This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
- Previous message (by thread): [anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
- Next message (by thread): [anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Javier Martín
javier.martin at centrored.net
Mon May 25 16:17:45 CEST 2020
Dear Martin. Welcome to our daily world, we are sending all spamming ips to the blackhole in our router. Kind regards. Javier Sobre 25/05/2020 16:15:10, Martin Wilhelmi <mnin at mnin.de> escribió: Hey everyone, I have a conflict with a provider from Russia "Timeweb" AS9123. It seems to be hosting a customer who sends spam and uses one of my domains as sender. I got the information via DMARC, RFC 7489 with several mails. This provider has an abuse email address. After I contacted them, they analyzed my domain, complained about the header of the automatic DMARC e-mail from mail.ru [http://mail.ru], because there an internal host distributes it and uses an internal IP address 10/8 according to RFC 1918 and so on. Apparently one does not want to do anything and requests one of these e-mails classified as spam sent to @mail.ru. But this is not provided for in the DMARC protocol, which the provider does not 'believe’. This means I continue to receive emails from Russia telling me that my domain is being used by their host to send spam. And the provider writes me many e-mails telling me that I have to provide correct facts and that nothing else will be done. Because DMARC emails are not facts and cannot be used as evidence. Do you have any idea how to deal with this? I have received 11 DMARC emails from mail.ru [http://mail.ru] regarding this host. I have attached last one here with header: Return-Path: <dmarc_support at corp.mail.ru [mailto:dmarc_support at corp.mail.ru]> Delivered-To: mnin at mnin.de [mailto:mnin at mnin.de] Received: from mail.mnin.de ([xxxx]) by mail.mnin.de with LMTP id yedWJNMKx14sDAAAuS6XVA (envelope-from <dmarc_support at corp.mail.ru>) for <mnin at mnin.de>; Fri, 22 May 2020 01:12:19 +0200 Received: from relay7.m.smailru.net (relay7.m.smailru.net [94.100.178.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnin.de (Postcow) with ESMTPS id 6D59868509C for <mnin at mnin.de>; Fri, 22 May 2020 01:12:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=corp.mail.ru; s=mail; h=Date:Message-ID:To:From:Subject:MIME-Version:Content-Type; bh=DMqnfyeB+D0YjhIdtRipG66iEqaOVRHns+l07FJTLbw=; b=k6PdTMpn2SHfn7HO4jdOto6jxVRnOLsCsFLz0Lp87ytUyQL7ifwnze/LC/xQlDQ1hLpkHdM/sM8RFDgusUQYtL4e7/Zkmln4vsjgPvsW6go/YK7hvaeQBKMKgDSXqTlTXqm7BUyXOU4g9wByuAWUM0UpOM+3lrgHzm7d/Fil5IU=; Received: from [10.161.4.115] (port=48176 helo=60) by relay7.m.smailru.net with esmtp (envelope-from <dmarc_support at corp.mail.ru>) id 1jbuMI-0007Kr-2n for mnin at mnin.de; Fri, 22 May 2020 02:12:14 +0300 Content-Type: multipart/mixed; boundary="===============1678280035031557895==" MIME-Version: 1.0 Subject: Report Domain: mnin.de; Submitter: Mail.Ru; Report-ID: 25590927945792699841590019200 From: dmarc_support at corp.mail.ru To: mnin at mnin.de Message-ID: <dmarc-1590102734 at corp.mail.ru> Date: Fri, 22 May 2020 02:12:14 +0300 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mnin.de; s=dkim; t=1590102738; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: dkim-signature; bh=DMqnfyeB+D0YjhIdtRipG66iEqaOVRHns+l07FJTLbw=; b=YpE4Z5u3l+mzLxsH+2Qbd39KekLCXa2jbbIrdnDxvgNFS6zvl4zKq33jQ/7fs5KkJEB0Xc VCRT+1keQ9x/+a0tp6IMMUKE1elcOp6LHbBzTXCZYcgylnhbmb/JrCgAUI67KzXJlLn4o4 pxToLIR5HD58dGeler0v2GTby5si8GUfczS2mM4QAvxJHDSZ8GqTE359H8HTmXUXGBQRb+ 0RVhhOzYxwmusEpWvuMcXYm4oZ7V+eKNuv12N5xCAbaWaqen37v1M53j0pu1vYoUSQBgOa dv3UgtOSdPxj8wVI5OzpY6ZVKtfSqyTXW5dV+8yfZUSe1Zpm/UPOO5eaqyUnpw== ARC-Seal: i=1; s=dkim; d=mnin.de; t=1590102738; a=rsa-sha256; cv=none; b=keiIRdDt35e1bk6toEJdITgagC1CXQE81NoMoM8T19TBM9LFU4zudqRg73qPYgGkqvXqqI Te3Z+AC+CZp9bxfqIOrm2xSE8fNfZEKYhl5fB59sen9/m1rwiZznvvbNcBCJMpytYyDAbg l74M2uJVfvrUAoAbMF8dweJV/SANBC2K6eKs1r9nRu5DrCEcicWKNLxWbvZ7Q/TccUGgeZ VCyYvxqc0m5U7wZqK/32Sgf1EpWAjkXpC5eTMxH73FfrIkpPQa8v5ag6qKMP+GRk8B3GO1 eQxsci0l3eATOMFFeEAW/QkSB+ur5f2bPEraluEN5VD4iwWzd2tBGmbcT0ZKaw== ARC-Authentication-Results: i=1; mail.mnin.de; dkim=pass header.d=corp.mail.ru header.s=mail header.b=k6PdTMpn; spf=pass (mail.mnin.de: domain of dmarc_support at corp.mail.ru designates 94.100.178.51 as permitted sender) smtp.mailfrom=dmarc_support at corp.mail.ru X-Last-TLS-Session-Version: TLSv1.2 Authentication-Results: mail.mnin.de; dkim=pass header.d=corp.mail.ru header.s=mail header.b=k6PdTMpn; dmarc=pass (policy=reject) header.from=corp.mail.ru; spf=pass (mail.mnin.de: domain of dmarc_support at corp.mail.ru designates 94.100.178.51 as permitted sender) smtp.mailfrom=dmarc_support at corp.mail.ru --===============1678280035031557895== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 VGhpcyBpcyBhbiBhZ2dyZWdhdGUgcmVwb3J0IGZyb20gTWFpbC5SdS4= --===============1678280035031557895== Content-Type: application/gzip MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="mail.ru!mnin.de!1590019200!1590105600.xml.gz" H4sICM4Kx14C/21haWwucnUhbW5pbi5kZSExNTkwMDE5MjAwITE1OTAxMDU2MDAueG1sAIVTQXKk MAy85xW5zSkYqDADW4qzH9jLfsDlscXgCtgu22Szv48MYUJqKpULlpqW6JYFPL9N4/0rhmicfTpU RXm4R6ucNvbydJhT/9Aenvkd9Ij6LNULh4DehSQmTFLLJDm4cBFWTsj/SDMWf2dgVwRwIozrSQYl 4uxz5W/lgi8yXgTirgzAtxSkUM4mqZIwtnd8SMn/YmzA8Upn+XzICBXeVmzajOZ103RlV5+6x+bU 1ceuax8rQsqqq8sS2CcRyASKIO2F5J7xYizfE1cE0OoFrsrmmOGcA9uXspu5eDca9V/4+TyaOGD+ lCP9lk/W2EIj1a85SP1iJh6ArQHI6PslzSd4bp0ltucQt5gC8CrxKovJAT1vPheQRp1P949K3RwU CuN51bZFXTfF6VRUx5Z6Xd+AcrOlpsDWYLOAr3KcyWu2YKJ30STalg8pewQW/T1dEuGLlexgzRcv 7LYjW+QZjTaZ3tAichhQagyiD276HNYeBPaFL+c0iIBxHlP80LDNmqrTkBcGw7Ju28gjjqiSC1wT g8RtKaxtuJcx5jtdkr2ZHxsr55FPWSa1XZJveq4D+aqdbXfGrj/cO84BW+uiAwAA --===============1678280035031557895==-- Decompressed xml is: <?xml version='1.0' encoding='utf-8'?> <feedback><report_metadata><org_name>Mail.Ru</org_name><email>dmarc_support at corp.mail.ru [mailto:dmarc_support at corp.mail.ru]</email><extra_contact_info>http://help.mail.ru/mail-help</extra_contact_info><report_id>25590927945792699841590019200</report_id><date_range><begin>1590019200</begin><end>1590105600</end></date_range></report_metadata><policy_published><domain>mnin.de</domain><adkim>r</adkim><aspf>r</aspf><p>none</p><sp>none</sp><pct>100</pct></policy_published><record><row><source_ip>188.225.77.168</source_ip><count>1</count><policy_evaluated><disposition>none</disposition><dkim>fail</dkim><spf>fail</spf></policy_evaluated></row><identifiers><header_from>mnin.de</header_from></identifiers><auth_results><dkim><domain>ninthhelper.ru</domain><selector>dnin</selector><result>pass</result></dkim><spf><domain>ninthhelper.ru</domain><scope>mfrom</scope><result>pass</result></spf></auth_results></record></feedback> Cheers, Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20200525/6f0a5555/attachment.html>
- Previous message (by thread): [anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
- Next message (by thread): [anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]