Re: [mailop] emailage.com ?
There are getting to be a 'lot' of list washing services out there, but you are right.. SMTP callbacks on contact forms are getting silly too. Could not access several websites now, because their SMTP callback service was blocked for one reason or another. Hackers also can use those forms for list washing ;) The more people that simply block those list washers, especially the non-transparent ones, the quicker people realize there are other ways to do validation other than SMTP callbacks. On 2023-04-24 07:25, Rich Kulawiec via mailop wrote: On Mon, Apr 24, 2023 at 10:44:47AM +0200, Jasper Spaans via mailop wrote: We're seeing quite some postfix PREGREET errors in incoming smtp traffic from hosts claiming to be emailage.com (by lexisnexis). Does anyone know whether this is just a dressed up list washing service, or would it be worthwhile for our customers if we start whitelisting them? I'm still investigating, but my PRELIMINARY understanding is that this is a poorly-thought-out "service" run by Lexis-Nexis. If that understanding is wrong, and five minutes from now it may turn out to be, then I apologize. But: I believe it's trying to use SMTP callbacks to verify email addresses, and that's abusive -- as well as pointless. We went through this 20+ years ago when Verizon foolishly deployed them as a putative anti-spam measure even though they have no anti-spam value whatsoever. Nor do they have any anti-phish, anti-fraud, or anti-anything-else value. Those of us [1] who analyzed them at the time pointed out the inherently abusive nature of this as well as how it could readily be used to conduct third-party attacks. I haven't re-read those message threads in a long time -- because I thought that we'd put enough stakes through the heart of this terrible idea that it would never rise again -- but perhaps that was wishful thinking. ---rsk [1] Myself, the late Bruce Gingery, and if memory serves, Steven Champeon, among others. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] emailage.com ?
On Mon, Apr 24, 2023 at 10:44:47AM +0200, Jasper Spaans via mailop wrote: > We're seeing quite some postfix PREGREET errors in incoming smtp traffic > from hosts claiming to be emailage.com (by lexisnexis). Does anyone know > whether this is just a dressed up list washing service, or would it be > worthwhile for our customers if we start whitelisting them? I'm still investigating, but my PRELIMINARY understanding is that this is a poorly-thought-out "service" run by Lexis-Nexis. If that understanding is wrong, and five minutes from now it may turn out to be, then I apologize. But: I believe it's trying to use SMTP callbacks to verify email addresses, and that's abusive -- as well as pointless. We went through this 20+ years ago when Verizon foolishly deployed them as a putative anti-spam measure even though they have no anti-spam value whatsoever. Nor do they have any anti-phish, anti-fraud, or anti-anything-else value. Those of us [1] who analyzed them at the time pointed out the inherently abusive nature of this as well as how it could readily be used to conduct third-party attacks. I haven't re-read those message threads in a long time -- because I thought that we'd put enough stakes through the heart of this terrible idea that it would never rise again -- but perhaps that was wishful thinking. ---rsk [1] Myself, the late Bruce Gingery, and if memory serves, Steven Champeon, among others. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] emailage.com ?
On Mon, Apr 24, 2023 at 10:44:47AM +0200, Jasper Spaans via mailop wrote: > Hello, > > We're seeing quite some postfix PREGREET errors in incoming smtp > traffic from hosts claiming to be emailage.com (by lexisnexis). Does > anyone know whether this is just a dressed up list washing service, > or would it be worthwhile for our customers if we start whitelisting > them? My $.02: [root@mail ~]# grep emailage /etc/postfix/* /etc/postfix/helo_access:emailage.com REJECT Spam list cleaners are welcome to take a hike -- Atro Tossavainen, Chairman of the Board Infinite Mho Oy, Helsinki, Finland tel. +358-44-5000 600, http://www.infinitemho.fi/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] emailage.com ?
Jasper Spaans via mailop skrev den 2023-04-24 10:44: Hello, We're seeing quite some postfix PREGREET errors in incoming smtp traffic from hosts claiming to be emailage.com (by lexisnexis). Does anyone know whether this is just a dressed up list washing service, or would it be worthwhile for our customers if we start whitelisting them? postscreen is done before smtp, so there is no email to whitelist just ignore it, bots is bots ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] emailage.com ?
Hello, We're seeing quite some postfix PREGREET errors in incoming smtp traffic from hosts claiming to be emailage.com (by lexisnexis). Does anyone know whether this is just a dressed up list washing service, or would it be worthwhile for our customers if we start whitelisting them? Cheers, Jasper ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop