Re: [mailop] [STATE OF THE UNION] Tales from the Trenches..

for sharing.. On 2024-05-30 12:32, Slavko via mailop wrote: Dňa 30. mája 2024 18:23:25 UTC používateľ Michael Peddemors via mailop napísal: I am sure there are many others that are dedicated to strictly AUTHentication abuse.. The key is to be able to do the check at all levels of authentication

Re: [mailop] [STATE OF THE UNION] Tales from the Trenches..

On 2024-05-30 10:46, Richard Laager via mailop wrote: On May 30, 2024, at 12:35, Michael Peddemors via mailop wrote: They do know there is RBL's that list known abusive BEC Attackers? I’m new to the list (though not email admin). What RBL are you saying I should be looking at? I already

[mailop] [STATE OF THE UNION] Tales from the Trenches..

Both life and Business have been very active, so it's been a bit since I posted one of these.. It's about time again.. * SendGrid continues to allow the same common threats from escaping * Increase in threat actors from Thailand/Vietnam region, but probably proxies for Chinese actors * Digital

Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

On 2024-04-30 04:44, Mendel Kucharzeck via mailop wrote: Laura, Thanks for your reply! Highly appreciated. Inline: - Anyone else seeing this behaviour from gmail recently? - Could the newly created, custom MAIL-FROM-domain cause a behaviour like this? The MAIL-FROM-Domain has not yet been

Re: [mailop] Sudden spike in Gmail failures ("TempFail – Spam")

On 2024-04-29 08:02, Mendel Kucharzeck via mailop wrote: Hi, During my last email campaign, I’ve encountered issues with gmail – and after investigating this for a few days, I cannot make heads or tails of the results. Maybe anyone can shed any light on what is happening. Environment:

Re: [mailop] Reason for being listed at Spamhaus CSS and XBL unclear

On 2024-04-18 06:01, Sebastian Arcus via mailop wrote: In that case I think I am back to square one. If an infected device connecting to 587/465 to various servers on the internet, from our network, to try and guess passwords/break into accounts wouldn't have used the FQDN of our public IP as

Re: [mailop] Reason for being listed at Spamhaus CSS and XBL unclear

It's REALLY hard to give you good advice, if you don't include the actual IP Address that is listed.. However, if it is the same email server you sent from, it's on Contabo which has it's own problems with reputation.. And I don't think they really care to help the innocent operators on their

[mailop] Aruba Email Servers getting Authenticated SMTP sessions from Google?

Aruba's email systems do have a lot of issues, but this one was a little new to me.. Received: from mail-lf1-f48.google.com ([209.85.167.48]) by Aruba Outgoing Smtp with ESMTPSA id uDJ6rtNJEjUFfuDJ6rzmku; Tue, 09 Apr 2024 17:22:44 +0200 It could be that they simply record

Re: [mailop] Amazon SES [Was: is warming IPs still necessary?]

On 2024-03-26 15:14, Ken Johnson via mailop wrote: Here, I have seen a gradual improvement in the quality of mail (now seeing a few legitimate users) coming from Amazon SES (based on headers containing amazonses.com), and now only add +3 in our local SpamAssassin filters. Of course, other

Re: [mailop] is warming IPs still necessary?

Your biggest threat is hosting on AWS.. Given the nature of EC2, you want to ensure that the IPs you are using are not in the midst of some abusive IPs, and AWS is still not providing public 'rwhois' delegation to our knowledge. Make sure that you have a correct PTR record of course, the

Re: [mailop] Debt Collection Client Email Servers

If they are 'dedicated', doesn't matter if they are coming from SendGrid, the PTR should reflect your clients domain. host 149.72.234.90 90.234.72.149.in-addr.arpa domain name pointer wrqvzxrx.outbound-mail.sendgrid.net. And given the amount of abuse of SendGrid servers, anything you can do

Re: [mailop] Mailbox Filling w. Opt-In/Sign-Up mails

Tobias, This does sound like a typical 'mail bomb', and there are even services you can rent to mail bomb an enemy.. Used to only see it in the gamer community, kid stuff.. but it is more rare than you think.. sometimes it can go on for several days.. Usually, someone has p**'ed off

[mailop] Love how people use SPF records.. Just for a chuckle..

host -t TXT save.ca save.ca descriptive text "v=spf1 ip4:70.33.236.0/25 mx a include:sendgrid.net include:thestar.ca include:thestar.com include:spf.google.com include:spf.protection.outlook.com include:spf.yahoo.com include:spf.aol.com include:amazonses.com -all" ... so.. basically hard

[mailop] Any Apple guys, with knowledge of their networks shed some light on this IP Space?

Does anyone know what this IP space is assigned for in general? Tracking some new threats.. inetnum:144.178.0.0 - 144.178.63.255 descr: Apple Inc status: LEGACY remarks:Cupertino admin-c:JD9555-RIPE tech-c: JD9555-RIPE netname:

Re: [mailop] Gmail.com SPF false negatives?

On 2024-02-27 15:01, Tim C via mailop wrote: On 28/2/24 09:30, Rob Nagler via mailop wrote: a mx ip4:139.177.203.52 You could try removing the redundant A/MX as they all point to 139.177.203.52. ___ mailop mailing list mailop@mailop.org

Re: [mailop] Outgoing Spam from Microsoft IPs

On 2024-02-19 04:46, Gellner, Oliver via mailop wrote: On 16.02.2024 at 03:38 Matt Palmer via mailop wrote: Although I must say that without reverse DNS would seem to be the easier blocking option -- when was the last time you saw legitimate mail from an IP without rDNS? Unfortunately

[mailop] Gmail Affiliate Marketers.. getting stupid excessive... Yahoo/ATT

All throw away domains, .xyz, .shop, .online, they are using ATT/Yahoo addresses, the emails are obvious.. Been reported a couple months back to the Yahoo people, no change to volumes.. (Note, it's all going to spam folders of course) Return-Path: Received: from mail-oo1-f78.google.com (HELO

Re: [mailop] Outgoing Spam from Microsoft IPs

On 2024-02-13 22:57, Hans-Martin Mosner via mailop wrote: We've been seeing runs of spam mails from Microsoft IP addresses without reverse DNS (possibly cloud servers). One is sending with addresses , starting on February 8. The other (same or different spammer?) uses and started just

Re: [mailop] Is forwarding to Gmail basically dead?

On 2024-02-08 22:11, Marco Moock via mailop wrote: Am Thu, 8 Feb 2024 10:46:51 -0800 schrieb Michael Peddemors via mailop : The only way this will stop, is when the network operators are forced to be accountable for outbound traffic dnsbl exists and some lists (e.g. uceprotect L3) entirely

Re: [mailop] Is forwarding to Gmail basically dead?

On 2024-02-08 10:20, Randolf Richardson, Postmaster via mailop wrote: My opinion: Get rid of forwarding to external sites whenever possible. Some universities don't even provide a forwarding option for the eMail accounts they set up for their students, and this trend will probably

Re: [mailop] [EXTERNAL] It's almost getting funny out there now..

:19, Michael Wise wrote: 103.143.76.89 is not a Microsoft IP. At all. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail ? -Original Message- From: mailop On Behalf Of Michael Peddemors via m

Re: [mailop] problem setting up open-dmarc

Some days.. it's like F* DMARC.. hehehe.. Anything that created a multi-million dollar industry of consultants on how to set up DMARC, well.. email should NOT be that difficult.. I still remember when email administrators didn't know how to set up DNS correctly.. (oh wait, some still do)

[mailop] It's almost getting funny out there now..

For the record, looking at the 'too big to block' stats, and definitely the o365 spam is leading the pack.. IPs that are temporarily rate limited because of too many invalid recipients reported in a 24 hour period.. (2871 IPs vs Gmail 155 IPs) Of course, not 100% relative, as their retry

[mailop] For the record, anyone tell me what specific Gmail email flows allows duplicate Return-Path as shown below?

X-Gm-Message-State: AOJu0Yygtd3O5YdS/rWj45vxya0hwrYa/BjQf5JxGSCWzAx9RXR9bryH LpU0oZbfEz95pt1aYhcAMT1+ArGYrI6GtRLuJdtIEEHgVc36TLiys7kql09B4icWlFB6/0HAW7R L84tjrA== X-Google-Smtp-Source: AGHT+IHJ80+WwCu4hMgvckgAPlSHw5qrXfLxQgaNiEfLv7pnjJvoeHyju4z8pvBZv1ELBkh6pusbJQ== X-Received:

Re: [mailop] ebay postmaster contact

And of course, this 'could' be caused by backscatter on their servers, if the emails originated from your server ;) Ensure your domains have SPF records of course, but we need more information on the list to determine if this is forgeries, or an eBay inherent problem. Suggest you send more

Re: [mailop] [External] seeking a spamtrap milter

On 2024-01-23 12:35, Randolf Richardson, Postmaster via mailop wrote: Hi folks, I suspect this exists, but can't come up with the right search. I have domains that should never receive mail. I'd like a milter that looks for mail to those domains and feeds the IP of the sender to an outside

Re: [mailop] Ping Microsoft / MSN

On 2024-01-22 06:58, Benoit Panizzon via mailop wrote: https://blacklist.imp.ch/entry.php?id=1.0.8.0.0.0.0.0.0.0.0.0.0.0.0.0.2.1.e.2.3.0.4.f.1.1.1.0.1.0.a.2 no further comment needed... Mit freundlichen Grüssen -Benoît Panizzon- We don't typically use IPv6, but the pattern matches a large

Re: [mailop] Spamhaus contact?

On 2024-01-19 12:42, Randolf Richardson, Postmaster via mailop wrote: On 2024-01-19 06:47, Atro Tossavainen via mailop wrote: On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote: Ok sorry not "most" but "some may"... My checkpoint rep said that they get their reputation lists from other

Re: [mailop] Spamhaus contact?

On 2024-01-19 06:47, Atro Tossavainen via mailop wrote: On Fri, Jan 19, 2024 at 03:31:19PM +0100, hg user wrote: Ok sorry not "most" but "some may"... My checkpoint rep said that they get their reputation lists from other companies... is it wrong ? It's possible that Check Point are just an

Re: [mailop] Spamhaus contact?

Examples? On 2024-01-18 13:33, hg user via mailop wrote: I also saw a spike in IP reported as malicious by spamhaus: IPs that have been sending emails for years: standard, business emails from personal accounts of people in airlines and hotels are now triggering spamhaus IP rbl... those IPs

Re: [mailop] Anyone else noticing an increase in spam from Office365 distribution lists?

I think you have to start blocking them earlier that in Spam Assassin, if you want to make a difference.. If you block them at the SMTP layer, then maybe they give up.. or if you reject with a 4XX, maybe Microsoft might notice an increase in the queues (wishful thinking) Also, if you check

Re: [mailop] o365 outbound senders.. Strange Failures sending .. widespread reports

On 2023-12-18 14:20, Benny Pedersen via mailop wrote: Michael Peddemors via mailop skrev den 2023-12-18 22:45: Strange rewriting mechanism, but this kind of volume should be restricted from the o365 side, no? What about the usage of non-existant FQDN name in the MAIL FROM? what mta ? what

Re: [mailop] 451-Reject due to policy restrictions from web.de and gmx.de

Wow! Just got back from a week in the sun, and the mailing list has been busy.. A bit off topic, but it is always amazing.. rejecting based on no DKIM? It's like most new requirements, ever notice that the spammers are implementing these requirements sooner/faster than the real email

Re: [mailop] Another very strange microsoft originated email??

the APNIC Whois Service version 1.88.25 (WHOIS-US4) Free trial account on Microsoft 365 being relayed through Microsoft 365 outbounds by a Hetzner IP --srs From: mailop on behalf of Michael Peddemors via mailop Sent: Thursday, December 7, 2023 5:38:33 AM

[mailop] Another very strange microsoft originated email??

Take a look at the headers for this one.. Appears to come from an sender IP on Hetzner, but related to Microsoft?? Some headers snipped for brevity, but something sure appears rotten in denmark.. love the boundary.. Any takers on explained how this is being allowed or performed?

Re: [mailop] Email deliverability issues to Outlook

On 2023-12-06 10:34, Anne Mitchell via mailop wrote: On Dec 5, 2023, at 11:49 PM, Grant Gordon via mailop wrote: A friend brought to my attention the following blog post which seems to have started around the same time we started experiencing issues and seems to be the same issue, though

Re: [mailop] Orange ISP - New outbound IP ranges

Jeremy, do note that there is 'history' on some of the 193.252.22.0/23 range.. I believe that previously there was Mail Essentials Project? Notice the SWIP is currently: inetnum:193.252.22.0 - 193.252.22.127 netname:MAIL-NEWMTA-FRANCE Suggest this be updated to reflect what

Re: [mailop] Cox.net contact

On 2023-11-30 12:39, Philip Paeps via mailop wrote: On 2023-12-01 06:59:21 (+1300), Mamidi, Sandeep via mailop wrote: We need cox.net post master details . Any one from cox.net ? Instead of going through bounces weekly, and contacting mailbox providers in alphabetical order asking for

Re: [mailop] Convincing clients of the importance of eMail recipient consent for mailing list subscriptions

Wasnt' there an article on how engagement rates for confirmed double opt-in vs unconfirmed were a LOT higher.. a few years back? I think if you can point to the higher engagement rates, that even with lower total subscribers you are more effective in your email marketing. Anyone have a link

Re: [mailop] How to report abuse to cloudflare? Only via Web-Form?!? Phishing sites not against cloudflare policy!?!

And Laura, This is ONLY the tip of the iceberg.. as long as businesses find they can get away with things, they will keep pushing the boundaries.. Whether it is Digital Ocean turning a blind eye, or even facilitating criminal activity, encouraging other hosters to do the same, or putting up

Re: [mailop] New Google DNS Servers? 192.178.65.0/28 NO PTR records.. anyone? Brandon?

:35 skrev Michael Peddemors via mailop: Of course, Google never SWIP's their segments very well, but with no PTR records, not much to go on.. Not much to go on, hmm ... ... Have you tried the Google Public DNS documentation? :) large DNS Queries coming from this range, anyone know if it has legit

[mailop] New Google DNS Servers? 192.178.65.0/28 NO PTR records.. anyone? Brandon?

Of course, Google never SWIP's their segments very well, but with no PTR records, not much to go on.. large DNS Queries coming from this range, anyone know if it has legit usage? - 192.178.65.2 = 10357 - 192.178.65.5 = 10327 - 192.178.65.8 =

Re: [mailop] ClientID - was Re: Microsoft lays hands on login data: Beware of the new Outlook

Re Confirm CLIENTID usage, all MagicMail customers have CLIENTID support enabled.. Not all are 'locking' customer email accounts yet.. Like insurance.. it's often 'lock the doors AFTER you have been robbed', but it is a simple way to lock down email accounts. And we are still working on

Re: [mailop] Microsoft lays hands on login data: Beware of the new Outlook

On 2023-11-11 03:30, Bjoern Franke via mailop wrote: Hi, ... I have not been aware of the fact that *ALL* apps actually might be doing this. It was just recently that I looked for alternative iOS mail apps - and "phoning home" credentials got noted only for the Spark app. This seems to be

Re: [mailop] Microsoft lays hands on login data: Beware of the new Outlook

On 2023-11-10 09:00, Francois Petillon via mailop wrote: What we have seen here is Microsoft IPs connecting to mailboxes using IMAP. These connections seemed to be uncorrelated from real users connections (graphs looked mostly flat) and Microsoft did not really care about credentials validity.

Re: [mailop] How to handle hostname and PTR mismatch?

do you mean by having a valid URL associated? Thanks ! Le sam. 28 oct. 2023 à 01:03, Michael Peddemors via mailop mailto:mailop@mailop.org>> a écrit : IMHO there are reasons for the EHLO or HELO to use the internal server name, which may not be associated with a public IP Address, s

Re: [mailop] How to handle hostname and PTR mismatch?

IMHO there are reasons for the EHLO or HELO to use the internal server name, which may not be associated with a public IP Address, so expecting the EHLO to match the PTR can and will get you into trouble. It is more important to make sure that the domain in the PTR record, has a URL

Re: [mailop] Still Don't understand Google's relaying systems.. Duplicate Return-Path, and other things..

Not to be 'snide' Atro, but that part is pretty obvious.. It was the technical details I was searching for, on HOW it is able to relay from those IPs.. please review the original post again.. I thought I was clear on that.. This doesn't appear to be the standard relay path/source/methods..

[mailop] Still Don't understand Google's relaying systems.. Duplicate Return-Path, and other things..

This spammer or mail to hire company, spams through Gmail services.. Return-Path: Received: from mail-io1-f50.google.com (HELO mail-io1-f50.google.com) (209.85.166.50) ... However.. X-Google-Smtp-Source: AGHT+IF+YQj10sXzr631pp0MqKBzywMKwgMR40jKetDYeAC5No/cCx2lD4x7tB7lheld3srQrM8NAQ==

Re: [mailop] New hotmail function: 'Put emails from unknown sender as Junk' causing false complaints?

On 2023-10-24 05:38, Benoît Panizzon via mailop wrote: Hi Team One of our customer is forwarding his emails on our platform to his hotmail email address. Today, we started getting a Microsoft Spam complaint for almost every email that was being forwarded to his hotmail account. I contacted

[mailop] Any Postmaster's from Aliyun on the mailing list?

Curious about the construction of your Received Headers, from local user... Received: from Airwheel0508(mailfrom:herb...@electricluggage.net fp:SMTPD_---.V2eL5mH_1697693488) by smtp.aliyun-inc.com; Thu, 19 Oct 2023 13:31:29 +0800 Notice that there is no information, such

Re: [mailop] Anyone heard of an rbl.serverko.net RBL?

security at jonesolutions dot com. If you spam again, good bye forever! Seems very professional. Louis Op maandag 11 september 2023 om 17:41, schreef Michael Peddemors via mailop: Nothing at either .. http://rbl.serverko.net <http://rbl.serverko.net> or http://serverko.net

[mailop] Anyone heard of an rbl.serverko.net RBL?

Nothing at either .. http://rbl.serverko.net or http://serverko.net, and whois is privacy protected CloudFlare.. Hosted at: JoneSolutions Internet Services (JIS-45) -- "Catch the Magic of Linux..." Michael Peddemors,

[mailop] [STATE of the UNION] Tails from the trenches of the spam auditing team..

It's been a bit, but this week with so many of the team on holidays, I guess it is on me to post an update.. Things that we are seeing.. * Increase of Japanese servers with Email compromises * Zimbra BEC continues to rise, and with the latest CVE, will expect more but it is of course sad to

[mailop] Anyone from Alimail on the list? A few Best Practices comments..

First of all, would be nice it you break up your header injected by your Spam protection..

[mailop] Anyone know much about Amazon servers? (Increased BackScatter)

host ns-73.awsdns-09.com 205.251.192.73 Seems seeing an increased 'backscatter' from these servers, used maybe as a method to spread phishing materials.. Shows them as Exim servers, but no idea what those servers are meant to be doing? the dns reflection in the names suggest it isn't really

[mailop] Microsoft BackScatter problem? Michael W, can you investigate?

Having a few customers reporting a REAL strange case.. they are being overwhelmed by what looks like backscatter, but a very broken backscatter. All IPs in the 40.92.NNN.NNN block. The backscatter message coming from postmas...@outlook.com as NDR"s but not a normal NDR. Being delivered to

Re: [mailop] ANY OVH Contact?

On 2023-08-09 08:55, Mark Alley via mailop wrote: On 8/9/2023 3:31 AM, Jaroslaw Rafa via mailop wrote: Dnia 9.08.2023 o godz. 11:00:12 Otto J. Makela via mailop pisze: Unless the situation has dramatically changed in the last year, OVH has no functioning abuse team. I block a majority of

Re: [mailop] ANY OVH Contact?

Just ONE ?? Hehehe.. Block and Forget.. Lot's of active affiliate spammers, malware senders, BEC actors, phishing, and throw away domains.. Sorry, but OVH team's are completely uncaring on this matter it appears. It's a sad trend, those hosting providers who's 'in-use' IP count is more

[mailop] Anyone On list doing the systems for the FBI

castlemta-worker-6.usgovtexas.cloudapp.usgovcloudapi.net MAIL FROM address: [f...@subscriptions.fbi.gov] Hit me up off list, might be something wrong with your mailer.. FastTalker, trying to pipeline when not advertised? -- "Catch the Magic of Linux..."

Re: [mailop] I Need someone from AOL and/or Yahoo to contact me

On 2023-07-31 14:32, Ángel via mailop wrote: On 2023-07-25 at 17:14 +0200, Sebastian Nielsen via mailop wrote: Sadly not all MUAs implement ClientID either. Easiest way to implement 2FA on email, is to have a webpage, where you login with your 2FA token. When you have done that, the IP to visit

Re: [mailop] I Need someone from AOL and/or Yahoo to contact me

And consider an RBL that tracks IPs used in authentication attacks, like RATS-AUTH, RATS-NULL from SpamRats.. And you might consider your policies on allowing connections from open proxies as well in the interm.. given the amount of hackers that use that to bypass country authentication

[mailop] Big Outbreak at Mailgun Yesterday?

All guardpost IPs, but again it would be nice if big ESP's used the actual sender in the MAIL FROM's so that only the bad guys get blocked, and not all their customers.. IMHO.. Sorry everyone, haven't had much time for our regularly scheduled 'state of the union', working on getting other

Re: [mailop] Guide for setting up a mail server ?

On 2023-07-14 09:20, Slavko via mailop wrote: You all realize that the poor guy looking for a guide on how to set up and email server long since left, you scared him to death with the complexity.. We need to 'encourage' people to run their own mail servers, not scare them away.. Suggest

Re: [mailop] Guide for setting up a mail server ?

On 2023-07-12 12:53, Jaroslaw Rafa via mailop wrote: Most of regular consumer email users don't have any reason for this. As Bill Cole, whom I was replying to, wrote - nobody would try to impersonate you or me in a phishing campaign for financial gain, because there won't be any. hehehe.. they

[mailop] Outlook/o365 having DNS Troubles?

Jul 11 08:20:04 be msd[1974542]: CONN: 52.96.233.45 -> 587 GeoIP = [US] PTR = NXDOMAIN OS = Windows NT kernel Jul 11 08:20:04 be msd[1974542]: EHLO command received, args: SJ1PR84MB3115.NAMPRD84.PROD.OUTLOOK.COM The fingerprint looks funky too.. trying to see if this is an actual cloud

Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?

Actually, what I like is those companies that show real time stats on RBL's, you get to see who is the most accurate, not only who would block the most.. If you get 'inaccuracies', then someone has done something wrong. M3AAWG might be exactly the WRONG organization for this, given it's

Re: [mailop] Noticed Google now suggests changing envelope sender for forwarding

+ 1 (I believe you of course mean remote forwards) On 2023-06-01 10:58, Benny Pedersen via mailop wrote: if this is complicated, don't use forwards -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO

Re: [mailop] Someone from nifty.com / sion.ne.jp an this list?

On 2023-05-30 06:36, Michael Peddemors via mailop wrote: On 2023-05-29 22:36, Hans-Martin Mosner via mailop wrote: There's been an ongoing phishing wave originating from nifty.com. I (and most likely others) have sent abuse reports, but the root of the problem apparently hasn't been found

[mailop] Speaking of.. BlueHost.. SMTP Rate limiters will help you, but you better block the following IP (if you are on list)

95.76.2.66 Of course, assuming you have a centralized auth rate limiter in place.. I mean, you have a lot of cPanel servers that might be being 'phished' right now.. This spammer has been around for a long time, But it looks like he has compromised several users. The 'phishing' site

Re: [mailop] Transparency is key... Here is a perfect example.. M3AAWG is coming.. time to take a st

Not here for a flame way on the topic... Just trying to feed the conversation.. examples that can be used or talked about at M3AAWG or amongst the community.. However, a couple of small 'opinion' pieces.. * I refuse to believe that there is nothing to do on this issue, and that the boat has

[mailop] Transparency is key... Here is a perfect example.. M3AAWG is coming.. time to take a stance?

18.156.43.163 (M) 1 guardpost-n08.euc1.mailgun.co 18.157.58.83(M) 1 guardpost-n07.euc1.mailgun.co 18.157.75.126 (M) 1 guardpost-n01.euc1.mailgun.co 18.158.176.19 (M) 1 guardpost-n02.euc1.mailgun.co 18.197.223.145 (M)

Re: [mailop] Someone from nifty.com / sion.ne.jp an this list?

On 2023-05-29 22:36, Hans-Martin Mosner via mailop wrote: There's been an ongoing phishing wave originating from nifty.com. I (and most likely others) have sent abuse reports, but the root of the problem apparently hasn't been found and fixed. Would you please see that this phishing stops? If

Re: [mailop] Massive botnet going off today?

On 2023-05-15 01:16, Taavi Eomäe via mailop wrote: Can confirm seeing a similar botnet at action, ~5000 different IP-addresses, ~400 million attempts and counting. Seems to be trying relatively random and unrelated local part + domain combinations. This also means this botnet is rather

Re: [mailop] Massive botnet going off today?

On 2023-05-13 12:09, Jarland Donnell via mailop wrote: Curious if anyone else is seeing an event similar to this. Here's the logs of 1 hour on one of our servers, for what I propose to be a botnet: https://clbin.com/4khRA I'm leaving the recipient domains in it

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

1:40 -0700, Michael Peddemors via mailop wrote: Hi Laura, I think we have to disagree here.  The PTR naming is set via SendGrid. It doesn't NEED to be the same as the A record. This is for those MTA's that do forward/reverse matching, which isn't always successful. Yes, doing that for a IPv6 e

Re: [mailop] United Airlines / mileageplus DNS/rDNS mismatch issue

Hi Laura, I think we have to disagree here. The PTR naming is set via SendGrid. It doesn't NEED to be the same as the A record. This is for those MTA's that do forward/reverse matching, which isn't always successful. Yes, doing that for a IPv6 email address to satisfy Google, go ahead. But

[mailop] Any Postmasters or abuse team from Amazon AWS on here?

Wouldn't mind a quick off list dialogue about a prolific spammer team abusing AmazonSES, will share the fingerprints on this actor.. Amazon SES is always tougher to filter the good and the bad, but this guy is well known affiliate marketer to suspect sites, and occasionally the odd bit of

[mailop] Any Apple email team on the list? Interesting tidbit like to shed light on...

Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.2\)) X-Universally-Unique-Identifier: DDB4B009-F0E0-4255-8DC7- Trying to understand if this is an unintended disclosure.. Of course, UUID's etc are important tools for verification, and can be useful in validating authenticity,

Re: [mailop] Requests with mixed caesar cipher encoding from microsoft ips

Do you have a sampling of the IPs, and we can see if it correlates with some of our datasets? Sure would be nice if the big guys, did a better job of SWIP on their ranges, so we know which ones they operate, vs the ones they rent. On 2023-05-02 07:34, Abuse Department - Advision via mailop

[mailop] List Washing services.. they keep moving around.. Linode this time.

For those tracking these kinds of things.. last two or three days.. 45.33.54.30 (M) 1 server14.gnewspappersinmx.com 45.33.58.102(M) 1 server01.gnewspappersinmx.com 45.33.58.206 (M) 1 server02.gnewspappersinmx.com 45.33.58.250 (M)

Re: [mailop] emailage.com ?

There are getting to be a 'lot' of list washing services out there, but you are right.. SMTP callbacks on contact forms are getting silly too. Could not access several websites now, because their SMTP callback service was blocked for one reason or another. Hackers also can use those forms

Re: [mailop] ab...@microsoft.com => Mailbox full

On 2023-04-20 09:51, Michael Rathbun via mailop wrote: On Thu, 20 Apr 2023 15:32:18 +0200, Benoit Panizzon via mailop wrote: ... Delivery has failed to these recipients or groups: ab...@microsoft.com The recipient's mailbox is full and can't accept messages now.

[mailop] ZenDesk on Deck here? Interesting MetaMask phishing sent from your platform.

Anyone on ZenDesk here on the list? X-Zendesk-From-Account-Id: 9be82a4 X-Zendesk-Email-Id: 01GWZWCZVGH82YMM9AFBQA9XZ4 Strange Phishing example, embedded phishing content (MetaMask) on top of a more normal marketing email. Just for curiosity sake, more than anything, but hate for this to be a

Re: [mailop] linodeusercontent.com/googleusercontent.com, I'm so done with you

On 2023-04-04 09:14, Hans-Martin Mosner via mailop wrote: Those two cloud providers are currently providing 99% of the incoming spam at one site. googleusercontent.com sends a never-ending flood of DHL phishing mails. linodeusercontent.com sends unsolicited ad crap using a domain

[mailop] Anyone from Fresh Desk onlist?

So, I guess we have to assume that IP address on AWS is a forgery.. huh? host 18.235.53.110 110.53.235.18.in-addr.arpa domain name pointer s1.email.freshdesk.com Return-path: host -t TXT emailuss.freshdesk.com emailuss.freshdesk.com descriptive text "v=spf1 include:fdspfus.freshemail.io

Re: [mailop] How to address Microsoft if spaming Office365 customers cause collateral damage for other Office365 customers sharing the same IP?

On 2023-03-30 07:37, Benoit Panizzon via mailop wrote: Hi all Received: from mail-vi1eur04on0730.outbound.protection.outlook.com ([IPv6:2a01:111:f400:fe0e::730]:47502) from new...@news-science-travel.com Auth: by a Spamtrap on 2001:4060:dead:beef::1907:2 25 pretending to be an open relay

Re: [mailop] Hotmail will start rejecting messages that fail DMARC

Or just turn off remote email forwarding.. On 2023-03-22 14:52, Sebastian Nielsen via mailop wrote: I think forwarders and mailing lists should start rewriting From: instead to a adress for which they are authorative, or encapsulate the list message in a new rfc822 container, where the inner

[mailop] Not out of the office yet, quick heads up... High Russian Traffic..

Over night a large run of Spam and Phishing coming from Russian IP space.. Coming from many sources.. And given the zero days, and the Emotet increases, may no surprise.. but worth watching.. No time to dig into it though, but it might be a busy weekend for the abuse teams.. ptr.ruvds.com

[mailop] Hey GroupOn, want to fix your message ID generator??

Message-ID: <934542802.10812.1678919922311.javamail.r...@rocketman-commercial--email-consumer--default-56.hbu-svc-rocketman-commercial--email-consumer--default.rocketman-commercial-production.svc.cluster.local> Or is that REALLY your PTR records.. -- "Catch the Magic of Linux..."

[mailop] [WEEKLY STATUS] SpamAuditor - Tales from the Trenches

It's been an awfully quiet week on the mailop list, so thought I would send this weekly update early, spring is here, and I have new equipment being delivered to the mountain, and warm days ahead.. so hope to call it an early week. But all in all it has been a quieter week in the trenches as

Re: [mailop] IP RBLs and large cidr blocks

On 2023-03-09 10:33, Grant Taylor via mailop wrote: On 3/9/23 9:45 AM, Michael Peddemors via mailop wrote: AS well, you 'could' change default PTR's for segments used differently. I find the idea of requiring PTRs to contain a magic string to be unappetizing at best and appalling

Re: [mailop] IP RBLs and large cidr blocks

Yes, it's called 'rwhois'. Of course, linode can SWIP the larger portions, with a clear indication of what parts of the IP space are used for what. AS well, you 'could' change default PTR's for segments used differently. At least you are asking how you can do things differently. I know

Re: [mailop] Email Server Load issues, processing timeouts.

On 2023-03-07 10:48, Bastian Blank via mailop wrote: On Tue, Mar 07, 2023 at 01:29:37PM -0500, David Sovereen via mailop wrote: On Mar 7, 2023, at 12:54 PM, Bastian Blank via mailop wrote: On Tue, Mar 07, 2023 at 12:26:41PM -0500, David Sovereen via mailop wrote: I’m trying to reach someone

Re: [mailop] Bell.ca servers disconnecting before QUIT

Still far too many email platforms not following RFC's on this, thinking it will improve performance, they just exit at 250ok.. First thing, make sure you have pipelining turned off.. not that it is your problem, but it will help you out.. Of course, by your description this sounds like a

[mailop] Brandon, Legit, or something you should sic lawyers on?

If Gmail is using OVH IP space, that's new ;) EHLO command received, args: smtp-relay.gmail.com MAIL command received, args: FROM: 54.39.168.33x10 venus.contentmarketingdigest.com 54.39.168.34x18 earth.contentmarketingdigest.com 54.39.168.35x3

[mailop] Morning Grumble about Google Groups Invites..

Someone malicious sends you a notice that you have been added to a google groups.. Of course, you don't want to click the google group unsubscribe, as then the malicious operator knows you read his message. So, Google offers two other alternative links.. 'unsubscribe' and ' If you do not

Re: [mailop] SMTP equivalent of HTTP 30x redirect ? throttling email forwards

On 2023-02-28 10:46, ml+mailop--- via mailop wrote: On Tue, Feb 28, 2023, Andrew C Aitchison via mailop wrote: Is there an SMTP equivalent of the HTTP 30x status codes ? Maybe this: RFC 5321: 551 User not local; please try (See Section 3.4) Attractive idea, but impractical in the

Re: [mailop] O365 throttling email forwards

On 2023-02-28 08:00, Mark E. Jeftovic via mailop wrote: Hey all, Looks like customers trying to forward email from their own domains here, to their O365 mailboxes are getting throttled with: "451 4.7.500 Server busy. Please try again later". O365 enterprise customers are able to whitelist

[mailop] Reminder, Best Practices and PTR records..

Usually I have to remind ESP's on this.. If you have a domain in the PTR record, make sure that it has an associated URL for the domain, or redirects to your company website. Maybe someone can help me, but there was a M3AAWG Best practices document that covered this.. Today, (hey Ken, can

  1   2   3   4   5   >