Re: [anti-abuse-wg] Mimecast.com
Hi Andre, I don't think they are Evil Corp and this is little more than spam filtering on a role address (which you can debate ad-infinitum if you like). I did spot that your replies on this thread were flagged as spam by us and since we provide them some services I dug in a little more and can see that our systems had erroneously set the domain hostacc.com [1] as spammy so I have fixed that up for you and I reckon you should now be able to send your reports in to Mimecast without issue (or at least, without this issue). [1] This appears to be what your sending IP resolves to and what it HELOs as. -- James Hoddinott Manager, Security Operations Cloudmark
-----Original Message----- From: anti-abuse-wg [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of andre@ox.co.za Sent: 04 November 2015 09:19 To: Suresh Ramasubramanian Cc: anti-abuse-wg@ripe.net Subject: [SPAM] Re: [anti-abuse-wg] Mimecast.com
On Wed, 4 Nov 2015 14:27:42 +0530 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
First - I have a great amount of respect for Nat - he was a colleague at IBM (where he used to be for years) before he left to join Mimecast.
Okay, but maybe he is no longer there, etc. Even though one person is great, good, ethical, etc. it does not mean that the legacy, new management, etc is/are following that/those person/s
If Mimecast is now Evil Corp, people need to know and also people need to become more aware of the powers that offer "services" which is actually similar to what the mob offers a bakery in Chicago...
That said - I am going to ask him to have someone investigate any email you have sent mime cast, and why it bounced - or whether there is an unfiltered alias you can resend your email to.
Thank you so much!
I will update this list with whatever happens,
This being an abuse group, the various perspectives of the wide possibilities of abuse, as business models in one area, such as email, can knock on to others, like ipv4/6 etc.
andre
On 04-Nov-2015, at 1:59 PM, andre@ox.co.za wrote:
On Wed, 4 Nov 2015 13:48:51 +0530 Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Mimecast’s chief scientist is Nathaniel Borenstein - who originally wrote the MIME spec. They are legit. I am not sure what is going on here.
thank you for the reference Mr Ramasubramanian, would you do me the kind favor of asking them: why they are blocking @188.40.114.80 - which is also the ip used to send emails to this list. - and then maybe tell us, in public what is going on?
If they are not extorting money, then I surely must have abused them or their users? Or their system is broken, or what?
but i think that they may not bee that legit? or they have changed their corporate goals? or there are new management, or something?
Just from what you can see here: https://community.mimecast.com/docs/DOC-1369#554
then they are bouncing with 554 to support@
that is clearly not legit.
or it is a serious flaw/broken system?
they could bounce of course any way they like, but bouncing with something that is going to return is basically saying only one thing - there is no way to communicate with them, as when I do that is simply added to their block...
that is not cool, nice, decent or even fair bahavior?
andre
On 04-Nov-2015, at 1:14 PM, andre@ox.co.za wrote:
Hello,
Has anyone of you had much/any dealings with this crowd: Mimecast.com ?
Less than 1% of our email volume exchanges with them, and yesterday after complaining about abuse/UBE from them and receiving no response, escalated to @telstra and then all of a sudden they are returning all email in a loop:
support@mimecast.com host service-alpha-inbound-b.mimecast.com [91.220.42.231] SMTP error from remote mail server after end of data: 554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554
Then, when I email them from a different server, it goes through the first time and viola, the second email, same block, on the "new" server"
From their website: They provide email filtering services, this feels like they are extorting money from me, which I will not pay of course.
But, have any of you had any similar experiences? As they are providing this type of "service" to some of our @gov departments as well as other large companies, I will have user blowback - what do I tell my users? We are blocked because we dared complaining? or we are blocked because we do not pay?
any advice will be appreciated, obviously this type of behavior breaks email and the larger the "protectors" become, the more control they have...
tia
andre
On Wed, 4 Nov 2015 10:20:51 +0000 James Hoddinott <jhoddinott@cloudmark.com> wrote:
Hi Andre,
Hello James :)
I don't think they are Evil Corp and this is little more than spam filtering on a role address (which you can debate ad-infinitum if you
nope. no debate - simply broken if you advice on bounce to contact mr x and mr x auto bounces from the same ip/address
like). I did spot that your replies on this thread were flagged as spam by us and since we provide them some services I dug in a little more and can see that our systems had erroneously set the domain hostacc.com [1] as spammy so I have fixed that up for you and I
okay, no - not really understood or accepted? how come the same happened to 176.9.148.244 @cozahosts.com 209.17.190.102@ns3.ox.co.za wetmy.com and all the others, every time that I send request to support@mimecast - magically: new server is also blocked... can you fix all my servers? surely all of my thousands of users all over the planet did not suddenly all attack mimecast? Some systems are on BSD, Some on Linux, Some on Unix, Some on Windows, etc It is extremely unlikely that everything by me was compromised all at the same time - and then ONLY to mail bomb mimecast.com... so, this shows me only one thing? - Malice. Do I (and everyone else) when they have a magical problem like this have to post on public lists and beg? Or is it not occam's razor? - Simple extortion for money?
reckon you should now be able to send your reports in to Mimecast without issue (or at least, without this issue).
Thank you so much James, I do honestly and truly appreciate it from the bottom of my heart. But I am as stubborn as my email address, I need to understand why I need to know what is wrong, understand the situation and problem so that it can make sense to me, Also, I think that is is important to do things openly, so that everyone can understand what is going on as next week (or last week) maybe this also happened to someone else and if we know how to respond or what the issues are, we can help others and do the whole Kumbaya thing :) again thanks James :) andre
[1] This appears to be what your sending IP resolves to and what it HELOs as.
participants (2)
-
andre@ox.co.za -
James Hoddinott