[Declude.JunkMail] Should have been whitelisted

[Robert Grosshandler]

The following e-mail got tagged as spam, even though it was from an authenticated send.   First, the imail log:   20050518 115243 127.0.0.1       SMTPD (72db5d54010e1dde) [64.4.213.172] connect 184.122.4.102 port 2528 (this is a remote user) 20050518 115243 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] EHLO betazoid 20050518 115245 127.0.0.1       SMTPD (72db5d54010e1dde) Authenticated [EMAIL PROTECTED], session treated as local. 20050518 115245 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] MAIL FROM: <[EMAIL PROTECTED]> 20050518 115245 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <[EMAIL PROTECTED]> 20050518 115245 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <[EMAIL PROTECTED]> 20050518 115246 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <oooo@igive.com> 20050518 115246 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <nnnn@iGive.com> 20050518 115247 127.0.0.1       SMTPD (72db5d54010e1dde) [184.122.4.102] f:\imaillogs\D72db5d54010e1dde.SMD 16506     Now, the declude log:   05/18/2005 11:52:55 Q72DB5D54010E1DDE NOT bypassing whitelisting of E-mail with weight >=25 (20) and at least 4 recipients (4). 05/18/2005 11:52:55 Q72DB5D54010E1DDE Bypassing whitelisting of E-mail with weight >=12 (20) and at least 4 recipients (4). 05/18/2005 11:52:55 Q72DB5D54010E1DDE R1 Message OK 05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=IGNORE IPNOTINMX=IGNORE REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=WARN WEIGHT15=IGNORE WEIGHT20=WARN SPAM-HIGH=IGNORE CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN  [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE R2 Message OK 05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=IGNORE IPNOTINMX=IGNORE REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=WARN WEIGHT15=IGNORE WEIGHT20=WARN SPAM-HIGH=IGNORE CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN  [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE L3 Message OK 05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=WARN IPNOTINMX=WARN REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=IGNORE WEIGHT15=SUBJECT WEIGHT20=IGNORE SPAM-HIGH=ROUTETO CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO  [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE L4 Message OK 05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=WARN IPNOTINMX=WARN REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=IGNORE WEIGHT15=SUBJECT WEIGHT20=IGNORE SPAM-HIGH=ROUTETO CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO  [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE Cumulative action(s) taken on this email = IGNORE WARN SUBJECT ROUTETO  [LAST ACTION=""> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Sent: Wednesday, May 18, 2005 2:33 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses I think this is good.  Just think about the issues that you would have if Verizon indiscriminately blocked you.  We have heard a bunch of stories about AOL and their spam reporting mechanism blacklisting servers that are just merely forwarding to them.  If these companies blacklist providers like myself, I would probably lose business. The practice of blocking spammers or otherwise aggressive hosts from sending E-mail has never resulted in a successful lawsuit.  However this is not the first time that a blacklisting entity has been sued or threatened for indiscriminate behavior.  Here's a link to an archive of documents concerning Pavenet.net threatening to sue DSBL     http://dsbl.org/legal/pavenet/ DSBL takes pride in the fact that they have reached 5 million IP's listed, but they have done this by never expiring a listing, creating a system that is virtually impossible to delist a clean IP with a reverse DNS entry that doesn't belong to the user, and aggressive scanning techniques.  In this case it appears that pavenet.net was being improperly listed, and it had been so multiple times.  If you are an ISP and allow your own IP's to relay through your server without authentication, then any user can list your server on DSBL without any special knowledge. I've also sent no less than 6 requests to SBL in the last year asking them to stop indiscriminately blocking Chinese and Korean blocks of IP's, one even as large as a /14 (that's 4 class B's), because of zombie traffic, or limited Web site hosting by spammers, and no response to requests to clean this stuff up.  The net result is that SBL becomes very prone to false positives on Asian traffic if you scan on all hops for that test.  They have even taken to "collateral damage" by expanding their blacklisting to cover an ISP's own mail server when there is extremely limited abuse happening on their networks.  This tactic seems to be increasing the practice.  Some of this IP space has been listed for a couple of years now, and it presents a lot of challenges for my clients that do manufacturing, and one even has offices in China. I like both SBL and DSBL for what they do right, but I could do without the zealotry.  SBL tells me to complain to the Chinese and Korean ISP's so that they will fix their problems, but I think that this guy that is suing Verizon got it right by taking the fight to the blacklist owner that is doing so indiscriminately, or in some cases to actually damage a business for only indirect involvement with the abuse.  SBL seems to think that I am going to spend my time getting someone that doesn't even speak my language to fix their issue as if I have anything to do with it.  I didn't volunteer to be an enforcer of their loose standards for listings.  Here's a sample of what appears to be mostly residential IP space listed in SBL that have caused issues for me, most of it for a single customer. SBL19306 - 222.64.0.0/16 SBL19307 - 222.65.0.0/16 SBL9888 61.171.0.0/19 SBL8753 - 218.79.64.0/22 SBL17566 and SBL19903 - 61.199.40.0/21 SBL20053 - 211.48.62.0/24 SBL9189 - 218.79.224.0/20 SBL24861 - 200.138.96.0/20 SBL23720 - 61.51.146.0/24 SBL26216 - 221.208.0.0/14 China and Korea definitely have issues, and clearly don't mind the spamming (which is leagal to do in China their country as long as it goes outside of the country, and there is no law against hosting the spam sites there), but they are punishing businesses with no association to the activity and little or no other choice for connectivity. Matt Darrell ([EMAIL PROTECTED]) wrote: This kinda scares me.  Could this potentially set a precedence that companies can be sued for blocking mail?  i.e. You get sued for blocking mail.  We all block some legitimate mail at some point..  Thats the nature of the game. Darrell ------------------------------------------ invURIBL - Intelligent URI filtering plug-in for Declude.  Stops 85%+ of SPAM with the default configuration.  Download it today - http://www.invariantsystems.com Marc Catuogno writes: That is f-ed up right there... The damned lawyers are gonna get rich and every VZ customer will get a coupon for a free day of service.   Marc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam.  The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers.  A second class action lawsuit was filed on behalf of residential customers.  In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers.  http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524   ------------------------------------------------------------------------ DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus.  Download a copy today - http://www.invariantsystems.com  --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus]   --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com. ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail.  IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list.  To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail".  The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================