On 06/02/09 8:40 PM, "Greg Troxel" <[email protected]> wrote:
> That's my reply, so I thougth I'd share my experiences to date. On > December 6th I sent a complaint (about spam certified as > HABEAS_ACCREDITED_COI) to [email protected] and > [email protected]. I heard nothing, but noticed a drop to SOI. > After Neil's post to the list forwarded the complaint on January 14 to > [email protected]. I have not heard anything back, so I > just sent the complaint again. As I noted back in January, I had only just assumed the task of compliance for Safelist days before. I thought my reply to your post would have been sufficient response, my sincere apologies for not having replied to your complaint submission. > I just ran the original message through SA again, and it comes up > > Content preview: My Rewards Center - Please Confirm My Rewards Center > Having > trouble viewing this email? . [...] > > Content analysis details: (-2.3 points, 1.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better > [64.20.245.66 listed in sa-accredit.habeas.com] > 0.0 HTML_MESSAGE BODY: HTML included in message > 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% > [score: 0.5000] > 2.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts > -0.5 AWL AWL: From: address is in the auto white-list > > > The message has > > Accreditor: Habeas > X-Habeas-Report: Please report use of this mark in spam to > <http://www.habeas.com/report/> > > this goes to a web form, with no abuse email address where one can > forward full headers. That is incorrect. There is a box specifically for that purpose, indeed the webform cannot be used without the submission of full headers. There is even a phrase to that effect on that page: "Include the content of the email message including full headers. (required)" Furthermore, we have now posted several times about the complaint submission process. > So perhaps habeas-certified mail should be tagged > ACCREDITED_RFC_IGNORANT_ABUSE. I fail to see where we are RFC ignorant. Not only is there a specific submission address we have created for the Spamassassin community, but additionally ab...@habeas.* continues to work, although that would, of course, be where you would want to send reports of abuse with Habeas.* in the from, or one of our sending IPs as the culprit. > So from where I sit there is no functionging complaint process, and the > only time I've seen any response at all is from complaining in public. Heh, I'm very curious as to where you sit! There absolutely is (are) several functioning complaint mechanisms 1. The webform 2. abuse.net 3. [email protected] Let's get specific about this particular sender. 1. We dropped them from COI to SOI. That is an appropriate proclamation of the providence of their mail, IMO. 2. We are currently investigating them. This may be a revelation, but we do not terminate clients based on one, or even a couple of complaints. That would be fool-hardy, leaving our systems and protocols open to gaming. I am looking at these guys HARD by way of an aggregation of historical issues, and I have set up active monitoring of their account using all the investigative/researchy resources I have at hand, which are substantial. At present time it is too early to say what actions I will take, but they will be dealt with, and these problems *will* stop, one way or the other. 3. Investigations take time. The reality is, we had a couple of far more egregious issues to deal with these past weeks (one on Safelist, two on Certified), and have outright fired some people as a result of the investigations that superseded this one [I can't tell you who specifically, but one of our senders was fired from our programme, fired by their ESP, had a cease & desist letter issued to the for CANSPAM violations by one of the largest Freemailers, and was fired from an 'affiliate programme' to which they had appended themselves, directly as a result of of this investigation. IOW, we put them out of business. Another one, we shut down entirely en masse, and they are leaving voluntarily. A third, we found to be sending 419. That was shut down at 18:30 last night]. Bottom line: I will not promise an immediate turn-around on the performance of the list (realistically, over the next two months you will see significant improvement) nor (as I said publicly and previously), will I promise immediate actions to complaint submissions. What I will promise is that we are listening, we are responsive, we are very actively working on Safelist, and the intent to fix what is wrong is not only very real, but fully supported by the CEO, the President, and the VP for whom I work. I will not brook the notion for one second that we are unresponsive, nor uncaring about the situation. We have spent literally hundreds of manhours to try to make sense of the legacy systems, begin migration, and take steps to deal with what is clearly a problem. We will continue to do so. We are NOT fooling around, NOT shining you on. The reality is time and resource constraints. I sincerely apologize if the time-frame is not sufficiently rapid to meet your needs; There are only so many hours in the day, and there are steps *you* can take to deal with sub-optimal senders on Safelist, or Safelist in its entirety. Eventually, these senders will not be an issue. At present, doubtlessly they are. Greg, everyone, please keep your eyes on safelist, and when it appears to be sufficiently polished for you to reconsider its use, we would be appreciative were you to reverse a decision to downgrade the score. As I said last time we had this discussion Greg, downgrading is exactly what I would have done in your situation. -- Neil Schwartzman Director, Accreditation Standards & Security Sender Score Certified | Sender Score Safelist Return Path Inc. 0142002038
