opensourcepledge / opensourcepledge.com

We all depend on Open Source. Pay the maintainers by joining the Open Source Pledge.
https://opensourcepledge.com/
213 stars 29 forks source link

Convince DNS providers we're not malware #62

Closed chadwhitacre closed 1 month ago

chadwhitacre commented 2 months ago

I've seen this crop up a couple places. Latest from internal Sentry Slack:

I was reading one of your posts on LinkedIn about https://osspledge.com/ however it seems to be blocked by my DNS provider as malware. I'm currently setup with something called Canadian Shield. You may want to reach out to them to see what is going on with that so it can be unblocked

vladh commented 2 months ago

Resolving using Canadian Shield “DNS resolution only” ^1 correctly returns our GitHub A record.

$ dig osspledge.com @149.112.121.10
...
osspledge.com.      86400   IN  A   185.199.109.153

Resolving using Canadian Shield “Malware and phishing protection” returns their “malware blocked” page:

$ dig osspledge.com @149.112.121.20
...
osspledge.com.      0   IN  A   99.83.179.4

We’re sorry. This site contains malware content.

The site you are trying to visit contains malicious content that may attempt to steal your personal or financial information. It has been blocked to avoid causing loss to you or harm to your device.

We have also received this potentially related report:

screenshot

vladh commented 2 months ago

I've contacted CIRA, who run Canadian Shield, to ask for help.

vladh commented 2 months ago

osspledge.com is listed on the Spamhaus Domain Blocklist: https://check.spamhaus.org/results?query=osspledge.com

I've opened a ticket with Spamhaus to ask for this to be corrected.

chadwhitacre commented 2 months ago

Weird. I wonder how that happened. 🤔

chadwhitacre commented 2 months ago

Maybe we need to set up SPF?

vladh commented 2 months ago

We do already have a deny-all SPF record:

$ dig osspledge.com txt
...
osspledge.com.      43200   IN  TXT "v=spf1 -all"

But it shouldn't matter because we're not sending or receiving email at osspledge.com.

Ethan-Arrowood commented 2 months ago

When I sent out the partner email, I received a handful of replies that considered my message spam. However, I used my personal email, and the osspledge.com domain was only included in the content of the email.

chadwhitacre commented 2 months ago

But it shouldn't matter because we're not sending or receiving email at osspledge.com.

My hypothesis was that we didn't have an SPF record and someone was spoofing us. Good that we have an SPF record, though. Agree this seems to not be the problem.

chadwhitacre commented 2 months ago

Another report: https://x.com/_st0012/status/1828891902076150183.

vladh commented 2 months ago

I've checked against many domain blacklists ^1 and it seems like Spamhaus is the only one we're on. Handling this in a ticket with them.

chadwhitacre commented 2 months ago

Might be something to your experience, @Ethan-Arrowood. Just got this warning on an email @selviano sent out w/ me cc'd.

Screenshot 2024-08-29 at 4 19 09 PM
vladh commented 2 months ago

Yikes, wondering how many people from my original member recruiting batch got that. 😭

chadwhitacre commented 2 months ago

False alarm, the email doesn't link to osspledge.com at all, but rather to https://cal.com/osspledge/intro. Though it does also include a PDF attachment (the pitch deck).

selviano commented 2 months ago

this gives me an excuse to follow up with everyone I sent the pitch deck to and hasn’t yet responded!

On Aug 29, 2024, at 1:27 PM, Chad Whitacre @.***> wrote:

False alarm, the email doesn't link to osspledge.com at all, but rather to https://cal.com/osspledge/intro. Though it does also include a PDF attachment (the pitch deck).

— Reply to this email directly, view it on GitHub https://github.com/opensourcepledge/osspledge.com/issues/62#issuecomment-2318905999, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXFS7GA76V7IK5DA34S2E53ZT573RAVCNFSM6AAAAABNKEYSOWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMJYHEYDKOJZHE. You are receiving this because you were mentioned.

chadwhitacre commented 2 months ago

The plan all along. ;-)

vladh commented 2 months ago

We’ve been removed from the Spamhaus Domain Blocklist. 🎉

chadwhitacre commented 2 months ago

Woo-hoo! @st0012 @nicholas-codecov Can you retry and let us know if/when it's fixed for you?

vladh commented 2 months ago

Canadian Shield has also separately unblocked us. 🎉

nicholas-codecov commented 1 month ago

@chadwhitacre seems like everything is working with Canadian Shield 🇨🇦

chadwhitacre commented 1 month ago

Awesome! Thanks for reporting back, @nicholas-codecov. Gonna go ahead and close this out. 🎉