On 2021-09-23 11:25 a.m., Robert L Mathews via mailop wrote:
Or "This message is verified as being from gmail.com, but there's no
previous message fromevild...@gmail.com in your mailbox."
For the record, the scammers are trickier than that, they take an old
thread from the compromised
On 9/23/21 9:42 AM, Jay Hennigan via mailop wrote:
> While you do this, also tell them to ignore phishing emails that claim
> to be from their provider warning that their email account is at risk.
A lot of this now seems like just poor user interface. Email software
authors (and many of us,
This discussion made me think of one of the several bizarre episodes involving
my spamtraps apparently becoming part of the must-try user IDs for other
services -
https://bsdly.blogspot.com/2014/08/password-gropers-take-spamtrap-bait.html
Hi Sidsel,
On 9/23/21 12:21 AM, Sidsel Jensen via mailop wrote:
Each hash in haveibeenpwned is associated with a count based on
how many breaches it’s been found in. If we find a match on the
hash we check the count towards a set threshold, and if the count is
higher than the threshold the
On 9/23/21 02:45, Jaroslaw Rafa via mailop wrote:
Dnia 23.09.2021 o godz. 08:21:40 Sidsel Jensen via mailop pisze:
Unfortunately we can only do this in our Webmail, we have no good way of
sending this message to a user of a 3rd party mail client. If someone on
this list has a good idea on how
23. September 2021 14:32, "Christian Mack via mailop"
schrieb:
> Hello
>
> On 23.09.21 12:59, Geert Ijewski via mailop wrote:
>
>> On 23.09.21 11:45, Jaroslaw Rafa via mailop wrote:
>>> Dnia 23.09.2021 o godz. 08:21:40 Sidsel Jensen via mailop pisze:
>>
>> Unfortunately we can only do this
We have had to do this to select users when there's evidence of a
password compromise. And yes, it could be mistaken for a phish, so we
don't include a password change link, direct people to our helpdesk page
with instructions on finding the change password instructions, provide a
local
Hello
On 23.09.21 12:59, Geert Ijewski via mailop wrote:
>
> On 23.09.21 11:45, Jaroslaw Rafa via mailop wrote:
>> Dnia 23.09.2021 o godz. 08:21:40 Sidsel Jensen via mailop pisze:
>>>
>>> Unfortunately we can only do this in our Webmail, we have no good way of
>>> sending this message to a user
On 23.09.21 11:45, Jaroslaw Rafa via mailop wrote:
> Dnia 23.09.2021 o godz. 08:21:40 Sidsel Jensen via mailop pisze:
>>
>> Unfortunately we can only do this in our Webmail, we have no good way of
>> sending this message to a user of a 3rd party mail client. If someone on
>> this list has a good
On 9/23/21 10:56 AM, Steve Freegard via mailop wrote:
Hi Alessio,
You could try our Authentication Blocklist:
https://docs.abusix.com/ami-production-zones/authbl
This doesn't pre-emptively list cloud IPs, it only lists IPs where we've
seen evidence of compromise/abuse and these come from
Hi Alessio,
You could try our Authentication Blocklist:
https://docs.abusix.com/ami-production-zones/authbl
This doesn't pre-emptively list cloud IPs, it only lists IPs where we've
seen evidence of compromise/abuse and these come from a variety of
sources, some of them I believe to be novel
Dnia 23.09.2021 o godz. 08:21:40 Sidsel Jensen via mailop pisze:
>
> Unfortunately we can only do this in our Webmail, we have no good way of
> sending this message to a user of a 3rd party mail client. If someone on
> this list has a good idea on how that can be accomplished with a good UX I
>
> On 22 Sep 2021, at 21.44, Jarland Donnell via mailop
> wrote:
>
> This is true. While brute force attacks persist, we rarely see a connection
> between that and compromised accounts these days. Most often the attacker
> knew the password immediately. Now what would be cool, and has always
This is true. While brute force attacks persist, we rarely see a
connection between that and compromised accounts these days. Most often
the attacker knew the password immediately. Now what would be cool, and
has always been on my list of "maybe one day" features, would be either
using an API
Dnia 21.09.2021 o godz. 22:25:26 Darrell Budic via mailop pisze:
>
> If you follow NANOG and some other groups, you’re probably aware of the
> spate of VPN blocking recently from various Video providers like Netflix
> and Amazon Prime. This seems to be (as an email provider and (separately,
>
> From: Alessio Cecchi
> we are an email hosting provider, and as you know many users use weak
> passwords, or have trojan on their PC that stolen their password that
> are used to sent spam or doing some kinds of fraud.
>
> We already have a "script" that checks, from log files, the country
> On Sep 21, 2021, at 2:25 PM, Michael Peddemors via mailop
> wrote:
>
> On 2021-09-21 12:09 p.m., Mark Milhollan via mailop wrote:
>>> Block AUTH from Amazon/Gcloud/Azure by default
>> Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace, etc.,
>> perhaps especially those
More good points..
.. for the record, compromises via SMTP are easier to identify, the
scary ones are IMAP authentication ones, as the hacker can log in simply
once every week, and search your inbox for personal information,
password reset links, services that you use, credit card
On 2021-09-21 12:09 p.m., Mark Milhollan via mailop wrote:
Block AUTH from Amazon/Gcloud/Azure by default
Would you include other clouds, like Alibaba, Oracle, OVH, Rackspace,
etc., perhaps especially those that are "too easy" for spammers and
miscreants to get a machine going on? I can
Control over account creation (this is more a free mailbox kind of thing)
Risk based analysis at login time based on the available signals
Risk based analysis of the overall connection
Spam analysis of the sent mail
All of which needs to feed into each other.
For the larger providers, this is an
Hi,
Dňa Tue, 21 Sep 2021 17:08:54 +0200 Alessio Cecchi via mailop
napísal:
> For "do something" I means:
>
> - too many logins from different country
> - too many fast login
You do not tell what IMAP/POP3 server are you using, but eg. with
dovecot you can use/apply these (and more) policies
On Tue, 21 Sep 2021, Michael Peddemors wrote:
Use RATS-AUTH to block auth attacks, from known dedicated IP(s) ;)
I've tried this, so far it has blocked 7 of 4933 AUTH attempts since I
began using it.
Block AUTH from Amazon/Gcloud/Azure by default
Would you include other clouds, like
Though a bit of a non-standard approach, I collect email subjects and
recipients from accounts that were compromised and used by the attacker
to send email. I use rspamd to mark them, and then I use bash scripts to
check for emails that hit the rspamd triggers and alert via Pushover
that an
On 9/21/21 08:08, Alessio Cecchi via mailop wrote:
Hi,
we are an email hosting provider, and as you know many users use weak
passwords, or have trojan on their PC that stolen their password that
are used to sent spam or doing some kinds of fraud.
Fail2ban for weak passwords.
There are also
Use RATS-AUTH to block auth attacks, from known dedicated IP(s) ;)
Block AUTH from Amazon/Gcloud/Azure by default
Consider transparent 2FA like CLIENTID
Fail2Ban is a stop gap mentioned often on the list.. but be careful, as
it might block a large CGNAT range.
Country authentication
Hi,
we are an email hosting provider, and as you know many users use weak
passwords, or have trojan on their PC that stolen their password that
are used to sent spam or doing some kinds of fraud.
We already have a "script" that checks, from log files, the country of
the IP address and "do
26 matches
Mail list logo
