HI It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through.... cheers denis co-chair DB-WG -------- Original Message -------- Subject: RE: Feedback Werkingproduct (Email-Id: 6483239) Date: 2017-02-20 09:51 From: "XS4ALL Helpdesk - " <helpdesk@xs4all.nl> To: """denis""" <dw100uk@xs4all.nl> Dear Denis, Thank you for your e-mails. From your e-mails I understand that you are now able to receive e-mails from a mailinglist. But it isn't possible to answer it because it looks like xs4all.nl is blacklisted. Our mailserver and domainname is used by all our customers. If a third party is blocking these because they are on a blacklist we cann't do anything. Kind regards, Technische Helpdesk XS4ALL Internet bv Internet: www.xs4all.nl Contact: www.xs4all.nl/contact Telefoon: 020 398 76 66 Wist u dat het Service Centre is veranderd? Service Centre is nu Mijn XS4ALL. Eenvoudig facturen bekijken of een wijziging indienen? Kijk op: https://mijn.xs4all.nl/.
On Mon, 20 Feb 2017 11:22:26 +0100 denis <ripedenis@xs4all.nl> wrote:
HI It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through....
We need to also talk about the nature of abuse and as it is a community shortcoming and completely understandable that one receives these types of responses. Here goes... In my no so humble opinion, there are overall abuse principles that apply to a resource (such as a domain name) and then there are specific principles that divide the application of policies to all resources. Resource examples used here are IP(v4) and Domain name (there are of course others) Company names used are only used as example.com does not highlight the principles and I am too stupid (and in a hurry) to type more words... There are two main classes of resources: "Public" (for lack of a better word) and Private (also needs a better/accurate word) IPv4 Examples are: IP numbers that have 1 domain and IP numbers that are multi homed (have many domains) Domain examples are: Google.com and example.com (where only one or two people have email @) the handling of abuse should be related to the resource usage (whereas currently there exists confusion, desperation and anarchy) As the operators of he majority of either have different target goals, understanding and guiding objectives... For example : Suresh (extremely great resource for huge scale abuse) has different objectives to me - we also do not respect or care about each others objectives as we both think that what we do is critical - yet we both need each other to function...(even if we would not really ever say that) Same with resource classes - we understand they exist - but operationally - we are varying our application of abuse management, but not always in the class. If we were to clearly define the resource classes and start developing policy around that AND these become generally accepted by society we will see a reduction in costs (-abuse!) (accountants will love that - and owners/shareholders can have more money) thoughts? Andre
Hi, Denis, It’s high time you turned the flaws of the current email system (the use of reputation rating) to your advantage and got yourself an email account on a domain that no ISP would risk to block. Best regards, Oleg
On 20 Feb 2017, at 11:22, denis <ripedenis@xs4all.nl> wrote:
HI
It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through....
cheers denis co-chair DB-WG
-------- Original Message -------- Subject: RE: Feedback Werkingproduct (Email-Id: 6483239) Date: 2017-02-20 09:51 From: "XS4ALL Helpdesk - " <helpdesk@xs4all.nl> To: """denis""" <dw100uk@xs4all.nl>
Dear Denis,
Thank you for your e-mails.
From your e-mails I understand that you are now able to receive e-mails from a mailinglist. But it isn't possible to answer it because it looks like xs4all.nl is blacklisted.
Our mailserver and domainname is used by all our customers. If a third party is blocking these because they are on a blacklist we cann't do anything.
Kind regards,
Technische Helpdesk
XS4ALL Internet bv
Internet: www.xs4all.nl Contact: www.xs4all.nl/contact Telefoon: 020 398 76 66
Wist u dat het Service Centre is veranderd? Service Centre is nu Mijn XS4ALL. Eenvoudig facturen bekijken of een wijziging indienen? Kijk op: https://mijn.xs4all.nl/.
On 20-Feb-2017, at 2:22 AM, denis <ripedenis@xs4all.nl> wrote:
It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through....
It would help if you posted just what bounce and from where. XS4all has historically been quite proactive about abuse handling.
Hi Suresh I was replying to a message on the DB-WG and got this response: The message could not be delivered, the mail server at idvmailin04.datev.com [193.27.49.132] said: <<< 554 5.7.1 Service unavailable; Sender address [ripedenis@xs4all.nl] blocked using dbl.webradar.datev.de; gesperrt vom DATEV WebRadar, http://webradar.datev.de/lookup?domain=xs4all.nl, servertime=Feb 20 02:16:47, server=idvmailin04.datev.com, client=194.109.24.26 cheers denis On 20/02/2017 14:58, Suresh Ramasubramanian wrote:
On 20-Feb-2017, at 2:22 AM, denis <ripedenis@xs4all.nl> wrote:
It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through.... It would help if you posted just what bounce and from where. XS4all has historically been quite proactive about abuse handling.
