Re: [mailop] Massive Spam Incident @ Outlook.com?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2022-10-12 at 13:01 +, Slavko via mailop wrote: > I did some experiments with that (not mail related) in past and most > often > user's response was something as -- "They are big, they are doing > things > right!" The most of us known,

Re: [mailop] SMTP noise from *.bouncer.cloud

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2022-09-04 at 19:49 +, Radek Kaczynski via mailop wrote: > Regarding the list of IPs - I'd prefer to send it to the interested > people directly. > I'd like to have a track of record to whom I have exposed it and You realize of course

Re: [mailop] SMTP noise from *.bouncer.cloud

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2022-09-04 at 00:43 +0200, Radek Kaczynski via mailop wrote: > If any of you would like to get a full list of our IP addresses and > domains so that you can block Bouncer's requests - please feel free to > email me at ra...@usebouncer.com.

Re: [mailop] smtp dane/tlsa

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2022-09-03 at 17:41 +, ml+mailop--- via mailop wrote: > How did you notice that "something is now broken"? A former client was trying to setup Fedora 36 sendmail with dane validation. F36 comes with sendmail 8.17.1 which is supposed to

Re: [mailop] smtp dane/tlsa

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2022-09-02 at 18:42 +, ml+mailop--- via mailop wrote: > Are you sure you want 3 0 1 and not 3 1 1? Yes. We are publishing the hash of the full certificate. Note there are two tlsa records, one corresponding to the previous LE

[mailop] smtp dane/tlsa

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Years ago I setup automation for tlsa records to support smtp dane here. However, something is now broken, and I am not sure what is wrong. _25._tcp.mail3.five-ten-sg.com. IN TLSA 3 0 1 (

Re: [mailop] So, Sendgrid / Zoom, planning on actually doing anything about webinar spams?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2022-07-20 at 12:41 -0600, Brie via mailop wrote: > It's still going on even though it was 'being looked into'. Fixed here by blacklisting the DKIM signature from zoom.us -BEGIN PGP SIGNATURE-

Re: [mailop] Google's Request to the FEC about Allowing Political Email to Bypass Spam Filtering

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2022-07-09 at 17:22 -0600, Anne Mitchell via mailop wrote: > "It shall be unlawful for an operator of an email service to use a > filtering algorithm to apply a label to an email sent to an email > account from a political campaign unless

Re: [mailop] AT blocking IP addresses

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2022-03-30 at 10:55 -0700, Michael Peddemors via mailop wrote: > Imagine the day where you can't use email unless you use Gmail or > o356. If that happens, there will be two mail systems (gmail/o365) and (everyone else). If the (gmail/o365)

Re: [mailop] Can someone from google/gmail contact me offlist?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2022-03-30 at 09:56 -0500, Al Iverson via mailop wrote: > Since this specifically refers to domain reputation I'd make sure all > mail is properly signing with DKIM. Domain rep can also fall back to > the return-path domain, so if that's

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2021-08-04 at 16:40 -0700, Luke via mailop wrote: > Bounces and spam report percentages dropped. I am probably not the only one that has SA blocking all mail from some of those senders. header SENDGRID4 X-Entity-ID =~

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2021-07-08 at 09:14 -0700, Luke via mailop wrote: > Both of the accounts reported by Michael have been suspended. DATE: 07/11/21 07:00:22 PDT IP: o5.sg.zoom.us :::149.72.199.144 env_From: bounces+21079884-d4de-.. X-Entity-ID:

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote: > That one is Zoom.us itself. > Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144]) > Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us > [167.89.93.232])

Re: [mailop] Contact for Zoom webinar spam sent via Sendgrid (ugh)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-07-06 at 23:59 +0300, Atro Tossavainen via mailop wrote: > X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q== > Return-Path: https://list.mailop.org/listinfo/mailop

Re: [mailop] protection.outlook.com refusing to accept mail with misleading temp error message

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2021-06-01 at 21:46 -0400, yuv via mailop wrote: > but I do like the fact that if someone puts > a letter with my address in a post office box anywhere in the world, > it > makes its way to my snail box within a reliable service standard.

Re: [mailop] Microsoft antispam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2021-02-05 at 10:04 -0600, Lyle Giese via mailop wrote: > I just looked at the dns entries for foddi.net. The A and > records for mx1.mail.foddi.net has a TTL of 120 seconds. For many mail > providers that indicates a dynamic IP

Re: [mailop] cloudapp.azure.com?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-12-17 at 07:28 -0800, Michael Peddemors via mailop wrote: > But yeah, it's ugly on Azure right now.. 41.201.224.52.list.dnswl.org. 10800 IN TXT "cloudapp.azure.com https://dnswl.org/s/?s=53622; 41.201.224.52.list.dnswl.org. 10800 IN

Re: [mailop] Just how does SendGrid fail this badly?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-08-18 at 12:03 +, Andy Smith via mailop wrote: > From: "chiark.greenend.org.uk" So sendgrid account 15204622 was sending mail as: Received: from dhl.com (unknown) by ismtpd0005p1lon1.sendgrid.net (SG) with ESMTP

Re: [mailop] Just how does SendGrid fail this badly?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote: > The SendGrid account sending these yesterday is 13999362. Where do you find that account number in the headers? I see some from today with "Upgrade (FINAL WARNING)" in the

Re: [mailop] Google and Spam detection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2020-07-24 at 22:08 -0400, John Levine via mailop wrote: > Depends whether you consider Comcast to be big. They sure have a lot > of customers. If five-ten-sg.com wants to deliver to comcast.net, my publishing tlsa records for

Re: [mailop] Is there a contact for ono.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2020-07-16 at 00:07 +0300, Atro Tossavainen via mailop wrote: > Since https://www.ono.com/ is equally unaccessible from my domestic > Internet connection (also in Finland), I'd say #1 sounds more likely > to me. I can ping www.ono.com ==

Re: [mailop] SPF strict / DMARC interaction / "big" provider behavior...

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-06-17 at 16:45 -0400, Bill Cole via mailop wrote: > > This problem is part of why DMARC was developed. Very few people are > adequately confident of their understanding of DMARC and of its > reliability to make it the root cause of mail

Re: [mailop] Sendgrid and phishing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote: > > Pointing out to users reporting these that blocking Sendgrid > entirely > (the temptation arises) would take out the SG traffic that is highly > desired (at least 70%). Two

Re: [mailop] SendGrid Abuse unresponsive

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-05-05 at 15:06 -0700, Jay Hennigan via mailop wrote: > On 5/5/20 14:30, Blake Hudson via mailop wrote: > > Been getting a variety of Amex scams for several weeks via SendGrid. > > Wish they had a better reporting mechanism. > The

Re: [mailop] [OFF TOPIC] Any WindStream abuse team members on here?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2020-05-06 at 23:39 -0500, Michael Rathbun via mailop wrote: > > The one we see from that group is 183.136.225.44, currently knocking > at the > door but being halted by the "all 183.128.0.0/11 refuse" rule. 183.136.225.45 and

Re: [mailop] SendGrid Abuse unresponsive

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2020-05-05 at 07:48 -0700, Michael Peddemors via mailop wrote: > This is a little too obvious, and while historically SendGrid ran a > tight ship, and got a little lee way from spam auditors.. it's getting > very bad, and going on for too

Re: [mailop] Weekly Update on SpamAuditor reports

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2020-04-17 at 09:28 -0700, Michael Peddemors via mailop wrote: > * SendGrid compromised accounts sending phishing > Seeing a lot more cases of this occurring again, mostly phishing > attacks. Yup. IP: wrqvbqzd.outbound-mail.sendgrid.net

Re: [mailop] list bombing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2019-11-25 at 10:32 -0800, Kurt Andersen (b) via mailop wrote: > Are you seeing any significant portion of these messages bearing the > Form-Sub header? (documented in https://tools.ietf.org/html/draft- > levine-mailbomb-header-01) On a low

Re: [mailop] delivery problems from mimecast.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2019-11-21 at 17:09 +0100, Claus Assmann via mailop wrote: > I wasted several hours to set up one host to get a Let's Encrypt cert, > configured my server to use that for connections from mimecast, and > ... still get the same error. My

Re: [mailop] Gmail marking email from me as spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2019-10-10 at 22:06 -0400, John Levine via mailop wrote: > In article <1570757713.1030.53.ca...@16bits.net> you write: > >Count me too as someone with a tiny server that Gmail automatically > >files in spam with apparently no reason. >

Re: [mailop] booking.com dmarc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2019-06-03 at 16:10 -0700, Alan Hodgson via mailop wrote: > You can sign with a sub-domain or parent domain as long as they share > the same organizational domain. My understanding was incorrect. Page 10 of RFC7489 says "In relaxed mode,

