If you want to make sure that a lot of small e-mail servers (like mine) will not reach your e-mail server, because you really hate us folks trying to keep e-mail decentralised, just use the CSS blocklist by #Spamhaus. This will greatly reduce your exposure to the even weirder small admins (like me) that try to use #IPv6. Throw in UCEPROTECTL3 and/or L2 too to exclude us running our small, well-maintained mail servers at ISPs on small VPS or dedicated servers. #SarcasmButOnlyHalf
I’ve decided to go full-in with my own mail server. The #ProtonMail bridge over SSH+VPN tunnel is no substitute for a proper mail server - plus it’s awfully slow when used as a full IMAP server and it breaks the IMAP implementation in a lot of ways.
I’ve created my new domain, gone through the configuration of DKIM/DMARC/SPF like a good postmaster, just to get immediately blacklisted by @spamhaus on my first outbound email.
I’ve been through this before, but in my previous experiences a blacklist removal ticket would be either resolved automatically or within a couple of hours at most.
In this case, nearly 24h and three tickets later and nothing is moving. Not even some directions on how to get removed or an ETA. The mailboxes have already been all migrated with forwarding configured on the old addresses, but outbound email is still broken because being blacklisted by a single company means being unable to communicate with nearly any mail servers out there.
Does anyone have any tips on how a #Spamhaus blacklist removal process can be sped up?
You really just got to send more e-mail and then ask your friends to mark it as "not-spam" .. #spamhaus is probably the least you have to worry about. I run my own e-mail server as well:
all of a sudden I can't email my parents because #spamhaus is blocking me. I can't remove myself from spamhaus' blocklist because I get an error when I check to see if I'm on their blocklist. UGH.
If you are a #postmaster , please make sure you don't use #spamhaus#CSS#SBL to block e-mail. This list blocks whole /64 ipv6 subnets, while providers like #OVH only hand out single IP addresses /128 on their VPS's. That means that CSS is blocking systems of unrelated and innocent users.
The Associated Press just served me an ad for fake anti-virus. The entire page was taken over, and forwarded to the malicious site, within seconds of opening the news article, every time.
An ad blocker isn't just something to hide some annoying eyesores, it's a vital layer of security.
If you have friends or family who might fall for fake AV or "windows technical the department" scams, they need an ad blocker. No site they visit can be considered "safe" unless it simply doesn't have ads.
Why is the .US domain -- the country code top-level domain (ccTLD) for the United States -- consistently among the most prevalent in phishing domains?
And why is this okay, when other ccTLDs that also restrict registration to residents/citizens don't seem to have this problem? And when a fair number of .US domains are used to attack US government agencies? Today's story explores these questions:
Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.
#HurricaneElectric isn'a a Tier-1 and even if they were, there is no legal mandate for them to accept anything or provide services to anyone.
Espechally since there's no legally enforceable #NetNeutrality :loading: nor are they regulated as a "utility service" with "must provide" clauses.
Providers are already very twitchy and they'll block entire ASNs if they get listed by #Spamhaus.
#KiwiFarms is indefensible thus invalid discussion.
It's an act of self-defense against an ASN that is a "#RogueISP"...
If you think that's the first time or the only reason #ISPs haven't #DROP'd them or any other network, then you ignore the existance of #Spamhaus for decades.
I was trying to work out why it is that when I receive a notification and I click “view context” nothing happens if the msg came from lemmy.world. The screen blinks for a second but gives no prior posts. Well after digging into this, I see that #lemmyWorld has just recently joined the exclusive #walledGarden of Cloudflare....
I’d just like to know what your solution to DDOS and other bad actors is if it’s not cloudflare.
First of all DDoS from Tor is rarely successful because the Tor network itself does not have the bandwidth with so few exit nodes. But if nonetheless you have an attack from Tor you stand up an onion host and forward all Tor traffic from the clearnet site to the onion site. Then regardless of where the attack is coming from, on the clearnet side there are various tar-pitting techniques to use on high-volume suspect traffic. You can also stand up a few VPS servers and load balance them, similar to what Cloudflare does without selling everyone else’s soul to the US tech giant devil.
on something cloudflare already does extremely well.
CF does the job very poorly. The problem is you’re discounting availability to all users as a criteria. You might say #SpamHaus solves the spam problem “very well” if you neglect the fact that no one can any longer run their own home server on a residential IP and that it’s okay for mail to traverse the likes of Google & MS. A good anti-spam tool detects the spam without falsely shit-canning ham. This is why SpamHaus and Cloudflare do a poor job: they marginalize whole communities and treat their ham as spam.
A walled garden means there’s actual barriers to entry. Cloudflare isn’t a barrier to entry unless you’re planning to attack an instance
Yes to your first statement. Your 2nd statement is nonsense. The pic on the OP proves I hit a barrier to entry without “planning an attack”
or are using something like ToR
Tor users are only one legit community that Cloudflare marginalizes. People in impoverished areas have to use cheap ISPs who issue CGNAT IP addresses, which CF is also hostile toward. CF is also bot-hostile, which includes hostility toward beneficial bots as well as non-bots who appear as bots to CF’s crude detection (e.g. text browsers).
Die ersten Instanzen blockieren #Threads. Einer der Gründe, warum ich selbst was hoste. Ich möchte gerne selbst bestimmen, mit wem ich föderiere und mit wem nicht. Ja, da wird viel Unfug her kommen, aber eben auch ein paar schwer zu ersetzende Quellen. Diese in Sippenhaft zu nehmen ist IMO kontraproduktiv. Insbesondere bei einer "Instanz", die mehr Nutzer haben wird, als der Rest des Feediverse. Oder dann halt Feedibubble.
@adlerweb ich halte das für naiv (anders als Blockaden von :activitypub: - Instanzen, denn #Threads wird wie ein dauerhafter #DDoS-Angriff alles (außer vielleicht wenige #SingleUser-Instanzen) lahmlegen.
mir scheint, dass es ein traditionslinker fehlschluss ist, zu glauben, dass interoperabilität etwas mit bündniskultur, allliertentum oder sowas zu tun hat oder haben muss. das gute an protokollen ist doch, dass sie eben völlig agnostisch gegenüber den sie einsetzenden personen oder von ihnen übertragenen inhalten sind. daher sind metas intentionen gegenüber dem fediverse oder ihr moralisch-politischer kompass an dieser stelle völlig egal. https://mastodon.opalium.net/@opalium/110655863321874829
@mspro Wir sehen das Problem schon bei #eMail wo mit #YahooMail / #Yahoo, #GMail / #Google und #Outlook.com / #Microsoft drei Großkonzerne allen deren absurde Regeln aufzwingen, sich selbst aber an keine halten müssen, und dementsprechend für 99,99% allen #SPAM|s verantwortlich sind, der nicht automagisch per #Spamhaus weggeblockt wird!
Internet-facing #Linux systems and IoT devices are under attack! Discover how threat actors hijack SSH credentials, deploy backdoors and mining #cryptocurrency.
@YourAnonRiots The best and simplest way is to restrict #SSH to authorized keys only, disable password logins and fail2ban IPs when they try to brute-force access...
“view context” broken b̶e̶c̶a̶u̶s̶e̶ (and) lemmy.world has just joined Cloudflare (unrelated)
I was trying to work out why it is that when I receive a notification and I click “view context” nothing happens if the msg came from lemmy.world. The screen blinks for a second but gives no prior posts. Well after digging into this, I see that #lemmyWorld has just recently joined the exclusive #walledGarden of Cloudflare....