On 5/9/2018 12:21 PM, Rob McEwen wrote:
On 5/9/2018 8:04 AM, Stefano Bagnara wrote:
Contacting ivm or spamauditor they often say they have no "false
positives for the block" so they are uneasy removing it and they also
don't have (or don't share) the issue that originated the block (we
are talking about shared IPs/domains), and I understand this (I would
do the same). Also on my latest attempt the ivmuri contact form /
email seems to be dev/nulled.
<snip>
The fact is the recipient usually doesn't have a way (or doesn't know
how) to make this "false positive report"
Stefano,
(can't speak for spamauditor... but regarding invaluement...)
(1) To answer the question about "no false positive reports" - The
general idea is that whenever there is DESIRED or *truly*
permission-based messages that are blocked, then over time, feedback
from recipients *will* bubble-up to their ISPs/hosters - and if that
ISP/hoster is an invaluement subscriber - then in those RARE
situations where such a legit message was blocked due to invaluement
data, we'll then get feedback saying so. In fact, we have extremely
good telemetry these days and I sleep well at night having a
confidence that the sky won't fall the next day due to a nasty false
positive slipping through and making customers angry. (after 11 years
of hard work and fine tuning...) that pretty much never happens. I
understand the "you can't prove a negative" argument - but,
additionally, we have a solid core group of trusted 3rd party
anti-spam security researchers who are able to spot even very elusive
FPs - and they have access to a password protected backdoor form where
they can delist immediately, and then we do a follow-up investigation.
These days, when that form is used, it is typically dark-gray ESPs who
are very questionable to begin with - nothing alarming. (or someone
got hacked - and then just fixed their security problem). THIS is what
I would have meant if I had said "no false positives for the block" -
and while that is just one factor - and other things are considered,
too - when weeks or months go by and the ONLY delist requests are
coming from the SENDER - and ZERO are coming from the recipients - and
zero are coming from their hosters and ISPs who use our data - THAT IS
A RED FLAG THAT RARELY HAPPENS FOR DESIRED MAIL!
(2) On April 28, 2017, I replied to one of your messages, provided you
with much very good information about the cause of your listings, and
I delisted your domain.
(3) last week, you emailed again - and while I didn't take the time to
reply (we were overloaded that day) - I gave you the benefit of the
doubt and immediately delisted your domain (again)
(4) you make it sound like you've been doing dozens and dozens of
unanswered requests over months of time - and you make it sound like
none of them have received a single answer. In fact, fwiw you've used
our formal delist process 4 times in the past 4 months - and we've
take action 3 times to assist you: one automated *immediate* delist of
your IP, one manual delist of your domain with a reply back to you
giving you hand-typed detailed information, and one silent delist of
your domain (not perfect, but FAR from the very negative impression I
would have had if I had read your post to MailOp, and didn't know the
rest of the story!)
(5) But why are you not being given an even higher priority? And why
do you keep getting listed?:
(A) you're using garbage domains that have zero good reputation - and
they have home pages that look like a typical snow spammer's domains.
EXAMPLES: "mymailer DOT it" (with and without the "www.", or even with
the "app." host name you use on this domain). This isn't a crime, but
it is especially a good idea for ESPs to NOT use such zero-reputation
domains - and even to an anti-spam researcher manually checking this,
such results don't inspire confidence. Why? Because (as happened in
this case) when I'm researching delist requests and LOOKING for good
credibility to justify a delist... and the domain being requested has
home pages like THAT - it immediately informs me that the requester is
less worthy of my attention and respect. In general, use of "throwaway
domains" is not a best practice for ESP.
(b) Another development that has happenedĀ - since I sent you some
detailed information back on April 28, 2017 - since then - we've been
getting these message (that use this domain) sent from us from a 3rd
party spam feed - and the intended recipient is an obvious spamtrap
hit. If I were to show you the intended recipient's email address just
by itself - you would immediately know that this was a spamtrap
address. (that is all I'm going to say about it). You should make sure
that your customers are not purchasing lists, they should put captchas
on their signup forms, and they do confirmed opt-in.
Still, you're far from the worst, and that is one of the reasons you
DID get some assistance already, and why you did get delisted at
times. I've delisted this again, and I put something in place to make
this harder to relist - with the (hopefully not mistaken assumption!)
that you're doing to improve going forward.
NOTE: I'm estimating that you have one reply before the MailOp police
shut this thread down! This is probably not the proper use of this forum.
Sorry - i just noticed that the hand-typed message we had sent you was
from 2017 - I had quickly copied and pasted the date and mistakenly
assumed it was from 2018 - so ignore that part. (but that doesn't change
what I stated above very much)
--
Rob McEwen
https://www.invaluement.com
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