Re: [mailop] What is the story with QQ.COM?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2019-06-02 at 20:12 +, Benjamin BILLON via mailop wrote: > If those emails seem to be sent from botnets, I believe they're not > sent from QQ.com. They have a SPF -all policy, a p=none DMARC policy, > and I can't check if they have DKIM

Re: [mailop] DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2019-04-29 at 16:49 -0700, Michael Peddemors via mailop wrote: > PPS, You know the IP(s) can change at any time ;) That is what cron is for. So far, synapp.io has been very good about listing *only* their own address validators in their spf

Re: [mailop] DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2019-04-29 at 09:12 -0700, Michael Peddemors via mailop wrote: > Speaking of.. anyone have any insight into these guys? > They keep popping up on various CDN's eg, DO, AZURE, etc.. > 45.32.138.192 (M) 1

Re: [mailop] The (not so) Good Guys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-12-28 at 19:31 -0500, John Levine wrote: > For people who would like more search keys, the spam all came from > 38.107.108.240, envelope return address i...@email.thegoodguys.com.au. One delivery attempt here to a non-existent address,

Re: [mailop] Pet Peeve of the day, Bulk Notice Mailers from Do Not Reply.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2018-11-28 at 10:26 -0800, Michael Peddemors wrote: > (Seems that they must have some automated system adding a line break > in the middle, breaking the one entry..) No, that is normal. RHS of a TXT record is a sequence of strings, each of

[mailop] including dkim private key as a header?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 That does not seem to be wise. IP: drone154.ral.icpbounce.com :::207.254.213.211 HELO: drone154.ral.icpbounce.com env_From: bounces+1035701.49998965.544...@icpbounce.com mail_host=icpbounce.com DKIM-Signature: v=1; a=rsa-sha256;

Re: [mailop] Monumetric - unabated spamming through Google / GTT

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-09-21 at 10:24 -0700, Michael Peddemors wrote: > Return-Path: > Return-Path: > Return-Path: > A lot of 'selling Databases of email address' spam.. > Obviously randomly constructed email addresses, all pushing the same > thing I have

Re: [mailop] anyone from psu.edu ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > which is interesting, since that name has a cname, but no A record. > Anyone know what list they are actually checking against? I should have mentioned that the address 69.167.152.152 is not listed on the public lookup at

[mailop] anyone from psu.edu ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 The psu.edu mail servers are returning an error message: reason: 551 5.7.1 $IP blacklisted due to listing on www.mail-abuse.org which is interesting, since that name has a cname, but no A record. Anyone know what list they are actually checking

Re: [mailop] Gmail change DMARC Policy?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-08-02 at 14:49 -0400, Bill Cole wrote: > The 'd=' domains don't use DNSSEC. This means that the immediate > validity of the signature at delivery time is dependent on trusting a > key which may be spoofed. The DKIM TXT record has a TTL

Re: [mailop] DKIM headers - which do you sign and why?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2018-07-23 at 15:28 -0700, Kurt Andersen (b) wrote: > On Mon, Jul 23, 2018 at 3:04 PM, Laura Atkins > wrote: >> Spammers poisoned that particular well a while ago. +all listings >> are treated as heavily suspicious by ISPs. > Deeply

[mailop] Comcast contact? bounce.care.comcast.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 bounce.care.comcast.com has "v=spf1 include:cust-spf.exacttarget.com ip4:76.96.68.101 ip4:76.96.68.102 ip4:76.96.68.103 ip4:69.252.76.7 ip4:69.252.76.8 ip4:69.252.76.9 -all" Note the -all, but at least some mail is arriving here via resqmta-po-

Re: [mailop] Yahoo DKIM Signing, not folding the header..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-05-24 at 18:02 -0400, John Levine wrote: > By the way, I sent myself a message from my AOL account, and it > showed up with a DKIM signature all tidily folded. Signatures with d=mx.aol.com seem to be wrapped. Signatures with d=aol.com

[mailop] spf and mx: tokens

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 While checking dmarc, we check for dkim signatures. If that fails, we look for spf records. A very small number of those contain mx: tokens. While chasing a bug in my code, it became obvious that almost everyone misuses those, and they really meant

Re: [mailop] Extreme amounts of SMTP auth from microsoft/outlook IPs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2018-02-09 at 22:22 +, Michael Wise via mailop wrote: > It's being ... investigated. 4 days later - still probing an account here every 3 seconds. 40.97.0.0/16 is currently firewalled. In the last month I have not seen any actual mail

Re: [mailop] Issues With the way Google Groups unsubscribe is used in headers..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2018-02-08 at 01:32 +, Brandon Long via mailop wrote: > And this is a direct message from the list to the one attempting to > unsubscribe? Not sure about that one, but I have a very similar sample, DKIM signed by

Re: [mailop] Spam originating from Office 365

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2018-02-05 at 03:00 +, Shane Clay via mailop wrote: > For our customers, the bulk majority of spam they actually receive > (over 90% of whats delivered and more than 40% of whats blocked) now > days comes from Office 365. Do others see

Re: [mailop] Anyone from Fasthosts.co.uk on here?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wed, 2018-01-24 at 09:30 -0500, Al Iverson wrote: > Smells like a Fasthosts misconfiguration from here. If they are doing ip queries against the DBL for all connections, they will be refusing all incoming email. One might think that would be

[mailop] anyone from emaildl.att-mail.com ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=emaildl.att- mail.com; From: "AT " Subject: AT Customer Awareness: Equifax Breach You might want to change that DKIM signature to use relaxed/relaxed. We

Re: [mailop] amusing dns failure, pgsurveying.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2017-08-31 at 12:00 +0200, David Hofstee wrote: > Interesting setup. What do you mean by 'clever'? Because I am not sure > what this setup will gain them. Sorry, that was a bit of snark. This setup gains them nothing - but it does randomly

Re: [mailop] Google NS servers listed in Spamhaus

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2017-08-17 at 14:11 +, Andrew Wingle wrote: > Anyone else encountering this mess? It came to light due to a > SpamAssassin rule "Contains an URL's NS IP listed in the SBL blocklist > [URIs: googleapis.com]." Any message using

[mailop] exacttarget vs amazon.com dmarc/dkim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Amazon.com asks that mail with header from: of amazon.com that fails dkim should be quarantined. dig _dmarc.amazon.com txt +short "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc- repo...@bounces.amazon.com;

Re: [mailop] hetzner and the btinternet.com blacklist

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2017-07-11 at 19:50 +, John Levine wrote: > Doesn't matter -- the "transparent" filters force all of the > connections to the provider's filtering host, so if there's a TLS > connection, it terminates at the filtering host. That sort

[mailop] AOL temp failing (some?) .pdf attachments

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 We are getting one of: 421 4.2.1 Dragnet Timeout 421 4.2.1 "Service unavailable. Please try again later." sending a .pdf attachment to a verizon.net user. Other mail to that address is being accepted by the AOL servers. -BEGIN PGP

Re: [mailop] dkim signature failures sendmail/opendkim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2017-05-26 at 18:38 +0300, Vladimir Dubrovin wrote: > In most cases, DKIM check fails because message was improperly > formatted and was normalized by MTA before sending after DKIM > signature is applied. We changed the mail flow so the

Re: [mailop] dkim signature failures sendmail/opendkim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2017-05-26 at 17:09 -0400, valdis.kletni...@vt.edu wrote: > How many of the user agents are running on non-servers that don't have > NTP? Does that matter? The dkim signature (with t=) is generated on the mail server, which has the proper

Re: [mailop] dkim signature failures sendmail/opendkim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2017-05-26 at 18:38 +0300, Vladimir Dubrovin via mailop wrote: > - Lines longer than 998 octets (unicode character takes few octets) > - Missed Date:, Message-ID: or another required header > - Unencoded 8-bit character in the header > -

[mailop] dkim signature failures sendmail/opendkim

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Using sendmail with opendkim for signing mostly works, but I have a few domains with dmarc p=reject, and looking at the aggregate reports, I am seeing some dkim=fail, spf=pass on a small amount of mail going to google, comcast, etc. The aggregate

Re: [mailop] SPF record

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, 2017-05-21 at 12:02 -0500, frnk...@iname.com wrote: > Same here -- many of my customers, for example those who go to O365, > aren't > aware of the implications when they add Microsoft's suggested SPF > record, > and then wonder why some

Re: [mailop] Many SPF failures lately

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2017-05-19 at 03:49 -0500, frnk...@iname.com wrote: > Most well-known cuplprit is Travelocity and their flight change > notifications. The only travelocity mail I see here is from traveloc...@ac.travelocity.com via 192.161.140.0/24. Are the

Re: [mailop] Speaking of too many SPF, Many SPF failures lately

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2017-05-18 at 08:53 -0700, Luis E. Munoz wrote: > It looks not bad, successive lookups to 3 parts.. and they all look > > good. Don't like this part of course.. include:sharepointonline.com > > > > ip4:52.104.0.0/14 > Right there! Anyone

Re: [mailop] Come on protection.outlook.com, don't send me messages even you think are SPAM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2017-04-29 at 00:01 -0700, Mark Milhollan wrote: > But some have an X-Forefront-Antispam-Report header with SFV:SPM which > has been said is their indicator of a message they consider to be > SPAM. Yes, and we take MS at their word, and via

[mailop] dmarc failure reports

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 We are receiving aggregate reports, and I am trying to diagnose some intermittent failures. So I added ruf=, but we have not received any failure reports. Do any of the large providers (aol, yahoo, gmail, etc) send failure reports? Perhaps I have

Re: [mailop] Spammers mining SPF records (of all things)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2017-03-11 at 19:19 -0500, Rich Kulawiec wrote: > I'm not saying they're not doing it: of course they are. I've done > some manipulation of WHOIS and DNS records in order to track it, so > I've got proof in hand. I'm sure others do as

[mailop] some pphosted (proofpoint) outbound mail failing dkim validation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 About 10% of the mail from invista.com is failing validation. That mail has two signatures from from invista.com and kochind.onmicrosoft.com. Either both signatures validate, or they both fail. It seems there is something in the pphosted mail flow

Re: [mailop] Many spams from *.outbound.protection.outlook.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-12-01 at 18:40 -0500, Matt Vernhout wrote: > Also seeing a ton from this Mail From Domain: > workexact.onmicrosoft.com In November 2013, this was discussed here. At that time, I put in an rpz/bind override such that (locally)

Re: [mailop] Anyone from Yahoo - icmpv6 filtering breaks login.yahoo.com MTU detection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2016-11-18 at 16:52 -0500, valdis.kletni...@vt.edu wrote: > And you identified that the problem was at Yahoo, and not one or more > of the hops between the far end of your tunnel and Yahoo, how, > exactly? Taking the top 1000 sites from

Re: [mailop] Anyone from Yahoo - icmpv6 filtering breaks login.yahoo.com MTU detection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2016-11-18 at 15:41 -0500, valdis.kletni...@vt.edu wrote: > Did you do anything to specifically identify Yahoo's routers as the > offenders? > Hint: If there's a tunnel in the path, it will be *your* end of the > tunnel > that sends back

[mailop] Anyone from Yahoo - icmpv6 filtering breaks login.yahoo.com MTU detection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://login.yahoo.com If you have IPv6 connectivity thru a tunnel, with a smaller MTU, that will fail. With a 1500 byte MTU, it works. The TCP handshake works - it then hangs during the TLS handshake which sends full size packets. echo -e 'GET /

[mailop] Anyone from cableone.net here?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I am trying to resolve 550 5.7.1 [C10] RBL restriction: Blacklisted by Internal Reputation Service - 208.88.52.226 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAleFEK8ACgkQL6j7milTFsHIOwCfXk6L9AvoSnn1vsZLZ2NfLwG0

Re: [mailop] deprecating rc4 & ssl3

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-05-16 at 16:07 -0700, Brandon Long via mailop wrote: > The numbers are small enough that we're not doing any mitigation, > there is no fall back on ssl negotiation failure, there is no > whitelist of hosts we will allow these protocols

[mailop] amazon vs starttls

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 relay=amazon-smtp.amazon.com. [207.171.189.228], dsn=4.0.0, stat=Deferred: 421 #4.4.5 Too many TLS sessions at this time So amazon accepts the inbound port 25 connection, advertises starttls in response to ehlo, and then complains when we try to

Re: [mailop] DNS Errors for Microsoft Hostnames

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > For it to be blocked as spam, the system must have seen many copies... > I guess enough people are sending out DCC hashes that enough of them > added up and the direct email was blocked? Apparently so; unless some recipient is marking the list

Re: [mailop] DNS Errors for Microsoft Hostnames

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-04-28 at 21:56 +, Michael Wise wrote: > So is the FORMERR ... just the resolver noting that EDNS is not > supported? Yes. If so, I'm uncertain of the issue. > We don't use EDNS here, so that's what the "our" servers should be >

Re: [mailop] DNS Errors for Microsoft Hostnames

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-04-28 at 20:57 +, Michael Wise wrote: > If the "Aware" flag expired, would best practice not be to check that > first rather than presuppose that the facility does exist? The check for "edns aware" involves sending the query with

Re: [mailop] DNS Errors for Microsoft Hostnames

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-04-28 at 20:01 +, Michael Wise wrote: > " All this is stating is that DNS++ does not support RFC 2671 EDNS > protocol extensions. > " DNS++ is responding per the RFC by sending the FORMERR back to the > requestor. I believe this is

Re: [mailop] DNS Errors for Microsoft Hostnames

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-04-28 at 11:41 -0700, Steve Atkins wrote: > Looks like (some of) the Microsoft authoritative servers are confused > by dnssec. > ~ ? dig +dnssec @ns1-proddns.glbdns.o365filtering.com pitt- > edu.mail.protection.outlook.com confused by

Re: [mailop] Should I be disappointed with Reflexion?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2016-04-12 at 13:48 -0700, Steve Atkins wrote: > It's also possible that Reflexion is just sending terribly structured > mail that "looks like" spam - not unusual amongst companies who build > their own mail software - but I'd need to see

Re: [mailop] Should I be disappointed with Reflexion?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thu, 2016-04-14 at 12:56 -0400, Henry Yen wrote: > > 6. If the information is of particularly high value, look at what > the more competent end of banks and other financial institutions do to > add trust > Both Chase bank (jpmchase) and

Re: [mailop] Gmail red open padlock composing message

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2016-04-02 at 11:42 -0500, frnk...@iname.com wrote: > Anyone aware of email servers that take the approach that CloudFlare > has, which is not allow the lowest common denominator or cleartext to > be used if there's a better/more-secure

Re: [mailop] Gmail rate limit

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sat, 2016-04-02 at 09:58 +1000, Ted Cooper wrote: > Is this another one of those fun DNSSEC issues? I'm not particularly > good at reading these, but it looks like the PTR lookup is denied > existence at 136.in-addr.arpa. >

[mailop] yahoo feedback loop signup?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I am trying to help a very small isp with a yahoo.com delivery issue. They are getting "421 4.7.0 [TS02] Messages from 208.88.52.225 temporarily deferred - 4.16.56.1; see http://postmaster.yahoo.com/errors/421-ts02.html; errors. Volume is less than

Re: [mailop] Google DNS Servers not returning results for Hotmail today?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Mon, 2016-03-07 at 22:44 +, Tony Bunce wrote: > I'm far from a DNSSEC expert but I think the issue is with the entire > 65.in-addr.arpa zone. I can reproduce the issue on any PTR record > inside of 65.0.0.0/8. Yes, arin.net failed to renew

Re: [mailop] New method of blocking spam

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2016-01-22 at 09:01 -0700, Brielle Bruns wrote: > I'm trying to find that checklist that the spam fighting regulars used > to post whenever someone is all excited about their end-game to spam > filtering... Anyone remember a URL for it?

Re: [mailop] IBM SPF vs smtp.notes.na.collabserv.com

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Fri, 2016-01-08 at 16:39 +, John Levine wrote: > They publish -all and it makes sense. dig paypal.com txt +short | grep spf "v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com include:3ph2._spf.paypal.com

[mailop] android 5.0.2, sendmail, starttls, custom CA

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone have Android 5.0.2 clients talking to sendmail with starttls, using a mail server certificate signed by a custom CA? Our custom CA certificate is installed in the device, and the inbound imap side (dovecot) trusts the server certificate.

Re: [mailop] Apple, iPhone setup, attempts SSL on port 587

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Mueller wrote: Are you absolutely sure this is happening on port 587? Yes. Is there anything else logged before or after this from the same IP (maybe get a tcpdump)? Does it actually attempt plaintext + STARTTLS upgrade after the direct

Re: [mailop] Blog: Logjam, Openssl and Email Deliverability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 2015-06-25 at 00:09 +0100, Brandon Long wrote: Not in front of a computer to check if we see failures like this, but we (google) stopped falling back to unencrypted connections 2y ago. This had an impact on a small number of misconfigured