Re: [mailop] salesforce phishing emails
My experience is similar. My observation has been that Salesforce does not care about abuse, that almost all of the mail coming from their platform is unsolicited marketing email, and that they're a trash spam company worth blocking. On 2024-06-13 12:09, Michael Peddemors via mailop wrote: On 2024-06-13 08:28, Anne P. Mitchell, Esq. via mailop wrote: On Jun 12, 2024, at 11:40 PM, Hans-Martin Mosner via mailop wrote: Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop: I've also always found abuse@ to be responsive there, and it's peopled by a real person, who gives real responses (at least that was the case as recently as 12/21/23. That's interesting, I've been sending lots of abuse reports to that address before and never received a response (or noticed a change in the pattern). But then I'm not a lawyer ;-þ That's interesting - it _could_ be in part that I'm a lawyer (and perhaps more relevantly a known anti-spam lawyer), however I also wonder if it has to do with volume - I report to SF quite sparingly (simply because the amount of spam we get here, while copious, is rarely from SF). If you are sending a lot of complaints, I wonder if that's a factor (granted it *shouldn't* be a factor, but I wonder if...). Anne --- Anne P. Mitchell, Esq. It's you ;) Everyone answers YOUR emails ... hehehe But seriously, yes we are seeing too many cases of emails of obviously 'harvested' email databases from SalesForce.. And no, we aren't going to report every case that we see. Thing is, anyone using harvested databases should be triggering all kinds of alarm bells at the ESP, eg hi bounce rates etc.. If their teams aren't reacting to those internal checks and balances, it is unlikely that an abuse report will carry much weight (Unless it is from Anne) Unfortunately, history has taught us the only real way to get attention is when they end up on rejection lists.. All the way back to the SPEWS days.. And in some cases *cough* (SendGrid) even that is not enough to make change happen. Speaking of what Business Drivers are required to enact change.. Curious.. what business drivers would be needed to have Cox and Verizon and Comcast to action compromised CPE equipment on their networks? Not that hard to detect, (heck, I am sure others like us might even share that data) and I am sure that aside from the fact that it stealing customer data, and slowing their connections to a crawl, there must be a business driver for ISP's to let customers know about threats on their networks, or actually remove/replace those devices. Comments? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On 2024-06-13 08:28, Anne P. Mitchell, Esq. via mailop wrote: On Jun 12, 2024, at 11:40 PM, Hans-Martin Mosner via mailop wrote: Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop: I've also always found abuse@ to be responsive there, and it's peopled by a real person, who gives real responses (at least that was the case as recently as 12/21/23. That's interesting, I've been sending lots of abuse reports to that address before and never received a response (or noticed a change in the pattern). But then I'm not a lawyer ;-þ That's interesting - it _could_ be in part that I'm a lawyer (and perhaps more relevantly a known anti-spam lawyer), however I also wonder if it has to do with volume - I report to SF quite sparingly (simply because the amount of spam we get here, while copious, is rarely from SF). If you are sending a lot of complaints, I wonder if that's a factor (granted it *shouldn't* be a factor, but I wonder if...). Anne --- Anne P. Mitchell, Esq. It's you ;) Everyone answers YOUR emails ... hehehe But seriously, yes we are seeing too many cases of emails of obviously 'harvested' email databases from SalesForce.. And no, we aren't going to report every case that we see. Thing is, anyone using harvested databases should be triggering all kinds of alarm bells at the ESP, eg hi bounce rates etc.. If their teams aren't reacting to those internal checks and balances, it is unlikely that an abuse report will carry much weight (Unless it is from Anne) Unfortunately, history has taught us the only real way to get attention is when they end up on rejection lists.. All the way back to the SPEWS days.. And in some cases *cough* (SendGrid) even that is not enough to make change happen. Speaking of what Business Drivers are required to enact change.. Curious.. what business drivers would be needed to have Cox and Verizon and Comcast to action compromised CPE equipment on their networks? Not that hard to detect, (heck, I am sure others like us might even share that data) and I am sure that aside from the fact that it stealing customer data, and slowing their connections to a crawl, there must be a business driver for ISP's to let customers know about threats on their networks, or actually remove/replace those devices. Comments? -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
> On Jun 12, 2024, at 11:40 PM, Hans-Martin Mosner via mailop > wrote: > > Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop: >> >> >> I've also always found abuse@ to be responsive there, and it's peopled by a >> real person, who gives real responses (at least that was the case as >> recently as 12/21/23. >> > That's interesting, I've been sending lots of abuse reports to that address > before and never received a response (or noticed a change in the pattern). > But then I'm not a lawyer ;-þ That's interesting - it _could_ be in part that I'm a lawyer (and perhaps more relevantly a known anti-spam lawyer), however I also wonder if it has to do with volume - I report to SF quite sparingly (simply because the amount of spam we get here, while copious, is rarely from SF). If you are sending a lot of complaints, I wonder if that's a factor (granted it *shouldn't* be a factor, but I wonder if...). Anne --- Anne P. Mitchell, Esq. Internet Law & Policy Attorney CEO Institute for Social Internet Public Policy (ISIPP) Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Creator of the term 'deliverability' and co-founder of the deliverability industry Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus, eMail Abuse Prevention System (MAPS) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop: I've also always found abuse@ to be responsive there, and it's peopled by a real person, who gives real responses (at least that was the case as recently as 12/21/23. That's interesting, I've been sending lots of abuse reports to that address before and never received a response (or noticed a change in the pattern). But then I'm not a lawyer ;-þ Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
> On Jun 12, 2024, at 9:27 AM, Hans-Martin Mosner via mailop > wrote: > > Am 28.11.23 um 11:54 schrieb Mary via mailop: >> Dear salesforce, >> >> Please stop your clients from sending Facebook phishing emails. >> > Sorry for digging up this old thread... I seem to have found a contact at > salesforce which reads, responds and apparently reacts to reports: security > -at- salesforce.com. > > Whether this will lead to improved customer vetting is not yet clear, but at > least they state that they shut down the customers involved, which I'm > inclined to believe. I've also always found abuse@ to be responsive there, and it's peopled by a real person, who gives real responses (at least that was the case as recently as 12/21/23. Anne --- Anne P. Mitchell, Esq. Internet Law & Policy Attorney CEO Institute for Social Internet Public Policy (ISIPP) Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law) Creator of the term 'deliverability' and founder of the deliverability industry Author: The Email Deliverability Handbook Board of Directors, Denver Internet Exchange Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School Prof. Emeritus, Lincoln Law School Chair Emeritus, Asilomar Microcomputer Workshop Counsel Emeritus, eMail Abuse Prevention System (MAPS) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Am 28.11.23 um 11:54 schrieb Mary via mailop: Dear salesforce, Please stop your clients from sending Facebook phishing emails. Sorry for digging up this old thread... I seem to have found a contact at salesforce which reads, responds and apparently reacts to reports: security -at- salesforce.com. Whether this will lead to improved customer vetting is not yet clear, but at least they state that they shut down the customers involved, which I'm inclined to believe. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
> On Sun, Dec 03, 2023 at 07:26:14AM +0100, Arne Jensen via mailop wrote: > > Den 30-11-2023 kl. 09:36 skrev Giovanni Bechis via mailop: > > > I maintain an ESP rbl > > > > Thank you for maintaining and providing that! > > > > I looked around and didn't find much information about the operation of > > the RBL though. > > > > So that raises a few questions from my end, such as: > > > > - Is there any sort of usage / query restrictions on that RBL? > > > no restrictions atm I would like to find out more about this RBL. I use a number of them with great success -- the major ones I use for outright blocking, and the remaining ones for tagging and scoring. > > - Is it possible to download the data, either for a local mirror or even > > in order to assist with raising the quality of the public mirrors? > > > not atm I may be interested in helping out with this in the future too; feel free to reach out to me at any point in the future. > > - Can you submit spam samples, or otherwise provide suggestions for > > inclusion? > > > > - Are you the only person one adding "bad senders" to these RBL lists? > > > > - What data is the "bad senders" based on? Spam sent to spam traps? Spam > > sent to your personal mailbox? ...? > > > > - If you're under the impression there is one or more false positives, > > ... is there any way, you can report that? > > Atm data are based on spamtraps and spam delivered to mailbox of some > selected customers that reports FPs and FNs to my company. > I am in contact with another company which is going to provide me more > data. > If there is interest in this rbl I can provide more info and a way to > report FNs and FPs. I send MIME Digest eMails of spam evidence to SpamCop.net multiple times every day. If you're interested in this evidence and can accept this format, I'd be happy to also send these MIME Digests to your automated systems too (depending on spammer activity, these digests vary in size, although I normally try to send them frequently enough to keep them below 500 messages per MIME Digest). Feel free to reach out to me at any point in the future on this matter too. > Regards > Giovanni > > > -- > > Med venlig hilsen / Kind regards, > > Arne Jensen > > > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On Sun, Dec 03, 2023 at 07:26:14AM +0100, Arne Jensen via mailop wrote: > Den 30-11-2023 kl. 09:36 skrev Giovanni Bechis via mailop: > > I maintain an ESP rbl > > Thank you for maintaining and providing that! > > I looked around and didn't find much information about the operation of > the RBL though. > > So that raises a few questions from my end, such as: > > - Is there any sort of usage / query restrictions on that RBL? > no restrictions atm > - Is it possible to download the data, either for a local mirror or even > in order to assist with raising the quality of the public mirrors? > not atm > - Can you submit spam samples, or otherwise provide suggestions for > inclusion? > > - Are you the only person one adding "bad senders" to these RBL lists? > > - What data is the "bad senders" based on? Spam sent to spam traps? Spam > sent to your personal mailbox? ...? > > - If you're under the impression there is one or more false positives, > ... is there any way, you can report that? > Atm data are based on spamtraps and spam delivered to mailbox of some selected customers that reports FPs and FNs to my company. I am in contact with another company which is going to provide me more data. If there is interest in this rbl I can provide more info and