Re: Working with Spamhaus
If you implement SPF / DKIM / DMARC / ADSP, force your customers to relay their mail through something you control, and show them you are serious about stopping the spam they may work with you then. Otherwise, they just assume you're a spam house.
Re: DMARC - CERT?
On Wed 16 Apr 2014 09:40:11 PM PDT, Jim Popovitch wrote: On Thu, Apr 17, 2014 at 12:19 AM, Private Sender nob...@snovc.com wrote: On 04/14/2014 03:47 PM, Jim Popovitch wrote: On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard sc...@doc.net.au wrote: On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch jim...@gmail.com wrote: 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the last full week before the US tax filing deadline. The change was made on the previous Friday, so that date is largely irrelevant. 7-April: OpenSSL's *public* advisory (after a full week of private notifications, of which yahoo surely was one tech company in on the early notifications) Given that many of their main services were vulnerable at the time of public disclosure, I think that's a very large assumption to make... If nothing else, I suspect the odds of it being known by the same people that made the DMARC decision/changes is low. I think you are right on that, but that doesn't change the fact that the sum of those things overburdened a lot of mailinglist operators. It is what it is, and the press has covered it and mailinglists are blocking/unsub'ing yahoo accounts in order to cope. -Jim P. I'm sorry but is there a fundamental misunderstanding of dmarc going on in this thread? Yahoo doesn't want you to be able to send @yahoo.com email from anything other than THEIR servers which contain the private key that corresponds to their DKIM implementation, and conversely dmarc. p=reject tells the receiving domain to reject the message if it isn't signed by the private key that corresponds with the public key that is in the dkim txt record for yahoo.com Isn't this the whole point of dmarc? Stop spammers from sending email with @yahoo.com that doesn't originate from a valid yahoo email server. Yes, but @yahoo.com is a bad example because it delivers user originated content. Yahoo's implementation of dmarc is working as intended. Are you also speaking for all yahoo uses when you declare that they should no longer be able to participate on mailinglists? Stealing someones password, and logging into their yahoo mail account and spamming isn't going to matter to dmarc. The mail originated from yahoo, and it was an authenticated user; the mail will be signed with the DKIM key, it will be accepted by the receiving domain (unless the email address is blacklisted by the receiving domain). But, but, but Yahoo implemented DMARC to supposedly stop Spam...(which ironically others have shown that a lot of spam originates from Yahoo servers, but I digress) There is no need to flame a company because they implemented a policy to ensure QoS to their customers. Either push your mail through their servers, or Just find somewhere else you can push your mailing lists through. LOL QoS, really? QoS to me, a yahoo account holder, would be less inbound spam. -Jim P. Well yeah inbound spam filtering would be nice. But they have refused to do anything about if for a better part of a decade. Sadly, they can't control mail originating from other domains (other than mail stating it's from yahoo). Is it possible yahoo doesn't understand how dmarc works? -- -- Bret Taylor
Re: DMARC - CERT?
On 04/14/2014 03:47 PM, Jim Popovitch wrote: On Mon, Apr 14, 2014 at 6:21 PM, Scott Howard sc...@doc.net.au wrote: On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch jim...@gmail.com wrote: 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the last full week before the US tax filing deadline. The change was made on the previous Friday, so that date is largely irrelevant. 7-April: OpenSSL's *public* advisory (after a full week of private notifications, of which yahoo surely was one tech company in on the early notifications) Given that many of their main services were vulnerable at the time of public disclosure, I think that's a very large assumption to make... If nothing else, I suspect the odds of it being known by the same people that made the DMARC decision/changes is low. I think you are right on that, but that doesn't change the fact that the sum of those things overburdened a lot of mailinglist operators. It is what it is, and the press has covered it and mailinglists are blocking/unsub'ing yahoo accounts in order to cope. -Jim P. I'm sorry but is there a fundamental misunderstanding of dmarc going on in this thread? Yahoo doesn't want you to be able to send @yahoo.com email from anything other than THEIR servers which contain the private key that corresponds to their DKIM implementation, and conversely dmarc. p=reject tells the receiving domain to reject the message if it isn't signed by the private key that corresponds with the public key that is in the dkim txt record for yahoo.com Isn't this the whole point of dmarc? Stop spammers from sending email with @yahoo.com that doesn't originate from a valid yahoo email server. Yahoo's implementation of dmarc is working as intended. Stealing someones password, and logging into their yahoo mail account and spamming isn't going to matter to dmarc. The mail originated from yahoo, and it was an authenticated user; the mail will be signed with the DKIM key, it will be accepted by the receiving domain (unless the email address is blacklisted by the receiving domain). There is no need to flame a company because they implemented a policy to ensure QoS to their customers. Either push your mail through their servers, or Just find somewhere else you can push your mailing lists through. Cheers
Re: spamassassin
Randy Bush wrote: in the last 3-4 days, a *massive* amount of spam is making it past spamassassin to my users and to me. see appended for example. not all has dkim. clue? randy From: SmallCapStockPlays i...@smallcapstockplays.com Subject: Could VIIC be our biggest play in 2014? Check the stock today To: ra...@psg.com Date: Tue, 18 Feb 2014 20:48:02 -0500 Return-path: bounces+796782.50654126.285...@icpbounce.com X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ran.psg.com X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,HTML_MESSAGE,MIME_QP_LONG_LINE,T_DKIM_INVALID autolearn=ham version=3.3.2 Received: from psg.com ([2001:418:1::62]) by ran.psg.com with esmtp (Exim 4.76) (envelope-from bounces+796782.50654126.285...@icpbounce.com) id 1WFwGl-0006al-Bu for ra...@ran.psg.com; Wed, 19 Feb 2014 01:48:16 + Received: from [207.254.213.223] (helo=drone166.ral.icpbounce.com) by psg.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from bounces+796782.50654126.285...@icpbounce.com) id 1WFwGZ-000Lp8-0W for ra...@psg.com; Wed, 19 Feb 2014 01:48:04 + DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=icontactmail3.com; h=Mime-Version:From:To:Date:Subject:List-Unsubscribe:X-Feedback-ID:Content-Type:Message-ID; bh=iihwvTJA/ZrrgzXpk+9Muk0Sqlfk5BqD+aI+mL91kn8=; b=wKHIYdl1BdMRK0Kak5Z/2CwsfFh5Byoe9ZlHaqQz3VK4ltYtLfCI3tg6y8Wq3HuULY+ere7Fzz9Q camnKSvqcSx3u8LQWQGQSZoYkOmzcIemCHNNrsBD+WZhVA9R3W10V2NM6OTuJKFURxtmCNME29kH 5bYunRCoGolocQ5HmAw= Mime-Version: 1.0 Errors-To: bounces+796782.50654126.285...@icpbounce.com List-Unsubscribe: https://app.icontact.com/icp/listunsubscribe.php?r=50654126l=4084s=FSMCm=285374c=796782, mailto:bounces+796782.50654126.285...@icpbounce.com X-List-Unsubscribe: https://app.icontact.com/icp/listunsubscribe.php?r=50654126l=4084s=FSMCm=285374c=796782 X-Unsubscribe-Web: https://app.icontact.com/icp/listunsubscribe.php?r=50654126l=4084s=FSMCm=285374c=796782 X-Feedback-ID: 01_796782_285374:01_796782:01:vocus X-ICPINFO: X-Return-Path-Hint: bounces+796782.50654126.285...@icpbounce.com Content-Type: multipart/alternative; boundary=cdf82e78-582d-4a55-9037-dacf81ae37d3 Message-ID: 0.1.f.afd.1cf2d149fe8fd9...@drone166.ral.icpbounce.com [1 text/plain; utf-8 (quoted-printable)] HOME ABOUT US TRADE IDEAS PENNY STOCK ARTICLES DAILY NEWS [1][png] [2][png] [3][png] They are smart and dkim sign their messages; even though it's invalid I believe that's why it has such a low bayes score. It's getting marked as ham and not spam. Are you positive your definitions are still updating?
