[anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
- Previous message (by thread): [anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
- Next message (by thread): [anti-abuse-wg] bgprep.info
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sergey Myasoedov
sergey at devnull.ru
Mon May 25 16:24:14 CEST 2020
Hi Martin, Why did you set "p=none" in your DMARC policy? Why not reject or quarantine? -- Sergey Monday, May 25, 2020, 4:09:14 PM, you wrote: > Hey everyone, > I have a conflict with a provider from Russia "Timeweb" AS9123. > It seems to be hosting a customer who sends spam and uses one of my domains as sender. > I got the information via DMARC, RFC 7489 with several mails. > This provider has an abuse email address. After I contacted them, > they analyzed my domain, complained about the header of the > automatic DMARC e-mail from mail.ru, because there an internal > host distributes it and uses an internal IP address 10/8 according to RFC 1918 and so on. > Apparently one does not want to do anything and requests one of > these e-mails classified as spam sent to @mail.ru. > But this is not provided for in the DMARC protocol, which the provider does not 'believe’. > This means I continue to receive emails from Russia telling me > that my domain is being used by their host to send spam. And the > provider writes me many e-mails telling me that I have to provide > correct facts and that nothing else will be done. > Because DMARC emails are not facts and cannot be used as evidence. > Do you have any idea how to deal with this? > I have received 11 DMARC emails from mail.ru regarding this host. > I have attached last one here with header: > Return-Path: <dmarc_support at corp.mail.ru> > Delivered-To: mnin at mnin.de > Received: from mail.mnin.de ([xxxx]) > by mail.mnin.de with LMTP > id yedWJNMKx14sDAAAuS6XVA > (envelope-from <dmarc_support at corp.mail.ru>) > for <mnin at mnin.de>; Fri, 22 May 2020 01:12:19 +0200 > Received: from relay7.m.smailru.net (relay7.m.smailru.net [94.100.178.51]) > (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) > (No client certificate requested) > by mail.mnin.de (Postcow) with ESMTPS id 6D59868509C > for <mnin at mnin.de>; Fri, 22 May 2020 01:12:18 +0200 (CEST) > DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=corp.mail.ru; s=mail; > > h=Date:Message-ID:To:From:Subject:MIME-Version:Content-Type; > bh=DMqnfyeB+D0YjhIdtRipG66iEqaOVRHns+l07FJTLbw=; > > b=k6PdTMpn2SHfn7HO4jdOto6jxVRnOLsCsFLz0Lp87ytUyQL7ifwnze/LC/xQlDQ1hLpkHdM/sM8RFDgusUQYtL4e7/Zkmln4vsjgPvsW6go/YK7hvaeQBKMKgDSXqTlTXqm7BUyXOU4g9wByuAWUM0UpOM+3lrgHzm7d/Fil5IU=; > Received: from [10.161.4.115] (port=48176 helo=60) > by relay7.m.smailru.net with esmtp (envelope-from <dmarc_support at corp.mail.ru>) > id 1jbuMI-0007Kr-2n > for mnin at mnin.de; Fri, 22 May 2020 02:12:14 +0300 > Content-Type: multipart/mixed; > boundary="===============1678280035031557895==" > MIME-Version: 1.0 > Subject: Report Domain: mnin.de; Submitter: Mail.Ru; > Report-ID: 25590927945792699841590019200 > From: dmarc_support at corp.mail.ru > To: mnin at mnin.de > Message-ID: <dmarc-1590102734 at corp.mail.ru> > Date: Fri, 22 May 2020 02:12:14 +0300 > Auto-Submitted: auto-generated > ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mnin.de; > s=dkim; t=1590102738; > > h=from:from:reply-to:subject:subject:date:date:message-id:message-id: > to:to:cc:mime-version:mime-version:content-type:content-type: > dkim-signature; > bh=DMqnfyeB+D0YjhIdtRipG66iEqaOVRHns+l07FJTLbw=; > > b=YpE4Z5u3l+mzLxsH+2Qbd39KekLCXa2jbbIrdnDxvgNFS6zvl4zKq33jQ/7fs5KkJEB0Xc > > VCRT+1keQ9x/+a0tp6IMMUKE1elcOp6LHbBzTXCZYcgylnhbmb/JrCgAUI67KzXJlLn4o4 > > pxToLIR5HD58dGeler0v2GTby5si8GUfczS2mM4QAvxJHDSZ8GqTE359H8HTmXUXGBQRb+ > > 0RVhhOzYxwmusEpWvuMcXYm4oZ7V+eKNuv12N5xCAbaWaqen37v1M53j0pu1vYoUSQBgOa > > dv3UgtOSdPxj8wVI5OzpY6ZVKtfSqyTXW5dV+8yfZUSe1Zpm/UPOO5eaqyUnpw== > ARC-Seal: i=1; s=dkim; d=mnin.de; t=1590102738; a=rsa-sha256; cv=none; > > b=keiIRdDt35e1bk6toEJdITgagC1CXQE81NoMoM8T19TBM9LFU4zudqRg73qPYgGkqvXqqI > > Te3Z+AC+CZp9bxfqIOrm2xSE8fNfZEKYhl5fB59sen9/m1rwiZznvvbNcBCJMpytYyDAbg > > l74M2uJVfvrUAoAbMF8dweJV/SANBC2K6eKs1r9nRu5DrCEcicWKNLxWbvZ7Q/TccUGgeZ > > VCyYvxqc0m5U7wZqK/32Sgf1EpWAjkXpC5eTMxH73FfrIkpPQa8v5ag6qKMP+GRk8B3GO1 > > eQxsci0l3eATOMFFeEAW/QkSB+ur5f2bPEraluEN5VD4iwWzd2tBGmbcT0ZKaw== > ARC-Authentication-Results: i=1; > mail.mnin.de; > dkim=pass header.d=corp.mail.ru header.s=mail header.b=k6PdTMpn; > spf=pass (mail.mnin.de: domain of > dmarc_support at corp.mail.ru designates 94.100.178.51 as permitted > sender) smtp.mailfrom=dmarc_support at corp.mail.ru > X-Last-TLS-Session-Version: TLSv1.2 > Authentication-Results: mail.mnin.de; > dkim=pass header.d=corp.mail.ru header.s=mail header.b=k6PdTMpn; > dmarc=pass (policy=reject) header.from=corp.mail.ru; > spf=pass (mail.mnin.de: domain of > dmarc_support at corp.mail.ru designates 94.100.178.51 as permitted > sender) smtp.mailfrom=dmarc_support at corp.mail.ru > --===============1678280035031557895== > MIME-Version: 1.0 > Content-Type: text/plain; charset="utf-8" > Content-Transfer-Encoding: base64 > VGhpcyBpcyBhbiBhZ2dyZWdhdGUgcmVwb3J0IGZyb20gTWFpbC5SdS4= > --===============1678280035031557895== > Content-Type: application/gzip > MIME-Version: 1.0 > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="mail.ru!mnin.de!1590019200!1590105600.xml.gz" > H4sICM4Kx14C/21haWwucnUhbW5pbi5kZSExNTkwMDE5MjAwITE1OTAxMDU2MDAueG1sAIVTQXKk > MAy85xW5zSkYqDADW4qzH9jLfsDlscXgCtgu22Szv48MYUJqKpULlpqW6JYFPL9N4/0rhmicfTpU > RXm4R6ucNvbydJhT/9Aenvkd9Ij6LNULh4DehSQmTFLLJDm4cBFWTsj/SDMWf2dgVwRwIozrSQYl > 4uxz5W/lgi8yXgTirgzAtxSkUM4mqZIwtnd8SMn/YmzA8Upn+XzICBXeVmzajOZ103RlV5+6x+bU > 1ceuax8rQsqqq8sS2CcRyASKIO2F5J7xYizfE1cE0OoFrsrmmOGcA9uXspu5eDca9V/4+TyaOGD+ > lCP9lk/W2EIj1a85SP1iJh6ArQHI6PslzSd4bp0ltucQt5gC8CrxKovJAT1vPheQRp1P949K3RwU > CuN51bZFXTfF6VRUx5Z6Xd+AcrOlpsDWYLOAr3KcyWu2YKJ30STalg8pewQW/T1dEuGLlexgzRcv > 7LYjW+QZjTaZ3tAichhQagyiD276HNYeBPaFL+c0iIBxHlP80LDNmqrTkBcGw7Ju28gjjqiSC1wT > g8RtKaxtuJcx5jtdkr2ZHxsr55FPWSa1XZJveq4D+aqdbXfGrj/cO84BW+uiAwAA > --===============1678280035031557895==-- > Decompressed xml is: > <?xml version='1.0' encoding='utf-8'?> > <feedback><report_metadata><org_name>Mail.Ru</org_name><email>dmarc_support at corp.mail.ru</email><extra_contact_info>http://help.mail.ru/mail-help</extra_contact_info><report_id>25590927945792699841590019200</report_id><date_range><begin>1590019200</begin><end>1590105600</end></date_range></report_metadata><policy_published><domain>mnin.de</domain><adkim>r</adkim><aspf>r</aspf><p>none</p><sp>none</sp><pct>100</pct></policy_published><record><row><source_ip>188.225.77.168</source_ip><count>1</count><policy_evaluated><disposition>none</disposition><dkim>fail</dkim><spf>fail</spf></policy_evaluated></row><identifiers><header_from>mnin.de</header_from></identifiers><auth_results><dkim><domain>ninthhelper.ru</domain><selector>dnin</selector><result>pass</result></dkim><spf><domain>ninthhelper.ru</domain><scope>mfrom</scope><result>pass</result></spf></auth_results></record></feedback> > Cheers, > Martin
- Previous message (by thread): [anti-abuse-wg] Spam from provider Timeweb/Russia AS9123 - and they just ignore me
- Next message (by thread): [anti-abuse-wg] bgprep.info
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]