Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-12-04 Thread Dragutin Cvetkovic 
What beats me is why you would offer free consultation to the spammers in question, since I am pretty sure they are part of this mailing list as well and observing what is being said? :)
 
Best regards,Dragutin Cvetković IBM WCA Deliverabilty Tech Lead
Phone: +353 1 815 2564Mobile: +353 87 118 3960E-mail: dcvetko...@ie.ibm.com IBM Technology CampusDamastown Industrial Estate, Mulhuddart, Dublin 15Ireland IBM Ireland Product Distribution Limited Registered in Ireland with number 92815.Registered office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
 
 
- Original message -From: Rob McEwen Sent by: "mailop" To: mailop@mailop.orgCc:Subject: Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...Date: Fri, Nov 30, 2018 4:32 PM 
On 11/30/2018 11:06 AM, Kurt Andersen (b) wrote:
Sadly, they are using a cousin domain for the mailing
 
starwoodhot...@email-marriott.com
I'll add to this -  that from the perspective of someone who manages an anti-spam blacklist - use of such domains makes my job significantly harder and, while not uncommon, this is just plain dumb. Why? Our automated systems factors into listing decisions an analysis of the "good reputation" of such domains in order to help prevent false positives and minimize potential collateral damage.
Anyone with half a brain should be able to figure out that "marriott.com" has order of magnitudes more "good reputation" than "email-marriott.com" - so this is just not wise. Yes, it is common - and yes, at invaluement we've done numerous things to adjust for this - but for anyone who cares about getting their email delivered with a higher percentage of success, this is NOT a "best practice"
--Rob McEwenhttps://www.invaluement.com 
___mailop mailing listmailop@mailop.orghttps://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-12-01 Thread Steve Dodd 
On Sat, 1 Dec 2018 at 01:49, Michael Wise via mailop 
wrote:

>
>
> /grr…
>
> Why are all my replies only going to the original author of late?
>
>
>
I believe it's the way the mailing list software handles submissions from
DMARC enabled domains - it moves the sender address to Reply-To: then puts
the list address in From. Damned irritating. I've seen talk about hacking
up mutt to handle this, but I don't think it happened.

S.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Michael Rathbun 
On Sat, 1 Dec 2018 01:41:24 +, Michael Wise via mailop 
wrote:

>
>/grr…
>Why are all my replies only going to the original author of late?


Given
>Reply-To:  Michael Wise 
in the headers, I would classify this as "the expected behaviour".

mdr
-- 
   Sometimes half-ass is exactly the right amount of ass.
   -- Wonderella


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Michael Wise via mailop 

/grr…
Why are all my replies only going to the original author of late?

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?

From: Michael Wise
Sent: Friday, November 30, 2018 5:40 PM
To: 'Jim Popovitch' 
Subject: RE: [mailop] Fwd: Looks like we'll be seeing a big breach notification 
surge...




I don't think screaming at that person (or persons) would do much good at this 
point.

And it's not like people have not been trying to make the point LOUD and CLEAR 
that this is a HORRIBLE, TERRIBLE, NO GOOD, VERY VERY BAD IDEA for quite a 
while.



But then again, the screaming might be therapeutic.

Maybe.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?



-Original Message-
From: mailop mailto:mailop-boun...@mailop.org>> On 
Behalf Of Jim Popovitch via mailop
Sent: Friday, November 30, 2018 5:27 PM
To: mailop@mailop.org<mailto:mailop@mailop.org>
Subject: Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification 
surge...







On December 1, 2018 12:22:21 AM UTC, "Kurt Andersen (b)" 
mailto:kb...@drkurt.com>> wrote:

>One of about 5 hyphenated *marriott* domains that I have received mail

>from over the last year :-P

>



It's the not unique to Marriott, Prudential does the same..same exact format.  
I wonder if all these companies were identified, could data point back to a 
specific person and time that this practice was recommended



-Jim P.



___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7C654b403ea64b485dd1bc08d6572d4fae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636792249461811854sdata=eKwVoYZnHzP7%2F1CDuCBQih5Owq1K7deOvdyQ63HHriw%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Jim Popovitch via mailop 


On December 1, 2018 12:22:21 AM UTC, "Kurt Andersen (b)"  
wrote:
>One of about 5 hyphenated *marriott* domains that I have received mail
>from over the last year :-P
>

It's the not unique to Marriott, Prudential does the same..same exact format.  
I wonder if all these companies were identified, could data point back to a 
specific person and time that this practice was recommended

-Jim P.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Kurt Andersen (b) 
One of about 5 hyphenated *marriott* domains that I have received mail from
over the last year :-P

--Kurt

On Fri, Nov 30, 2018 at 4:03 PM Matt Vernhout  wrote:

