Our daily spam auditor reports are always full of OVH IP(s) though, from /30's to /24's And of course, there is that 'oh, that is one of our resellers', as if that absolves their reponsibility. On 2019-05-21 2:37 a.m., Otto J. Makela via mailop wrote: Is there any point in receiving any email from any OVH space, since discussions on this list would seem to indicate they have no functioning abuse enforcement? Numerous netblocks registered to them like 51.77.44.64-51.77.44.127 described as "Failover IPs / Legacy" seem to be permanent spammer havens. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] OVH Bulk Mailer? Anyone know this one?
Is there any point in receiving any email from any OVH space, since discussions on this list would seem to indicate they have no functioning abuse enforcement? Numerous netblocks registered to them like 51.77.44.64-51.77.44.127 described as "Failover IPs / Legacy" seem to be permanent spammer havens. -- /* * * Otto J. Makela * * * * * * * * * */ /* Phone: +358 40 765 5772, ICBM: N 60 10' E 24 55' */ /* Mail: Mechelininkatu 26 B 27, FI-00100 Helsinki */ /* * * Computers Rule 0100 01001011 * * * * * * */ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
