> From: Alessio Cecchi
> we are an email hosting provider, and as you know many users use weak
> passwords, or have trojan on their PC that stolen their password that
> are used to sent spam or doing some kinds of fraud.
>
> We already have a "script" that checks, from log files, the country o
TLDs are not all created equal, and their usage by spammers is also
unequal... nor are the companies that manage them.
Some are very expensive, some are cheap, some may be free... there are
differences in how quickly they handle take-downs, how quickly
they detect bad actors and fraudulent charges
On 2021-09-20 20:17:27 (+0800), Jaroslaw Rafa via mailop wrote:
Why Google dislikes it so much?
Google is a machine. It doesn't like or dislike anything. The humans
who work at Google can tune the machine a little bit, but they are
vastly outnumbered by the data the machine has been learnin
> On Sep 21, 2021, at 2:25 PM, Michael Peddemors via mailop
> wrote:
>
> On 2021-09-21 12:09 p.m., Mark Milhollan via mailop wrote:
>>> Block AUTH from Amazon/Gcloud/Azure by default
>> Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace, etc.,
>> perhaps especially those tha
> On 9/20/21 01:39, Kevin A. McGrail via mailop wrote:
> > Hello, working on a delivery error that to me looks like there might be
> > DNS issues. Very unusual.
>
> if you do reach a human there, could you do us all a favor and ask them
> whether they still believe in the tooth
> fairy^H^H^H^H^H^H
On Tue, September 21, 2021 22:50, Jaroslaw Rafa via mailop wrote:
> Just today I found
> out that Gmail has dropped to Spam a few *replies from other Gmail users*
> (our members) to messages that we sent out from that account to them!
> Regular replies, to regular messages, *from Gmail user to Gmai
Dnia 20.09.2021 o godz. 14:17:27 Jaroslaw Rafa via mailop pisze:
> I want to return to an old issue, which repeatedly happens again and again,
> that is, Google putting emails from me to recipient's spam folder. What's
> absurd, this happens not only to Gmail addresses to which I am writing for
> t
More good points..
.. for the record, compromises via SMTP are easier to identify, the
scary ones are IMAP authentication ones, as the hacker can log in simply
once every week, and search your inbox for personal information,
password reset links, services that you use, credit card information,
On 2021-09-21 12:09 p.m., Mark Milhollan via mailop wrote:
Block AUTH from Amazon/Gcloud/Azure by default
Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace,
etc., perhaps especially those that are "too easy" for spammers and
miscreants to get a machine going on? I can unde
Control over account creation (this is more a free mailbox kind of thing)
Risk based analysis at login time based on the available signals
Risk based analysis of the overall connection
Spam analysis of the sent mail
All of which needs to feed into each other.
For the larger providers, this is an
Hi,
Dňa Tue, 21 Sep 2021 17:08:54 +0200 Alessio Cecchi via mailop
napísal:
> For "do something" I means:
>
> - too many logins from different country
> - too many fast login
You do not tell what IMAP/POP3 server are you using, but eg. with
dovecot you can use/apply these (and more) policies by
On Tue, 21 Sep 2021, Michael Peddemors wrote:
Use RATS-AUTH to block auth attacks, from known dedicated IP(s) ;)
I've tried this, so far it has blocked 7 of 4933 AUTH attempts since I
began using it.
Block AUTH from Amazon/Gcloud/Azure by default
Would you include other clouds, like Alib
Hi,
Dňa Tue, 21 Sep 2021 18:30:46 +0200 Alexey Shpakovsky via mailop
napísal:
> On Tue, September 21, 2021 17:39, Slavko via mailop wrote:
>
> > I am curious, do you block whole gmail.com?
>
> No, but at one time I was pretty close to blocking yahoo, having 0
> friend using it.
>
> But I hav
Though a bit of a non-standard approach, I collect email subjects and
recipients from accounts that were compromised and used by the attacker
to send email. I use rspamd to mark them, and then I use bash scripts to
check for emails that hit the rspamd triggers and alert via Pushover
that an eve
On 9/21/21 08:08, Alessio Cecchi via mailop wrote:
Hi,
we are an email hosting provider, and as you know many users use weak
passwords, or have trojan on their PC that stolen their password that
are used to sent spam or doing some kinds of fraud.
Fail2ban for weak passwords.
There are also
Use RATS-AUTH to block auth attacks, from known dedicated IP(s) ;)
Block AUTH from Amazon/Gcloud/Azure by default
Consider transparent 2FA like CLIENTID
Fail2Ban is a stop gap mentioned often on the list.. but be careful, as
it might block a large CGNAT range.
Country authentication controls
On Tue, September 21, 2021 17:39, Slavko via mailop wrote:
> Hi,
>
> Dňa Tue, 21 Sep 2021 15:02:37 +0200 Alexey Shpakovsky via mailop
> napísal:
>
>> However, we live in an imperfect world, and if some email provider
>> would declare themselves "big" but offer unlimited number of free
>> email add
Hi,
we are an email hosting provider, and as you know many users use weak
passwords, or have trojan on their PC that stolen their password that
are used to sent spam or doing some kinds of fraud.
We already have a "script" that checks, from log files, the country of
the IP address and "do so
Hi,
Dňa Tue, 21 Sep 2021 15:02:37 +0200 Alexey Shpakovsky via mailop
napísal:
> However, we live in an imperfect world, and if some email provider
> would declare themselves "big" but offer unlimited number of free
> email addresses for spammers - then everyone else will likely just
> block the
On Tue, September 21, 2021 13:37, Jaroslaw Rafa via mailop wrote:
>
> What I want to say is, when example.org is on PSL, reputation of
> sub1.example.org SHOULD NOT have impact on reputation of sub2.example.org,
> as they are usually independent entities.
I totally agree with you. Moreover, I woul
Be careful here in asuming things that have more facets;
* the PSL is divided into an official ICANN part and a PRIVATE section
* there are Applications that use the PRIVATE part and there are Applications
that activly don't use it
* the DMARC RFC does not say that an DMARC validator has to use t
Dnia 20.09.2021 o godz. 23:41:11 John Levine via mailop pisze:
> It appears that Jaroslaw Rafa via mailop said:
> >It is possible, but eu.org is on the Public Suffix List, so different
> >subdomains of it shouldn't be "merged", like for any other domain in the PSL.
>
> The PSL, despite being used
Just to be clear because I'm selfish and trying to fix the issue I'm
having, is SiteGround using SMTP EXPN / VRFY commands when they try to
deliver mail but failing if they don't work? I do use the privacy
option of goaway for Sendmail.
Regards,
KAM
_
W dniu 2021-09-20 o 15:17, Xavier Beaudouin via mailop pisze:
Seems maybe this is a misunderstanding of gmail / google about tld eu.org.
If subdomain from Jaroslaw maybe clean, maybe there is some other domains
hosted by this (pseudo) TLD that send shit to gmail.
So as a short path, gmail admi
24 matches
Mail list logo
