Re: [mailop] Spamhaus contact?

[Christopher Hawker via mailop]

I've never had an issue with Spamhaus. Only recently (last couple of weeks), I 
needed to get a recycled IP address for a VM on a cloud provider in AU removed 
as well as a domain delisted from their DBL, which they did with ease. Took a 
little bit of time however did not require any interaction from myself to do 
so. Explained that it was a personal mail system with 2-3 mailboxes and it was 
all taken care of.

Kudos to Spamhaus!

Regards,
Christopher Hawker

From: mailop  on behalf of Riccardo Alfieri via 
mailop 
Sent: Wednesday, January 24, 2024 2:10 AM
To: mailop@mailop.org 
Subject: Re: [mailop] Spamhaus contact?


On 22/01/24 20:19, Curtis Maurand via mailop wrote:

Given my experience with spamhaus this week, I’m convinced that they are out to 
put the small email provider out of business.

Well from what I can see we have samples from a few days ago coming from a 
domain for which you have opened a ticket, with curious subjects like "casino 
games win real money" "Buy pills without restrictions" etc..

If you feel this is an abuse of your infrastructure by some customer of yours, 
please continue the ticket thread.

We are not here to put anyone out of business, on the contrary, we try our best 
to help listees when they have an abuse problem.

--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaus.com/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Riccardo Alfieri via mailop]

On 22/01/24 20:19, Curtis Maurand via mailop wrote:



Given my experience with spamhaus this week, I’m convinced that they 
are out to put the small email provider out of business.


Well from what I can see we have samples from a few days ago coming from 
a domain for which you have opened a ticket, with curious subjects like 
"casino games win real money" "Buy pills without restrictions" etc..


If you feel this is an abuse of your infrastructure by some customer of 
yours, please continue the ticket thread.


We are not here to put anyone out of business, on the contrary, we try 
our best to help listees when they have an abuse problem.


--
Best regards,
Riccardo Alfieri

Spamhaus Technology
https://www.spamhaus.com/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

[sNip]
> Given my experience with spamhaus this week, I´m convinced that they 
> are out to put the small email provider out of business.

What was your experience with them?

(I ask, because based on what I've seen, Spamhaus been consistent 
and impartial with their listing criteria, and I know them to be 
responsive and helpful.)

Did your mail server(s) get listed in Spamhaus?  I did some 
checking, and I found some hits in the TRUNCATE and UCEPROTECT-2 
blacklists, but it's possible that I checked in the wrong places.

Please feel free to provide a bit more detail (e.g., a link to a 
Spamhaus listing) as I'd be happy to try to assist (as I'm sure 
others on this mailing list would be happy to as well).

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Curtis Maurand via mailop]

Sent from my iPadOn Jan 15, 2024, at 1:40 PM, Mark Fletcher via mailop  wrote:Hi All,One of groups.io's servers was listed by Spamhaus starting Saturday afternoon (https://www.spamhaus.org/sbl/query/SBL638016). I've been trying to contact them ever since, but they've been silent. I am humbly asking for help.We're an email groups service, like Google Groups. Based on evidence provided by Spamhaus, it appears that some groups that migrated from Yahoo Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses. On Spamhaus' suggestion, I built a reverification system late last year and tested it on a small group of users. Yesterday, I kicked off a reverification to a much larger segment of users. I then told Linode, our hosting provider, about it, and asked them to contact Spamhaus, as directed by their SBL listing. Linode did that, but has not heard back. I also tried contacting Spamhaus this morning, but haven't heard back yet. I am wondering what else I need to do.Given my experience with spamhaus this week, I’m convinced that they are out to put the small email provider out of business. —Curtis___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On 2024-01-19 at 15:42:49 UTC-0500 (Fri, 19 Jan 2024 12:42:49 -0800)
> Randolf Richardson, Postmaster via mailop 
> 
> is rumored to have said:
> 
> > Spamhaus makes the DROP data available (which I believe is also
> > included in their SBL), which is useful for using firewalls to just
> > block or ignore connections from the worst offenders:
> >
> > DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
> > Lists
> > https://www.spamhaus.org/drop/
> >
> > UCE Protect also has level 3 listings for the worst offenders,
> > although I don't recall the list being downloadable for firewall use:
> >
> > UCEPROTECT Blacklist Policy LEVEL 3
> > https://www.uceprotect.net/en/index.php?m=3=5
> 
> It is important to understand that theses are RADICALLY DIFFERENT 
> DATASETS.
> 
> Spamhaus DROP is a fairly small list of address blocks (supplemented by 
> the even smaller EDROP) that one can expect NO friendly traffic from. NO 
> ONE should see any collateral damage from using DROP.

I didn't know about EDROP.  I'll have to look into that.  Thanks!

> UCEPROTECT L3 is an intentional collateral damage list. If one COULD use 
> it as a router blocking list, one would not perceive the Internet to be 
> functional.

Indeed.  Blocking with UCEPROTECT-L3 would certainly be a BOFH move.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Jaroslaw Rafa via mailop]

Dnia 19.01.2024 o godz. 12:42:49 Randolf Richardson, Postmaster via mailop 
pisze:
>   UCE Protect also has level 3 listings for the worst offenders, 
> although I don't recall the list being downloadable for firewall use:
> 
>   UCEPROTECT Blacklist Policy LEVEL 3
>   https://www.uceprotect.net/en/index.php?m=3=5

UCEPROTECT Level 3 is totally unreliable and gives a lot of false positives.
UCEPROTECT themselves ever warn against using this list for blocking.

Nobody should be seriously using UCEPROTECT levels 2 and 3. Only level 1 is
something that has any reliability.

Also, many email operators consider UCEPROTECT being just a money-making
scheme, as it is very easy to get listed by them and they request large fees
for so called "express delisting".
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Bill Cole via mailop]

On 2024-01-19 at 15:42:49 UTC-0500 (Fri, 19 Jan 2024 12:42:49 -0800)
Randolf Richardson, Postmaster via mailop 


is rumored to have said:


Spamhaus makes the DROP data available (which I believe is also
included in their SBL), which is useful for using firewalls to just
block or ignore connections from the worst offenders:

DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
Lists
https://www.spamhaus.org/drop/

UCE Protect also has level 3 listings for the worst offenders,
although I don't recall the list being downloadable for firewall use:

UCEPROTECT Blacklist Policy LEVEL 3
https://www.uceprotect.net/en/index.php?m=3=5


It is important to understand that theses are RADICALLY DIFFERENT 
DATASETS.


Spamhaus DROP is a fairly small list of address blocks (supplemented by 
the even smaller EDROP) that one can expect NO friendly traffic from. NO 
ONE should see any collateral damage from using DROP.


UCEPROTECT L3 is an intentional collateral damage list. If one COULD use 
it as a router blocking list, one would not perceive the Internet to be 
functional.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote:
> >> On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
> >>> On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
>  Ok sorry not "most" but "some may"...
> 
>  My checkpoint rep said that they get their reputation lists from other
>  companies... is it wrong ?
> >>>
> >>> It's possible that Check Point are just an aggregator and don't actually
> >>> have first-hand data. But I don't think of Check Point when somebody
> >>> says DNSBL, which may be my own failure :-D
> >>>
> >>> As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
> >>> SORBS, UCEProtect, PSBL at least all have their own data, I would
> >>> even go so far as to guess "exclusively".
> >>
> >> You didn't accidentally ignore "SpamRats" did you? ;)  But we do have
> >> 'some' reports of aggregators querying our data.. And of course there
> >> are licensed users of our data. And there are some that 'white label'
> >> the rejection, as if it is their own data..
> >>
> >> But in general, there isn't much 'sharing' of data, some consolidation
> >> of data from various sources.
> >>
> >> For the REALLY bad guys though, it would be nice if there was more
> >> sharing of data.. Or maybe an industry 'do not route' that all RBL
> >> providers can include.
> > 
> > Spamhaus makes the DROP data available (which I believe is also
> > included in their SBL), which is useful for using firewalls to just
> > block or ignore connections from the worst offenders:
> > 
> > DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
> > Lists
> > https://www.spamhaus.org/drop/
> > 
> > UCE Protect also has level 3 listings for the worst offenders,
> > although I don't recall the list being downloadable for firewall use:
> > 
> > UCEPROTECT Blacklist Policy LEVEL 3
> > https://www.uceprotect.net/en/index.php?m=3=5
> > 
> > The problem with all DNSBL providers including the same data from
> > one source is that errors can unfairly penalize with major impact
> > that DNSBL operators generally try to prevent.
> > 
> >> A great believer in sharing, but we do all have to pay the bills.
> > 
> > The entire open source software movement is probably one of the very
> > best examples of altruistic sharing.  Supporting people who create
> > useful open source solutions and/or contribute to open source deserve
> > financial support so they can more easily pay their bills too. :)
> > 
> 
> Well, technically UCEPROTECT-3 is not really a DROP list.  And of 
> course, every RBL provider uses different logic to determine what is a 
> DROP list.
> 
> What would be nice, is to be able to have a single system, that takes in 
> data from say SpamHuas DROP lists, as well as others like our own 
> RATS-NULL list, and create a publicly accessible DROP list compiled by 
> the evidence of multiple providers.

I would be willing to facilitate this from the LumberCartel.ca web 
site.  Do you know some DNSBL operators who would be interested in 
sending automated updates or providing me with a way to download the 
updates periodically each day?

> With no single entity setting the reputation, and with public evidence, 
> it would make it a lot easier for the internet as a whole to trust this 
> data, and separate the bad operators from the internet as a whole.

Yes!

> Most of us in the industry know the real bad actors, bulletproof 
> hosters, hacker havens etc.. but it is a shame that everyone as a whole 
> is not protected from them.

...and spam sewers (nobody likes to mention this because it stinks 
so badly, and it never did get cleaned up despite the best efforts of 
so many NANAE regulars in the early days).

> A common source of reputation, something that say every Linux, Apple, 
> and Windows system could trust and enable by default at the network 
> layer.. Just not sure how to realistically make that happen, or how 
> those dedicated to the data intelligence and gathering could maintain 
> viability (eg, who pays for that work to continue).

I'd be happy to write the scripts to generate different formats for 
the various firewalls, DNS zones, SpamAssassin rules, and mail server 
lists, and add support for new ones as they come up.

> Without eating your own lunch.

I envision making this available for free, and crediting all 
contributors (who are okay with being credited).

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Michael Peddemors via mailop]

On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote:

On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:

On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:

Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?


It's possible that Check Point are just an aggregator and don't actually
have first-hand data. But I don't think of Check Point when somebody
says DNSBL, which may be my own failure :-D

As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
SORBS, UCEProtect, PSBL at least all have their own data, I would
even go so far as to guess "exclusively".


You didn't accidentally ignore "SpamRats" did you? ;)  But we do have
'some' reports of aggregators querying our data.. And of course there
are licensed users of our data. And there are some that 'white label'
the rejection, as if it is their own data..

But in general, there isn't much 'sharing' of data, some consolidation
of data from various sources.

For the REALLY bad guys though, it would be nice if there was more
sharing of data.. Or maybe an industry 'do not route' that all RBL
providers can include.


Spamhaus makes the DROP data available (which I believe is also
included in their SBL), which is useful for using firewalls to just
block or ignore connections from the worst offenders:

DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
Lists
https://www.spamhaus.org/drop/

UCE Protect also has level 3 listings for the worst offenders,
although I don't recall the list being downloadable for firewall use:

UCEPROTECT Blacklist Policy LEVEL 3
https://www.uceprotect.net/en/index.php?m=3=5

The problem with all DNSBL providers including the same data from
one source is that errors can unfairly penalize with major impact
that DNSBL operators generally try to prevent.


A great believer in sharing, but we do all have to pay the bills.


The entire open source software movement is probably one of the very
best examples of altruistic sharing.  Supporting people who create
useful open source solutions and/or contribute to open source deserve
financial support so they can more easily pay their bills too. :)



Well, technically UCEPROTECT-3 is not really a DROP list.  And of 
course, every RBL provider uses different logic to determine what is a 
DROP list.


What would be nice, is to be able to have a single system, that takes in 
data from say SpamHuas DROP lists, as well as others like our own 
RATS-NULL list, and create a publicly accessible DROP list compiled by 
the evidence of multiple providers.


With no single entity setting the reputation, and with public evidence, 
it would make it a lot easier for the internet as a whole to trust this 
data, and separate the bad operators from the internet as a whole.


Most of us in the industry know the real bad actors, bulletproof 
hosters, hacker havens etc.. but it is a shame that everyone as a whole 
is not protected from them.


A common source of reputation, something that say every Linux, Apple, 
and Windows system could trust and enable by default at the network 
layer.. Just not sure how to realistically make that happen, or how 
those dedicated to the data intelligence and gathering could maintain 
viability (eg, who pays for that work to continue).


Without eating your own lunch.


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:
> > On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
> >> Ok sorry not "most" but "some may"...
> >>
> >> My checkpoint rep said that they get their reputation lists from other
> >> companies... is it wrong ?
> > 
> > It's possible that Check Point are just an aggregator and don't actually
> > have first-hand data. But I don't think of Check Point when somebody
> > says DNSBL, which may be my own failure :-D
> > 
> > As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
> > SORBS, UCEProtect, PSBL at least all have their own data, I would
> > even go so far as to guess "exclusively".
> 
> You didn't accidentally ignore "SpamRats" did you? ;)  But we do have 
> 'some' reports of aggregators querying our data.. And of course there 
> are licensed users of our data. And there are some that 'white label' 
> the rejection, as if it is their own data..
> 
> But in general, there isn't much 'sharing' of data, some consolidation 
> of data from various sources.
> 
> For the REALLY bad guys though, it would be nice if there was more 
> sharing of data.. Or maybe an industry 'do not route' that all RBL 
> providers can include.

Spamhaus makes the DROP data available (which I believe is also 
included in their SBL), which is useful for using firewalls to just 
block or ignore connections from the worst offenders:

DROP Advisory Null List :: The Spamhaus Don't Route Or Peer 
Lists
https://www.spamhaus.org/drop/

UCE Protect also has level 3 listings for the worst offenders, 
although I don't recall the list being downloadable for firewall use:

UCEPROTECT Blacklist Policy LEVEL 3
https://www.uceprotect.net/en/index.php?m=3=5

The problem with all DNSBL providers including the same data from 
one source is that errors can unfairly penalize with major impact 
that DNSBL operators generally try to prevent.

> A great believer in sharing, but we do all have to pay the bills.

The entire open source software movement is probably one of the very 
best examples of altruistic sharing.  Supporting people who create 
useful open source solutions and/or contribute to open source deserve 
financial support so they can more easily pay their bills too. :)

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Michael Peddemors via mailop]

On 2024-01-19 06:47, Atro Tossavainen via mailop wrote:

On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:

Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?


It's possible that Check Point are just an aggregator and don't actually
have first-hand data. But I don't think of Check Point when somebody
says DNSBL, which may be my own failure :-D

As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
SORBS, UCEProtect, PSBL at least all have their own data, I would
even go so far as to guess "exclusively".




You didn't accidentally ignore "SpamRats" did you? ;)  But we do have 
'some' reports of aggregators querying our data.. And of course there 
are licensed users of our data. And there are some that 'white label' 
the rejection, as if it is their own data..


But in general, there isn't much 'sharing' of data, some consolidation 
of data from various sources.


For the REALLY bad guys though, it would be nice if there was more 
sharing of data.. Or maybe an industry 'do not route' that all RBL 
providers can include.


A great believer in sharing, but we do all have to pay the bills.

--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[John Levine via mailop]

It appears that hg user via mailop  said:
>Since most RBLs exchange data, ...

No, they don't.  Can we leave the conpsiracy theories at home, please?

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Anne Mitchell via mailop]

>> Small pedantic point: DNSBLs, not RBLs.
> 
> As an erstwhile MAPS employee, the persistence of this pedantry warms my 
> heart...


me too (on both counts)


> Also, to author[-1], I think it is a bit of a misimpression that DNSBL 
> operators share data. In some cases they may have overlapping sources, and 
> obviously they can query each others' lists, but there's legal peril in DNSBL 
> operators working together and using each others' non-public data. You can be 
> fairly sure that if Spamhaus and SORBS (Proofpoint) and Barracuda are all 
> listing an IP, they each have their own trustworthy data to back it up.

And this is really why I responded - because yes, so much this about the legal 
peril.


>> Graeme (wearing massive floppy felt pedant hat with huge gold tassels 
>> attached to make the point) :)

Hang on, let me don my professorial mortarboard and hood (and just *why* is it 
called a hood, anyways?)

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Bill Cole via mailop]

On 2024-01-19 at 09:31:19 UTC-0500 (Fri, 19 Jan 2024 15:31:19 +0100)
hg user via mailop 
is rumored to have said:


Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?


In all likelihood that means they don't manage their own blocking 
list(s) but rather buy information from DNSBL operators and other 
assemblers of raw data such as Spamhaus, Proofpoint, Cisco, and others.  
To the best of my knowledge, Checkpoint only uses that information in 
the devices they sell customers, and they are not operating their own 
generally available DNSBL.




On Fri, Jan 19, 2024 at 10:55 AM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:


Since most RBLs exchange data,


Source?

--
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop




___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Bill Cole via mailop]

On 2024-01-19 at 05:31:12 UTC-0500 (Fri, 19 Jan 2024 10:31:12 +)
Graeme Fowler via mailop 
is rumored to have said:

On 19 January 2024 06:13:20 hg user via mailop  
wrote:

Since most RBLs exchange data


Small pedantic point: DNSBLs, not RBLs.


As an erstwhile MAPS employee, the persistence of this pedantry warms my 
heart...


Also, to author[-1], I think it is a bit of a misimpression that DNSBL 
operators share data. In some cases they may have overlapping sources, 
and obviously they can query each others' lists, but there's legal peril 
in DNSBL operators working together and using each others' non-public 
data. You can be fairly sure that if Spamhaus and SORBS (Proofpoint) and 
Barracuda are all listing an IP, they each have their own trustworthy 
data to back it up.


Trend Micro would still assert that the term RBL is their trademark 
(so far as I know), plus a non-small percentage of known DNS block 
lists could not be even marginally described as "real time".


Well, there is also that...

Graeme (wearing massive floppy felt pedant hat with huge gold tassels 
attached to make the point) :)


Excellence in headgear.

--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote:
> Ok sorry not "most" but "some may"...
> 
> My checkpoint rep said that they get their reputation lists from other
> companies... is it wrong ?

It's possible that Check Point are just an aggregator and don't actually
have first-hand data. But I don't think of Check Point when somebody
says DNSBL, which may be my own failure :-D

As far as I've been able to tell, Spamhaus, SURBL, Abusix, SpamCop,
SORBS, UCEProtect, PSBL at least all have their own data, I would
even go so far as to guess "exclusively".

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[hg user via mailop]

Ok sorry not "most" but "some may"...

My checkpoint rep said that they get their reputation lists from other
companies... is it wrong ?

On Fri, Jan 19, 2024 at 10:55 AM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:

> > Since most RBLs exchange data,
>
> Source?
>
> --
> Atro Tossavainen, Chairman of the Board
> Infinite Mho Oy, Helsinki, Finland
> tel. +358-44-5000 600, http://www.infinitemho.fi/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Benny Pedersen via mailop]

Atro Tossavainen via mailop skrev den 2024-01-19 10:48:

Since most RBLs exchange data,


Source?


sign up to dnswl.org, in that stage blacklists are checked, if accepted, 
blacklists is then ignored :)


i dont know if others doing this, i really dont care

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Graeme Fowler via mailop]

On 19 January 2024 06:13:20 hg user via mailop  wrote:

Since most RBLs exchange data


Small pedantic point: DNSBLs, not RBLs.

Trend Micro would still assert that the term RBL is their trademark (so far 
as I know), plus a non-small percentage of known DNS block lists could not 
be even marginally described as "real time".


Graeme (wearing massive floppy felt pedant hat with huge gold tassels 
attached to make the point) :)
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

> Since most RBLs exchange data,

Source?

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[hg user via mailop]

Sorry, just to add that since monday we have also some problems with
checkpoint (the firewall) categorization filters. One of our public IP has
been flagged as adult only... then also IP from hpe (to download firmware),
from X and onedrive.

Since most RBLs exchange data, if one screws up, the other will also
publish that wrong data. My doubt is: someone made an error or is it a
poisoning attack?


On Tue, Jan 16, 2024 at 1:19 AM Randolf Richardson, Postmaster via mailop <
mailop@mailop.org> wrote:

> > On Mon, Jan 15, 2024 at 11:00AM Udeme  wrote:
> >
> > > Mark: looks like as of seconds ago the SBL´s been resolved & removed
> from
> > > the SBL?
> >
> > Yes! That's great, but unfortunately and confusingly, it's switched to a
> > different listing instead:
> https://www.spamhaus.org/query/ip/66.175.222.108
>
> You'll likely be interested in the reputation score, which is
> presently showing as "Poor" for that IP address (66.175.222.108):
>
> Reputation Lookup || Cisco Talos Intelligence Group
>
> https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>
> If any of your lists don't satisfy the "confiremd opt-in"
> requirement, then correcting that will help over time.  (If you need
> any assistance with this, feel free to contact me off-list.)
>
> --
> Postmaster - postmas...@inter-corporate.com
> Randolf Richardson, CNA - rand...@inter-corporate.com
> Inter-Corporate Computer & Network Services, Inc.
> Vancouver, British Columbia, Canada
> https://www.inter-corporate.com/
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[hg user via mailop]

These are business email received by a tour operator from workers of
airlines and hotels, not from customers.

I will send some IP samples later
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Jay Hennigan via mailop]

On 1/18/24 13:33, hg user via mailop wrote:
I also saw a spike in IP reported as malicious by spamhaus: IPs that 
have been sending emails for years: standard, business emails from 
personal accounts of people in airlines and hotels are now triggering 
spamhaus IP rbl... those IPs are NOT from big email providers.


Airline and hotel IPs probably should be characterized similarly to 
dynamic or residential IPs. It's unlikely that legitimate mail will 
originate there as SMTP. Users of these facilities typically use port 
587 to relay mail through an authenticated smarthost.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Michael Peddemors via mailop]

Examples?

On 2024-01-18 13:33, hg user via mailop wrote:
I also saw a spike in IP reported as malicious by spamhaus: IPs that 
have been sending emails for years: standard, business emails from 
personal accounts of people in airlines and hotels are now triggering 
spamhaus IP rbl... those IPs are NOT from big email providers.


On Tue, Jan 16, 2024 at 10:43 PM Gellner, Oliver via mailop 
mailto:mailop@mailop.org>> wrote:



 > On 16.01.2024 at 22:16 Atro Tossavainen via mailop wrote:
 >
 > 
 >>>
https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108 

 >> Thanks for this; I wasn't familiar with Talos Intelligence. Do
they publish
 >> a blocklist?
 >
 > Paying users only. Paying users include the Finnish government's
 > internal outsourcing center (Valtori) and Telia (our largest telco).
 > Their error messages are shit, you don't even know where to look:
 >
 > /var/log/old/maillog-20220410.gz
 >
 > Apr  7 12:47:44 mail postfix/smtp[11896]: 52E23100EBBCA:
to=mailto:postmas...@teliacompany.com>>, relay=mail.cm.telia.net
[80.74.207.118]:25, delay=0.54,
delays=0.09/0/0.14/0.31, dsn=5.0.0, status=bounced (host
mail.cm.telia.net [80.74.207.118] said:
554 Your access to this mail system has been rejected due to poor
reputation of a domain used in message transfer (in reply to end of
DATA command))

As a side note because our replies overlapped: This specific error
message at the end of DATA is not about a low Senderbase Reputation
Score, which I mentioned in my other reply. It refers to a domain
which Talos considers not trustworthy, usually located in the From
or Reply-To header. So it’s not about the MTA IP address, which the
thread starters problem originally was about.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de > * www.dmTECH.de
>
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum
in Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung
stehen oder sich bei uns bewerben, verarbeiten wir personenbezogene
Daten. Informationen unter anderem zu den konkreten
Datenverarbeitungen, Löschfristen, Ihren Rechten sowie die
Kontaktdaten unserer Datenschutzbeauftragten finden Sie
hier>.
___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[hg user via mailop]

I also saw a spike in IP reported as malicious by spamhaus: IPs that have
been sending emails for years: standard, business emails from personal
accounts of people in airlines and hotels are now triggering spamhaus IP
rbl... those IPs are NOT from big email providers.

On Tue, Jan 16, 2024 at 10:43 PM Gellner, Oliver via mailop <
mailop@mailop.org> wrote:

>
> > On 16.01.2024 at 22:16 Atro Tossavainen via mailop wrote:
> >
> > 
> >>>
> https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
> >> Thanks for this; I wasn't familiar with Talos Intelligence. Do they
> publish
> >> a blocklist?
> >
> > Paying users only. Paying users include the Finnish government's
> > internal outsourcing center (Valtori) and Telia (our largest telco).
> > Their error messages are shit, you don't even know where to look:
> >
> > /var/log/old/maillog-20220410.gz
> >
> > Apr  7 12:47:44 mail postfix/smtp[11896]: 52E23100EBBCA: to=<
> postmas...@teliacompany.com>, relay=mail.cm.telia.net[80.74.207.118]:25,
> delay=0.54, delays=0.09/0/0.14/0.31, dsn=5.0.0, status=bounced (host
> mail.cm.telia.net[80.74.207.118] said: 554 Your access to this mail
> system has been rejected due to poor reputation of a domain used in message
> transfer (in reply to end of DATA command))
>
> As a side note because our replies overlapped: This specific error message
> at the end of DATA is not about a low Senderbase Reputation Score, which I
> mentioned in my other reply. It refers to a domain which Talos considers
> not trustworthy, usually located in the From or Reply-To header. So it’s
> not about the MTA IP address, which the thread starters problem originally
> was about.
>
> —
> BR Oliver
> 
>
> dmTECH GmbH
> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
> Telefon 0721 5592-2500 Telefax 0721 5592-2777
> dmt...@dm.de * www.dmTECH.de
> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher
> 
> Datenschutzrechtliche Informationen
> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser
> ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in
> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder
> sich bei uns bewerben, verarbeiten wir personenbezogene Daten.
> Informationen unter anderem zu den konkreten Datenverarbeitungen,
> Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer
> Datenschutzbeauftragten finden Sie hier<
> https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832
> >.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Gellner, Oliver via mailop]

> On 16.01.2024 at 22:16 Atro Tossavainen via mailop wrote:
>
> 
>>> https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
>> a blocklist?
>
> Paying users only. Paying users include the Finnish government's
> internal outsourcing center (Valtori) and Telia (our largest telco).
> Their error messages are shit, you don't even know where to look:
>
> /var/log/old/maillog-20220410.gz
>
> Apr  7 12:47:44 mail postfix/smtp[11896]: 52E23100EBBCA: 
> to=, relay=mail.cm.telia.net[80.74.207.118]:25, 
> delay=0.54, delays=0.09/0/0.14/0.31, dsn=5.0.0, status=bounced (host 
> mail.cm.telia.net[80.74.207.118] said: 554 Your access to this mail system 
> has been rejected due to poor reputation of a domain used in message transfer 
> (in reply to end of DATA command))

As a side note because our replies overlapped: This specific error message at 
the end of DATA is not about a low Senderbase Reputation Score, which I 
mentioned in my other reply. It refers to a domain which Talos considers not 
trustworthy, usually located in the From or Reply-To header. So it’s not about 
the MTA IP address, which the thread starters problem originally was about.

—
BR Oliver


dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Gellner, Oliver via mailop]

On 16.01.2024 at 17:25 Mark Fletcher via mailop wrote:


On Mon, Jan 15, 2024 at 4:19 PM Randolf Richardson, Postmaster via mailop 
mailto:mailop@mailop.org>> wrote:

You'll likely be interested in the reputation score, which is
presently showing as "Poor" for that IP address (66.175.222.108):

Reputation Lookup || Cisco Talos Intelligence Group

https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108


Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish a 
blocklist?

Talos has a blocklist, but AFAIK it’s only available to paying Cisco customers. 
It replies to queries with a so called Senderbase Reputation Score (SBRS) 
between +10 (best) and -10 (worst). The Talos website which you linked to gives 
a rough estimation of this SBRS by grouping the values into the categories 
„Good“, „Neutral“ or „Poor“.

The SBRS is influenced by data collected by Talos, however also by listings on 
other blocklists, as you have observed. If an IP address is listed by Spamhaus 
or the like, its SBRS will automatically decrease.

There used to be a public DNSBL at rf.senderbase.org, but I believe Cisco shut 
this down sometime in the past.

—
BR Oliver

dmTECH GmbH
Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 Karlsruhe
Telefon 0721 5592-2500 Telefax 0721 5592-2777
dmt...@dm.de * www.dmTECH.de
GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927
Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher

Datenschutzrechtliche Informationen
Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an unser 
ServiceCenter Fragen haben, bei uns einkaufen oder unser dialogicum in 
Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung stehen oder sich 
bei uns bewerben, verarbeiten wir personenbezogene Daten. Informationen unter 
anderem zu den konkreten Datenverarbeitungen, Löschfristen, Ihren Rechten sowie 
die Kontaktdaten unserer Datenschutzbeauftragten finden Sie 
hier.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

> > https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
> >
> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
> a blocklist?

Paying users only. Paying users include the Finnish government's
internal outsourcing center (Valtori) and Telia (our largest telco).
Their error messages are shit, you don't even know where to look:

/var/log/old/maillog-20220410.gz

Apr  7 12:47:44 mail postfix/smtp[11896]: 52E23100EBBCA: 
to=, relay=mail.cm.telia.net[80.74.207.118]:25, 
delay=0.54, delays=0.09/0/0.14/0.31, dsn=5.0.0, status=bounced (host 
mail.cm.telia.net[80.74.207.118] said: 554 Your access to this mail system has 
been rejected due to poor reputation of a domain used in message transfer (in 
reply to end of DATA command))

It was only by accident that I was able to find out what it was, and
when I did, I also managed to find out that said "poor reputation"
involved Cisco having believed urlscan.io's misassessment that the
Roundcube webmail software on a server is indicative of...

...drum roll...

* PHISHING AGAINST THE GENERIC BRAND OF EMAIL *

which caused Cisco to list all Roundcube servers everywhere.

I shit you not.

This was soon two years ago, but you don't make a fuckup like that
when you're one of the largest companies in the business.

And their error messages continue to suck every bit as much AFAIK.

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On Mon, Jan 15, 2024 at 4:19PM Randolf Richardson, Postmaster via mailop <
> mailop@mailop.org> wrote:
> 
> > You'll likely be interested in the reputation score, which is
> > presently showing as "Poor" for that IP address (66.175.222.108):
> >
> > Reputation Lookup || Cisco Talos Intelligence Group
> >
> > https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>
> Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
> a blocklist?

Not that I'm aware of.  (It would be great if they did.)

> Spamhaus lifted their block last night. That caused the Talos reputation
> score for us to change to Good. I hope to keep it there.

Excellent!  I'm glad this is resolved now.

Being listed in a popular DNSBL is never fun, but the good thing 
about DNSBLs like Spamhaus.org's is that they're clear on their 
policies and they have a great (and very long-standing) reputation 
for being fair and professional in their dealings with people.

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Mark Fletcher via mailop]

On Mon, Jan 15, 2024 at 4:19 PM Randolf Richardson, Postmaster via mailop <
mailop@mailop.org> wrote:

>
> You'll likely be interested in the reputation score, which is
> presently showing as "Poor" for that IP address (66.175.222.108):
>
> Reputation Lookup || Cisco Talos Intelligence Group
>
> https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108
>
>
Thanks for this; I wasn't familiar with Talos Intelligence. Do they publish
a blocklist?

Spamhaus lifted their block last night. That caused the Talos reputation
score for us to change to Good. I hope to keep it there.

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Randolf Richardson, Postmaster via mailop]

> On Mon, Jan 15, 2024 at 11:00AM Udeme  wrote:
> 
> > Mark: looks like as of seconds ago the SBL´s been resolved & removed from
> > the SBL?
> 
> Yes! That's great, but unfortunately and confusingly, it's switched to a
> different listing instead: https://www.spamhaus.org/query/ip/66.175.222.108

You'll likely be interested in the reputation score, which is 
presently showing as "Poor" for that IP address (66.175.222.108):

Reputation Lookup || Cisco Talos Intelligence Group

https://www.talosintelligence.com/reputation_center/lookup?search=66.175.222.108

If any of your lists don't satisfy the "confiremd opt-in" 
requirement, then correcting that will help over time.  (If you need 
any assistance with this, feel free to contact me off-list.)

-- 
Postmaster - postmas...@inter-corporate.com
Randolf Richardson, CNA - rand...@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
https://www.inter-corporate.com/


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[John Levine via mailop]

It appears that Atro Tossavainen via mailop  said:
>> On Spamhaus' suggestion, I built a reverification system late last year and
>> tested it on a small group of users. Yesterday, I kicked off a
>> reverification to a much larger segment of users.

Yup, I got it yesterday for a list I'm on that's hosted at groups.io.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Richard W via mailop]

>> On Spamhaus' suggestion, I built a reverification system late last 
year and

>> tested it on a small group of users. Yesterday, I kicked off a
>> reverification to a much larger segment of users.
>
> Looking forward to seeing this in our traps.

Yeah, we're seeing that from 66.175.222.12

Richard

On 2024-01-15 1:09 p.m., Atro Tossavainen via mailop wrote:

We're an email groups service, like Google Groups. Based on evidence
provided by Spamhaus, it appears that some groups that migrated from Yahoo
Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses.


That might be the explanation for why some of your customers' lists
contain addresses that ceased to exist before groups.io started to.
It does look rather suspicious when that happens.


On Spamhaus' suggestion, I built a reverification system late last year and
tested it on a small group of users. Yesterday, I kicked off a
reverification to a much larger segment of users.


Looking forward to seeing this in our traps.

This is a third-party observation that has nothing to do with Spamhaus.


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Udeme via mailop]

The listing’s details explain the problem. I’d start with researching the
details there.

As for a timeline, I’d shift the “concerns” towards fixing what caused the
listing. That being said, I can’t speak for Spamhaus. Good luck.

On Mon, Jan 15, 2024 at 2:16 PM Mark Fletcher  wrote:

> On Mon, Jan 15, 2024 at 11:00 AM Udeme  wrote:
>
>> Mark: looks like as of seconds ago the SBL’s been resolved & removed from
>> the SBL?
>>
>
> Yes! That's great, but unfortunately and confusingly, it's switched to a
> different listing instead:
> https://www.spamhaus.org/query/ip/66.175.222.108
>
> Thanks,
> Mark
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Atro Tossavainen via mailop]

> We're an email groups service, like Google Groups. Based on evidence
> provided by Spamhaus, it appears that some groups that migrated from Yahoo
> Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses.

That might be the explanation for why some of your customers' lists
contain addresses that ceased to exist before groups.io started to.
It does look rather suspicious when that happens.

> On Spamhaus' suggestion, I built a reverification system late last year and
> tested it on a small group of users. Yesterday, I kicked off a
> reverification to a much larger segment of users.

Looking forward to seeing this in our traps.

This is a third-party observation that has nothing to do with Spamhaus.

