Hi Anne: >> Companies should not ask for an email address unless they take good care of it and convince the recipient of that. That is how they should protect themselves. >(cough)GDPR(cough) Yes... It would be nice if everyone sticks to the law.
Hi Laura: > There is an entire segment of the legitimate email industry that provides list cleaning services for a fee to anyone with cash I know. They make my work more difficult. > A naive scanning like you suggest wasn’t sufficient for the spammers of 16 years ago. It’s certainly not going to catch anything actual spammer today I'm just giving a simple example, obviously. Complex examples are harder to explain. But I still have customers with such addresses. Most of my customers that misbehave in some way are not actively seeking to break the law. They are just very unknowledgeable. Very. > You use the data you’ve got to try and find bad behavior. Bounces are a data point and *sometimes* can lead you down the path of a problem sender Well, similar conclusions can be made by open, click and unsubscribe analysis. Hi Michael: > https://www.spamhaus.org/news/article/734/subscription-bombing-coi-captcha-and-the-next-generation-of-mail-bombs Yes. We've had some discussions in this group, behind the scene, to provide pointers on how to detect/mitigate that. I would call that "form spam". One of the problems with that specific type of abuse is that doube opt-in would not have solved the issue (as the inbox would have still been flooded with opt-in messages). Which basically proves my point that double opt-in is not the tool to fix that issue. The nadine story is interesting. >> … for signs of lack of opt-in … > IMHO, you have that the wrong way around. You are right there. My data setup has not yet allowed me to work it like that. > But many of the most promising ways to my mind are actively frowned upon. > Like noticing bounces from OTHER lists are in the new set. I would call that "address intelligence" which combined with "domain intelligence" gets you pretty far. As long as I just use it to vet my customer list, it should be ok. It is one thing that list cleaning services cannot fix. Yours, David On Thu, 30 Aug 2018 at 01:55, Michael Wise <michael.w...@microsoft.com> wrote: > > > Sounds like the beginning of ePending. > > And I have a crawly feeling about this, because it reminds me of an > experience we had with someone who wanted a dedicated /24 for their own > use, but all the rDNS was in like groups of 12 domains at a time, but all > sending the same traffic. > > AOL sent us LOTS of complaints, but finally we had a SpamCop complaint > that we could start a conversation with, and … > > > > “ I need to know the history of this email address, how did it sign up… > > - I asked my boss and he said yup, that street address in Las Vegas > exists … > > “ But it doesn’t belong to the owner of this email address, who says that > they have never lived in Las Vegas. Ever. > > - … > > > > /me calls the NOC, “Brad, pull the ethernet for X. > > - Done. > > > > Aloha, > > Michael. > > -- > > *Michael J Wise* > Microsoft Corporation| Spam Analysis > > "Your Spam Specimen Has Been Processed." > > Got the Junk Mail Reporting Tool > <http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? > > > > *From:* mailop <mailop-boun...@mailop.org> *On Behalf Of *Laura Atkins > *Sent:* Wednesday, August 29, 2018 10:00 AM > *To:* David Hofstee <opentext.dhofs...@gmail.com> > *Cc:* mailop <mailop@mailop.org> > *Subject:* Re: [mailop] Gmail - Anybody out there from Gmail, willing to > assist with strange reputation issue > > > > > > On Aug 29, 2018, at 2:35 AM, David Hofstee <opentext.dhofs...@gmail.com> > wrote: > > > > > Without confirmed opt-in, you're at the mercy of what random junk people > happen to stick in there > > True, but then the real problem is that the opt-in is invalid. As an ESP > you should evaluate these lists beforehand *and* monitor for signs of a > lack of opt-in (e.g. high complaint rates by FBL or unsubscribes). Having > these typo's are often good indicators for me to start looking further > beforehand. E.g. a...@hotmail.com is the perfect example of people not > wanting to provide their real email address. > > > > There is an entire segment of the legitimate email industry that provides > list cleaning services for a fee to anyone with cash. A significant portion > of the time a non-opt-in list will pass all of the tests (and dozens more) > that you mention above.There’s also vast amounts of work and products in > the spammer end of the email industry that folks like me never see, but are > also designed to prevent ESPs from identifying spammers. > > > > Back in 2002, I was investigating a list of addresses. The question was > are these addresses opt in? I had a sample of addresses from the list, > don’t remember how many. Included in the data was signup IPs, home > addresses, phone numbers and zip codes. I ran buckets of tests. I did > reverse lookups, I mapped IPs to locations, I did everything I could think > of to identify if this address list was opt-in. The data was clean. Very > clean. Zip codes matched IP locations. rDNS was accurate between the signup > IP and the address signed up. > > > > At the time there were no such things as FBLs, so I had no complaint > levels. I didn’t have access to unsubscribe data. But nothing about the > data I had looked, in any way, like it was collected in any way other than > an opt-in fashion. I would have even believed it was double opt-in. > > > > Until. I ran one final test. I searched for a local part I use at some > freemail providers. And my address was on the list, with a totally fake > name, IP address somewhere in Texas and matching zip code and phone data. > > > > The only way I was able to identify that list was a problem was because > one of my own addresses was on there. Had they grabbed a different subset > of the list, I would have never been able to ID the list as problematic. > Had I not thought to look for my own addresses, I would have never caught > the problem. > > > > That was 16+ years ago. The ability of spammers to create plausible > looking data has only increased. The services I mentioned above, the ones > that are used by the legitimate folks? They will test your list for > deliverability before you send your first mail. They’ll clean off the > typos. They’ll clean off (some of) the spamtraps. They’ll remove anything > that will give an ESP insight into the list. There’s one service that has > purchased every email address list they can find, and sells that to ESPs so > they can detect purchased lists. The services on the spammer end of the > industry? They’re even better and more dodgy. They include shared lists of > address that complain, or shared lists of addresses that regularly open. > The whole business > > > > A naive scanning like you suggest wasn’t sufficient for the spammers of 16 > years ago. It’s certainly not going to catch anything actual spammer today. > > > > A double-optin only confirms there was a relationship with some sender at > some point in time. It avoids typo's. However, it does not state with who > the opt-in was, when it was provided, for what content, for what frequency, > under what circumstances and for how long that is valid. It is not > watertight at all. > > > > Exactly. Which is why there are other / better ways to manage a > subscription process and address collection process. Mapping out the > "attack tree” (it’s not really attack, but more vulnerability tree) lets > the address collector manage the threats to their list in a way that limits > the friction for recipients that want to receive their mail while providing > the right friction to ward off fake addresses in their mailing lists. > > > > laura > > > > -- > > Having an Email Crisis? We can help! 800 823-9674 > > > > Laura Atkins > > Word to the Wise > > la...@wordtothewise.com > > (650) 437-0741 > > > > Email Delivery Blog: https://wordtothewise.com/blog > <https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordtothewise.com%2Fblog&data=02%7C01%7Cmichael.wise%40microsoft.com%7C1344e6a8f591412c288308d60dd222fb%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636711593511087501&sdata=%2Bl5wEJS97fx3WD1F2fW2pLlEJ4vMwtKOHSoiIkXXC7I%3D&reserved=0> > > > > > > > > > > > > > > -- -- My opinion is mine.
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
