Re: [mailop] Registered @ Microsoft JMRP - blacklisted without feedback received
We recently saw that "S3150" on 3 IPs part of 3 larger netblocks. For all of them we opened a ticket and they "mitigated the IP": I tried collecting more info to no avail, of course :-( . Weird thing is at least one of them has always been *green* on SNDS and had not abuse reports at all in the recent months. That IP is part of a 9IP shared pool, so sending the same emails of the other neighbour IPs and it is the only one that was blocked with that error. That IP was a low volume IP (200-400 daily email) and I randomly picked few emails from the days before the block and I have not been able to identify spammy emails. I asked in the ticket if they could give some hint about the issue as I can't find spammy emails, I didn't receive abuses and SNDS says everything was good before (and everything is still good for the twin IPs) but they simply mitigated and ignored my questions. So, +1 to your questions. Stefano On Tue, 11 May 2021 at 14:07, Benoit Panizzon via mailop wrote: > > Dear List > > One of our main smtp outbound ip addresses is blocked by microsoft. > > host outlook-com.olc.protection.outlook.com[104.47.10.33] said: 550 5.7.1 > Unfortunately, messages from [157.161.12.84] weren't sent. Please > contact > your Internet service provider since part of their network is on our > block > list (S3150). You can also refer your provider to > http://mail.live.com/mail/troubleshooting.aspx#errors. > [DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL > FROM command) > > I checked our JMRP entries. This IP is listed as one of our > mailservers. The complaint rate is < 0.1% but it had 2 'trap' hits and > is in status red. > > Our abuse desk email address is registered for the ARF feedback loop > for the ip range in question. > > We usually get a lot of feedback loop emails, mostly false positives of > Mirosoft users mixing up 'junk' with their trash folder or similar, or > moving all their old mail to 'junk' causing an avalanche of complaints > being sent. I opened several cases with Microsoft about this, but never > got any solution offered (as a sidenote rant) > > But no, there were no complaints about: 157.161.12.84 received. > > Does anyone know, how to get hold of the emails that caused this > blocking? > > Mit freundlichen Grüssen > > -Benoît Panizzon- -- Stefano Bagnara Apache James/jDKIM/jSPF VOXmail/Mosaico.io/VoidLabs ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Registered @ Microsoft JMRP - blacklisted without feedback received
IMO it's a totally useless system. We have had ASNs blocked without a single complaint prior to it. Not a single one. Once every 2-3 month we get a complaint and contact the complaining person. Out of ~10 times it was only ONCE a mail, that the rcpt did not want to receive. If you want to receive mail, don't register with MS. I cannot say this often enough. To add a small hint: Try to send ~the same mail volume and don't cause peaks. Do not send to too many recipients in one session. Funny enough we receive a lot of spam from MS at the moment... -- Originalnachricht -- Von: "Laura Atkins via mailop" An: "mailop" Gesendet: 11.05.2021 14:25:11 Betreff: Re: [mailop] Registered @ Microsoft JMRP - blacklisted without feedback received Given you are the service provider, the best place to look is in your abuse queue. Look for complaints about mail from that IP (and surrounding IPs) going back for a while. Typically, the consumer ISPs will put mail in the bulk folder for a while before escalating to a block. When the mail is going to bulk you will not see complaints as users cannot send FBL messages related to mail in the bulk folder. This means low complaint rates immediately before a block Do Not Mean that the mail is fine. In fact, it often means that the mail is already identified as spam. You need to go back further, to before MS was putting the messages in the bulk folder, in order to see complaints about it. Going back over time will give you some information about what customer and what mail streams were causing problems. That should give you some insight into which customers you need to address to get the block lifted. The other place to look is your outbound logs. What are your customers doing and what types of mail are they sending? Did any customer have an unexpected spike in volume? This can often indicate a system may have been compromised and being used to send spam / malware. Sometimes it just means someone got the idea that sending ‘cold outreach mail’ was a good idea. Those are the two places I’d start my investigation in your situation. laura On 11 May 2021, at 12:54, Benoit Panizzon via mailop wrote: Dear List One of our main smtp outbound ip addresses is blocked by microsoft. host outlook-com.olc.protection.outlook.com[104.47.10.33] said: 550 5.7.1 Unfortunately, messages from [157.161.12.84] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL FROM command) I checked our JMRP entries. This IP is listed as one of our mailservers. The complaint rate is < 0.1% but it had 2 'trap' hits and is in status red. Our abuse desk email address is registered for the ARF feedback loop for the ip range in question. We usually get a lot of feedback loop emails, mostly false positives of Mirosoft users mixing up 'junk' with their trash folder or similar, or moving all their old mail to 'junk' causing an avalanche of complaints being sent. I opened several cases with Microsoft about this, but never got any solution offered (as a sidenote rant) But no, there were no complaints about: 157.161.12.84 received. Does anyone know, how to get hold of the emails that caused this blocking? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog andre.peters@servercow.de.asc Description: application/pgp-keys pgpsJcXuPCK0W.pgp Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Registered @ Microsoft JMRP - blacklisted without feedback received
Given you are the service provider, the best place to look is in your abuse queue. Look for complaints about mail from that IP (and surrounding IPs) going back for a while. Typically, the consumer ISPs will put mail in the bulk folder for a while before escalating to a block. When the mail is going to bulk you will not see complaints as users cannot send FBL messages related to mail in the bulk folder. This means low complaint rates immediately before a block Do Not Mean that the mail is fine. In fact, it often means that the mail is already identified as spam. You need to go back further, to before MS was putting the messages in the bulk folder, in order to see complaints about it. Going back over time will give you some information about what customer and what mail streams were causing problems. That should give you some insight into which customers you need to address to get the block lifted. The other place to look is your outbound logs. What are your customers doing and what types of mail are they sending? Did any customer have an unexpected spike in volume? This can often indicate a system may have been compromised and being used to send spam / malware. Sometimes it just means someone got the idea that sending ‘cold outreach mail’ was a good idea. Those are the two places I’d start my investigation in your situation. laura > On 11 May 2021, at 12:54, Benoit Panizzon via mailop > wrote: > > Dear List > > One of our main smtp outbound ip addresses is blocked by microsoft. > > host outlook-com.olc.protection.outlook.com[104.47.10.33] said: 550 5.7.1 > Unfortunately, messages from [157.161.12.84] weren't sent. Please > contact > your Internet service provider since part of their network is on our > block > list (S3150). You can also refer your provider to > http://mail.live.com/mail/troubleshooting.aspx#errors. > [DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL > FROM command) > > I checked our JMRP entries. This IP is listed as one of our > mailservers. The complaint rate is < 0.1% but it had 2 'trap' hits and > is in status red. > > Our abuse desk email address is registered for the ARF feedback loop > for the ip range in question. > > We usually get a lot of feedback loop emails, mostly false positives of > Mirosoft users mixing up 'junk' with their trash folder or similar, or > moving all their old mail to 'junk' causing an avalanche of complaints > being sent. I opened several cases with Microsoft about this, but never > got any solution offered (as a sidenote rant) > > But no, there were no complaints about: 157.161.12.84 received. > > Does anyone know, how to get hold of the emails that caused this > blocking? > > Mit freundlichen Grüssen > > -Benoît Panizzon- > -- > I m p r o W a r e A G-Leiter Commerce Kunden > __ > > Zurlindenstrasse 29 Tel +41 61 826 93 00 > CH-4133 PrattelnFax +41 61 826 93 01 > Schweiz Web http://www.imp.ch > __ > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Having an Email Crisis? We can help! 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: https://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Registered @ Microsoft JMRP - blacklisted without feedback received
Dear List One of our main smtp outbound ip addresses is blocked by microsoft. host outlook-com.olc.protection.outlook.com[104.47.10.33] said: 550 5.7.1 Unfortunately, messages from [157.161.12.84] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150). You can also refer your provider to http://mail.live.com/mail/troubleshooting.aspx#errors. [DB5EUR03FT006.eop-EUR03.prod.protection.outlook.com] (in reply to MAIL FROM command) I checked our JMRP entries. This IP is listed as one of our mailservers. The complaint rate is < 0.1% but it had 2 'trap' hits and is in status red. Our abuse desk email address is registered for the ARF feedback loop for the ip range in question. We usually get a lot of feedback loop emails, mostly false positives of Mirosoft users mixing up 'junk' with their trash folder or similar, or moving all their old mail to 'junk' causing an avalanche of complaints being sent. I opened several cases with Microsoft about this, but never got any solution offered (as a sidenote rant) But no, there were no complaints about: 157.161.12.84 received. Does anyone know, how to get hold of the emails that caused this blocking? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G-Leiter Commerce Kunden __ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 PrattelnFax +41 61 826 93 01 Schweiz Web http://www.imp.ch __ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop