Re: [mailop] Weird blocking by outlook.com (S3150)

[Jerry Cloe via mailop]

The whole "default for companies to hide their information" seems to be a 
reaction to all the European privacy laws (which I admit I know exist, but 
otherwise don't know anything about them or what they say). One of the 
registrars I use on a regular basis (Moniker, based out of Florida) went 
through and changed most of mine and all of my customers whois records to their 
version of privacy records, and they did this with no notification or choice 
what so ever. When I asked Moniker about it, they send me a canned reply about 
complying with current privacy laws (even though as far as I can tell, they 
mostly don't apply to me).

 
-Original message-
From:Steven Champeon via mailop 
Sent:Thu 08-29-2019 12:50 pm
Subject:Re: [mailop] Weird blocking by outlook.com (S3150)
To:mailop@mailop.org; 
*claps*

I can't be the only person who believes the whole "privacy" claim for
failing to provide accurate information about who is using the Internet
to be complete and utter nonsensical bullshit, right?

I make a living classifying PTR naming conventions, so I spend much of
my day (and the past 13 years) looking at WHOIS and rwhois lookups. In
the past few years it has become more or less the default for companies
and organizations and ISPs and telcos to hide their information, even
though you can go to their Web site and find out who they are and how to
contact them and where their locations are and so forth.

 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Steven Champeon via mailop]

on Fri, Aug 23, 2019 at 08:31:24AM -0700, Michael Peddemors via mailop wrote:
> On 2019-08-23 12:45 a.m., Benoit Panizzon via mailop wrote:
> >So for privacy reasons we have decided not to register our customers
> >using this ranges @ RIPE. Anyway we mostly have businesses customers in
> >this range.
> 
> You should allow your customers to make the choice on whether they
> wish to advertise their operational control over the IP(s) they have
> been delegated.

*claps*

I can't be the only person who believes the whole "privacy" claim for
failing to provide accurate information about who is using the Internet
to be complete and utter nonsensical bullshit, right?

I make a living classifying PTR naming conventions, so I spend much of
my day (and the past 13 years) looking at WHOIS and rwhois lookups. In
the past few years it has become more or less the default for companies
and organizations and ISPs and telcos to hide their information, even
though you can go to their Web site and find out who they are and how to
contact them and where their locations are and so forth. Some ccTLDs
don't even bother to run a WHOIS server at all. Most ISPs don't offer
delegation records, or if they did, the rwhois server the lookups try to
redirect to was shut down long ago. 

I dread living in a world where the best way to find out who and where
the responsible party behind a given IP address is traceroute. But it's
becoming more and more the case. 

Steve

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
Internet security and antispam hostname intelligence: http://enemieslist.com/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Michael Peddemors via mailop]

On 2019-08-23 12:45 a.m., Benoit Panizzon via mailop wrote:

157.161.0.0/16 is a 'legacy', pre RIPE range which is exempt from the
RIPE requirement to register customer allocations.


Just because it is exempt, doesn't mean you can't take the opportunity 
to be a good netizen, and operate a 'rwhois' service across your 
network, or at least SWIP it.


Your legitimate customers will thank you.



So for privacy reasons we have decided not to register our customers
using this ranges @ RIPE. Anyway we mostly have businesses customers in
this range.


You should allow your customers to make the choice on whether they wish 
to advertise their operational control over the IP(s) they have been 
delegated.



Whole of 157.161.0.0/16 is included in the SNDS monitoring. I don't see
any major problem there. We haven a customer running an ESP service,
but also in his ip range, the complaint rate is < 0.1%

Out of this range, our email platform uses 157.161.12.0/23


And of course, there is no reason your don't SWIP or 'rwhois' your /23 
so that others can see that the activity in the surrounding space 
doesnt' have the same ownership or behavior as the ESP's IP space might 
have.



It's a typical 'end user' platform for our enduser internet access
customers. Webmail, IMAP Mailboxes. We also operate whitelabel email
services for other ISP. Each one with it's own dedicated ip range.


Just saying..

If it isn't clear on who the responsible party is, or when they started 
using the IP Space, expect that activity from it will be treated with a 
higher level of suspicion.


--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Benoit Panizzon via mailop]

Hi Laura

> In my experience, when the bounce message says "Please contact your Internet 
> service provider since part of their network is on our block list (S3150).” 
> That means that Microsoft is seeing problems across a wide range of IPs in a 
> space and they don’t have a clear picture of where the customer boundaries 
> are. You may find a better customer experience if you SWIP IPs to your 
> customers rather than just lumping them all into a single /16. 
> 
> Are these the IPs you’re using for forwarding? If so, how much filtering are 
> you doing before you forward them?

157.161.0.0/16 is a 'legacy', pre RIPE range which is exempt from the
RIPE requirement to register customer allocations.

So for privacy reasons we have decided not to register our customers
using this ranges @ RIPE. Anyway we mostly have businesses customers in
this range.

Whole of 157.161.0.0/16 is included in the SNDS monitoring. I don't see
any major problem there. We haven a customer running an ESP service,
but also in his ip range, the complaint rate is < 0.1%

Out of this range, our email platform uses 157.161.12.0/23

It's a typical 'end user' platform for our enduser internet access
customers. Webmail, IMAP Mailboxes. We also operate whitelabel email
services for other ISP. Each one with it's own dedicated ip range.

We explicitly do not offer 'relaying services' to customers with own
mailserver. Our rate limiting thresholds would not make those
customers happy.

As we quite closely monitor those services, I am pretty confident we
have no major problem. Of course we get the occasional customer which
manages to get his credentials phished or stolen and the account then
abused. But usually it's a matter of minutes for some measures to
automatically block such account, maxium 2 days, if some human
intervention is needed until such an account is blocked.

And yes, I did open a case with the SNDS support team.

But usually when we hit a blacklist with one of those IP, we already
know why.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Thiago Rodrigo F. Rodrigues via mailop]

The mitigation form may help you.

I have seen IPs not shown as blocked by SNDS panel have 550's for days and
go away after escalated ticket for the support team.

Regards.

Em qui, 22 de ago de 2019 às 12:21, Benoit Panizzon via mailop <
mailop@mailop.org> escreveu:

> Hi List
>
> One of our mail platform IP has once more been hit by an outlook.com
> blocking:
>
> host outlook-com.olc.protection.outlook.com[104.47.4.33] said: 550 5.7.1
> Unfortunately, messages from [157.161.12.116] weren't sent. Please contact
> your Internet service provider since part of their network is on our block
> list (S3150). You can also refer your provider to
> http://mail.live.com/mail/troubleshooting.aspx#errors.
> [AM5EUR02FT063.eop-EUR02.prod.protection.outlook.com] (in reply to MAIL
> FROM command)
>
> According to MX-Toolbox that IP is not listed anywhere.
>
> According to our report on:
> https://sendersupport.olc.protection.outlook.com/snds/ipStatus.aspx
>
> "All of the specified IPs have normal status."
>
> On View Data there are occasional 'trap' hits for that IP and the
> history show < 0.1% but 9 red days.
>
> We also had a spike with 2% trap hits, but that is not flagged as 'red
> day'.
>
> So somehow I don't quite understand what 'red day' means and what could
> cause the IP to be blocklisted right now I think we are doing a pretty
> good job keeping our mailserver clean from phished accounts.
>
> Anyone with more insight?
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


-- 
- - -


www.allin.com.br
  Thiago Rodrigues
*Coordenador de Qualidade*
*+55 11 3544-0513 | +55 11 3544-0562*
*trodrig...@allin.com.br  | Skype: thiago.rfr*

 




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Michael Peddemors via mailop]

+1

But now if we can ONLY get Amazon, GoogleCloud, and Azure to start doing 
the same thing ;) Still far too many bad actors relying on the network 
being 'too big to block' and very loose SWIP/rwhois.


On 2019-08-22 8:41 a.m., Laura Atkins via mailop wrote:
In my experience, when the bounce message says "Please contact your 
Internet service provider since part of their network is on our block 
list (S3150).” That means that Microsoft is seeing problems across a 
wide range of IPs in a space and they don’t have a clear picture of 
where the customer boundaries are. You may find a better customer 
experience if you SWIP IPs to your customers rather than just lumping 
them all into a single /16.


Are these the IPs you’re using for forwarding? If so, how much filtering 
are you doing before you forward them?


laura


On 22 Aug 2019, at 16:08, Benoit Panizzon via mailop 
mailto:mailop@mailop.org>> wrote:


Hi List

One of our mail platform IP has once more been hit by an outlook.com 


blocking:

host outlook-com.olc.protection.outlook.com 
[104.47.4.33] said: 550 
5.7.1

Unfortunately, messages from [157.161.12.116] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[AM5EUR02FT063.eop-EUR02.prod.protection.outlook.com 
] (in reply to MAIL

FROM command)

According to MX-Toolbox that IP is not listed anywhere.

According to our report on:
https://sendersupport.olc.protection.outlook.com/snds/ipStatus.aspx

"All of the specified IPs have normal status."

On View Data there are occasional 'trap' hits for that IP and the
history show < 0.1% but 9 red days.

We also had a spike with 2% trap hits, but that is not flagged as 'red
day'.

So somehow I don't quite understand what 'red day' means and what could
cause the IP to be blocklisted right now I think we are doing a pretty
good job keeping our mailserver clean from phished accounts.

Anyone with more insight?

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G    -    Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 Pratteln    Fax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


--
Having an Email Crisis?  We can help! 800 823-9674

Laura Atkins
Word to the Wise
la...@wordtothewise.com 
(650) 437-0741

Email Delivery Blog: https://wordtothewise.com/blog








___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Paul Smith via mailop]

On 22/08/2019 16:08, Benoit Panizzon via mailop wrote:

One of our mail platform IP has once more been hit by an outlook.com
blocking:

host outlook-com.olc.protection.outlook.com[104.47.4.33] said: 550 5.7.1
Unfortunately, messages from [157.161.12.116] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to



It's probably the "bad neighbour" problem

You may not have been spamming, but Microsoft have seen lots of spam 
from rest of the 157.161.0.0/16 network which your IP address is in. So, 
Microsoft have decided to block the entire block, which includes you.


If you contact the Outlook.com team they may be able to put an exception 
in for your IP address. (They've done that in the past for us, but not 
every time).


https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

Alternatively, change your hosting company to one which takes more care 
to stop spammers using their servers/network.




--


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53

Sign up for news & updates at http://www.pscs.co.uk/go/subscribe

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Weird blocking by outlook.com (S3150)

[Laura Atkins via mailop]

In my experience, when the bounce message says "Please contact your Internet 
service provider since part of their network is on our block list (S3150).” 
That means that Microsoft is seeing problems across a wide range of IPs in a 
space and they don’t have a clear picture of where the customer boundaries are. 
You may find a better customer experience if you SWIP IPs to your customers 
rather than just lumping them all into a single /16. 

Are these the IPs you’re using for forwarding? If so, how much filtering are 
you doing before you forward them?

laura 


> On 22 Aug 2019, at 16:08, Benoit Panizzon via mailop  
> wrote:
> 
> Hi List
> 
> One of our mail platform IP has once more been hit by an outlook.com
> blocking:
> 
> host outlook-com.olc.protection.outlook.com[104.47.4.33] said: 550 5.7.1
> Unfortunately, messages from [157.161.12.116] weren't sent. Please contact
> your Internet service provider since part of their network is on our block
> list (S3150). You can also refer your provider to
> http://mail.live.com/mail/troubleshooting.aspx#errors.
> [AM5EUR02FT063.eop-EUR02.prod.protection.outlook.com] (in reply to MAIL
> FROM command)
> 
> According to MX-Toolbox that IP is not listed anywhere.
> 
> According to our report on:
> https://sendersupport.olc.protection.outlook.com/snds/ipStatus.aspx
> 
> "All of the specified IPs have normal status."
> 
> On View Data there are occasional 'trap' hits for that IP and the
> history show < 0.1% but 9 red days.
> 
> We also had a spike with 2% trap hits, but that is not flagged as 'red
> day'.
> 
> So somehow I don't quite understand what 'red day' means and what could
> cause the IP to be blocklisted right now I think we are doing a pretty
> good job keeping our mailserver clean from phished accounts.
> 
> Anyone with more insight?
> 
> Mit freundlichen Grüssen
> 
> -Benoît Panizzon-
> -- 
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
> 
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Weird blocking by outlook.com (S3150)

[Benoit Panizzon via mailop]

Hi List

One of our mail platform IP has once more been hit by an outlook.com
blocking:

host outlook-com.olc.protection.outlook.com[104.47.4.33] said: 550 5.7.1
Unfortunately, messages from [157.161.12.116] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[AM5EUR02FT063.eop-EUR02.prod.protection.outlook.com] (in reply to MAIL
FROM command)

According to MX-Toolbox that IP is not listed anywhere.

According to our report on:
https://sendersupport.olc.protection.outlook.com/snds/ipStatus.aspx

"All of the specified IPs have normal status."

On View Data there are occasional 'trap' hits for that IP and the
history show < 0.1% but 9 red days.

We also had a spike with 2% trap hits, but that is not flagged as 'red
day'.

So somehow I don't quite understand what 'red day' means and what could
cause the IP to be blocklisted right now I think we are doing a pretty
good job keeping our mailserver clean from phished accounts.

Anyone with more insight?

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop