If you were really from Virginia Tech or the Max Planck Institute, you would
have used a university email address to post, instead of a Gmail account.
Makes you look like a bad actor trying to do data gathering IMHO.
_
L. Mark
> Of course, in some (most?) cases the target MX host will not be final
> delivery target and will forward message to some MDA, eventually over
> multiple MTAs, but i will consider that as internal thing (secured by
> some way).
> IMO in most cases it is reasonable to forget about hop-by-hop
FWIW, our view is that poor encryption can be worse than no encryption, as it
can give the participants a false sense of security. This seems like a good
move to us.
We have configured Postfix in our Zimbra MTA servers to do only TLS 1.2/1.3,
and fall back to unencrypted if a TLS connection
You can get a clear view of your ciphers etc. by running:
nmap --script ssl-enum-ciphers -p 25 mx.yourserver.tld
FWIW, on our Zimbra 10 system with the FIPS-compliant OpenSSL package
installed, we get on each of our MTAs:
nmap --script ssl-enum-ciphers -p 25 my.missioncriticalemail.com
I believe you need a DMARC record...
Regards,
Mark
_
L. Mark Stone, Founder
North America's Leading Zimbra VAR/BSP/Training Partner
For Companies With Mission-Critical Email Needs
- Original Message -
From: "Rob Nagler
(Mods: OK to delete this if it's too OT.)
Sometimes, it's nice to smile when Karma (or whatever you want to call it)
delivers the goods...
Several weeks ago, we added some custom SpamAssassin rules to add a few points
for emails that are not DKIM signed and/or where the sending domain has no
If it helps...
1. We have trained our Zimbra users who want their email to be copied someplace
else to configure the someplace else to log in and collect their email from
Zimbra, after having educated them that Forwarding is problematic and can get
their domain blocklisted.
2. Periodically we
before.
We remain comfortable blocking that subdomain.
All the best,
Mark
___
L. Mark Stone
Sent from my iPhone
> On Feb 6, 2024, at 5:17 AM, Gellner, Oliver via mailop
> wrote:
>
> On 05.02.2024 at 13:55 L. Mark Stone via mailop wrote
>
>> Over
Good Morning,
Overnight in our logs, we are starting to see Microsoft spam like this:
Feb 5 12:19:28 my postfix/smtpd[1015436]: NOQUEUE: filter: RCPT from
mail-mw2nam10acsn2106.outbound.protection.outlook.com[104.47.55.106]:
: Sender address triggers FILTER
smtp-amavis:[127.0.0.1]:10024;
I see in today's logs that Spamhaus is now blocking (for us) hundreds of these
onmicrosoft.com subdomains.
Regards,
Mark
_
L. Mark Stone, Founder
North America's Leading Zimbra VAR/BSP/Training Partner
For Companies With
FWIW, after a log file review we are contemplating blocking "azurewebsites.net"
as well as "@onmicrosoft.com".
Curious if others are coming to the same conclusion?
Regards,
Mark
_
L. Mark Stone, Founder
North America's Leading
FWIW we went through the trademark process for our logo.
It was time-consuming, but straightforward and not expensive.
We've deployed BIMI, but with a= as the SSL certificates are still quite
expensive; Digicert's BIMI certificate is half-again as much as their EV
certificate.
If Digicert et.
For Companies With Mission-Critical Email Needs
- Original Message -
From: "Hans-Martin Mosner via mailop"
To: "mailop"
Sent: Friday, December 15, 2023 9:21:30 AM
Subject: Re: [mailop] Incoming spam from outlook.com
Am 15.12.23 um 14:49 schrieb L. Mark Stone via mailop:
We too are seeing high volumes of such email.
Historically, we have avoided deploying greylisting*, but are curious if
greylisting would block these emails? Could anyone who is doing greylisting
comment on whether these garbage emails are being resent?
Thanks,
Mark
*Most of our customers
joke, right?
Le mer. 8 nov. 2023 à 13:57, L. Mark Stone via mailop < [
mailto:mailop@mailop.org | mailop@mailop.org ] > a écrit :
We filed an abuse report with Microsoft for some bad emails.
Normally we don't bother, but these emails were concerning enough that we
thought we sho
We filed an abuse report with Microsoft for some bad emails.
Normally we don't bother, but these emails were concerning enough that we
thought we should bring them to Microsoft's attention. While it would be nice
if Microsoft did a better job at filtering outbound emails, that's not the
point
If you browse to https://www.rfc-editor.org/rfc/rfc8463 and scroll to the
bottom you'll see the author's name and contact information.
Things should become a bit clearer then...
Regards,
Mark
_
L. Mark Stone, Founder - Mission
We have always carried cyber insurance, but as the cyber insurance landscaping
has shifted considerably over the past few years, what are other ESPs doing as
regards cyber insurance coverage?
Thanks,
Mark
_
L. Mark Stone,
xt.
For reference, the [
https://www.m3aawg.org/sites/default/files/m3aawg-email-authentication-recommended-best-practices-09-2020.pdf
| M3AAWG
BCP section 4 ] this is based off of -
On 8/18/2023 10:53 AM, L. Mark Stone via mailop wrote:
Got it, thanks. We are concerned about DKIM-repl
PF result.
- Mark Alley
On 8/18/2023 9:54 AM, L. Mark Stone via mailop wrote:
Hi Mark,
Perhaps I'm misunderstanding your inference, but are you saying we shouldn't
reject based on a hard fail SPF record?
Thanks,
Mark
_
L.
Hi Mark,
Perhaps I'm misunderstanding your inference, but are you saying we shouldn't
reject based on a hard fail SPF record?
Thanks,
Mark
_
L. Mark Stone, Founder
North America's Leading Zimbra VAR/BSP/Training Partner
For
Hi Dan,
To my understanding, the Hotmail side and the Microsoft 365 side
(protection.outlook.com) have different blocklists and different teams managing
them. What has changed recently is (I think I saw posted here) that Hotmail
flow is now getting routed through the protection.outlook.com
I also have an issue with an AWS sender using AWS IPs to send email From
@yahoo.com.
AWS Support (I’m an AWS customer) says this is OK.
___
L. Mark Stone
> On May 8, 2023, at 8:24 PM, Michael Peddemors via mailop
> wrote:
>
> Wouldn't mind a quick off list
I live in a Spectrum market, and their Consumer Internet Terms of Service
prohibit certain (what they deem to be commercial) activities, like hosting an
email server. In years past, they just blocked outbound port 25 on consumer
internet connections.
My suspicion is Spectrum have recently
Thanks for this tool, which I just ran.
We don't support IPv6, which were pretty much all of our bad scores, so not
bothered.
We got a ding on our DNSSEC score, because the PTR record isn't signed. Is this
really as big an issue as the explanatory test makes out?
"Some names needed for
Looking for input from the hive mind on this list as the best way to handle
this challenge please...
By way of background we are a niche B2B email hosting company.
Essentially, we have started to see what we think are either email address
verification firms and/or bad actors trying many
The survey does ask for domains and other specific identifying information
(optionally , to be fair) -- but only after the very first page which asks the
user to grant usage rights without even knowing the questions about to be
asked. (Only "Yes" is an allowed, mandatory answer.)
I'll leave it
FWIW I have the same setup as Bill re Admin onmicrosoft accounts.
To go one step further, I actually do not want those admin accounts to have a
mailbox at all. It's not the money, it's that I don't want customers emailing
me at that those addresses, let alone having to worry about spam/phishing
It may be helpful to look at this from a different perspective...
Back in 2018 Spamhaus told us that 20% of their queries came from the big
public DNS resolvers and that although they were committed to continue to
provide free services to non-profits and others who met their criteria, they
Like others who have commented, we believe weak encryption is worse than no
encryption, so we have disabled TLSv1 and TLSv1.1 everywhere in our email
systems, allowing only TLSv1.2 and TLSv1.3.
Best regards to all,
Mark
_
L.
Some questions and thoughts on HR 8160 and SB 4409 and the CAN-SPAM Act...
Are operators covered by HR 8160 and SB 4409 still allowed to block emails that
do not comply with the CAN-SPAM Act?
Of the 7 requirements in the FTC's CAN-SPAM Act compliance guide
I'm a Dmarcian customer. FWIW, emails from their domain I have received are
all routed from Google/Gmail servers and IPs. None of the tests they offer
available to the public and to subscribers involve sending email to my
knowledge.
To be fair, rua/ruf email addresses for my domains point to
ithout your
consent on the public internet.
On 2022-05-06 11:16, L. Mark Stone via mailop wrote:
> Good Morning,
>
> Asking if anyone has had experience with internet-research-project.net
> please? They have no apparent web presence, so no straightforward way
> to contact the
Hi Grant,
Thanks for your reply. Sure, I expect all sorts of folks (including spammers)
to try to send email to my customers, as well as bad actors who will try to
brute-force accounts. We all have lots of protections in place for those
circumstances.
But IMHO, just opening up a connection
Good Morning,
Asking if anyone has had experience with internet-research-project.net please?
They have no apparent web presence, so no straightforward way to contact them.
Linode hosts this allegedly legitimate security researcher, and my mail systems
logs are full of connections from a large
Except that, now that they are listed in Spamhaus, those emails won’t be
delivered to the recipients—unless they are sent from a Princeton.Edu domain.
___
L. Mark Stone
Sent from my iPhone
> On Dec 19, 2021, at 3:02 PM, yuv via mailop wrote:
>
> On Sun, 2021-12-19 at
I'm not an attorney but have worked closely with attorneys on many M and
other financing transactions, before getting in to the MSP and email hosting
business.
§1037 (a) says "affecting... commerce" It does not say that only the sender
stands to benefit from commercial gain. The recipients
Hi Mohit,
I run a niche email hosting company using Zimbra for B2B customers who are very
sensitive to both spam and false positives. I used to spend a lot of time
tweaking SpamAssassin but a few years ago started using commercial block list
providers, which really cut down the amount of time
I don't have the links handy, but a few years ago all of the majors published
KB articles strongly discouraging automated forwarding into their systems.
Their strong recommendation was for e.g. Gmail users to configure their GMail
accounts to collect (pull) the email from your system instead.
We have found we have had to employ rate limiting to Yahoo (and a a few
others). They seem sensitive not so much to total volume, but to sending rates
from low-volume senders like us.
Hope that helps,
Mark
_
L. Mark Stone,
You may also want to restrict users from composing a single email with a large
number of recipients. The Postfix default is 2,000, controlled by e.g.:
postconf -e smtpd_recipient_limit=19
postconf -e smtpd_recipient_overshoot_limit=1
which would limit users to composing single email messages
And...
The barracudacentral.org website certificate expired yesterday as well.
Regards,
Mark
___
L. Mark Stone, Founder
Mission Critical Email LLC
North America's Leading Zimbra VAR/BSP/Training Partner
For Companies With Mission-Critical Email Needs
Hi John,
Unfortunately, many sending clients (newsletters, announcements, etc.) do not
retry if the initial delivery fails. So if your primary MX has network issues,
doesn't comprise a load balancer in front of multiple MTAs and you are doing
system maintenance, you can lose emails in the
Hi Scott,
You can try Firefox in Safe Mode to be sure everything is indeed turned off.
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode
Regards,
Mark
___
L. Mark Stone, Founder
North America's Leading Zimbra
Hi Scott,
In my experience, if you have uBlock Origin, Ad Block Plus or similar
ad/tracker blocker plugins/extensions installed in your browser, you will get
that result.
I've had to turn off all that stuff on that site for the captcha completion and
form submission to work.
Hope that
We use 100MB max message size, have customers who routinely send messages with
attachments approaching that limit, and only rarely do we see a message
rejected due to it being too large.
Hope that helps,
Mark
___
L. Mark Stone, Founder
North
Very interested in this; we are seeing DKIM signing issues with emails sent by
proofpoint for the recipient to click to obtain an encrypted email.
Regards,
Mark
___
L. Mark Stone, Founder
North America's Leading Zimbra VAR/BSP/Training Partner
For
Companies With Mission-Critical Email Needs
Need more email security & compliance? Ask me about Mimecast!
From: "mailop"
To: "mailop"
Sent: Friday, September 4, 2020 3:34:15 AM
Subject: Re: [mailop] MTA Server IP "Warm Up" Reputation Recommended Best
Practices
Thanks Laura and Chris for your replies, and sorry if I wasn't as precise in my
language as perhaps I should have been. I've been in the email business since
2005 and have been impressed with the general high experience level of the
posters on this list. I didn't think I needed to be as
Looking for current MTA IP "warm up" best practices please...
We are a niche email hosting company for commercial/regulated corporate
entities with a strong anti-bulk-mail-sending AUP. Our existing MTA IPs have
very positive reputations. All (but one) of our customers sign email with DKIM,
Same here. I can't get the "Submit" button to become active (using Firefox on a
Mac).
Regards,
Mark
___
L. Mark Stone, Founder
North America's Leading Zimbra VAR/BSP/Training Partner
For Companies With Mission-Critical Email Needs
Need more email
51 matches
Mail list logo
