subject:"\[swinog\] Re\: bluewein.ch \- automatic spamtrap\?"

[swinog] Re: bluewein.ch - automatic spamtrap?

2022-07-18 Diskussionsfäden Claudio Kuenzler via swinog

On Fri, Jul 15, 2022 at 7:33 AM Claudio Kuenzler 
wrote:

> Datawire is off the hooks. Turning around the wheel and going North,
> towards the lands of Hetzner.
>

The MX-Record of bluwein.ch resolves to sendmailtoserver.bluwein.ch, which
sometimes answers with a A record pointing to Hetzner, sometimes with a
different A record pointing to I-Netpartner in Germany.
I didn't receive a confirmation that they forwarded my complaint/contact
request to their customer. From I-Netpartner however I received a call
today.
The domain "bluwein.ch" is indeed registered to the owners of the
UCEProtect DNSBL and has been for many years. According to the infos I
obtained, UCEProtect sometimes buys previously used domains, turns off any
MX record for one year and then switch on the MX records again. All
received mail is then immediately flagged as spam because "only spam
systems would send e-mails to a previously unavailable domain".

Whether or not this domain is used for "catching typo errors" is
speculation. I personally think the domain name is way too close to the
widely used bluewin.ch domain. When I look at our relay, we see all kinds
of typo errors relating to bluewin.ch, e.g. buewin.ch, bluwiin.ch and many
more variations.

We have now internally resolved this blacklisting problem by adjusting our
mail relay's (Postfix) transport rule, bouncing all e-mails destined to
bluwein.ch:

# Do not send mails to the following domains
bluwein.ch error:Admiral Ackbar knows this is a trap

Maybe this solution comes in handy for others going down the same path.
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

2022-07-14 Diskussionsfäden Claudio Kuenzler via swinog

On Fri, Jul 15, 2022 at 7:15 AM Claudio Kuenzler 
wrote:

>
> Thanks for all the responses and ideas!
>
> So the research and  journey has begun with Datawire. May it hopefully end
> in success. I shall inform you all again, whether or not I've become wiser.
>

To prove how fast such a typo happens, take my e-mail as example. The
spamtrap domain in question is actually "bluwein.ch" and not "bluewein.ch".
:-/
Datawire is off the hooks. Turning around the wheel and going North,
towards the lands of Hetzner.
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

2022-07-14 Diskussionsfäden Claudio Kuenzler via swinog

On Thu, Jul 14, 2022 at 5:26 PM Matias Meier  wrote:

> For me it looks like, that the domain ‘bluewein.ch’ is not in control of
> Swisscom, but it is in control of the person who most likely also controls ‘
> ict-olten.ch’ and ‘cuida.ch’.
>
> You could try to contact Datawire AG, as the IP address of the
> ‘mailserver’ ‘mail.ict-olten.ch’ is hosted by them… maybe prepare a
> message and ask them friendly to forward it to their customer. That would
> be my approach.
>

Thanks for all the responses and ideas!

So the research and  journey has begun with Datawire. May it hopefully end
in success. I shall inform you all again, whether or not I've become wiser.

>
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

2022-07-14 Diskussionsfäden Rainer Duffner via swinog



> Am 14.07.2022 um 16:57 schrieb Claudio Kuenzler via swinog 
> :
> 
> Hello list,
> 
> We are seeing some "mean" behaviour when sending an e-mail to any e-mail 
> address ending in @bluewein.ch . Note the difference 
> between bluewin and bluewein...
> 
> As soon as an e-mail is sent from our relay to this domain, we get listed on 
> the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a 
> serious blacklist, but some mail providers actually use this service and then 
> block our legit e-mails. 
> 
> Now to this domain. On HTTP all seems in order, the domain is redirected to 
> bluewin.ch . But SMTP points to a separate mail server: 
> mail.ict-olten.ch . Behind ict-olten.ch 
>  seems to be nobody (no website, no other results so 
> far after a bit of research). 
> 
> Does anyone here in the list have information about the behaviour of this 
> domain and who is responsible for it? Obviously a typo "bluewein" instead of 
> "bluewin" happens pretty fast when users are registering and it's already the 
> second or third time within a month that we get blacklisted due to a typo 
> from users.
> 
> thanks for any hints and cheers,
> ck
> ___
> swinog mailing list -- swinog@lists.swinog.ch
> To unsubscribe send an email to swinog-le...@lists.swinog.ch


Maybe this guy:

https://www.moneyhouse.ch/de/company/graeppi-ict-projects-7019018421


„Mr ICT Projects, would you stand up, please?“


;-)



Rainer___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

2022-07-14 Diskussionsfäden Matias Meier via swinog

Hi Claudio

For me it looks like, that the domain ‘bluewein.ch’ is not in control of 
Swisscom, but it is in control of the person who most likely also controls 
‘ict-olten.ch’ and ‘cuida.ch’.
You could try to contact Datawire AG, as the IP address of the ‘mailserver’ 
‘mail.ict-olten.ch’ is hosted by them… maybe prepare a message and ask them 
friendly to forward it to their customer. That would be my approach.

Anyway, keep us posted if you find out anything else!

BR
Matias

Von: "swinog@lists.swinog.ch" 
Antworten an: Claudio Kuenzler 
Datum: Donnerstag, 14. Juli 2022 um 17:58
An: "swinog@lists.swinog.ch" 
Betreff: [swinog] bluewein.ch - automatic spamtrap?

Hello list,

We are seeing some "mean" behaviour when sending an e-mail to any e-mail 
address ending in @bluewein.ch. Note the difference between 
bluewin and bluewein...

As soon as an e-mail is sent from our relay to this domain, we get listed on 
the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a 
serious blacklist, but some mail providers actually use this service and then 
block our legit e-mails.

Now to this domain. On HTTP all seems in order, the domain is redirected to 
bluewin.ch. But SMTP points to a separate mail server: 
mail.ict-olten.ch. Behind 
ict-olten.ch seems to be nobody (no website, no other 
results so far after a bit of research).

Does anyone here in the list have information about the behaviour of this 
domain and who is responsible for it? Obviously a typo "bluewein" instead of 
"bluewin" happens pretty fast when users are registering and it's already the 
second or third time within a month that we get blacklisted due to a typo from 
users.

thanks for any hints and cheers,
ck
___
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch

[swinog] Re: bluewein.ch - automatic spamtrap?

[swinog] Re: bluewein.ch - automatic spamtrap?

[swinog] Re: bluewein.ch - automatic spamtrap?

[swinog] Re: bluewein.ch - automatic spamtrap?

[swinog] Re: bluewein.ch - automatic spamtrap?

5 matches

Site Navigation

Mail list logo

Footer information