> Email-Marriott.com is their normal sending domain. It has been for years.
>
> ~
> Matt
>
> > On Nov 30, 2018, at 17:26, John Levine  wrote:
> >
> > In article <903fdf82-15d7-a854-f72f-c780b7fb6...@invaluement.com> you
> write:
> >> Anyone with half a brain should be able to figure out that
> >> "marriott.com" has order of magnitudes more "good reputation" than
> >> "email-marriott.com" - so this is just not wise.
> >
> > I get the impression that they are sending a notification to everyone
> > who has stayed in any Starwood chain hotel (Sheraton, Westin, W,
> > Doubletree, etc. etc.) since 2014.  It is also my impression that from
> > their point of view, it is much more important that they can say they
> > sent the notices than that people received them.
> >
> > A fair number of 2014 addresses will have been abandoned by now, so no
> > wonder they don't want to screw up their main domain reputation with
> > this (they hope) one off blast.
> >
> > R's,
> > John
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Matt Vernhout 
Email-Marriott.com is their normal sending domain. It has been for years. 

~
Matt

> On Nov 30, 2018, at 17:26, John Levine  wrote:
> 
> In article <903fdf82-15d7-a854-f72f-c780b7fb6...@invaluement.com> you write:
>> Anyone with half a brain should be able to figure out that 
>> "marriott.com" has order of magnitudes more "good reputation" than 
>> "email-marriott.com" - so this is just not wise.
> 
> I get the impression that they are sending a notification to everyone
> who has stayed in any Starwood chain hotel (Sheraton, Westin, W,
> Doubletree, etc. etc.) since 2014.  It is also my impression that from
> their point of view, it is much more important that they can say they
> sent the notices than that people received them.
> 
> A fair number of 2014 addresses will have been abandoned by now, so no
> wonder they don't want to screw up their main domain reputation with
> this (they hope) one off blast.
> 
> R's,
> John
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread John Levine 
In article <903fdf82-15d7-a854-f72f-c780b7fb6...@invaluement.com> you write:
>Anyone with half a brain should be able to figure out that 
>"marriott.com" has order of magnitudes more "good reputation" than 
>"email-marriott.com" - so this is just not wise.

I get the impression that they are sending a notification to everyone
who has stayed in any Starwood chain hotel (Sheraton, Westin, W,
Doubletree, etc. etc.) since 2014.  It is also my impression that from
their point of view, it is much more important that they can say they
sent the notices than that people received them.

A fair number of 2014 addresses will have been abandoned by now, so no
wonder they don't want to screw up their main domain reputation with
this (they hope) one off blast.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Michael 
Yeah, watch for all the new domain registrations for look-alike domains, eg 
emailus-marriott.com, with 'Links back to our Site' , world needs to make it 
easier for the one-time use email addresses when registering information on 
line for the general public, eg the -dash notation.

But what is scary about this one, is that it includes enough information linked 
together, eg passport information, credit cards, to make identity theft a lot 
easier.. from what I understand.. 

Wish these breach announcements would happen on a Monday instead of a Friday ;) 
 Hackers work weekends more than security ppl do.

On Fri, 30 Nov 2018 08:06:57 -0800
"Kurt Andersen (b)"  wrote:
> https://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/
> 
> Sadly, they are using a cousin domain for the mailing (according to their
> FAQ "How will I know that the email notification I receive is from
> Marriott?"):
> 
>  We want you to be confident that the email notification you may receive is
>> from Marriott. The email will come from the following email address:
>> starwoodhot...@email-marriott.com. We also want you to be aware that when
>> other companies have provided notifications like this, other people used it
>> to try to trick individuals into providing information about themselves
>> through the use of links to fake websites (phishing) or by impersonating
>> someone they trusted (social engineering). Please note that the email you
>> may receive from us will not contain any attachments or request any
>> information from you, and any links will only bring you back to this
>> webpage.
> 
> 
> Let's hope it will be DMARC reject but it's not looking like it from the
> current record.
> 
> --Kurt
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 


--
-- 
"Catch the Magic of Linux..." 
 
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
 
A Wizard IT Company - For More Info http://www.wizard.ca 
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Fwd: Looks like we'll be seeing a big breach notification surge...

2018-11-30 Thread Rob McEwen 

On 11/30/2018 11:06 AM, Kurt Andersen (b) wrote:

Sadly, they are using a cousin domain for the mailing

starwoodhot...@email-marriott.com




I'll add to this -  that from the perspective of someone who manages an 
anti-spam blacklist - use of such domains makes my job significantly 
harder and, while not uncommon, this is just plain dumb. Why? Our 
automated systems factors into listing decisions an analysis of the 
"good reputation" of such domains in order to help prevent false 
positives and minimize potential collateral damage.


Anyone with half a brain should be able to figure out that 
"marriott.com" has order of magnitudes more "good reputation" than 
"email-marriott.com" - so this is just not wise. Yes, it is common - and 
yes, at invaluement we've done numerous things to adjust for this - but 
for anyone who cares about getting their email delivered with a higher 
percentage of success, this is NOT a "best practice"


--
Rob McEwen
https://www.invaluement.com
 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop