Re: [mailop] salesforce phishing emails
> On Sun, Dec 03, 2023 at 07:26:14AM +0100, Arne Jensen via mailop wrote: > > Den 30-11-2023 kl. 09:36 skrev Giovanni Bechis via mailop: > > > I maintain an ESP rbl > > > > Thank you for maintaining and providing that! > > > > I looked around and didn't find much information about the operation of > > the RBL though. > > > > So that raises a few questions from my end, such as: > > > > - Is there any sort of usage / query restrictions on that RBL? > > > no restrictions atm I would like to find out more about this RBL. I use a number of them with great success -- the major ones I use for outright blocking, and the remaining ones for tagging and scoring. > > - Is it possible to download the data, either for a local mirror or even > > in order to assist with raising the quality of the public mirrors? > > > not atm I may be interested in helping out with this in the future too; feel free to reach out to me at any point in the future. > > - Can you submit spam samples, or otherwise provide suggestions for > > inclusion? > > > > - Are you the only person one adding "bad senders" to these RBL lists? > > > > - What data is the "bad senders" based on? Spam sent to spam traps? Spam > > sent to your personal mailbox? ...? > > > > - If you're under the impression there is one or more false positives, > > ... is there any way, you can report that? > > Atm data are based on spamtraps and spam delivered to mailbox of some > selected customers that reports FPs and FNs to my company. > I am in contact with another company which is going to provide me more > data. > If there is interest in this rbl I can provide more info and a way to > report FNs and FPs. I send MIME Digest eMails of spam evidence to SpamCop.net multiple times every day. If you're interested in this evidence and can accept this format, I'd be happy to also send these MIME Digests to your automated systems too (depending on spammer activity, these digests vary in size, although I normally try to send them frequently enough to keep them below 500 messages per MIME Digest). Feel free to reach out to me at any point in the future on this matter too. > Regards > Giovanni > > > -- > > Med venlig hilsen / Kind regards, > > Arne Jensen > > > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On Sun, Dec 03, 2023 at 07:26:14AM +0100, Arne Jensen via mailop wrote: > Den 30-11-2023 kl. 09:36 skrev Giovanni Bechis via mailop: > > I maintain an ESP rbl > > Thank you for maintaining and providing that! > > I looked around and didn't find much information about the operation of > the RBL though. > > So that raises a few questions from my end, such as: > > - Is there any sort of usage / query restrictions on that RBL? > no restrictions atm > - Is it possible to download the data, either for a local mirror or even > in order to assist with raising the quality of the public mirrors? > not atm > - Can you submit spam samples, or otherwise provide suggestions for > inclusion? > > - Are you the only person one adding "bad senders" to these RBL lists? > > - What data is the "bad senders" based on? Spam sent to spam traps? Spam > sent to your personal mailbox? ...? > > - If you're under the impression there is one or more false positives, > ... is there any way, you can report that? > Atm data are based on spamtraps and spam delivered to mailbox of some selected customers that reports FPs and FNs to my company. I am in contact with another company which is going to provide me more data. If there is interest in this rbl I can provide more info and a way to report FNs and FPs. Regards Giovanni > -- > Med venlig hilsen / Kind regards, > Arne Jensen > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop signature.asc Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Den 30-11-2023 kl. 09:36 skrev Giovanni Bechis via mailop: I maintain an ESP rbl Thank you for maintaining and providing that! I looked around and didn't find much information about the operation of the RBL though. So that raises a few questions from my end, such as: - Is there any sort of usage / query restrictions on that RBL? - Is it possible to download the data, either for a local mirror or even in order to assist with raising the quality of the public mirrors? - Can you submit spam samples, or otherwise provide suggestions for inclusion? - Are you the only person one adding "bad senders" to these RBL lists? - What data is the "bad senders" based on? Spam sent to spam traps? Spam sent to your personal mailbox? ...? - If you're under the impression there is one or more false positives, ... is there any way, you can report that? -- Med venlig hilsen / Kind regards, Arne Jensen ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On 11/30/23 11:40, Hal Murray via mailop wrote: Giovanni Bechis said: I maintain an ESP rbl that includes SalesForce bad customers, How well does that work? Most data are from SparkPost and SendInBlue ESPs but it's performing quite well with others as well. Giovanni This month, I have 6 copies of the same crap: After reviewing your company's profile, we believe that your knowledge and experience will be beneficial to the projects that ARAMCO is working on in this 2023 and 2024 session Another one in Sep. All from Salesforce. All different vendors. All sent to an address that hasn't sent anything for 2 years but was/is on lots of spammer lists. Just in case anybody isn't sure, I don't have a company and I don't know anything about the oil business. OpenPGP_signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Giovanni Bechis said: > I maintain an ESP rbl that includes SalesForce bad customers, How well does that work? This month, I have 6 copies of the same crap: After reviewing your company's profile, we believe that your knowledge and experience will be beneficial to the projects that ARAMCO is working on in this 2023 and 2024 session Another one in Sep. All from Salesforce. All different vendors. All sent to an address that hasn't sent anything for 2 years but was/is on lots of spammer lists. Just in case anybody isn't sure, I don't have a company and I don't know anything about the oil business. -- These are my opinions. I hate spam. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On 11/29/23 22:32, Hans-Martin Mosner via mailop wrote: Am 28.11.23 um 11:54 schrieb Mary via mailop: Dear salesforce, Please stop your clients from sending Facebook phishing emails. I've been asking them something like that by way of abuse reports since end of September, to no avail. They don't seem to care. Sadly, they host legitimate customers, too, so we can't block them completely. I maintain an ESP rbl that includes SalesForce bad customers, SpamAssassin rules are at https://github.com/bigio/spamassassin-esp , plugin is needed only for SpamAssassin 3.4.x. Giovanni OpenPGP_signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Am 28.11.23 um 11:54 schrieb Mary via mailop: Dear salesforce, Please stop your clients from sending Facebook phishing emails. I've been asking them something like that by way of abuse reports since end of September, to no avail. They don't seem to care. Sadly, they host legitimate customers, too, so we can't block them completely. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
> Hello, > > On Tue, Nov 28, 2023 at 12:54:13PM +0200, Mary via mailop wrote: > > X-mail_abuse_inquiries: http://www.salesforce.com/company/abuse.jsp > > I reported a similar phishing spam to Salesforce a few days ago. I > can't believe in this day and age that the above URL in its first > paragraph on how to report email abuse says: > > If you have received unsolicited email from a Salesforce user, > replying to that user to let them know that you would like to > opt out of future emailings should resolve the problem. > > No, sorry, I'm not encouraging my users or anyone else to interact > with what are at best write-only spam factories and at worst > seasoned social engineers. What an absurd thing to suggest as the > first step once it has got to the stage of anything that the > recipient considers to be abuse. So, basically they want [potential] victims to come forward and do the job of their abuse desk and/or postmaster? That's awful. :( Salesforce: Please change your policies in ways that stop normalizing "opt-out." > Thanks, > Andy > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Hello, On Tue, Nov 28, 2023 at 12:54:13PM +0200, Mary via mailop wrote: > X-mail_abuse_inquiries: http://www.salesforce.com/company/abuse.jsp I reported a similar phishing spam to Salesforce a few days ago. I can't believe in this day and age that the above URL in its first paragraph on how to report email abuse says: If you have received unsolicited email from a Salesforce user, replying to that user to let them know that you would like to opt out of future emailings should resolve the problem. No, sorry, I'm not encouraging my users or anyone else to interact with what are at best write-only spam factories and at worst seasoned social engineers. What an absurd thing to suggest as the first step once it has got to the stage of anything that the recipient considers to be abuse. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop