-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2022-10-12 at 13:01 +, Slavko via mailop wrote:
> I did some experiments with that (not mail related) in past and most
> often
> user's response was something as -- "They are big, they are doing
> things
> right!" The most of us known,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2022-09-04 at 19:49 +, Radek Kaczynski via mailop wrote:
> Regarding the list of IPs - I'd prefer to send it to the interested
> people directly.
> I'd like to have a track of record to whom I have exposed it and
You realize of course
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2022-09-04 at 00:43 +0200, Radek Kaczynski via mailop wrote:
> If any of you would like to get a full list of our IP addresses and
> domains so that you can block Bouncer's requests - please feel free to
> email me at ra...@usebouncer.com.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2022-09-03 at 17:41 +, ml+mailop--- via mailop wrote:
> How did you notice that "something is now broken"?
A former client was trying to setup Fedora 36 sendmail with dane
validation. F36 comes with sendmail 8.17.1 which is supposed to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2022-09-02 at 18:42 +, ml+mailop--- via mailop wrote:
> Are you sure you want 3 0 1 and not 3 1 1?
Yes. We are publishing the hash of the full certificate. Note there are
two tlsa records, one corresponding to the previous LE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Years ago I setup automation for tlsa records to support smtp dane here.
However, something is now broken, and I am not sure what is wrong.
_25._tcp.mail3.five-ten-sg.com. IN TLSA 3 0 1 (
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2022-07-20 at 12:41 -0600, Brie via mailop wrote:
> It's still going on even though it was 'being looked into'.
Fixed here by blacklisting the DKIM signature from zoom.us
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2022-07-09 at 17:22 -0600, Anne Mitchell via mailop wrote:
> "It shall be unlawful for an operator of an email service to use a
> filtering algorithm to apply a label to an email sent to an email
> account from a political campaign unless
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2022-03-30 at 10:55 -0700, Michael Peddemors via mailop wrote:
> Imagine the day where you can't use email unless you use Gmail or
> o356.
If that happens, there will be two mail systems (gmail/o365) and
(everyone else). If the (gmail/o365)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2022-03-30 at 09:56 -0500, Al Iverson via mailop wrote:
> Since this specifically refers to domain reputation I'd make sure all
> mail is properly signing with DKIM. Domain rep can also fall back to
> the return-path domain, so if that's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2021-08-04 at 16:40 -0700, Luke via mailop wrote:
> Bounces and spam report percentages dropped.
I am probably not the only one that has SA blocking all mail from some
of those senders.
header SENDGRID4 X-Entity-ID =~
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2021-07-08 at 09:14 -0700, Luke via mailop wrote:
> Both of the accounts reported by Michael have been suspended.
DATE: 07/11/21 07:00:22 PDT
IP: o5.sg.zoom.us :::149.72.199.144
env_From: bounces+21079884-d4de-..
X-Entity-ID:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2021-07-08 at 09:31 +0300, Atro Tossavainen via mailop wrote:
> That one is Zoom.us itself.
> Received: from o5.sg.zoom.us (o5.sg.zoom.us [149.72.199.144])
> Received: from o12.ptr3622.sg.zoom.us (o12.ptr3622.sg.zoom.us
> [167.89.93.232])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2021-07-06 at 23:59 +0300, Atro Tossavainen via mailop wrote:
> X-Entity-ID: 7mxhBNMkQ9yfwz0A5+NG7Q==
> Return-Path: https://list.mailop.org/listinfo/mailop
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2021-06-01 at 21:46 -0400, yuv via mailop wrote:
> but I do like the fact that if someone puts
> a letter with my address in a post office box anywhere in the world,
> it
> makes its way to my snail box within a reliable service standard.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2021-02-05 at 10:04 -0600, Lyle Giese via mailop wrote:
> I just looked at the dns entries for foddi.net. The A and
> records for mx1.mail.foddi.net has a TTL of 120 seconds. For many mail
> providers that indicates a dynamic IP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2020-12-17 at 07:28 -0800, Michael Peddemors via mailop wrote:
> But yeah, it's ugly on Azure right now..
41.201.224.52.list.dnswl.org. 10800 IN TXT "cloudapp.azure.com
https://dnswl.org/s/?s=53622;
41.201.224.52.list.dnswl.org. 10800 IN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2020-08-18 at 12:03 +, Andy Smith via mailop wrote:
> From: "chiark.greenend.org.uk"
So sendgrid account 15204622 was sending mail as:
Received: from dhl.com (unknown)
by ismtpd0005p1lon1.sendgrid.net (SG)
with ESMTP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2020-08-18 at 15:23 +0300, Atro Tossavainen via mailop wrote:
> The SendGrid account sending these yesterday is 13999362.
Where do you find that account number in the headers? I see some from
today with "Upgrade (FINAL WARNING)" in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2020-07-24 at 22:08 -0400, John Levine via mailop wrote:
> Depends whether you consider Comcast to be big. They sure have a lot
> of customers.
If five-ten-sg.com wants to deliver to comcast.net, my publishing tlsa
records for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2020-07-16 at 00:07 +0300, Atro Tossavainen via mailop wrote:
> Since https://www.ono.com/ is equally unaccessible from my domestic
> Internet connection (also in Finland), I'd say #1 sounds more likely
> to me.
I can ping www.ono.com ==
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2020-06-17 at 16:45 -0400, Bill Cole via mailop wrote:
> > This problem is part of why DMARC was developed. Very few people are
> adequately confident of their understanding of DMARC and of its
> reliability to make it the root cause of mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2020-06-17 at 08:55 -0500, Michael Rathbun via mailop wrote:
> > Pointing out to users reporting these that blocking Sendgrid
> entirely
> (the temptation arises) would take out the SG traffic that is highly
> desired (at least 70%).
Two
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2020-05-05 at 15:06 -0700, Jay Hennigan via mailop wrote:
> On 5/5/20 14:30, Blake Hudson via mailop wrote:
> > Been getting a variety of Amex scams for several weeks via SendGrid.
> > Wish they had a better reporting mechanism.
> The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2020-05-06 at 23:39 -0500, Michael Rathbun via mailop wrote:
> > The one we see from that group is 183.136.225.44, currently knocking
> at the
> door but being halted by the "all 183.128.0.0/11 refuse" rule.
183.136.225.45 and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2020-05-05 at 07:48 -0700, Michael Peddemors via mailop wrote:
> This is a little too obvious, and while historically SendGrid ran a
> tight ship, and got a little lee way from spam auditors.. it's getting
> very bad, and going on for too
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2020-04-17 at 09:28 -0700, Michael Peddemors via mailop wrote:
> * SendGrid compromised accounts sending phishing
> Seeing a lot more cases of this occurring again, mostly phishing
> attacks.
Yup.
IP: wrqvbqzd.outbound-mail.sendgrid.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2019-11-25 at 10:32 -0800, Kurt Andersen (b) via mailop wrote:
> Are you seeing any significant portion of these messages bearing the
> Form-Sub header? (documented in https://tools.ietf.org/html/draft-
> levine-mailbomb-header-01)
On a low
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2019-11-21 at 17:09 +0100, Claus Assmann via mailop wrote:
> I wasted several hours to set up one host to get a Let's Encrypt cert,
> configured my server to use that for connections from mimecast, and
> ... still get the same error.
My
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2019-10-10 at 22:06 -0400, John Levine via mailop wrote:
> In article <1570757713.1030.53.ca...@16bits.net> you write:
> >Count me too as someone with a tiny server that Gmail automatically
> >files in spam with apparently no reason.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2019-06-03 at 16:10 -0700, Alan Hodgson via mailop wrote:
> You can sign with a sub-domain or parent domain as long as they share
> the same organizational domain.
My understanding was incorrect. Page 10 of RFC7489 says "In relaxed
mode,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2019-06-02 at 20:12 +, Benjamin BILLON via mailop wrote:
> If those emails seem to be sent from botnets, I believe they're not
> sent from QQ.com. They have a SPF -all policy, a p=none DMARC policy,
> and I can't check if they have DKIM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2019-04-29 at 16:49 -0700, Michael Peddemors via mailop wrote:
> PPS, You know the IP(s) can change at any time ;)
That is what cron is for. So far, synapp.io has been very good about
listing *only* their own address validators in their spf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2019-04-29 at 09:12 -0700, Michael Peddemors via mailop wrote:
> Speaking of.. anyone have any insight into these guys?
> They keep popping up on various CDN's eg, DO, AZURE, etc..
> 45.32.138.192 (M) 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-12-28 at 19:31 -0500, John Levine wrote:
> For people who would like more search keys, the spam all came from
> 38.107.108.240, envelope return address i...@email.thegoodguys.com.au.
One delivery attempt here to a non-existent address,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2018-11-28 at 10:26 -0800, Michael Peddemors wrote:
> (Seems that they must have some automated system adding a line break
> in the middle, breaking the one entry..)
No, that is normal. RHS of a TXT record is a sequence of strings, each
of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
That does not seem to be wise.
IP: drone154.ral.icpbounce.com :::207.254.213.211
HELO: drone154.ral.icpbounce.com
env_From: bounces+1035701.49998965.544...@icpbounce.com
mail_host=icpbounce.com
DKIM-Signature: v=1; a=rsa-sha256;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-09-21 at 10:24 -0700, Michael Peddemors wrote:
> Return-Path:
> Return-Path:
> Return-Path:
> A lot of 'selling Databases of email address' spam..
> Obviously randomly constructed email addresses, all pushing the same
> thing
I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> which is interesting, since that name has a cname, but no A record.
> Anyone know what list they are actually checking against?
I should have mentioned that the address 69.167.152.152 is not listed on
the public lookup at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The psu.edu mail servers are returning an error message:
reason: 551 5.7.1 $IP blacklisted due to listing on www.mail-abuse.org
which is interesting, since that name has a cname, but no A record.
Anyone know what list they are actually checking
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2018-08-02 at 14:49 -0400, Bill Cole wrote:
> The 'd=' domains don't use DNSSEC. This means that the immediate
> validity of the signature at delivery time is dependent on trusting a
> key which may be spoofed. The DKIM TXT record has a TTL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2018-07-23 at 15:28 -0700, Kurt Andersen (b) wrote:
> On Mon, Jul 23, 2018 at 3:04 PM, Laura Atkins
> wrote:
>> Spammers poisoned that particular well a while ago. +all listings
>> are treated as heavily suspicious by ISPs.
> Deeply
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
bounce.care.comcast.com has
"v=spf1 include:cust-spf.exacttarget.com ip4:76.96.68.101
ip4:76.96.68.102 ip4:76.96.68.103 ip4:69.252.76.7 ip4:69.252.76.8
ip4:69.252.76.9 -all"
Note the -all, but at least some mail is arriving here via resqmta-po-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2018-05-24 at 18:02 -0400, John Levine wrote:
> By the way, I sent myself a message from my AOL account, and it
> showed up with a DKIM signature all tidily folded.
Signatures with d=mx.aol.com seem to be wrapped.
Signatures with d=aol.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
While checking dmarc, we check for dkim signatures. If that fails, we
look for spf records. A very small number of those contain mx: tokens.
While chasing a bug in my code, it became obvious that almost everyone
misuses those, and they really meant
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2018-02-09 at 22:22 +, Michael Wise via mailop wrote:
> It's being ... investigated.
4 days later - still probing an account here every 3 seconds.
40.97.0.0/16 is currently firewalled. In the last month I have not seen
any actual mail
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2018-02-08 at 01:32 +, Brandon Long via mailop wrote:
> And this is a direct message from the list to the one attempting to
> unsubscribe?
Not sure about that one, but I have a very similar sample, DKIM signed
by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2018-02-05 at 03:00 +, Shane Clay via mailop wrote:
> For our customers, the bulk majority of spam they actually receive
> (over 90% of whats delivered and more than 40% of whats blocked) now
> days comes from Office 365. Do others see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Wed, 2018-01-24 at 09:30 -0500, Al Iverson wrote:
> Smells like a Fasthosts misconfiguration from here.
If they are doing ip queries against the DBL for all connections, they
will be refusing all incoming email. One might think that would be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=emaildl.att-
mail.com;
From: "AT "
Subject: AT Customer Awareness: Equifax Breach
You might want to change that DKIM signature to use relaxed/relaxed. We
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2017-08-31 at 12:00 +0200, David Hofstee wrote:
> Interesting setup. What do you mean by 'clever'? Because I am not sure
> what this setup will gain them.
Sorry, that was a bit of snark. This setup gains them nothing - but it
does randomly
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2017-08-17 at 14:11 +, Andrew Wingle wrote:
> Anyone else encountering this mess? It came to light due to a
> SpamAssassin rule "Contains an URL's NS IP listed in the SBL blocklist
> [URIs: googleapis.com]." Any message using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Amazon.com asks that mail with header from: of amazon.com that fails
dkim should be quarantined.
dig _dmarc.amazon.com txt +short
"v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-
repo...@bounces.amazon.com;
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2017-07-11 at 19:50 +, John Levine wrote:
> Doesn't matter -- the "transparent" filters force all of the
> connections to the provider's filtering host, so if there's a TLS
> connection, it terminates at the filtering host.
That sort
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
We are getting one of:
421 4.2.1 Dragnet Timeout
421 4.2.1 "Service unavailable. Please try again later."
sending a .pdf attachment to a verizon.net user. Other mail to that
address is being accepted by the AOL servers.
-BEGIN PGP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2017-05-26 at 18:38 +0300, Vladimir Dubrovin wrote:
> In most cases, DKIM check fails because message was improperly
> formatted and was normalized by MTA before sending after DKIM
> signature is applied.
We changed the mail flow so the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2017-05-26 at 17:09 -0400, valdis.kletni...@vt.edu wrote:
> How many of the user agents are running on non-servers that don't have
> NTP?
Does that matter? The dkim signature (with t=) is generated on the mail
server, which has the proper
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2017-05-26 at 18:38 +0300, Vladimir Dubrovin via mailop wrote:
> - Lines longer than 998 octets (unicode character takes few octets)
> - Missed Date:, Message-ID: or another required header
> - Unencoded 8-bit character in the header
> -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Using sendmail with opendkim for signing mostly works, but I have a few
domains with dmarc p=reject, and looking at the aggregate reports, I am
seeing some dkim=fail, spf=pass on a small amount of mail going to
google, comcast, etc. The aggregate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sun, 2017-05-21 at 12:02 -0500, frnk...@iname.com wrote:
> Same here -- many of my customers, for example those who go to O365,
> aren't
> aware of the implications when they add Microsoft's suggested SPF
> record,
> and then wonder why some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2017-05-19 at 03:49 -0500, frnk...@iname.com wrote:
> Most well-known cuplprit is Travelocity and their flight change
> notifications.
The only travelocity mail I see here is from
traveloc...@ac.travelocity.com via 192.161.140.0/24. Are the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2017-05-18 at 08:53 -0700, Luis E. Munoz wrote:
> It looks not bad, successive lookups to 3 parts.. and they all look
> > good. Don't like this part of course.. include:sharepointonline.com
> >
> > ip4:52.104.0.0/14
> Right there!
Anyone
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2017-04-29 at 00:01 -0700, Mark Milhollan wrote:
> But some have an X-Forefront-Antispam-Report header with SFV:SPM which
> has been said is their indicator of a message they consider to be
> SPAM.
Yes, and we take MS at their word, and via
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
We are receiving aggregate reports, and I am trying to diagnose some
intermittent failures. So I added ruf=, but we have not received any
failure reports. Do any of the large providers (aol, yahoo, gmail, etc)
send failure reports? Perhaps I have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2017-03-11 at 19:19 -0500, Rich Kulawiec wrote:
> I'm not saying they're not doing it: of course they are. I've done
> some manipulation of WHOIS and DNS records in order to track it, so
> I've got proof in hand. I'm sure others do as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
About 10% of the mail from invista.com is failing validation. That mail
has two signatures from from invista.com and kochind.onmicrosoft.com.
Either both signatures validate, or they both fail. It seems there is
something in the pphosted mail flow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-12-01 at 18:40 -0500, Matt Vernhout wrote:
> Also seeing a ton from this Mail From Domain:
> workexact.onmicrosoft.com
In November 2013, this was discussed here. At that time, I put in an
rpz/bind override such that (locally)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-11-18 at 16:52 -0500, valdis.kletni...@vt.edu wrote:
> And you identified that the problem was at Yahoo, and not one or more
> of the hops between the far end of your tunnel and Yahoo, how,
> exactly?
Taking the top 1000 sites from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-11-18 at 15:41 -0500, valdis.kletni...@vt.edu wrote:
> Did you do anything to specifically identify Yahoo's routers as the
> offenders?
> Hint: If there's a tunnel in the path, it will be *your* end of the
> tunnel
> that sends back
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
https://login.yahoo.com
If you have IPv6 connectivity thru a tunnel, with a smaller MTU, that
will fail. With a 1500 byte MTU, it works. The TCP handshake works - it
then hangs during the TLS handshake which sends full size packets.
echo -e 'GET /
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I am trying to resolve
550 5.7.1 [C10] RBL restriction: Blacklisted by Internal Reputation
Service - 208.88.52.226
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAleFEK8ACgkQL6j7milTFsHIOwCfXk6L9AvoSnn1vsZLZ2NfLwG0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-05-16 at 16:07 -0700, Brandon Long via mailop wrote:
> The numbers are small enough that we're not doing any mitigation,
> there is no fall back on ssl negotiation failure, there is no
> whitelist of hosts we will allow these protocols
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
relay=amazon-smtp.amazon.com. [207.171.189.228], dsn=4.0.0,
stat=Deferred: 421 #4.4.5 Too many TLS sessions at this time
So amazon accepts the inbound port 25 connection, advertises starttls in
response to ehlo, and then complains when we try to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> For it to be blocked as spam, the system must have seen many copies...
> I guess enough people are sending out DCC hashes that enough of them
> added up and the direct email was blocked?
Apparently so; unless some recipient is marking the list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 21:56 +, Michael Wise wrote:
> So is the FORMERR ... just the resolver noting that EDNS is not
> supported?
Yes.
If so, I'm uncertain of the issue.
> We don't use EDNS here, so that's what the "our" servers should be
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 20:57 +, Michael Wise wrote:
> If the "Aware" flag expired, would best practice not be to check that
> first rather than presuppose that the facility does exist?
The check for "edns aware" involves sending the query with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 20:01 +, Michael Wise wrote:
> " All this is stating is that DNS++ does not support RFC 2671 EDNS
> protocol extensions.
> " DNS++ is responding per the RFC by sending the FORMERR back to the
> requestor. I believe this is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-28 at 11:41 -0700, Steve Atkins wrote:
> Looks like (some of) the Microsoft authoritative servers are confused
> by dnssec.
> ~ ? dig +dnssec @ns1-proddns.glbdns.o365filtering.com pitt-
> edu.mail.protection.outlook.com
confused by
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Tue, 2016-04-12 at 13:48 -0700, Steve Atkins wrote:
> It's also possible that Reflexion is just sending terribly structured
> mail that "looks like" spam - not unusual amongst companies who build
> their own mail software - but I'd need to see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 2016-04-14 at 12:56 -0400, Henry Yen wrote:
> > 6. If the information is of particularly high value, look at what
> the more competent end of banks and other financial institutions do to
> add trust
> Both Chase bank (jpmchase) and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2016-04-02 at 11:42 -0500, frnk...@iname.com wrote:
> Anyone aware of email servers that take the approach that CloudFlare
> has, which is not allow the lowest common denominator or cleartext to
> be used if there's a better/more-secure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Sat, 2016-04-02 at 09:58 +1000, Ted Cooper wrote:
> Is this another one of those fun DNSSEC issues? I'm not particularly
> good at reading these, but it looks like the PTR lookup is denied
> existence at 136.in-addr.arpa.
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I am trying to help a very small isp with a yahoo.com delivery issue.
They are getting "421 4.7.0 [TS02] Messages from 208.88.52.225
temporarily deferred - 4.16.56.1; see
http://postmaster.yahoo.com/errors/421-ts02.html; errors.
Volume is less than
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Mon, 2016-03-07 at 22:44 +, Tony Bunce wrote:
> I'm far from a DNSSEC expert but I think the issue is with the entire
> 65.in-addr.arpa zone. I can reproduce the issue on any PTR record
> inside of 65.0.0.0/8.
Yes, arin.net failed to renew
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-01-22 at 09:01 -0700, Brielle Bruns wrote:
> I'm trying to find that checklist that the spam fighting regulars used
> to post whenever someone is all excited about their end-game to spam
> filtering... Anyone remember a URL for it?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Fri, 2016-01-08 at 16:39 +, John Levine wrote:
> They publish -all and it makes sense.
dig paypal.com txt +short | grep spf
"v=spf1 include:pp._spf.paypal.com include:3ph1._spf.paypal.com
include:3ph2._spf.paypal.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Does anyone have Android 5.0.2 clients talking to sendmail with
starttls, using a mail server certificate signed by a custom CA? Our
custom CA certificate is installed in the device, and the inbound imap
side (dovecot) trusts the server certificate.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert Mueller wrote:
Are you absolutely sure this is happening on port 587?
Yes.
Is there anything else logged before or after this from the same IP
(maybe get a tcpdump)? Does it actually attempt plaintext + STARTTLS
upgrade after the direct
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 2015-06-25 at 00:09 +0100, Brandon Long wrote:
Not in front of a computer to check if we see failures like this, but
we (google) stopped falling back to unencrypted connections 2y ago.
This had an impact on a small number of misconfigured
89 matches
Mail list logo