Re: spamassassin
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/18/2014 7:10 PM, Suresh Ramasubramanian wrote: DKIM serves to authenticate the source of the message. So this is a stock tip spam sent through an email service provider called icontact, and the dkim signature declares that. Just that and nothing more. Says nothing at all about the email's reputation - whether it is spam or not. --srs On Tuesday, February 18, 2014, Randy Bush ra...@psg.com wrote: - -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/18/2014 7:10 PM, Suresh Ramasubramanian wrote: DKIM serves to authenticate the source of the message. So this is a stock tip spam sent through an email service provider called icontact, and the dkim signature declares that. Just that and nothing more. Says nothing at all about the email's reputation - whether it is spam or not. --srs On Tuesday, February 18, 2014, Randy Bush ra...@psg.com wrote: Yeah, it just validates the domain that the email came from. But, X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ran.psg.com X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,HTML_MESSAGE,MIME_QP_LONG_LINE,*T_DKIM_INVALID* autolearn=ham version=3.3.2 Spamassassin knows the dkim signature is invalid, so there must be a dns query that occurs at this point in the message processing. If that is the case, there must be someway to configure to reject if the dkim signature is invalid. X-Spam-Status: No, score=0.8 required=5.0 Spamassassin isn't going to block anything until it registers a score of 5. So, just having a dkim signature (even though invalid) is possibly lowering the score. Maybe you could tweak the settings to pick-off spam at a lower score. But, setting your levels down to 0.8 would probably block legitimate email. You could always block their ip in the helo_access (or iptables) of your postfix server (I'm assuming that's what you are using). But that's only going to be a temporary fix. You could also add a rbl query to your mail server config to spamhaus. That could always help. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTBCy2AAoJEMBLKVFKNw4KFDUH/RktUI0ybOj0ruWw06RZUzcD bHiFb/QUahqXihFQMkSwofjV/WovcGkSQgCpzM3XFyGdoo79KzgJ9ByrlPLfIOdI m/pvcRSODl+rOsaXR1VS0bUyTtdRzEdRZ2EQxvXeaSIOnsZCegG+noY+7GJ5U70o NyctfgEod0sxFqeJKTzjXpCaXJsuwFBUL3PlLXVWE6ilAtaxh8KBCmIG/kFMrtoG P+DlTm17d63WZeVBvsZ7YHe/moVm57gBLCsmA8aI6qgqdCGbpkT3p/rKAEcqeV6z RyyIC4vm9gaaJmuh7Cz7hoM2whGsWSxfrNaGV0hCRoNGBAup5NFIQQfsTn858Dc= =Aztz -END PGP SIGNATURE-
Re: Email Server and DNS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/3/2013 8:39 AM, rw...@ropeguru.com wrote: So I figured a little break from the NSA was in order. I am looking for some info on current practice for an email server and SMTP delivery. It has been a while since I have had to setup an email server and I have been tasked with setting up a small one for a friend. My question centers around the server sending outgoing email and the current practices requirements for other servers to accept email Things like rDNS, SPF records, etc... I am pretty much set on the issue of incoming spam and virus. Probably overkill but it is checked at the Sophos UTM firewall and at the email server itself. Thanks, Robert MX, PTR, and SPF are really all you need. I would recommend you go a step further and use DKIM, ADSP, and DMARC. It will help keep asshat spammers from flaming your domain all over the internet. I use http://www.unlocktheinbox.com/ to verify my configuration. - -- - -Bret Taylor -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSdn6aAAoJEFL3ObmpFQy/GG8H/1WnDVLF/53rE+JjxscUOTBj JLppOrSGGHnOB3HtljJt6g7T0ehA2ZNGjVUG7q22G8fJ76br6Ih3eRGLaYDycgkb FPB/lhs2C9yWBlwSjZ6zE8ufATPj1gIU9QIx2Tq+9ndcXMUtVjiLHfpUd1PNVORE jL7PSD2alSSoa29e3BXx1/reCtRPTH3FgAu7WDTwV0LL15hTx5n7gpBae7WtUcWq Yt9nwTGp2XAbZ7pJKDAuoqOQKACwBo2WdVDJwDj7Tn8W4XzY+pTWoQzquqTrR8At jhyGI9L1JIanHnYuGzZUX12JCmkOmu9f2QuqZygJ7ieZ8KvnYQPeFsXM/vVcsVQ= =ADhR -END PGP SIGNATURE-