I’ve decided to go full-in with my own mail server. The #ProtonMail bridge over SSH+VPN tunnel is no substitute for a proper mail server - plus it’s awfully slow when used as a full IMAP server and it breaks the IMAP implementation in a lot of ways.
I’ve created my new domain, gone through the configuration of DKIM/DMARC/SPF like a good postmaster, just to get immediately blacklisted by @spamhaus on my first outbound email.
I’ve been through this before, but in my previous experiences a blacklist removal ticket would be either resolved automatically or within a couple of hours at most.
In this case, nearly 24h and three tickets later and nothing is moving. Not even some directions on how to get removed or an ETA. The mailboxes have already been all migrated with forwarding configured on the old addresses, but outbound email is still broken because being blacklisted by a single company means being unable to communicate with nearly any mail servers out there.
Does anyone have any tips on how a #Spamhaus blacklist removal process can be sped up?
@fabio
I run my own email server as well, and I've done so for more than 10 years.
Spamhaus has not been the biggest of my pains, that slot belonged to #Microsoft (particularly #hotmail) and #Yahoo, and it took years for them to finally accept our emails without complains.
I believe some of the problem was because I hadn't implemented DMARC fully, I made 2 big mistakes, I think:
Choosing 'quarantine' instead of 'reject' in my DMARC directive. I did this because I wanted to monitor before turning more strict (and then forgot). I should have gone with a more restrictive directive from day 0.
Choosing not to send daily DMARC reports to other domains/servers, because I thought these messages were going to increase my traffic with spam servers, so it could be counter productive. I believe it worked the other way, having not done so actually costed some reputation to my server, so if I did it again, I would be shooting DMARC reports from day 0 as well.
Note that making these 2 mistakes won't prevent you from getting 10/10 score for the email tests, however your emails won't reach to the usual suspects.
As your server is considered 'matured' by Microsoft and Yahoo, you may consider using an alternative external email service such as AWS SES. It is extremely cheap and reliable.
I remember signing up for #Gmail all those years ago with glee. Back then, #Microsoft email via #hotmail was a hot mess, while #Yahoo email was slightly better—but only in the sense that 💩 is better than 💩 🔛 🔥!!
I am grateful that #Google launched Gmail as it did radically change my life for the better (privacy issues aside).
So I asked for a test email to be sent to my Hotmail email account. The email is sent by another Hotmail account, but of course it would end up in my spam folder.
Way back in 2019 I created a Hotmail account for testing purposes. After a few tests I never went back.
Such a requirement surfaced again. I rummaged around my logins file and re-discovered this Hotmail account, from nearly five years ago.
I was flabbergasted to find I was still able to login. It was like a time capsule inside, everything was still there, untouched, and maybe a little dusty. 😃 It was like going back in time.
Okay, #Outlook, #MicrosoftOutlook, #Hotmail, whatever... isn't working correctly on #Thunderbird, #KMail, or #Vivaldi email clients. I haven't changed the settings. I'm starting to think it's #Microsoft messing with non-Microsoft email clients. I really need to dump my old Hotmail addresses, this is a complete pain.
Threads federates, you don't subscribe to anyone on the instance. Happy now?
Threads federates, you blacklist the whole instance in your user blacklist. Now happy?
Threads federates, you subscribe to a few people whose writing you like. Happy?
Threads federates. Threads users realize, they can jump ship to another Instance and still talk with and to and about their friends. Threads loses users. Happy!
If I had the funding, I'd explicity start an eMail provider that blocks everything but #E2EE - encrypted [ PGP/MIME ] eMails and forces everyone to properly encrypt their shit.
Because I ran out of spoons and 10+ years after #Snowden and #PRISM there is no excuse to act like a Snitch!
Firefox feels sluggish on my phone. I don't like that it refreshes pages every time I switch, even if it's just for a second to check something. The desktop browser just locked up on me a minute ago.
But, I like the way fonts render way more than with Chromium browsers. I like that the interface is pretty minimalist. I like that the screen capture tool will recognize individual elements which makes getting screen caps of, say, Mastodon posts really easy. It remembers where I was on PDFs.
I really like Thunderbird as a mail client (though my old #Microsoft#Hotmail accounts can check emails but not send them, for some reason). I love the simple HTML viewing. It's way better than other clients like Vivaldi's built-in client or #KMail.
Tiens, je vous propose une petite expérience : j'ai ressorti des étagères ce Guide des meilleurs sites Web, édition 2000, paru chez Microsoft Press il y a de cela 23 ans.
Je vous propose de l'explorer page par page au cours des mois qui viennent et de découvrir combien des sites listés sont encore accessibles.
D'abord parce que ça va m'occuper, ensuite par curiosité, et avoir une idée de la portion du Web qui a survécu à ses 23 dernières années.
Après avoir découvert le fonctionnement des emails, la page suivante du guide est consacrée, logiquement, aux services d'#email gratuits. Vous vous souvenez de #Hotmail, #Caramail, #RocketMail et quelques autres ?
Parmi les 10 services proposés sur cette page 29, quelques-uns sont encore actifs :
If you do 1 thing today, use @signalapp and get your friends and family on it. Low barriers to entry.
For your second thing, sign up with an encrypted email service (@protonmail@skiff@Tutanota or something else) and forward your #gmail and #hotmail your your new inbox. Take back your inbox.
Why is the .US domain -- the country code top-level domain (ccTLD) for the United States -- consistently among the most prevalent in phishing domains?
And why is this okay, when other ccTLDs that also restrict registration to residents/citizens don't seem to have this problem? And when a fair number of .US domains are used to attack US government agencies? Today's story explores these questions:
Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.
@davidbisset Oh wow! I think #Hotmail was the very first email service that I used. I actually hated email because of it! 😂 #Yahoo & #Outlook were next.
Hotmail only gave me 2 megabytes of space, while Yahoo gave me 4 megabytes & I had 25 megabytes via Outlook (which my job at the time used). Then #Gmail came out with 1024 megabytes (a whole gigabyte!!!) & I have been with the latter ever since.
@gabboman Pues lo único que no pude configurar es el reverseDNS, pero el resto de cosillas sí, y ya te digo que ahora mismo si mando un email desde me server a mi cuenta de #Gmail (no he probado con #hotmail o #yahoo), me llega sin problemas. Lo que no sé es si me pongo a manda un poco más a cholón me puedan bloquear (?), pero en principio no creo que llegue a un volumen muy grande de emails. #Brevo podría ser una alternativa, pero de momento me gustaría probar a solucionar lo del SSL.
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to constantly create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.
The service in question — kopeechka[.]store — is perhaps best described as a kind of unidirectional email confirmation-as-a-service that promises to “save your time and money for successfully registering multiple accounts.”
As a customer of this service, you don’t get full access to the email inboxes you are renting. Rather, you configure your botnet or spam machine to make an automated application programming interface (API) call to the Kopeechka service, which responds with a working email address at an email provider of your choosing.
Once you’ve entered the supplied email address into the new account registration page at some website or service, you tell Kopeechka which service or website you’re expecting an account confirmation link from, and they will then forward any new messages matching that description to your Kopeechka account panel.
Ensuring that customers cannot control inboxes rented through the service means that Kopeechka can rent the same email address to multiple customers (at least until that email address has been used to register accounts at most of the major online services).
Kopeechka also has multiple affiliate programs, including one that pays app developers for embedding Kopeechka’s API in their software. However, far more interesting is their program for rewarding people who choose to sell Kopeechka usernames and passwords for working email addresses.
This service was recently used by a large botnet that mass-registered thousands of new Mastodon accounts in a short period, briefly overwhelming new signups last month on some Mastodon communities.
A huge note of thanks once again to @renchap for a heads up about this service.
@renchap Some readers on Hackernews rightly pointed to the lack of context in the story about how much it generally costs spammers to wholesale buy or create these accounts themselves.
I'm lacking some current stats on this, but did find some interesting parallels in a 2011 study by UCSD which showed that the prices for Hotmail accounts were WAY cheaper in bulk than Gmail or even Yahoo accounts, primarily because there were fewer speedbumps to opening a new email account with them, so they had more available.
Fast-forward to the botnet powered mass registrations on Mastodon.social and elsewhere last month, and we can see that the vast majority of the email accounts used to register new accounts were hotmail.com. I don't think that's an accident. Spammers go where it's cheapest and easiest. #microsoft#hotmail#spam
Of course, when it comes to the value of a hacked inbox (i.e. one that actually was used by a human at some point and not solely created for abuse), the value can be enormous.