oops
A number of folks have reached out to me (and posted on various forums) asking about a Spamhaus glitch last Friday night (October 13th), US time. I reached out to Matthew Stith at Spamhaus and he was able to confirm for me that there was indeed a temporary issue then that led to a number of accidental/false-positive listings on the Spamhaus “XBL” Exploits Block List. Matthew confirmed the following: At approximately 1:15 UTC on Saturday, October 14th, there was an unexplained network outage that caused various databases to become unreachable. This resulted in a rule to misfire, leading to a ten minute period of false positive (FP) listings. The number of FPs caused by this outage were no more than 1,000. As per our policy, these FPs were purged, as soon as an engineer was notified. Matthew added, “There are ongoing investigations regarding the cause of the network outage. However
Don’t fret! If you received an email from Amazon warning about gift card fraud that seems to imply that you recently purchased a gift card for Amazon, Google Play, or some other store, you’re not alone. Amazon glitched and seems to have sent a bunch of these notifications out, to people who have indeed NOT purchased a gift card recently.The email read:Dear Amazon Customer,Thank you for purchasing Google Play gift cards from Amazon.com.We would like our customers to be aware of some important information relating to purchase of Google Play gift cards.There are a variety of scams in which fraudsters try to trick others into paying with gift cards from well-known brands. To learn more about some common scam attempts that may involve asking for payment using gift cards please click on the button below, or alternatively contact us now.Some versions of the email referenced Google Play (as did my
Blocklist provider and master spam-filterer Spamhaus had a glitch overnight (Friday to Saturday, August 18-19) starting at about 8:20 pm US central time. The glitch resulted in a bunch of false positive Spamhaus blocklistings. They were accidental and the listings have since been removed. Because of the sheer volume of support tickets received, it sounds as though Spamhaus may not be responding to all of them. Best to watch Linkedin, if possible, for updates.Here’s what Spamhaus posted about this:NOTIFICATION | CSS Listing Errors | Today, between 1:20 am UTC & 2:20 am UTC, a significant number of listings were incorrectly added to the CSS DNSBL. These listings were purged at approx. 8:30 am UTC. Our engineers are currently investigating the root cause of the issue. We sincerely apologize for any inconvenience this may have caused.CSS REMOVAL TICKETS | Further to the issue regarding CSS listings this morning, between 01:20 UTC
Looks like Microsoft has run into email authentication issues today. Specifically, the domain hotmail.com appears to have a broken SPF record wherein messages sent by Hotmail/Outlook.com/Microsoft OLC using a hotmail.com from address aren’t passing SPF authentication. Here’s a link to a KBXSCORE report I’ve run, showing the failure.While hotmail.com is affected, the outlook.com domain doesn’t appear troubled — my test sends from an outlook.com from address seem to pass SPF. (Microsoft has many other domains; I’ve only checked these two.)Looking at the SPF records for hotmail.com, here’s what I see:hotmail.com descriptive text “v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com -all”outlook.com descriptive text “v=spf1 include:spf-a.outlook.com include:spf-b.outlook.com ip4:157.55.9.128/25 include:spf-a.hotmail.com include:_spf-ssg-b.microsoft.com include:_spf-ssg-c.microsoft.com include:spf.protection.outlook.com ~all”The hotmail.com SPF record is missing “include:spf.protection.outlook.com” — which is present in the outlook.com SPF record. And I see it present in a cached copy of Hotmail’s SPF record that I collected last month. So, I suspect that to be