a way to report FNs and FPs. Regards Giovanni > -- > Med venlig hilsen / Kind regards, > Arne Jensen > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop signature.asc Description: PGP signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Den 30-11-2023 kl. 09:36 skrev Giovanni Bechis via mailop: I maintain an ESP rbl Thank you for maintaining and providing that! I looked around and didn't find much information about the operation of the RBL though. So that raises a few questions from my end, such as: - Is there any sort of usage / query restrictions on that RBL? - Is it possible to download the data, either for a local mirror or even in order to assist with raising the quality of the public mirrors? - Can you submit spam samples, or otherwise provide suggestions for inclusion? - Are you the only person one adding "bad senders" to these RBL lists? - What data is the "bad senders" based on? Spam sent to spam traps? Spam sent to your personal mailbox? ...? - If you're under the impression there is one or more false positives, ... is there any way, you can report that? -- Med venlig hilsen / Kind regards, Arne Jensen ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On 11/30/23 11:40, Hal Murray via mailop wrote: Giovanni Bechis said: I maintain an ESP rbl that includes SalesForce bad customers, How well does that work? Most data are from SparkPost and SendInBlue ESPs but it's performing quite well with others as well. Giovanni This month, I have 6 copies of the same crap: After reviewing your company's profile, we believe that your knowledge and experience will be beneficial to the projects that ARAMCO is working on in this 2023 and 2024 session Another one in Sep. All from Salesforce. All different vendors. All sent to an address that hasn't sent anything for 2 years but was/is on lots of spammer lists. Just in case anybody isn't sure, I don't have a company and I don't know anything about the oil business. OpenPGP_signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Giovanni Bechis said: > I maintain an ESP rbl that includes SalesForce bad customers, How well does that work? This month, I have 6 copies of the same crap: After reviewing your company's profile, we believe that your knowledge and experience will be beneficial to the projects that ARAMCO is working on in this 2023 and 2024 session Another one in Sep. All from Salesforce. All different vendors. All sent to an address that hasn't sent anything for 2 years but was/is on lots of spammer lists. Just in case anybody isn't sure, I don't have a company and I don't know anything about the oil business. -- These are my opinions. I hate spam. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
On 11/29/23 22:32, Hans-Martin Mosner via mailop wrote: Am 28.11.23 um 11:54 schrieb Mary via mailop: Dear salesforce, Please stop your clients from sending Facebook phishing emails. I've been asking them something like that by way of abuse reports since end of September, to no avail. They don't seem to care. Sadly, they host legitimate customers, too, so we can't block them completely. I maintain an ESP rbl that includes SalesForce bad customers, SpamAssassin rules are at https://github.com/bigio/spamassassin-esp , plugin is needed only for SpamAssassin 3.4.x. Giovanni OpenPGP_signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Am 28.11.23 um 11:54 schrieb Mary via mailop: Dear salesforce, Please stop your clients from sending Facebook phishing emails. I've been asking them something like that by way of abuse reports since end of September, to no avail. They don't seem to care. Sadly, they host legitimate customers, too, so we can't block them completely. Cheers, Hans-Martin ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
> Hello, > > On Tue, Nov 28, 2023 at 12:54:13PM +0200, Mary via mailop wrote: > > X-mail_abuse_inquiries: http://www.salesforce.com/company/abuse.jsp > > I reported a similar phishing spam to Salesforce a few days ago. I > can't believe in this day and age that the above URL in its first > paragraph on how to report email abuse says: > > If you have received unsolicited email from a Salesforce user, > replying to that user to let them know that you would like to > opt out of future emailings should resolve the problem. > > No, sorry, I'm not encouraging my users or anyone else to interact > with what are at best write-only spam factories and at worst > seasoned social engineers. What an absurd thing to suggest as the > first step once it has got to the stage of anything that the > recipient considers to be abuse. So, basically they want [potential] victims to come forward and do the job of their abuse desk and/or postmaster? That's awful. :( Salesforce: Please change your policies in ways that stop normalizing "opt-out." > Thanks, > Andy > > -- > https://bitfolk.com/ -- No-nonsense VPS hosting > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop -- Postmaster - postmas...@inter-corporate.com Randolf Richardson - rand...@inter-corporate.com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada https://www.inter-corporate.com/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] salesforce phishing emails
Hello, On Tue, Nov 28, 2023 at 12:54:13PM +0200, Mary via mailop wrote: > X-mail_abuse_inquiries: http://www.salesforce.com/company/abuse.jsp I reported a similar phishing spam to Salesforce a few days ago. I can't believe in this day and age that the above URL in its first paragraph on how to report email abuse says: If you have received unsolicited email from a Salesforce user, replying to that user to let them know that you would like to opt out of future emailings should resolve the problem. No, sorry, I'm not encouraging my users or anyone else to interact with what are at best write-only spam factories and at worst seasoned social engineers. What an absurd thing to suggest as the first step once it has got to the stage of anything that the recipient considers to be abuse. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop