Re: [mailop] btinternet.com blacklist
That hetzner.de (or whatever host owns the equipment) is leasing hardware+connectivity in one bundle, and possibly the OS, leaving their customer is fully in control of the machine and the host has no day to day administrative duties or responsibilities. On Tue, Jul 18, 2017, at 16:52, Tim Starr wrote: > Then what does "unmanaged" mean in this context? > > -Tim > > On Tue, Jul 18, 2017 at 1:28 AM, Dave Warrenwrote:>> __ >> As far as #2, because users of said servers often want to send email.>> >> >> On Mon, Jul 17, 2017, at 12:05, Tim Starr wrote: >>> An overall admirable response, keep up the good work. Just 2 questions:>>> >>> 1) Why not put TLDR at top? >>> 2) Why allow email to be sent at all from "unmanaged servers"? >>> >>> -Tim >>> >>> On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist >>> wrote: I just got back from a 2 week holiday and have been reading this >>> thread with a lot of interest. I thought I would respond and try to >>> explain the situation from our perspective. I could write an entire >>> essay on this, but I have tried to be as concise as possible, though it >>> is still a wall of text. Am 11.07.2017 um 13:00 schrieb Felix Schwarz: > If I'm not mistaken also Hetzner's mail admins are reading this list > so maybe > they can convice their management to do something about the bad reputation. Management was convinced over a year ago. Our internal abuse processing and handling was reviewed, and made stricter. I will admit that we used to be too lenient in that regard, but that is no longer the case (at least not intentionally). The results have been very encouraging. The leading blacklist and reputation providers that have easy network/ASN lookups show a decrease of at least 60% in “bad” IPs within our network within the last year. This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now Talos Intelligence) and the Microsoft SNDS. The amount of abuse complaints we get has also decreased substantially. All of this, even though we are continually growing. I’ve been in contact with a number of people this past year and many of them have acknowledged that our network no longer deserves a bad reputation. However, I can fully understand that not everybody will agree, and I believe there are 3 main reasons for that. 1) Historical. I wil be the first to admit that in the past we were too lenient with spam-handling, and there was more spam leaving our network than there should have been. This can mean that if somebody gets spam from our network today, they think "great, Hetzner hosting another spammer", even though the message was due to a compromised account (see point 2), and the overall amount of spam is much lower than it was historically. 2) Constant spam. Due to the nature of our business (IAAS provider), the fact is that there will always be a certain level of spam leaving our network. Brandon actually mentioned exactly this. Am 10.07.2017 um 21:37 schrieb Brandon Long: > They may not even be renting directly to spammers, but their users > are > getting compromised and sending spam and other crap from their servers. We > see clickbot and other fraud farming from those IP ranges as well. > > It is an unfortunate situation, and challenging, no doubt. We have over a million IP addresses, and the vast majority of those are allocated to unmanaged servers. Short of blocking all email communication from our network, there are always going to be customers sending emails, and thus there will always be some who send spam. Our job is to minimize that as much as possible. Anybody who has worked an abuse desk will know how hard that is, especially at an IAAS provider like ourselves. We don’t intentionally harbor any spammers, and any that manage to get through our checks (we block dozens of new orders a day) and start sending spam, are soon terminated. We have a few email marketers, but the vast majority of the spam leaving our network is from compromised accounts, for which we can do very little. 3) Perspective. As with so many things in life, what you think of something depends greatly on your point of view, and the assumptions and expections you (sometimes subconsciously) bring along. If somebody assumes that there should be zero spam leaving our network, they will always be disappointed. I believe a perfect example of these different perspectives is found within this thread. Am 11.07.2017
Re: [mailop] btinternet.com blacklist
Then what does "unmanaged" mean in this context? -Tim On Tue, Jul 18, 2017 at 1:28 AM, Dave Warrenwrote: > As far as #2, because users of said servers often want to send email. > > > On Mon, Jul 17, 2017, at 12:05, Tim Starr wrote: > > An overall admirable response, keep up the good work. Just 2 questions: > > 1) Why not put TLDR at top? > 2) Why allow email to be sent at all from "unmanaged servers"? > > -Tim > > On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist > wrote: > > I just got back from a 2 week holiday and have been reading this thread > with a lot of interest. I thought I would respond and try to explain the > situation from our perspective. I could write an entire essay on this, > but I have tried to be as concise as possible, though it is still a wall > of text. > > Am 11.07.2017 um 13:00 schrieb Felix Schwarz: > > If I'm not mistaken also Hetzner's mail admins are reading this list > so maybe > > they can convice their management to do something about the bad > reputation. > > Management was convinced over a year ago. Our internal abuse processing > and handling was reviewed, and made stricter. I will admit that we used > to be too lenient in that regard, but that is no longer the case (at > least not intentionally). > > The results have been very encouraging. The leading blacklist and > reputation providers that have easy network/ASN lookups show a decrease > of at least 60% in “bad” IPs within our network within the last year. > This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now > Talos Intelligence) and the Microsoft SNDS. The amount of abuse > complaints we get has also decreased substantially. All of this, even > though we are continually growing. > > I’ve been in contact with a number of people this past year and many of > them have acknowledged that our network no longer deserves a bad > reputation. However, I can fully understand that not everybody will > agree, and I believe there are 3 main reasons for that. > > 1) Historical. I wil be the first to admit that in the past we were too > lenient with spam-handling, and there was more spam leaving our network > than there should have been. This can mean that if somebody gets spam > from our network today, they think "great, Hetzner hosting another > spammer", even though the message was due to a compromised account (see > point 2), and the overall amount of spam is much lower than it was > historically. > > 2) Constant spam. Due to the nature of our business (IAAS provider), the > fact is that there will always be a certain level of spam leaving our > network. Brandon actually mentioned exactly this. > > Am 10.07.2017 um 21:37 schrieb Brandon Long: > > They may not even be renting directly to spammers, but their users are > > getting compromised and sending spam and other crap from their > servers. We > > see clickbot and other fraud farming from those IP ranges as well. > > > > It is an unfortunate situation, and challenging, no doubt. > > We have over a million IP addresses, and the vast majority of those are > allocated to unmanaged servers. Short of blocking all email > communication from our network, there are always going to be customers > sending emails, and thus there will always be some who send spam. Our > job is to minimize that as much as possible. Anybody who has worked an > abuse desk will know how hard that is, especially at an IAAS provider > like ourselves. > > We don’t intentionally harbor any spammers, and any that manage to get > through our checks (we block dozens of new orders a day) and start > sending spam, are soon terminated. We have a few email marketers, but > the vast majority of the spam leaving our network is from compromised > accounts, for which we can do very little. > > 3) Perspective. As with so many things in life, what you think of > something depends greatly on your point of view, and the assumptions and > expections you (sometimes subconsciously) bring along. If somebody > assumes that there should be zero spam leaving our network, they will > always be disappointed. > > I believe a perfect example of these different perspectives is found > within this thread. > > Am 11.07.2017 um 09:11 schrieb John Levine: > > Hetzner gushes spam, and I've had most of their > > IP ranges totally blocked for years. > > Am 13.07.2017 um 20:15 schrieb John Levine: > > Look for yourself: > > > > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru > > First of all, thank you for that link John, I appreciate you sharing > that information. It’s always good to have additional information about > our network, and I will be checking that link regularly. > > I have no idea what assumptions John has, but the comment about > “gushing” spam made me believe that the evidence would show a list of > hundreds, if not thousands of IPs, sending spam every few days over the > course of many months/years. > > What I see instead is almost exactly the
Re: [mailop] btinternet.com blacklist
I don't know how much of this is fictional or the order of exact operations... but you've admitted your server got hacked and then we blocked your mail. A good percentage of the spam we receive is from hacked boxes, and these boxes can send millions of messages in the minutes after being hacked. Yes, it can take a while to recover from that. And we also have defenses against the possibility, which is what many small operators run into, that we heavily throttle small senders so that when they get hacked, they can't do much damage. It's unfortunate that that's what the internet has come to. I've tried to get our rejection reasons better tuned, but we have a lot of complicated rules, and many of them just use the default rejection message which isn't that helpful. OTOH, 99.99% of the rejections we do are to spammers who know they're spamming, so they don't really care about the rejection message. If these things weren't in the order you mentioned, or were more widely spaced in time or IPs, I can take a look if you send me the exact errors you are seeing. They have to be less than a week old to be investigated. Brandon On Tue, Jul 18, 2017 at 6:12 AM, Vittorio Bertola < vittorio.bert...@open-xchange.com> wrote: > > Il 17 luglio 2017 alle 21.05 Tim Starrha scritto: > > 2) Why allow email to be sent at all from "unmanaged servers"? > > I've been buying an "unmanaged server" from various European providers > (including OVH, and currently Contabo) for the last 15 years, to run my > personal website and email server, as well as those of a few local > non-profits. > > Over time, it has become more and more difficult to keep doing so. You are > being required to learn and install new pieces and protocols, just to be > able to continue sending. The automatic updates of your Wordpress stop for > a few weeks, your server gets cracked and starts spamming, your provider > shuts you down and you're off the Internet. Even now, even if I am not > listed in any blacklist that I know of, even if I implemented SPF, DKIM, > DMARC and even DNSSEC and DANE, Gmail keeps rejecting 90% of my messages > (fully ham, personal, 1-to-1 messages to real life friends) because... you > don't know, in the error message they say that it's spam (though clearly > it's not) and they don't give you any other explanation, you are sent to a > maze of useless "support" pages and even if you find a contact form and use > it, as I did several times before giving up, nothing ever happens. > > Now, you may think that this is the right thing, that only "professionals" > should be allowed to connect a server to the Internet, for "security > reasons". But that is not how the Internet was supposed to be, and it is > not why it has offered freedom and growth to everyone around the world. > > The Internet is what it is exactly because anyone is allowed to connect a > server to it and start doing what he wants, as long as he speaks the common > protocols. But this is going away, and you are increasingly being told that > if you want to stay online you should better stop doing things on your own > and start using a Gmail account as well. > > The real risk of this approach is that sooner or later all of us here, > except those who work for Google, Facebook, Apple or Microsoft, will be out > of business. There will be no email any more, there will be a few huge > messaging platforms competing with each other to attract customers into > their closed garden by exploiting their critical mass, like it already is > for instant messaging. If this happens, even telcos won't be big enough to > continue offering email reliably, as so many delivery issues reported here > already show. > > Is this really what we want? It's good to have anti-spam features in place > and to be hard against spammers, but I'd rather take all the spam that I > can get, than give up the federated nature of the Internet. > > Regards, > > -- > > Vittorio Bertola | Research & Innovation Engineer > vittorio.bert...@open-xchange.com > Open-Xchange Srl - Office @ Via Treviso 12, 10144 Torino, Italy > > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
I’m afraid it is much like driving these days. Or maybe manufacturing cars. Back in the day any old inventor could tinker in his backyard and come up with something that had four wheels and an engine. And driving it didn’t really need too much of a license. These days, you get a much stricter driving test and still run the risk of accidents much more than in the old days when the only other traffic on the road was maybe a horse and buggy, (the way even a well-managed personal server still gets hacked) and actually manufacturing a car is much more complex and then needs to navigate a maze of regulatory approvals. The internet of today isn’t what it was even 15 years back. If only because malicious people are quite good at abusing the very same protocols that we use. From: mailop <mailop-boun...@mailop.org> on behalf of Vittorio Bertola <vittorio.bert...@open-xchange.com> Date: Tuesday, 18 July 2017 at 6:46 PM To: "mailop@mailop.org" <mailop@mailop.org>, Tim Starr <timstar...@gmail.com> Subject: Re: [mailop] btinternet.com blacklist The Internet is what it is exactly because anyone is allowed to connect a server to it and start doing what he wants, as long as he speaks the common protocols. But this is going away, and you are increasingly being told that if you want to stay online you should better stop doing things on your own and start using a Gmail account as well. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 2017-07-17 15:44:09 (+0200), Hetzner Blacklistwrote: I just got back from a 2 week holiday and have been reading this thread with a lot of interest. I thought I would respond and try to explain the situation from our perspective. Thank you for engaging with this community. I'm sure this must feel like a very hostile environment for you. :) I’ve been in contact with a number of people this past year and many of them have acknowledged that our network no longer deserves a bad reputation. However, I can fully understand that not everybody will agree, and I believe there are 3 main reasons for that. Unfortunately, it takes a lot longer to clean up a bad reputation than it does to tarnish a good reputation. Actions definitely speak a lot louder than words. TL;DR We care about spam and believe that the evidence shows that. Keep reminding us of that by reducing the volume of spam leaving your network and responding promptly to abuse notifications. :) Philip -- Philip Paeps Senior Reality Engineer Ministry of Information ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
As far as #2, because users of said servers often want to send email. On Mon, Jul 17, 2017, at 12:05, Tim Starr wrote: > An overall admirable response, keep up the good work. Just 2 questions:> > 1) Why not put TLDR at top? > 2) Why allow email to be sent at all from "unmanaged servers"? > > -Tim > > On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklist> wrote:>> I just got back from a 2 week holiday and have been reading this > thread>> with a lot of interest. I thought I would respond and try to > explain the>> situation from our perspective. I could write an entire essay > on this,>> but I have tried to be as concise as possible, though it is still > a wall>> of text. >> >> Am 11.07.2017 um 13:00 schrieb Felix Schwarz: >> > If I'm not mistaken also Hetzner's mail admins are reading this list>> >> so maybe >> > they can convice their management to do something about the bad >> reputation. >> >> Management was convinced over a year ago. Our internal abuse processing>> >> and handling was reviewed, and made stricter. I will admit that we used>> >> to be too lenient in that regard, but that is no longer the case (at>> >> least not intentionally). >> >> The results have been very encouraging. The leading blacklist and >> reputation providers that have easy network/ASN lookups show a decrease>> >> of at least 60% in “bad” IPs within our network within the last year.>> >> This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now>> >> Talos Intelligence) and the Microsoft SNDS. The amount of abuse >> complaints we get has also decreased substantially. All of this, even>> >> though we are continually growing. >> >> I’ve been in contact with a number of people this past year and many of>> >> them have acknowledged that our network no longer deserves a bad >> reputation. However, I can fully understand that not everybody will>> >> agree, and I believe there are 3 main reasons for that. >> >> 1) Historical. I wil be the first to admit that in the past we were too>> >> lenient with spam-handling, and there was more spam leaving our network>> >> than there should have been. This can mean that if somebody gets spam>> >> from our network today, they think "great, Hetzner hosting another >> spammer", even though the message was due to a compromised account (see>> >> point 2), and the overall amount of spam is much lower than it was >> historically. >> >> 2) Constant spam. Due to the nature of our business (IAAS provider), the>> >> fact is that there will always be a certain level of spam leaving our>> >> network. Brandon actually mentioned exactly this. >> >> Am 10.07.2017 um 21:37 schrieb Brandon Long: >> > They may not even be renting directly to spammers, but their users are>> >> > getting compromised and sending spam and other crap from their >> servers. We >> > see clickbot and other fraud farming from those IP ranges as well.>> > >> > It is an unfortunate situation, and challenging, no doubt. >> >> We have over a million IP addresses, and the vast majority of those are>> >> allocated to unmanaged servers. Short of blocking all email >> communication from our network, there are always going to be customers>> >> sending emails, and thus there will always be some who send spam. Our>> job >> is to minimize that as much as possible. Anybody who has worked an>> abuse >> desk will know how hard that is, especially at an IAAS provider>> like >> ourselves. >> >> We don’t intentionally harbor any spammers, and any that manage to get>> >> through our checks (we block dozens of new orders a day) and start >> sending spam, are soon terminated. We have a few email marketers, but>> >> the vast majority of the spam leaving our network is from compromised>> >> accounts, for which we can do very little. >> >> 3) Perspective. As with so many things in life, what you think of >> something depends greatly on your point of view, and the assumptions and>> >> expections you (sometimes subconsciously) bring along. If somebody >> assumes that there should be zero spam leaving our network, they will>> >> always be disappointed. >> >> I believe a perfect example of these different perspectives is found>> >> within this thread. >> >> Am 11.07.2017 um 09:11 schrieb John Levine: >> > Hetzner gushes spam, and I've had most of their >> > IP ranges totally blocked for years. >> >> Am 13.07.2017 um 20:15 schrieb John Levine: >> > Look for yourself: >> > >> > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru>> >> First of all, thank you for that link John, I appreciate you sharing>> >> that information. It’s always good to have additional information about>> >> our network, and I will be checking that link regularly. >> >> I have no idea what assumptions John has, but the comment about >> “gushing” spam made me believe that the evidence would show a list of>> >> hundreds,
Re: [mailop] btinternet.com blacklist
An overall admirable response, keep up the good work. Just 2 questions: 1) Why not put TLDR at top? 2) Why allow email to be sent at all from "unmanaged servers"? -Tim On Mon, Jul 17, 2017 at 7:44 AM, Hetzner Blacklistwrote: > I just got back from a 2 week holiday and have been reading this thread > with a lot of interest. I thought I would respond and try to explain the > situation from our perspective. I could write an entire essay on this, > but I have tried to be as concise as possible, though it is still a wall > of text. > > Am 11.07.2017 um 13:00 schrieb Felix Schwarz: > > If I'm not mistaken also Hetzner's mail admins are reading this list > so maybe > > they can convice their management to do something about the bad > reputation. > > Management was convinced over a year ago. Our internal abuse processing > and handling was reviewed, and made stricter. I will admit that we used > to be too lenient in that regard, but that is no longer the case (at > least not intentionally). > > The results have been very encouraging. The leading blacklist and > reputation providers that have easy network/ASN lookups show a decrease > of at least 60% in “bad” IPs within our network within the last year. > This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now > Talos Intelligence) and the Microsoft SNDS. The amount of abuse > complaints we get has also decreased substantially. All of this, even > though we are continually growing. > > I’ve been in contact with a number of people this past year and many of > them have acknowledged that our network no longer deserves a bad > reputation. However, I can fully understand that not everybody will > agree, and I believe there are 3 main reasons for that. > > 1) Historical. I wil be the first to admit that in the past we were too > lenient with spam-handling, and there was more spam leaving our network > than there should have been. This can mean that if somebody gets spam > from our network today, they think "great, Hetzner hosting another > spammer", even though the message was due to a compromised account (see > point 2), and the overall amount of spam is much lower than it was > historically. > > 2) Constant spam. Due to the nature of our business (IAAS provider), the > fact is that there will always be a certain level of spam leaving our > network. Brandon actually mentioned exactly this. > > Am 10.07.2017 um 21:37 schrieb Brandon Long: > > They may not even be renting directly to spammers, but their users are > > getting compromised and sending spam and other crap from their > servers. We > > see clickbot and other fraud farming from those IP ranges as well. > > > > It is an unfortunate situation, and challenging, no doubt. > > We have over a million IP addresses, and the vast majority of those are > allocated to unmanaged servers. Short of blocking all email > communication from our network, there are always going to be customers > sending emails, and thus there will always be some who send spam. Our > job is to minimize that as much as possible. Anybody who has worked an > abuse desk will know how hard that is, especially at an IAAS provider > like ourselves. > > We don’t intentionally harbor any spammers, and any that manage to get > through our checks (we block dozens of new orders a day) and start > sending spam, are soon terminated. We have a few email marketers, but > the vast majority of the spam leaving our network is from compromised > accounts, for which we can do very little. > > 3) Perspective. As with so many things in life, what you think of > something depends greatly on your point of view, and the assumptions and > expections you (sometimes subconsciously) bring along. If somebody > assumes that there should be zero spam leaving our network, they will > always be disappointed. > > I believe a perfect example of these different perspectives is found > within this thread. > > Am 11.07.2017 um 09:11 schrieb John Levine: > > Hetzner gushes spam, and I've had most of their > > IP ranges totally blocked for years. > > Am 13.07.2017 um 20:15 schrieb John Levine: > > Look for yourself: > > > > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru > > First of all, thank you for that link John, I appreciate you sharing > that information. It’s always good to have additional information about > our network, and I will be checking that link regularly. > > I have no idea what assumptions John has, but the comment about > “gushing” spam made me believe that the evidence would show a list of > hundreds, if not thousands of IPs, sending spam every few days over the > course of many months/years. > > What I see instead is almost exactly the opposite. This year (2017), > there have been a total of 89 spam messages, from a mere 44 IPs (which > currently belong to 44 separate customers of ours). These 44 IPs > represent 0.00067% of the IPs in the /16 range (65,536 IPs total). None > of the IPs sent spam regularly,
Re: [mailop] btinternet.com blacklist
> On 17 Jul 2017, at 14:44, Hetzner Blacklistwrote: > > I’ve been in contact with a number of people this past year and many of > them have acknowledged that our network no longer deserves a bad > reputation. However, I can fully understand that not everybody will > agree, and I believe there are 3 main reasons for that. > > 1) Historical. I wil be the first to admit that in the past we were too > lenient with spam-handling, and there was more spam leaving our network > than there should have been. This can mean that if somebody gets spam > from our network today, they think "great, Hetzner hosting another > spammer", even though the message was due to a compromised account (see > point 2), and the overall amount of spam is much lower than it was > historically. We talk about IP reputation. We talk about domain reputation. Marketing talks about brand reputation. You’ve got to work at it to get a good reputation. And on the flip side, it’s darned difficult to get rid of a bad one. Bastiaan, another year or two of good work and you may overcome people’s perceptions. Point here being that it’s hard (expensive) to reposition a brand. So for all the guys doing it right, keep at it as the commercial side will not like it if you end up with a bad reputation. Short term benefit may be good but longer term, not so much so. Simon___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