-- 
Atro Tossavainen, Founder, Partner
Koli-Lõks OÜ (reg. no. 12815457, VAT ID EE101811635)
Tallinn, Estonia
tel. +372-5883-4269, https://www.koliloks.eu/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Mark Fletcher via mailop]

On Mon, Jan 15, 2024 at 11:00 AM Udeme  wrote:

> Mark: looks like as of seconds ago the SBL’s been resolved & removed from
> the SBL?
>

Yes! That's great, but unfortunately and confusingly, it's switched to a
different listing instead: https://www.spamhaus.org/query/ip/66.175.222.108

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact?

[Udeme via mailop]

Mark: looks like as of seconds ago the SBL’s been resolved & removed from
the SBL?

-Udeme

On Mon, Jan 15, 2024 at 1:41 PM Mark Fletcher via mailop 
wrote:

> Hi All,
>
> One of groups.io's servers was listed by Spamhaus starting Saturday
> afternoon (https://www.spamhaus.org/sbl/query/SBL638016). I've been
> trying to contact them ever since, but they've been silent. I am humbly
> asking for help.
>
> We're an email groups service, like Google Groups. Based on evidence
> provided by Spamhaus, it appears that some groups that migrated from Yahoo
> Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses.
> On Spamhaus' suggestion, I built a reverification system late last year and
> tested it on a small group of users. Yesterday, I kicked off a
> reverification to a much larger segment of users. I then told Linode, our
> hosting provider, about it, and asked them to contact Spamhaus, as directed
> by their SBL listing. Linode did that, but has not heard back. I also tried
> contacting Spamhaus this morning, but haven't heard back yet. I am
> wondering what else I need to do.
>
> Thanks,
> Mark
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Spamhaus contact?

[Mark Fletcher via mailop]

Hi All,

One of groups.io's servers was listed by Spamhaus starting Saturday
afternoon (https://www.spamhaus.org/sbl/query/SBL638016). I've been trying
to contact them ever since, but they've been silent. I am humbly asking for
help.

We're an email groups service, like Google Groups. Based on evidence
provided by Spamhaus, it appears that some groups that migrated from Yahoo
Groups when Y! Groups shut down contained some Spamhaus spamtrap addresses.
On Spamhaus' suggestion, I built a reverification system late last year and
tested it on a small group of users. Yesterday, I kicked off a
reverification to a much larger segment of users. I then told Linode, our
hosting provider, about it, and asked them to contact Spamhaus, as directed
by their SBL listing. Linode did that, but has not heard back. I also tried
contacting Spamhaus this morning, but haven't heard back yet. I am
wondering what else I need to do.

Thanks,
Mark
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Spamhaus contact

[Neil Schwartzman via mailop]

> On Sep 18, 2019, at 2:42 PM, Brett Schenker via mailop  
> wrote:
> 
> I pray for the day something like CASL or GDPR is used against a client 
> because that will put the fear of god into the entire industry.


<3

Neil Schwartzman
Executive Director
Coalition Against Unsolicited Commercial Email
http://cauce.org
Tel : (303) 800-6345
Twitter : @cauce
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spamhaus contact

[Al Iverson via mailop]

Brett, Linkedin suggests you work for NGP VAN. I've received spam from
your platform in the past and wasn't sure where to report it. Could
you clarify a couple of things for the group and world?

- Is there an abuse reporting address set up? Are reports to that
address read by humans and the reports reviewed to identify policy
compliance issues?
I don't see an address like that registered with abuse.net, which is
where I usually check to look for where to send reports. I'd suggest
registering your domain(s) there.
- Is there an opt-in policy or requirement for users of your platform
that you can share with us? Is it linked and publicly available?

It's interesting to me that your ESP seems to support political
mailing. Lots of political types think they're exempt from best
practices because CAN-SPAM allows it. This seems like a good reminder
to all here that spam filters and groups like Spamhaus will still
block this kind of spam and that CAN-SPAM compliance isn't good
enough.

Thanks,
Al Iverson

On Tue, Sep 17, 2019 at 2:51 PM Brett Schenker via mailop
 wrote:
>
> We got our entire range listed due to an action of a new client that wasn't 
> vetted by sales. I pinged the normal Spamhaus channel but wondering if 
> there's anyone I can reach out to speed up the process.
>
> --
> Brett Schenker
> Man of Many Things, Including
> 5B Consulting - http://www.5bconsulting.com
> Graphic Policy - http://www.graphicpolicy.com
>
> Twitter - http://twitter.com/bhschenker
> LinkedIn - http://www.linkedin.com/in/brettschenker
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



-- 
al iverson // wombatmail // chicago
http://www.aliverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Spamhaus contact

[Brett Schenker via mailop]

We got our entire range listed due to an action of a new client that wasn't
vetted by sales. I pinged the normal Spamhaus channel but wondering if
there's anyone I can reach out to speed up the process.

-- 
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Spamhaus Contact? PBL Broken?

[Todd Herr]

We're seeing lots of our cloud provider (AWS) space listed in the PBL
tonight.

This is new, and AWS claims they don't share space with Spamhaus, so I've
been tasked with trying to contact Spamhaus about this.

Please contact me directly by any means shown below.

-- 

*todd herr*

*sr. delivery engineer www.sparkpost.com *
*twitter* @toddherr @sparkpost

*tel* 415-578-5222 x477
*mobile* 703-220-4153
*email* todd.h...@sparkpost.com 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop