Re: [Declude.JunkMail] Topica and SBL
This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. Here's the SBL evidence file for the main Topica block: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12236 Here's one of their blocks that I have blacklisted: http://www.senderbase.org/search?searchString=66.180.244.0%2F25 Here's a nice evidence file from Google: http://groups.google.com/groups?q=topica.com+group:*abuse*start=10hl=enlr=ie=UTF-8scoring=dselm=e1e3rvkq62pvs1mi997tamhk701s571m5a%40thor.wirehub.nlrnum=12 Here's what happens with their unconfirmed list subscriptions (4-9 year old child porn list memberships): http://groups.google.com/groups?q=topica.com+group:*abuse*start=20hl=enlr=ie=UTF-8scoring=dselm=200310170813.h9H8DauA024020%40jupiter.gwalter.demon.co.ukrnum=22 The SBL listing as well as Google Groups suggests strongly that they are using their list business as a part of their address collection, or in the very least they don't hardly at all practice a foolproof method of verifying memberships in their lists as fake addresses get subscribed, and on person even complained about getting subscribed to something like 28 of their lists all at once as suspected retribution for something, hearsay of course, but there's lots more, 5,480 matches in abuse newsgroups in fact. Topica - http://groups.google.com/groups?hl=enlr=ie=ISO-8859-1scoring=dq=Topica+group%3A*abuse*btnG=Google+Search And some other abuse newsgroup hits: tpca.net - http://groups.google.com/groups?scoring=dq=tpca.net+group:*abuse* servitall.com - http://groups.google.com/groups?scoring=dq=Servitall.com+group:*abuse* pl00.com - http://groups.google.com/groups?scoring=dq=pl00.com+group:*abuse* These guys clearly front their listserv business as a way to enable their spam operations, and spamming listserv operators take advantage of their policies in order to gain entry into your system. How could you possibly want to let this stuff into your server? As far as the other SBL FP's that you said you have relating to personal E-mail, I'd be very curious as to what the SBL listing said in relation. SBL has an FP rate that far exceeds my own on my system. I'd drop them substantially in weighting if I felt that their standards were lacking. Matt Bill Landry wrote: Matt, legitimate messages are legitimate no matter the source that they come from, would you not agree with this? You would have deleted all of these messages, as well the other dozen or so legitimate personal messages I found. I don't see any credibility in your position here that it is okay to delete legitimate messages based on where they are delivered from. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 9:45 AM Subject: Re: [Declude.JunkMail] SpamD/SpamC for Declude Bill, It appears that your entire list is from one source, Topica. Search the archives for a discussion of Topica, how their lack of message list verification results in lots of spam, and how they are also a spam house, even sending spam from the same block of IP's. I thought this was an FP at first, but this is more of the malware variety. There's a good reason for Topica to be listed. I've explained this one caveat many times here, but a spam house is a spam house in my book. You should have explained with your stats how these were mostly or even all from the same source :) Matt Bill Landry wrote: - Original Message - From: Matt I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. Because people didn't respond doesn't mean anything. All RBLs produce false-positives. How could they not, they are run by humans. I think your advice is well founded, however it is a generalization and exceptions may apply. There are no exceptions when it comes to anything run by humans, there WILL be errors. Just from yesterdays logs, legitimate mailing list messages blocked by SBL: 20 Subject: RE: [MS SMS] What are YOU doing to remove spyware? 2004 Edition 19 Subject: RE: [MS SMS] OT: Football 12 Subject: RE: [myOT] Alias 10 Subject: RE: [MS SMS] SMS 2003: WMI 9 Subject: RE: [MS SMS] Installing a DP over the wire. 9 Subject: RE: [myOT] MMS 2004 7 Subject:
Re: [Declude.JunkMail] Topica and SBL
Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
RE: [Declude.JunkMail] Topica and SBL
TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
Re: [Declude.JunkMail] Topica and SBL
Bill, If this stuff comes from the same IP, both good and bad, then how do you tell it apart? Do you merely rely on content filters? Their servers send lots of spam and they are well aware of the problems. When you combine their semi-legit business with the fact that they are spamming openly from 10 or more different address blocks, and they use 100's of domains, I think the right thing to do becomes obvious. I'm sure that this is what led SBL to finally list them. The fact is that if I was knowingly selling bulk mail services to spammers from my own server as well as sending personal E-mail from it, you would be justified in blocking me. Topica's practices will probably end up converting their service over to virtually all spam over time, because legit senders will find their service to be a poor choice based on their business practices. The bottom line remains, Topica is a spam house, and on their supposed legit service, they maintain relationships with known spammers despite abuse reports. They are leaving us with no choice, because they left us with no good way to differentiate. Topica is a bad, bad company. Matt Bill Landry wrote: Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Topica and SBL
So I got to ask then, is this a good enough reason to delete legitimate messages? Bill - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:17 AM Subject: RE: [Declude.JunkMail] Topica and SBL TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Tuesday, January 13, 2004 10:59 AMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
Re: [Declude.JunkMail] Topica and SBL
Except that you are contributing to their database of valid addresses so you get other spam and you are doing "business" with a spammer... even if it is a free list. The point that Matt makes.. which is a valid one.. is that Topica shouldn't be used by anyone because their existance makes spam even worse for all. You shouldn't enable spammers, and your use of their lists is doing just that. --Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 1:58 PM Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content.
Re: [Declude.JunkMail] Topica and SBL
John, That's part of it, but that part was only speculative. Topica does harvest from the Web and newsgroups for their spam for sure. Topica is a very shifty company that likes to juggle address blocks. In order to avoid listings, they have an active campaign to encourage people to whitelist their list servers. They were a Habeas client, but they had their status pulled very quickly. Now they have tricked Bonded Sender into list them, and I assure you, that won't last long either if Bonded Sender wants to maintain any clout in the community (be your own judge). Matt John Tolmachoff (Lists) wrote: TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Topica and SBL
When the messages come from a system that participates in building spam lists and the distribution of spam then yes. You must take a stand that you won't have anything to do with a company like Topica. By using the legitimate part of their business you are feeding their corrupt part of their business and you are ultimately making the Internet a slightly worse place to be. --Joshua Levitsky, MCSE, CISSPSystem EngineerTime Inc. Information Technology[5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] - Original Message - From: Bill Landry To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 2:32 PM Subject: Re: [Declude.JunkMail] Topica and SBL So I got to ask then, is this a good enough reason to delete legitimate messages? Bill
Re: [Declude.JunkMail] Topica and SBL
I'm not deleting legitimate messages the last time I checked. If my customers want to sign up for Topica, they can add them to their Web mail address book. I figure that this is only a transition period until Topica loses all of their legit business due to their practices. Clearly, I am well aware of this issue :) I'm much more concerned about the personal E-mail that you said was also blocked by SBL. I would definitely consider dropping their weight based on your claim that you saw 10 such messages in a day. Also, don't assume that I am irresponsible in regard to weighting. I watch my system like a hawk, and I use over 100 different tests, with only two capable of deleting a message based on one hit (the other being my own IP blacklist). When I find a problem, I always fix it, though some need further verification and monitoring. Matt Bill Landry wrote: So I got to ask then, is this a good enough reason to delete legitimate messages? Bill - Original Message - From: John Tolmachoff (Lists) To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 11:17 AM Subject: RE: [Declude.JunkMail] Topica and SBL TREADING LIGHTLY I think what Matt maybe saying, is that even if legit messages come through Topica, Topica may be harvesting those addresses from the legit messages for use in unintended ways, AKA spam. John Tolmachoff Engineer/Consultant/Owner eServices For You -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill Landry Sent: Tuesday, January 13, 2004 10:59 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Topica and SBL Wow, what does any of this have to do with delivering legitimate messages rather than deleting them? I do not intentionally deliver spam from any source, including these - but I do deliver the legitimate messages sent from any source(ah, the true benefits of a spam weighting system). You, on the other hand, summarily delete anything that may come from a source of spam, whether the message is legitimate or not. I simply do not understand this philosophy, nor that you would argue in favor of it. Bill - Original Message - From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:29 AM Subject: Re: [Declude.JunkMail] Topica and SBL This took actual research to figure out :) Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com. Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Joshua Levitsky Except that you are contributing to their database of valid addresses so you get other spam and you are doing business with a spammer... even if it is a free list. The point that Matt makes.. which is a valid one.. is that Topica shouldn't be used by anyone because their existance makes spam even worse for all. You shouldn't enable spammers, and your use of their lists is doing just that. Oh yeah, well let me know how that works for you when you advise your customers and users that they cannot subscribe to legitimate lists hosted by topica (and others) because some of there address space has been know to send spam. I'm sure that will go over real big. When your customers are ready to drop your services because of this, be sure to send them my way, since I will always deliver their legitimate messages to them, no matter the source, and make every effort to block spam from being delivered to them. Guess what, the rules for ISPs and other businesses are different then those that are applied to private e-mail domains like joshie.com. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Topica and SBL
Title: Message I guess this goes towards where one chooses to draw the line - spammersvs. "organizations supporting spammers". Someone who knowingly gets involved with a spammer, should probably expect that their email will not longer be delivered reliably. Similar to blocking an infected/Zombie machine by IP. I do realize that this machine could ALSO generate legitimate requests from my server - but it is up to them to fix their problem so that the block can be removed. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill LandrySent: Tuesday, January 13, 2004 02:33 PMTo: [EMAIL PROTECTED]Subject: Re: [Declude.JunkMail] Topica and SBL So I got to ask then, is this a good enough reason to delete legitimate messages? Bill
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Bill Landry [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 3:31 PM Subject: Re: [Declude.JunkMail] Topica and SBL Guess what, the rules for ISPs and other businesses are different then those that are applied to private e-mail domains like joshie.com. Guess what? I work for AOL. Just because I happen to run my own domain doesn't mean I don't apply these same thought processes to internal policies and I have worked at T.I.A.C. (now owned by Earthlink) as a NOC engineer as well as IDT. So don't try to brush me off with putz comments like that. -- Joshua Levitsky, MCSE, CISSP System Engineer Time Inc. Information Technology [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Joshua Levitsky When the messages come from a system that participates in building spam lists and the distribution of spam then yes. You must take a stand that you won't have anything to do with a company like Topica. By using the legitimate part of their business you are feeding their corrupt part of their business and you are ultimately making the Internet a slightly worse place to be. Obviously coming from someone that knows nothing about the IPS business. I would venture to guess that you do not even have the faintest idea of how many legitimate lists topica hosts or you would probably be singing a different song. And again, it's easy to make these kinds irrational judgement call when the only e-mail messages you will be affecting are those to your own little vanity domain. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Topica and SBL
- Original Message - From: Joshua Levitsky [EMAIL PROTECTED] Guess what, the rules for ISPs and other businesses are different then those that are applied to private e-mail domains like joshie.com. Guess what? I work for AOL. Just because I happen to run my own domain doesn't mean I don't apply these same thought processes to internal policies and I have worked at T.I.A.C. (now owned by Earthlink) as a NOC engineer as well as IDT. So don't try to brush me off with putz comments like that. And do you have any roll in setting e-mail policy for AOL? I bet AOL doesn't block legitimate list e-mail from topica or any other legitimate list source. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.