Datev.de isn’t even an ISP it looks like a software firm to me – that provides software products for law firms, tax planners and such My guess is a local block on their mailserver for xs4all.nl for whatever reason. The only individual from there subscribed to the list – from searching the archives superficially so I could be wrong – is Andreas Schulze andreas.schulze at datev.de What xs4all is telling you is correct, there’s absolutely nothing they can do about some individual deciding to block whatever he wants on a mailserver that he controls. Large ISPs have users they are answerable to. IT firms on the other hand are shielded from their actual users (unless the users substantially outrank them) by “blocked due to corporate policies” – and such blocking can be surprisingly overbroad and with little or no redress, because the team that operates it does not consider a postmaster role all that necessary. --srs From: denis <ripedenis@yahoo.co.uk> Date: Monday, 20 February 2017 at 6:36 AM To: Suresh Ramasubramanian <ops.lists@gmail.com>, denis <ripedenis@xs4all.nl> Cc: <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] an ISP can't do anything? Hi Suresh I was replying to a message on the DB-WG and got this response: The message could not be delivered, the mail server at idvmailin04.datev.com [193.27.49.132] said: <<< 554 5.7.1 Service unavailable; Sender address [ripedenis@xs4all.nl] blocked using dbl.webradar.datev.de; gesperrt vom DATEV WebRadar, http://webradar.datev.de/lookup?domain=xs4all.nl, servertime=Feb 20 02:16:47, server=idvmailin04.datev.com, client=194.109.24.26 cheers denis On 20/02/2017 14:58, Suresh Ramasubramanian wrote: On 20-Feb-2017, at 2:22 AM, denis <ripedenis@xs4all.nl> wrote: It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through.... It would help if you posted just what bounce and from where. XS4all has historically been quite proactive about abuse handling.
Hi Suresh Thanks for that. I can live with a mail server that is only randomly blocked by a few organisations. I was looking for a mail service that I can use that works with the RIPE NCC's mail server. It seems yahoo, gmail and microsoft mail servers have variable success with these mailing lists. Sometimes I post and many list members reject my mails because of DMARC policies. As I don't have a corporate email address I have limited options. cheers denis On 2017-02-20 15:54, Suresh Ramasubramanian wrote:
Datev.de isn’t even an ISP it looks like a software firm to me – that provides software products for law firms, tax planners and such
My guess is a local block on their mailserver for xs4all.nl for whatever reason. The only individual from there subscribed to the list – from searching the archives superficially so I could be wrong – is Andreas Schulze andreas.schulze at datev.de
What xs4all is telling you is correct, there’s absolutely nothing they can do about some individual deciding to block whatever he wants on a mailserver that he controls. Large ISPs have users they are answerable to. IT firms on the other hand are shielded from their actual users (unless the users substantially outrank them) by “blocked due to corporate policies” – and such blocking can be surprisingly overbroad and with little or no redress, because the team that operates it does not consider a postmaster role all that necessary.
--srs
From: denis <ripedenis@yahoo.co.uk> Date: Monday, 20 February 2017 at 6:36 AM To: Suresh Ramasubramanian <ops.lists@gmail.com>, denis <ripedenis@xs4all.nl> Cc: <anti-abuse-wg@ripe.net> Subject: Re: [anti-abuse-wg] an ISP can't do anything?
Hi Suresh I was replying to a message on the DB-WG and got this response: The message could not be delivered, the mail server at idvmailin04.datev.com [193.27.49.132] said: <<< 554 5.7.1 Service unavailable; Sender address [ripedenis@xs4all.nl] blocked using dbl.webradar.datev.de; gesperrt vom DATEV WebRadar, http://webradar.datev.de/lookup?domain=xs4all.nl, servertime=Feb 20 02:16:47, server=idvmailin04.datev.com, client=194.109.24.26 cheers denis
On 20/02/2017 14:58, Suresh Ramasubramanian wrote: On 20-Feb-2017, at 2:22 AM, denis <ripedenis@xs4all.nl> wrote: It seems like XS4ALL is not able to do anything about being blacklisted. Obviously the message about handling abuse is not getting through.... It would help if you posted just what bounce and from where. XS4all has historically been quite proactive about abuse handling.
DMARC policy compliance is something that RIPE needs to fix at their end – ensuring that the mailing list manager rewrites headers appropriately. Most mailing list manager software has already been rewritten to support this by default, so unless RIPE NCC is using something heavily patched and customized for their own needs upgrading to the latest version should mostly fix this, or it should be fixable with some config change after the upgrade. --srs On 20/02/17, 7:09 AM, "denis" <ripedenis@xs4all.nl> wrote: Thanks for that. I can live with a mail server that is only randomly blocked by a few organisations. I was looking for a mail service that I can use that works with the RIPE NCC's mail server. It seems yahoo, gmail and microsoft mail servers have variable success with these mailing lists. Sometimes I post and many list members reject my mails because of DMARC policies. As I don't have a corporate email address I have limited options.
Suresh He doesn’t have a RIPE email address apparently .. so .. Now why he doesn’t have a RIPE email address is probably another matter entirely ☺ M -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 20/02/2017, 15:28, "anti-abuse-wg on behalf of Suresh Ramasubramanian" <anti-abuse-wg-bounces@ripe.net on behalf of ops.lists@gmail.com> wrote: DMARC policy compliance is something that RIPE needs to fix at their end – ensuring that the mailing list manager rewrites headers appropriately. Most mailing list manager software has already been rewritten to support this by default, so unless RIPE NCC is using something heavily patched and customized for their own needs upgrading to the latest version should mostly fix this, or it should be fixable with some config change after the upgrade. --srs On 20/02/17, 7:09 AM, "denis" <ripedenis@xs4all.nl> wrote: Thanks for that. I can live with a mail server that is only randomly blocked by a few organisations. I was looking for a mail service that I can use that works with the RIPE NCC's mail server. It seems yahoo, gmail and microsoft mail servers have variable success with these mailing lists. Sometimes I post and many list members reject my mails because of DMARC policies. As I don't have a corporate email address I have limited options.
Hi, On Tue, Feb 21, 2017 at 02:03:36PM +0000, Michele Neylon - Blacknight wrote:
He doesn???t have a RIPE email address apparently .. so ..
None of the working group chairs have a personal @ripe.net address. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
I wouldn’t expect anyone to, but the entire “fix X on RIPE” .. -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 21/02/2017, 15:15, "Gert Doering" <gert@space.net> wrote: Hi, On Tue, Feb 21, 2017 at 02:03:36PM +0000, Michele Neylon - Blacknight wrote: > He doesn???t have a RIPE email address apparently .. so .. None of the working group chairs have a personal @ripe.net address. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
The question before the house is ripe's mailing list software being configured to appropriately rewrite headers to support dmarc --srs
On 21-Feb-2017, at 7:15 AM, Gert Doering <gert@space.net> wrote:
None of the working group chairs have a personal @ripe.net address.
Gert Doering -- NetMaster
On 21 February 2017 at 16:27, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
The question before the house is ripe's mailing list software being configured to appropriately rewrite headers to support dmarc
As this is a topic that interests me in my day job, I tried to read up on the IETF list on how to " appropriately rewrite headers to support dmarc" I was not able to see that there was consensus on how that should be done. The consensus seemed to be that there is still work to be done for *Domain-based Message Authentication, Reporting & Conformance WG - *but I am not sure I understand the problems well enough. Perhaps a topic for the wg to discuss further at the upcoming meeting - if somebody has some experiences to share. My own conclusion is that I cannot turn on DMAC other than for logging, if I still want to be subscribed to mailinglists. I have turned it on for oslo.net and using dmarcian.com to analyse the results. -hph -- Sincerely, Hans Petter Holen - hph@oslo.net - +47 45066054
There is rough consensus so that many mailing list manager software have similar implementations. Details to be hashed out, bugs to be fixed, hairs to be split, all the usual details remaining of course. --srs
On 22-Feb-2017, at 11:23 AM, Hans Petter Holen <hph@oslo.net> wrote:
On 21 February 2017 at 16:27, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: The question before the house is ripe's mailing list software being configured to appropriately rewrite headers to support dmarc
As this is a topic that interests me in my day job, I tried to read up on the IETF list on how to " appropriately rewrite headers to support dmarc"
I was not able to see that there was consensus on how that should be done. The consensus seemed to be that there is still work to be done for Domain-based Message Authentication, Reporting & Conformance WG - but I am not sure I understand the problems well enough.
Perhaps a topic for the wg to discuss further at the upcoming meeting - if somebody has some experiences to share.
My own conclusion is that I cannot turn on DMAC other than for logging, if I still want to be subscribed to mailinglists. I have turned it on for oslo.net and using dmarcian.com to analyse the results.
-hph
-- Sincerely, Hans Petter Holen - hph@oslo.net - +47 45066054
participants (8)
-
denis -
denis -
Gert Doering -
Hans Petter Holen -
Michele Neylon - Blacknight -
Oleg Kuznetcov -
ox -
Suresh Ramasubramanian