unwise filtering policy on abuse mailboxes
can we please just stop this nonsense? ip under your direct control originates sewage. you should accept reports as-is. requiring victims of your sewage to go through special contortions to report it to you is not acceptable.
----- The following addresses had permanent fatal errors ----- <abuse@psychz.net> (reason: 550 "The mail server detected your message as spam and has prevented delivery.")
On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote:
can we please just stop this nonsense?
ip under your direct control originates sewage. you should accept reports as-is.
requiring victims of your sewage to go through special contortions to report it to you is not acceptable.
----- The following addresses had permanent fatal errors ----- <abuse@psychz.net> (reason: 550 "The mail server detected your message as spam and has prevented delivery.")
abuse@fsec.or.kr and cert@fsec.or.kr do the same thing. - Brian
Dan, Are you saying Nanog if spamming you? It's not at all clear what your complaint is. -mel via cell
On Jul 24, 2018, at 4:37 PM, Brian Kantor <Brian@ampr.org> wrote:
On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote: can we please just stop this nonsense?
ip under your direct control originates sewage. you should accept reports as-is.
requiring victims of your sewage to go through special contortions to report it to you is not acceptable.
----- The following addresses had permanent fatal errors ----- <abuse@psychz.net> (reason: 550 "The mail server detected your message as spam and has prevented delivery.")
abuse@fsec.or.kr and cert@fsec.or.kr do the same thing. - Brian
Seemed pretty clear to me. He sent an abuse report to abuse@psychz.net and it was rejected as spam. On Tue, Jul 24, 2018, 8:11 PM Mel Beckman <mel@beckman.org> wrote:
Dan,
Are you saying Nanog if spamming you? It's not at all clear what your complaint is.
-mel via cell
On Jul 24, 2018, at 4:37 PM, Brian Kantor <Brian@ampr.org> wrote:
On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote: can we please just stop this nonsense?
ip under your direct control originates sewage. you should accept reports as-is.
requiring victims of your sewage to go through special contortions to report it to you is not acceptable.
----- The following addresses had permanent fatal errors ----- <abuse@psychz.net> (reason: 550 "The mail server detected your message as spam and has prevented delivery.")
abuse@fsec.or.kr and cert@fsec.or.kr do the same thing. - Brian
I bet you can search the nanog list archive and find this very discussion topic surface about ever 8-12 months... folk always fall in this trap (or a form of it): "Welp, we've had 1 too many people in $CORP get infected via email, spam filter all the things!!!" ... wait... "Oh, yea duh.. our spam/abuse alias can't block spam.. because people will send us email they get that has spam/viruses/etc in it..whoops!!" this 'always' happens, and we discuss it every 8-12 months. On Tue, Jul 24, 2018 at 8:18 PM Ross Tajvar <ross@tajvar.io> wrote:
Seemed pretty clear to me. He sent an abuse report to abuse@psychz.net and it was rejected as spam.
On Tue, Jul 24, 2018, 8:11 PM Mel Beckman <mel@beckman.org> wrote:
Dan,
Are you saying Nanog if spamming you? It's not at all clear what your complaint is.
-mel via cell
On Jul 24, 2018, at 4:37 PM, Brian Kantor <Brian@ampr.org> wrote:
On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote: can we please just stop this nonsense?
ip under your direct control originates sewage. you should accept reports as-is.
requiring victims of your sewage to go through special contortions to report it to you is not acceptable.
----- The following addresses had permanent fatal errors ----- <abuse@psychz.net> (reason: 550 "The mail server detected your message as spam and has prevented delivery.")
abuse@fsec.or.kr and cert@fsec.or.kr do the same thing. - Brian
I'm saying people who filter their abuse mailboxes need to stop doing so. -Dan On Wed, 25 Jul 2018, Mel Beckman wrote:
Dan,
Are you saying Nanog if spamming you? It's not at all clear what your complaint is.
-mel via cell
On Jul 24, 2018, at 4:37 PM, Brian Kantor <Brian@ampr.org> wrote:
On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote: can we please just stop this nonsense?
ip under your direct control originates sewage. you should accept reports as-is.
requiring victims of your sewage to go through special contortions to report it to you is not acceptable.
----- The following addresses had permanent fatal errors ----- <abuse@psychz.net> (reason: 550 "The mail server detected your message as spam and has prevented delivery.")
abuse@fsec.or.kr and cert@fsec.or.kr do the same thing. - Brian
Why are you telling us here on Nanog? -mel
On Jul 24, 2018, at 7:43 PM, John Levine <johnl@iecc.com> wrote:
In article <Pine.LNX.4.64.1807241753160.10843@yuri.anime.net> you write:
I'm saying people who filter their abuse mailboxes need to stop doing so.
See Canute, King.
R's, John
On Tue, Jul 24, 2018 at 8:55 PM Dan Hollis <goemon@sasami.anime.net> wrote:
I'm saying people who filter their abuse mailboxes need to stop doing so.
it's totally possible that the person who 'runs' the abuse@ is not the person that 'runs' the mail system at the places in question. the larger the organization the certainty of that being true. (yes people should lear, no they probably all won't) -chris
On Tue, Jul 24, 2018 at 10:13 PM Christopher Morrow < morrowc.lists@gmail.com> wrote:
it's totally possible that the person who 'runs' the abuse@ is not the person that 'runs' the mail system at the places in question.
At my work you'll get an email issue addressed if you send it to postmaster@<OldFrenchAirplaneCompany>.com. RFC-2142 lays this out in section 5. In the last five years I've not had one email sent to it. This reminds me to review the others on the list to make sure they actually reach someone. Maybe a little incognito test. -Joe -- Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474
On Tue, Jul 24, 2018 at 05:53:48PM -0700, Dan Hollis wrote:
I'm saying people who filter their abuse mailboxes need to stop doing so.
1. They needed to stop doing so a few decades ago. Anybody still doing it today is doing it on purpose, which of course leads directly to the question: why? 2. In the case of this operation, perhaps it's because it has a very, VERY long history of support for spammers and other abusers. A quick glance at data-on-hand shows 250+ incidents over the past decade, and I'm sure that's only the surface. 3. There is no point whatsoever in reporting abuse to them. The most likely outcome of doing so is that you will be targeted for retaliation. 4. With that in mind, isn't it curious that I posted a comment in this thread on 7/27 and then on 7/28 observed this (heavily redacted) from their network space: Failed password for root from 116.206.72.123 Failed password for invalid user VM from 116.206.72.123 Failed password for invalid user localhost from 116.206.72.123 Failed password for root from 116.206.72.123 Failed password for invalid user sir from 116.206.72.123 Failed password for root from 116.206.72.123 ---rsk
On Wed, 1 Aug 2018 11:19:36 -0400, Rich Kulawiec <rsk@gsp.org> may have written:
On Tue, Jul 24, 2018 at 05:53:48PM -0700, Dan Hollis wrote:
I'm saying people who filter their abuse mailboxes need to stop doing so.
1. They needed to stop doing so a few decades ago. Anybody still doing it today is doing it on purpose, which of course leads directly to the question: why?
Never assume malice ("on purpose") something which can be adequately explained by incompetance. -- Mike Meredith, University of Portsmouth Chief Systems Engineer, Hostmaster, Security, and Timelord!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Wed, 2018-08-01 at 11:19 -0400, Rich Kulawiec wrote:
1. They needed to stop doing so a few decades ago. Anybody still doing it today is doing it on purpose, which of course leads directly to the question: why?
One reason as to "why" is that there is no good way to specify an alternate abuse@ address, where said alternate abuse address is on a completely different (sub)?domain, ala ruf/rua=. So then it becomes an issue of not filtering the base domain, which would be a massive headache for those who follow the 2 age-old smtp golden rules: -- "never accept email you can't deliver" -- "reject at connect, never bounce" 49% of folks would've said whois could have been a great place for an Abuse contact... and another 49% would say security.txt is the place. The end result is there is zero standard nor recommended way, imho. - -Jim P. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlth2BMACgkQJxVetMRa JwVVvxAAjF5Nzd2NvilFWSJWc8Mo1Yl9rckNi4pMf0hdU3NbHBAq/Q1gbe/XfHu7 nMyHc0V9Puwm0eb1LPHldwVwjcxG8SRYAztjagUFEhnes1SyUq+c5UdG2pzkn03A SMgNFKiwLQdqhtnGsjpp9YFEGyrzHYIuBxzqSXTysXgg55nzxP1kQ/BEk2uKzhBO ///M8+cgFIsK+9SgYvYHh1dLTi+vK6PI79dUT6JNcK5imirbKORCwL/05rJp7PXx VG/0mBxWFcw1/5e2uDcu1eEhYboNH1QVf6O4a+HUS37HhJSayVC2AKr5rTm8/NWs YpvO4mZ0Sy/3o0tsZp1gahKRrlN5VZzbuKjuGVD71OY+Rwaxsga6YQJGajOUs8Rc 8D3rT7lC2c7V2xooOKF5FnOM8B7xJwbwb3M9IMWmsB7d2c+WvdBvzZGiO8Gzdah5 giiYh2ninyVQdJ8diIuQChJ/hpBakuXmtq+RIHWpEgfF//tUux/rCI1NG8DJbs73 UuwuQmQ7goOs43/FGEV+hoqAdKH7eY3/8MNFajoqEmvQSKWpUm+7nZtcaLxVDM+J K1uXYKv9Sy6ZHdQr2BPTNra2RlrhsTEKWZLp4/UVH/S+dEhK56zwKX1tM0DgDwtQ t1pBBC4+n+2PmeqIB+9VIF24D0dPsSTaDscsbWoey2enb0pGCEI= =MoLL -----END PGP SIGNATURE-----
On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote:
can we please just stop this nonsense?
An excellent way to stop this particular nonsense is to firewall out every network allocation under the control of Psychz. This achieves lossless compression of incoming data. ---rsk
All, My colleague has already contacted their friend at Psychz when I received the first message. Not everyone has to be on the list to get the message relayed to them. Rich, shall we all drop your email? It would achieve the same effect, and make this email thread more productive. Ryan -----Original Message----- From: NANOG <nanog-bounces@nanog.org> On Behalf Of Rich Kulawiec Sent: Friday, July 27, 2018 5:36 AM To: nanog@nanog.org Subject: Re: unwise filtering policy on abuse mailboxes On Tue, Jul 24, 2018 at 04:19:22PM -0700, Dan Hollis wrote:
can we please just stop this nonsense?
An excellent way to stop this particular nonsense is to firewall out every network allocation under the control of Psychz. This achieves lossless compression of incoming data. ---rsk
participants (12)
-
Brian Kantor -
Christopher Morrow -
Dan Hollis -
Daniel Corbe -
Jim Popovitch -
Joe Hamelin -
John Levine -
Mel Beckman -
Mike Meredith -
Rich Kulawiec -
Ross Tajvar -
Ryan Hamel