I just got back from a 2 week holiday and have been reading this thread with a lot of interest. I thought I would respond and try to explain the situation from our perspective. I could write an entire essay on this, but I have tried to be as concise as possible, though it is still a wall of text. Am 11.07.2017 um 13:00 schrieb Felix Schwarz: > If I'm not mistaken also Hetzner's mail admins are reading this list so maybe > they can convice their management to do something about the bad reputation. Management was convinced over a year ago. Our internal abuse processing and handling was reviewed, and made stricter. I will admit that we used to be too lenient in that regard, but that is no longer the case (at least not intentionally). The results have been very encouraging. The leading blacklist and reputation providers that have easy network/ASN lookups show a decrease of at least 60% in “bad” IPs within our network within the last year. This applies to Spamhaus, SpamCop, SORBS, UCEPROTECT, Senderbase (now Talos Intelligence) and the Microsoft SNDS. The amount of abuse complaints we get has also decreased substantially. All of this, even though we are continually growing. I’ve been in contact with a number of people this past year and many of them have acknowledged that our network no longer deserves a bad reputation. However, I can fully understand that not everybody will agree, and I believe there are 3 main reasons for that. 1) Historical. I wil be the first to admit that in the past we were too lenient with spam-handling, and there was more spam leaving our network than there should have been. This can mean that if somebody gets spam from our network today, they think "great, Hetzner hosting another spammer", even though the message was due to a compromised account (see point 2), and the overall amount of spam is much lower than it was historically. 2) Constant spam. Due to the nature of our business (IAAS provider), the fact is that there will always be a certain level of spam leaving our network. Brandon actually mentioned exactly this. Am 10.07.2017 um 21:37 schrieb Brandon Long: > They may not even be renting directly to spammers, but their users are > getting compromised and sending spam and other crap from their servers. We > see clickbot and other fraud farming from those IP ranges as well. > > It is an unfortunate situation, and challenging, no doubt. We have over a million IP addresses, and the vast majority of those are allocated to unmanaged servers. Short of blocking all email communication from our network, there are always going to be customers sending emails, and thus there will always be some who send spam. Our job is to minimize that as much as possible. Anybody who has worked an abuse desk will know how hard that is, especially at an IAAS provider like ourselves. We don’t intentionally harbor any spammers, and any that manage to get through our checks (we block dozens of new orders a day) and start sending spam, are soon terminated. We have a few email marketers, but the vast majority of the spam leaving our network is from compromised accounts, for which we can do very little. 3) Perspective. As with so many things in life, what you think of something depends greatly on your point of view, and the assumptions and expections you (sometimes subconsciously) bring along. If somebody assumes that there should be zero spam leaving our network, they will always be disappointed. I believe a perfect example of these different perspectives is found within this thread. Am 11.07.2017 um 09:11 schrieb John Levine: > Hetzner gushes spam, and I've had most of their > IP ranges totally blocked for years. Am 13.07.2017 um 20:15 schrieb John Levine: > Look for yourself: > > http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru First of all, thank you for that link John, I appreciate you sharing that information. It’s always good to have additional information about our network, and I will be checking that link regularly. I have no idea what assumptions John has, but the comment about “gushing” spam made me believe that the evidence would show a list of hundreds, if not thousands of IPs, sending spam every few days over the course of many months/years. What I see instead is almost exactly the opposite. This year (2017), there have been a total of 89 spam messages, from a mere 44 IPs (which currently belong to 44 separate customers of ours). These 44 IPs represent 0.00067% of the IPs in the /16 range (65,536 IPs total). None of the IPs sent spam regularly, and all of them stopped within a few days. 99.99933% of IPs did not send spam. To me, this is a clear sign that we are doing a good job. Yes, there is a “trickle” of spam, and I would dearly love to completely cut that out, but as mentioned above, that is unrealistic. We are trying to minimize the amount of spam, and I believe this shows we are doing exactly that. Now, I’m biased, and I’m obviously going to defend the
Re: [mailop] btinternet.com blacklist
> On Jul 14, 2017, at 2:30 PM, Michael Peddemorswrote: > > Found a referral to rwhois.psychz.net:4321. This particular outfit is block on sight for me. Back when I ran a managed services company, blocking all of their IP address space took out s significant amount of spam that had to be processed. Zero false positive reports over several years. —Chris ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 17-07-14 12:05 PM, Karen Balle wrote: It's less of a common practice than it used to be, I think. I don't work for an abuse desk anymore, but antispam technology is much more advanced now and blocking of entire networks by large ISPs has never really been a common practice. You lose a lot of customers if there's enough legitimate email from that network. Karen Actually, it is still common I am sure... But speaking about reputation.. If the following showed up in your logs over nite, what would you do? (last night) What if this was happening on an ongoing basis for months? And what happens if the hosting company isn't following ARIN guidelines, eg.. listing a non-functioning 'rwhois' server in their SWIP? Or at the very best, not able to properly operate one? Found a referral to rwhois.psychz.net:4321. fgets: Connection reset by peer And it isn't as if the hosting company could not easily detect this.. (Email being generated, and they haven't even bothered to set up PTR records, sounds like not validating new customers that get /27's at least..) If you were the ISP, what would you do? Some ISP's go even farther than just blocking the provider, they might even null route it at the borders.. And you aren't going to do that for individual IP(s), you will do it for the range.. 23.238.153.3(M) 4 unassigned.psychz.net 23.238.153.4 (M) 2 unassigned.psychz.net 23.238.153.5 (M) 1 unassigned.psychz.net 23.238.153.6 (M) 2 unassigned.psychz.net 23.238.153.7 (M) 2 unassigned.psychz.net 23.238.153.8 (M) 1 unassigned.psychz.net 23.238.153.9 (M) 2 unassigned.psychz.net 23.238.153.11(M) 3 unassigned.psychz.net 23.238.153.14(M) 1 unassigned.psychz.net 23.238.153.15(M) 3 unassigned.psychz.net 23.238.153.17(M) 4 unassigned.psychz.net 23.238.153.19(M) 1 unassigned.psychz.net 23.238.153.22(M) 2 unassigned.psychz.net 23.238.153.23(M) 2 unassigned.psychz.net 23.238.153.24(M) 2 unassigned.psychz.net 23.238.153.25(M) 1 unassigned.psychz.net 23.238.153.27(M) 1 unassigned.psychz.net 23.238.153.28(M) 1 unassigned.psychz.net 23.238.153.29(M) 1 unassigned.psychz.net 23.238.155.226 (M) 3 unassigned.psychz.net 23.238.155.227 (M) 3 unassigned.psychz.net 23.238.155.229 (M) 1 unassigned.psychz.net 23.238.155.230 (M) 1 unassigned.psychz.net 23.238.155.231 (M) 2 unassigned.psychz.net 23.238.155.232 (M) 2 unassigned.psychz.net 23.238.155.233 (M) 2 unassigned.psychz.net 23.238.155.234 (M) 5 unassigned.psychz.net 23.238.155.235 (M) 1 unassigned.psychz.net 23.238.155.236 (M) 1 unassigned.psychz.net 23.238.155.238 (M) 1 unassigned.psychz.net 23.238.155.239 (M) 1 unassigned.psychz.net 23.238.155.240 (M) 3 unassigned.psychz.net 23.238.155.241 (M) 1 unassigned.psychz.net 23.238.155.242 (M) 1 unassigned.psychz.net 23.238.155.243 (M) 2 unassigned.psychz.net 23.238.155.244 (M) 1 unassigned.psychz.net 23.238.155.245 (M) 2 unassigned.psychz.net 23.238.155.246 (M) 2 unassigned.psychz.net 23.238.155.247 (M) 2 unassigned.psychz.net 23.238.155.249 (M) 2 unassigned.psychz.net 23.238.155.250 (M) 2 unassigned.psychz.net 23.238.155.253 (M) 1 unassigned.psychz.net 23.238.158.198 (M) 1 unassigned.psychz.net 23.238.158.199 (M) 2 unassigned.psychz.net 23.238.158.201 (M) 2 unassigned.psychz.net 23.238.158.202 (M) 2 unassigned.psychz.net 23.238.158.204 (M) 1 unassigned.psychz.net 23.238.158.205 (M) 1 unassigned.psychz.net 23.238.158.206 (M) 1 unassigned.psychz.net 23.238.158.208 (M) 1 unassigned.psychz.net 23.238.158.209 (M) 2 unassigned.psychz.net 23.238.158.211 (M) 3 unassigned.psychz.net 23.238.158.212 (M) 2 unassigned.psychz.net 23.238.158.213 (M) 1 unassigned.psychz.net 23.238.158.215 (M) 2 unassigned.psychz.net 23.238.158.216 (M) 2 unassigned.psychz.net 23.238.158.218 (M) 1 unassigned.psychz.net 23.238.158.219 (M) 2 unassigned.psychz.net 23.238.158.220 (M) 4 unassigned.psychz.net 23.238.158.221 (M) 1 unassigned.psychz.net 23.238.158.222 (M) 2 unassigned.psychz.net
Re: [mailop] btinternet.com blacklist
On Thu, Jul 13, 2017 at 3:40 PM, Dom Latterwrote: > On 13/07/17 02:58, John Levine wrote: > >> I get the impression that you vastly overestimate how much the rest of >> the world cares whether they get your mail. (This is the general you, >> not you personally.) >> > > Our recipients care very much! They are literally paying for it. > > I'd put it this way - btinternet don't care very much whether or not > they deliver their customers' legitimate email. Unless the spam problem an ISP sees from a netrange is especially egregious, you reaching out to the ISP should be enough to get an exception provided that your own sending metrics support it. It is not BT's responsibility to accept a lot of spam at their expense in order for your customers to receive mail they paid you for. If BT chooses to make an exception for your mail, then that is fabulous. Problem solved. Otherwise, it is your responsibility to your customer to find an unabusive way of delivering their paid content to them. In this case, you have two choices - 1) Find a provider with a better reputation or 2) ask your mutual customers to contact BT to request an exception for your dedicated IP(s). I recommend the first option. Or to look at it another way, if you don't care enough to find a >> network from which people can easily accept mail, why should anyone else? >> > > Well, now we know, and we have a plan to relay via a reputable network. > > Trouble is - and feel free to call me naive - is that I had no idea > that this sort of range blocking was a standard practice, or that > Hetzner had such a bad reputation. It's less of a common practice than it used to be, I think. I don't work for an abuse desk anymore, but antispam technology is much more advanced now and blocking of entire networks by large ISPs has never really been a common practice. You lose a lot of customers if there's enough legitimate email from that network. Karen ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 13/07/17 02:58, John Levine wrote: I get the impression that you vastly overestimate how much the rest of the world cares whether they get your mail. (This is the general you, not you personally.) Our recipients care very much! They are literally paying for it. I'd put it this way - btinternet don't care very much whether or not they deliver their customers' legitimate email. Or to look at it another way, if you don't care enough to find a network from which people can easily accept mail, why should anyone else? Well, now we know, and we have a plan to relay via a reputable network. Trouble is - and feel free to call me naive - is that I had no idea that this sort of range blocking was a standard practice, or that Hetzner had such a bad reputation. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 12 Jul 2017, at 18:57, Dom Latter wrote: I do still find it baffling that guilt by association [1] is considered reasonable - and I do not see the need to block ranges when single IPs will do. Although perhaps there are technical reasons for this that I am unaware of. Are you familiar with the concept of "snowshoe spammers?" They are operations that get small address range assignments (/26 or smaller) from one or more lax providers, spread their spamming across the disjoint address space, and try to evade blacklists by letting addresses that get listed or generate complaints to the provider go quiet for a while. Snowshoe spamming only works because of lax providers who ignore complaints, let spammers off with warnings, don't recognize the pattern, or just don't care. Blocking one IP at a time is fine for some other styles of spamming (e.g. botnets, "legit" ESPs who segregate their sketchy customers to particular IPs, Microsoft's dedicated O365 sewage outlets, etc.) However, snowshoeing is an adaptive tactic to one-at-a-time blocking. The adaptive defense is broader blocking of address space of providers who have a history of being a safe haven for spammers. If I see one snowshoe range on a particular network, I can be pretty confident that in a short time I'll be seeing others nearby. It is also worth noting 3 facts that also reduce the cost risk for receivers of wholesale blocking: 1. For receivers of significant scale and/or age, the vast majority of mail on offer is spam. It has abated in the past decade from a peak over 95%, but for many receivers there's less than a 20% chance of an attempted port 25 connection resulting in the transport one or more non-spam message. 2. The overwhelming majority of IP addresses are never used to offer email to unrelated hosts. Most which do, only ever send spam. If you block an IP that has never tried to send you mail, the odds are it will never try and that if it does, it will be spam. 3. Most receiving systems could whitelist a few dozen networks that send them mostly non-spam and reject all other sources without rejecting anything legitimate for weeks at a time. This all adds up to the conclusion that using "guilt by association" to block IP addresses by top-level RIR allocation block is more likely to stop spam than to block legitimate email from previously unknown IPs. [1] What happened to "innocent until proven guilty"? That principle of criminal law often differs across national borders. More importantly, it is a principle of criminal law, not property rights or business practices. I lock the doors to my house at night and when no one is home. That's not because I've declared everyone guilty until proven innocent. It is a rare business that automatically gives all customers "net 90" payment terms without a credit check, even though most customers would pay on time. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
In articleyou write: >For example the top 50 ips from 78.47.0.0/16 (by email volume) there were 34 >IPs with "good" reputation and 7 with "bad" reputation. Some of us keep our own records of what arrives at our mail servers. For the past couple of months from 78.47/16 I see one message from you yesterday, doubtless part of this mail thread, and other than that 100% spam, no real mail at all. Not unblocking that any time soon. Look for yourself: http://www.taugh.com/sp.php?c==78.47.0.0=78.47.255.255=puavppaxru (The auto-ack from a spam report on the 4th doesn't count.) R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 13/07/2017 03:06, steve wrote: Depending on how it's carved up, there are at least 50k IP addresses in a /16. One line, or... From my experience, it's not so much that it's hard work blocking individual IP addresses, it's that the spammers move around. I don't know if the hosting company lets the customer request a new IP address, or the customer just orders a new virtual server or something, but we'll see similar incoming spam from the same hosting company from IP addresses that change several times a day. After a few days of chasing this around, it's tempting to just decide to block bigger ranges to block the spam before it arrives from a new IP address, rather than playing catch-up and blocking IP addresses after they've already been abandoned by the spammer. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Am 13.07.2017 um 04:23 schrieb Jay Hennigan: > If you live in a crime-ridden neighborhood by misfortune or choice, you learn > not to leave valuable outgoing packages in your curbside mailbox for the > postman to pick up. You take them to a secure facility operated by someone you > trust. Same principle applies digitally. Just to put this into perspective: I don't think the Hetzner situation is that dire overall: I just checked the Talos/SenderBase scoring for some Hetzner nets and they were not so bad. For example the top 50 ips from 78.47.0.0/16 (by email volume) there were 34 IPs with "good" reputation and 7 with "bad" reputation. I am sure my customers would not tolerate blocking networks with similar statistics. Personally if I expect sophisticated measures from dc providers (SMTP proxies, even forcibly terminating TLS connections) I also try to do something more sophisticated when it comes to classifying received messages. (E.g. we are building our own internal IP reputation so initially unknown IPs might get a bad rating from the network but these messages still have a chance and over time the IP might get its own reputation so it will be unaffected from the general network storage.) Anyhow I'll stop here as I feel I'm off-topic now :-) regards Felix ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 7/12/17 7:06 PM, steve wrote: Depending on how it's carved up, there are at least 50k IP addresses in a /16. One line, or... I have the misfortune of inheriting a server on this /16, and am using my own smart host. If you live in a crime-ridden neighborhood by misfortune or choice, you learn not to leave valuable outgoing packages in your curbside mailbox for the postman to pick up. You take them to a secure facility operated by someone you trust. Same principle applies digitally. -- -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On Wed, 12 Jul 2017 00:46:28 -, Michael Wise via mailop said: > Youâd be surprised how many people think that their sincerity is flagged in > the protocol somehowâ¦. RFC3514 was written explicitly to add support for that. pgpzmD8obTwjW.pgp Description: PGP signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 12/07/17 17:35, Laura Atkins wrote: I have been known to tell clients, “There’s no place in the filter mechanisms where they can flag ‘is a client of Laura’s’, the filters do what they do and we can work with them but hiring me doesn’t change what the filters are going to do with your mail.” I actually make filters which basically do that to a certain point. Every time one of my customers sends an email through my servers, I store the sender, the recipient, the date and a counter. When there is a (allegedly) reply coming back, I bypass some filters and decrease the counter. That system also works for whitelisting people to a certain point, if you were waiting for an email that you didn't receive, you can send an email to the "sender" and the reply will most probably go through. But obviously, this only scales to a certain point. smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
I have been known to tell clients, “There’s no place in the filter mechanisms where they can flag ‘is a client of Laura’s’, the filters do what they do and we can work with them but hiring me doesn’t change what the filters are going to do with your mail.” On another point there are a lot of people out there who honestly think they are “good senders” but mostly because they don’t understand the full scope of what it is to be a good sender. I get a lot of clients asking how they can get the “special treatment” that certain ESPs get. “Well, that ESP has a compliance desk of a dozen people, so first thing would be to do a lot of hiring.” “That ESP has spent 10 years building automation to monitor customers and enforce policy. We can talk about what that entails.” *silence* laura > On Jul 11, 2017, at 5:46 PM, Michael Wise via mailop <mailop@mailop.org> > wrote: > > <> > You’d be surprised how many people think that their sincerity is flagged in > the protocol somehow…. > > Aloha, > Michael. > -- > Michael J Wise > Microsoft Corporation| Spam Analysis > "Your Spam Specimen Has Been Processed." > Got the Junk Mail Reporting Tool > <http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? > > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Stephenson > Sent: Tuesday, July 11, 2017 5:23 PM > To: Larry M. Smith <mailop@fahq2.com> > Cc: mailop <mailop@mailop.org> > Subject: Re: [mailop] btinternet.com blacklist > > I hope nobody gets hurt in this massive and sudden effort to dog pile on top > of Dom for assuming that being a good sender was enough to avoid being > blocked. It was naive given the realities of the internet, but let's not > pretend we're all above being trapped in our own perspectives. > > On Tue, Jul 11, 2017 at 3:39 PM, Larry M. Smith <mailop@fahq2.com > <mailto:mailop@fahq2.com>> wrote: > Dom Latter wrote: > (snip) > > But it shouldn't matter. We are not spammers. [...] > > .. And btinternet.com > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbtinternet.com=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=h3hoNJQGDul5Mlv%2BK2qV2%2BSD9DPV%2FrZ0eS7PdHIzlDw%3D=0> > is supposed to automatically know this? How? > > -- > SgtChains > > ___ > mailop mailing list > mailop@mailop.org <mailto:mailop@mailop.org> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=hT38BAfnQAlhwuJfCy7OvsjqMU6FQ9w%2BjH8MC6OX9UQ%3D=0> > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Having an Email Crisis? 800 823-9674 Laura Atkins Word to the Wise la...@wordtothewise.com (650) 437-0741 Email Delivery Blog: http://wordtothewise.com/blog ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
You’d be surprised how many people think that their sincerity is flagged in the protocol somehow…. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of John Stephenson Sent: Tuesday, July 11, 2017 5:23 PM To: Larry M. Smith <mailop@fahq2.com> Cc: mailop <mailop@mailop.org> Subject: Re: [mailop] btinternet.com blacklist I hope nobody gets hurt in this massive and sudden effort to dog pile on top of Dom for assuming that being a good sender was enough to avoid being blocked. It was naive given the realities of the internet, but let's not pretend we're all above being trapped in our own perspectives. On Tue, Jul 11, 2017 at 3:39 PM, Larry M. Smith <mailop@fahq2.com<mailto:mailop@fahq2.com>> wrote: Dom Latter wrote: (snip) > But it shouldn't matter. We are not spammers. [...] .. And btinternet.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fbtinternet.com=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=h3hoNJQGDul5Mlv%2BK2qV2%2BSD9DPV%2FrZ0eS7PdHIzlDw%3D=0> is supposed to automatically know this? How? -- SgtChains ___ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cf6a2b27f79ca4854265108d4c8bd8cfd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636354163821612355=hT38BAfnQAlhwuJfCy7OvsjqMU6FQ9w%2BjH8MC6OX9UQ%3D=0> ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
I hope nobody gets hurt in this massive and sudden effort to dog pile on top of Dom for assuming that being a good sender was enough to avoid being blocked. It was naive given the realities of the internet, but let's not pretend we're all above being trapped in our own perspectives. On Tue, Jul 11, 2017 at 3:39 PM, Larry M. Smithwrote: > Dom Latter wrote: > (snip) > > But it shouldn't matter. We are not spammers. [...] > > .. And btinternet.com is supposed to automatically know this? How? > > -- > SgtChains > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Dom Latter wrote: (snip) > But it shouldn't matter. We are not spammers. [...] .. And btinternet.com is supposed to automatically know this? How? -- SgtChains ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 17-07-11 09:09 AM, Seth Mattinen wrote: On 7/11/17 02:19, Philip Paeps wrote: Unfortunately, spammers have made the internet worse for everyone. In the world of email today, "we are not spammers" is not a good enough argument to get your email accepted by anyone. "We're not spammers" is up there with "double confirmed opt-in" or "can-spam compliant" as things a spammer would say to try and get unblocked so they can fire off a spam run. ~Seth Some of my favourites... Templated responses.. "Could you please send us some evidence.." "We have taken necessary steps to prevent any kind of spam email being sent from the server" "We have investigated this issue and has taken care of" "pls remove me from blacklist" (that is the full request) "not listed in any blacklist except yours" "The mail server is clean" "..signed.. delivery consultant" (Why do they need one?) "The spam problem related to this issue was already solved" "We use DKIM and SPF" -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 7/11/17 11:43 AM, Michael Wise via mailop wrote: Let's not forget S.1618 And, "We're not the sender, our spammy customer is the sender." -- Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Let's not forget S.1618 Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Got the Junk Mail Reporting Tool ? -Original Message- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Seth Mattinen Sent: Tuesday, July 11, 2017 9:10 AM To: mailop@mailop.org Subject: Re: [mailop] btinternet.com blacklist On 7/11/17 02:19, Philip Paeps wrote: > > Unfortunately, spammers have made the internet worse for everyone. In > the world of email today, "we are not spammers" is not a good enough > argument to get your email accepted by anyone. "We're not spammers" is up there with "double confirmed opt-in" or "can-spam compliant" as things a spammer would say to try and get unblocked so they can fire off a spam run. ~Seth ___ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Ca54675cb74d04aa25dd408d4c878fe3d%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636353869367881078=noFy8kdhXOfRtw9sC%2F8tBpfWYl5kKoF%2B9DCypGaaqQ0%3D=0 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 7/11/17 02:19, Philip Paeps wrote: Unfortunately, spammers have made the internet worse for everyone. In the world of email today, "we are not spammers" is not a good enough argument to get your email accepted by anyone. "We're not spammers" is up there with "double confirmed opt-in" or "can-spam compliant" as things a spammer would say to try and get unblocked so they can fire off a spam run. ~Seth ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 2017-07-10 12:53:55 (+0100), Dom Latterwrote: On 10/07/17 11:22, Suresh Ramasubramanian wrote: Back during the old nanae and spam-l days in the 90s and 2000s, whenever this came up, and it did a lot even with filters a lot less hair trigger than what we have today, the usual analogy wasn't people partying next door, it was usually compared to renting an apartment in a high crime area so cabbies and pizza delivery people wouldn't go there after dark, or most any time for that matter: We have been in the Hetzner "neighbourhood" for years. This is our fourth server (and hence IP address) there and the first time we have had this issue. [1] You've merely been lucky. Plenty of people block substantially all of Hetzner's address space. But it shouldn't matter. We are not spammers. Unfortunately, spammers have made the internet worse for everyone. In the world of email today, "we are not spammers" is not a good enough argument to get your email accepted by anyone. It is stupid to block a range of IP addresses on the behaviour of one. I disagree. First of all, it's not the behaviour of one. It's the behaviour of many over a period of several years. Hetzner's abuse handling has historically been abysmal. Having most of their address space blacklisted by just about everyone who cares apparently forced them to start cleaning up their network[0]. It's a pity that that's what it took... And there should be some sort of checker / delisting mechanism that is better than writing to postmaster@ and hoping for the best. Spammers would love that. [1] We have relatively unusual requirements - we need *lots* of disk space (we upload 2TB / year, and it's nice to have a few years worth) but other than that a fairly modest server will suffice. It would be nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr. I also host several servers at Hetzner. While I am critical of their abuse handling, I am very happy with their services (and their prices). Like you, I particularly find their storage prices attractive. To give my email a fighting chance of being delivered though, I also have a very cheap, very modest, VPS with another hoster with a more savoury reputation. Maybe that would work for you too? Philip [0]: Hetzner abuse staff are reading this mailing list and can explain what they've been doing to oust existing spammers and prevent signing up new ones. It's obviously not an easy task and few people will accept their promise that things are improving until they see if with their own eyes. Meanwhile lots of networks still refuse all of their mail. -- Philip Paeps Senior Reality Engineer Ministry of Information ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Am 10.07.2017 um 21:45 schrieb John Levine: > Many other hosting companies manage to control their spam. The usual > approach is to filter the mail their customers send, either with > "transparent" filters hijacking port 25 traffic From your experience: Are spammers relying on unencrypted SMTP? I just checked and most of our outbound SMTP deliveries are using TLS. > or by blocking port 25 and providing a smarthost. That might work - at least if server got hacked. > I suppose they might claim that under German law they're not allowed to do > that, but for one thing, that's not our problem, and for another, > Schlund/1&1 manages to deal with it. Ok, maybe I'm just unlucky but I get quite a bit of spam via their relay servers. If I'm not mistaken also Hetzner's mail admins are reading this list so maybe they can convice their management to do something about the bad reputation. regards, Felix ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 10/07/2017 21:53, Dom Latter wrote: > We have been in the Hetzner "neighbourhood" for years. This is our > fourth server (and hence IP address) there and the first time we have > had this issue. [1] Consider yourself lucky, we have a large chunk of Hetzner blocked > But it shouldn't matter. We are not spammers. It is stupid to block > a range of IP addresses on the behaviour of one. And there should be Uhg, your real name isnt Harry is it... had this argument out with him many a time > some sort of checker / delisting mechanism that is better than writing > to postmaster@ and hoping for the best. Sammers would love that > -- Kind Regards, Noel Butler This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF [1] and ODF [2] documents accepted, please do not send proprietary formatted documents Links: -- [1] http://www.adobe.com/ [2] http://en.wikipedia.org/wiki/OpenDocument signature.asc Description: OpenPGP digital signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Again, we are getting pretty off-topic.. but for the record.. inetnum:5.9.170.240 - 5.9.170.255 netname:HOS-201823 descr: HOS-201823 country:DE admin-c:HOAC1-RIPE tech-c: HOAC1-RIPE status: ASSIGNED PA mnt-by: HOS-GUN created:2017-06-23T01:18:48Z last-modified: 2017-06-23T01:18:48Z source: RIPE # Filtered role: Hetzner Online GmbH - Contact Role address:Hetzner Online GmbH address:Industriestrasse 25 address:D-91710 Gunzenhausen address:Germany [240-255] 5.9.170.244 (RS) 3 static.244.170.9.5.clients.your-server.de 5.9.170.245 (RS) 4 static.245.170.9.5.clients.your-server.de 5.9.170.246 (RS) 3 static.246.170.9.5.clients.your-server.de 5.9.170.247 (RS) 1 static.247.170.9.5.clients.your-server.de We have automated systems that detect outbreaks like these from many hosting providers, close to zero day, but yes.. it seems that they are giving 'new customers' IP Space that are just snowshoe spammers, or general spammers, and it is still happening on an almost daily basis, so their methods for 'signing up' new customers does seem to be having it's challenges, or they aren't concerned until AFTER the abuse reports roll in. It would help if they advertised the operator of the delegated IP space properly in their 'rwhois/SWIP', but aside from that, it isn't hard for them to see sudden large increases in outbound SMTP from new operators if they want to. (HOS-201823 doesn't really help anyone) And egress reporting is available in almost every router out there, eg creating alerts when a sudden large amount of traffic on egress to port 25 is generated. And of course, no outbound email should be allowed to port 25, from certain DNS naming conventions.. Any hosting company which waits for an 'abuse report' before acting, is bound to end up with reputation problems.. On 17-07-10 12:41 PM, John Levine wrote: In article <34c9f2de-c6bf-69af-6570-f17b3f283...@latter.org> you write: We have been in the Hetzner "neighbourhood" for years. This is our fourth server (and hence IP address) there and the first time we have had this issue. [1] Honestly, you're lucky. Hetzner gushes spam, and I've had most of their IP ranges totally blocked for years. I report a lot of it (semi-automatic tools) which has never made any difference I could see. But it shouldn't matter. We are not spammers. It is stupid to block a range of IP addresses on the behaviour of one. But it makes a lot of sense to block a range of IP addresses when the whole range gushes spam. Whenever I've looked at the logs, the stuff from Hetzner is like 99% spam. R's, John PS: Unpersuasive argument: "This is inconvenient for me, therefore you should not do it." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 7/10/17 04:53, Dom Latter wrote: [1] We have relatively unusual requirements - we need *lots* of disk space (we upload 2TB / year, and it's nice to have a few years worth) but other than that a fairly modest server will suffice. It would be nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr. Spammers and abusers like low costs, too. One could even argue it attracts them, especially if the hoster doesn't really care. Even if they do get turned off they're not out that much money (if any) to fire and forget. ~Seth ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
In article <6dc1c120-5c8d-3d83-fdfc-c520f5c05...@schwarz.eu> you write: >What puzzles me most is that I'm not sure how providers like Hetzner are >supposed to reduce their spam rate significantly. Hetzner is an outlier, and not in a good way. Many other hosting companies manage to control their spam. The usual approach is to filter the mail their customers send, either with "transparent" filters hijacking port 25 traffic or by blocking port 25 and providing a smarthost. I suppose they might claim that under German law they're not allowed to do that, but for one thing, that's not our problem, and for another, Schlund/1&1 manages to deal with it. R's, John ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
They may not even be renting directly to spammers, but their users are getting compromised and sending spam and other crap from their servers. We see clickbot and other fraud farming from those IP ranges as well. It is an unfortunate situation, and challenging, no doubt. Brandon On Mon, Jul 10, 2017 at 5:52 AM, Felix Schwarz via mailopwrote: > > Am 10.07.2017 um 13:53 schrieb Dom Latter: > > But it shouldn't matter. We are not spammers. It is stupid to block > > a range of IP addresses on the behaviour of one. And there should be > > some sort of checker / delisting mechanism that is better than writing > > to postmaster@ and hoping for the best. > > Well, this situation comes up quite regularly here and surprisingly the > problem is often with servers hosted in Hetzner's dc. > > It seems like the consensus of major inbox providers is that blocking > networks > is acceptable and the collateral damage weighs less than their improved(?) > ability to block more spam. > > What puzzles me most is that I'm not sure how providers like Hetzner are > supposed to reduce their spam rate significantly. Seemingly many inbox > providers get a lot of spam from the Hetzner network and sometimes they > block > some ip ranges based on the spam/ham ratio. The message I'm getting from > these > providers is "the spam rate must go down". > > However I don't see any specific recommendations throughout the industry > how > to manage spam rate as a IAAS provider. Maybe that's just me and probably > others know better but it is certainly not easy to find. > > As far as I can tell Hetzner employs a "traditional" approach to managing > spam: Running a responsive abuse department where you can reach actual > humans. > I think they also monitor some blacklists for their IP ranges (also I can > see > them being subscribed in Microsoft's SNDS). > > One problem I'm seeing in their approach is that they might wait too long > before shutting down a spammer. In edge cases they tend to give the > customer/spammer some time to response to complaints before cutting > connectivity for that machine. > > > I'd like to hear what other big IAAS providers are doing to get "ok-ish" > deliverability from their IP networks? > At least for our customers I can say that Hetzner's ham/spam ratio is much > better than OVH and (even worse) DigitalOcean but maybe that's just a bad > sample. > > Felix > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 10/07/2017 12:53, Dom Latter wrote: [1] We have relatively unusual requirements - we need *lots* of disk space (we upload 2TB / year, and it's nice to have a few years worth) but other than that a fairly modest server will suffice. It would be nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr. Another thought - you could always have your web hosting with Hetzner and have a cheap server with much less storage somewhere else which you use for sending mail (so the web server on the untrustable IP address sends mail via a relay with an IP address in a nicer neighbourhood). ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 10/07/2017 12:53, Dom Latter wrote: but other than that a fairly modest server will suffice. It would be nice to find a UK provider with, say, 4 x 4TB disk, for < 100USD / yr. Do you really mean $100/yr? That doesn't even cover the cost of 4 x 4TB disks, never mind the rest of the server, electricity, bandwidth, redundancy, backups etc If you mean $100/mth, then I'd look at getting your own server and pay to store it in a data centre somewhere. You should be able to get 1U colocation in the UK for about that price. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On Mon, Jul 10, 2017 at 12:53:55PM +0100, Dom Latter wrote: > On 10/07/17 11:22, Suresh Ramasubramanian wrote: > > Back during the old nanae and spam-l days in the 90s and 2000s, > > whenever this came up, and it did a lot even with filters a lot less > > hair trigger than what we have today, the usual analogy wasn't people > > partying next door, it was usually compared to renting an apartment > > in a high crime area so cabbies and pizza delivery people wouldn't go > > there after dark, or most any time for that matter: > > We have been in the Hetzner "neighbourhood" for years. This is our > fourth server (and hence IP address) there and the first time we have > had this issue. [1] I've had several in Hetzner too, without issue. They require a government ID to sign up with so they can ban individuals from using their service just because of the spam issue. They are very quick to act to messages they've received at their abuse@ account. In other words, they are not OVH. B. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 10/07/2017 11:11, Dom Latter wrote: And they are not saying they will blacklist it again if they get spam from it. They are saying they might blacklist it again if they get spam from a *different* IP address - which happens to be in a similar range. It's like I move into a house and find that I am banned from having visitors because somebody once held a noisy party in the house next door. To be honest, they're saying "You've chosen to use a badly behaved hosting company which helps spammers, so we can't guarantee your address won't get blocked again" You can always change to a hosting company with a better reputation which deals properly with spammers. That'll solve your problem. The only way bad hosting companies will change their ways is if legitimate customers go elsewhere. BT are just trying to encourage that. I don't generally agree with BT, but this seems reasonable to me. I wish Google, Microsoft etc would do the same... ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
It's like I move into a house and find that I am banned from having visitors because somebody once held a noisy party in the house next door. At least in England, before you buy a house, you get a solicitor (lawyer, not street-walker) to do "searches". If they missed that ban you would claim from your expert. -- Andrew C Aitchison Cambridge, UK ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
Back during the old nanae and spam-l days in the 90s and 2000s, whenever this came up, and it did a lot even with filters a lot less hair trigger than what we have today, the usual analogy wasn't people partying next door, it was usually compared to renting an apartment in a high crime area so cabbies and pizza delivery people wouldn't go there after dark, or most any time for that matter: Yes all analogies suck in one way or the other --srs > On 10-Jul-2017, at 3:41 PM, Dom Latterwrote: > > It's like I move into a house and find that I am banned from having > visitors because somebody once held a noisy party in the house next > door. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] btinternet.com blacklist
On 10/07/17 10:51, Noel Butler wrote: On 10/07/2017 19:02, Dom Latter wrote: "The IP address is owned by the hosting company Hetzner Online GmbH. Unfortunately we have seen many spam attacks from servers/IP addresses hosted by this company and at times various groups of IP addresses have been blocked as a result of this. I will clear the restrictions on this IP address now, but as the address is on amongst several used for sending mail it is possible that the restrictions will return." [1] Which is bizarre. Nothing bizarre about it at all, they've essentially just warned you that if your server relays for others, it is likely they will remove your exclusion if they get spam from it, consider what they are doing is offering you a life-line, if it gets abused, they'll cut it and let you sink. My server does not relay for others. [1]. And they are not saying they will blacklist it again if they get spam from it. They are saying they might blacklist it again if they get spam from a *different* IP address - which happens to be in a similar range. It's like I move into a house and find that I am banned from having visitors because somebody once held a noisy party in the house next door. [1] FTAOD: my customer sells photographs from motorcycle trackdays. The email we send out is not just requested, it's often paid for. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop