Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
on Wed, Jan 22, 2020 at 09:53:24AM -0800, Brandon Long via mailop wrote: > You can treat these all as spam, and as misdirected mail, they are. The > problem is, they aren't usually of a volume that matters and using them to > block the source is likely to have more false positives than not. We are good friends with the nice folks over at gamila, who made stuff like the tea stick (they eventually sold the rights to the folks who also make Bobbles, water bottles with built-in filters). They are known as gamila now because their original name, gamil.com, was practically impossible to use because, well, obvious reasons. I have champeon.com and regularly have to deal with presumably intoxicated Latin Americans who think they are the champeon of the world and sign up for facebook or twitter with an account in my domain. Shrug. I reset their password and try to shut the accounts down when I can. -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/ Internet security and antispam hostname intelligence: http://enemieslist.com/ ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On Fri, Jan 17, 2020 at 3:18 PM Jaroslaw Rafa via mailop wrote: > Dnia 17.01.2020 o godz. 09:49:31 Jay Hennigan via mailop pisze: > > > > It's not just Facebook. Lots of sites make you register with an > > email address to see their content, even if you never intend to > > interact with them by email. I use one of two methods. > > Mailinator.com is a wonderful method, but many sites have blocked > > them. Another is to create a freemail account solely for sites that > > require email for registration but from which you never want to > > receive mail. Fill out the form, log in to the account, laugh at all > > the spam that is sitting there, reply to the registration request, > > and never log in again until you need to register another such site. > > But that still means that the site sends mail to an existing address. Maybe > one that you never log in to, but existing. > And the topic was about Facebook sending mail to non-existent addresses. > I also have a FB account I didn't sign up for sending mail to one of my test addresses. No idea how long ago, but it looks like at least at some point there was a way to do that. I recovered the account and tried to delete it, don't recall how it went. That address also receives a bunch of other mail for this person who thinks it's their email address, like from their church listserv. No idea if they just don't know their address or it's a common typo or misreading. I just delete it and move on. This type of thing is depressingly common for addresses that are common names and such at the major providers. One of the early folks at RocketMail had d...@yahoo.com and it was nearly impossible to use because of the amount of misdirected mail. For Gmail's launch, we required longer logins and banned something like the 5000 most common names we could find and also prevented any simple homoglyphs, and still folks end up in this state. Detecting misdirected mail is a lot harder than regular spam, if not impossible. It's mostly one-off messages like receipts where COI isn't expected. It'll also catch various manual lists that otherwise get away without COI (ie, despite it being a best practice, if the complaint rate is low enough because the number of addresses added is low enough and they're usually the correct address and usually manual adds)... or it'll be things like one to one messages like someone who gives their email address to a car salesman when they do a test drive. You can treat these all as spam, and as misdirected mail, they are. The problem is, they aren't usually of a volume that matters and using them to block the source is likely to have more false positives than not. Even on a single user basis, knowing that one receipt from randomebiz.com is spam and when that user actually buys something there it isn't... good luck. Frankly, there aren't really any great solutions. Luckily, most users don't get much of this if any. Brandon ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Dnia 17.01.2020 o godz. 09:49:31 Jay Hennigan via mailop pisze: > > It's not just Facebook. Lots of sites make you register with an > email address to see their content, even if you never intend to > interact with them by email. I use one of two methods. > Mailinator.com is a wonderful method, but many sites have blocked > them. Another is to create a freemail account solely for sites that > require email for registration but from which you never want to > receive mail. Fill out the form, log in to the account, laugh at all > the spam that is sitting there, reply to the registration request, > and never log in again until you need to register another such site. But that still means that the site sends mail to an existing address. Maybe one that you never log in to, but existing. And the topic was about Facebook sending mail to non-existent addresses. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On 1/17/20 00:47, Jaroslaw Rafa via mailop wrote: Hm... I don't understand. I don't use Facebook much, besides administering some low-traffic fanpage, but AFAIK Facebook sends mail to the e-mail address you gave when you registered on Facebook. And to register on Facebook, you must have access to this e-mail address, because you have to type in the code that is sent to this address (which meets the criteria of double opt-in, I guess). So how it is possible to give a non-existing address to Facebook? It's not just Facebook. Lots of sites make you register with an email address to see their content, even if you never intend to interact with them by email. I use one of two methods. Mailinator.com is a wonderful method, but many sites have blocked them. Another is to create a freemail account solely for sites that require email for registration but from which you never want to receive mail. Fill out the form, log in to the account, laugh at all the spam that is sitting there, reply to the registration request, and never log in again until you need to register another such site. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On 2020-01-16 11:16 p.m., M. Omer GOLGELI via mailop wrote: Guess that is exactly why I don't add a whitelist rule to Facebook mails and let them rot in Quarantine boxes. If they send to unverified, non-existing users without content, no matter where it is from, they are spam. Especially when all those mails belong to Bot accounts. For the record, I commented on this a few months back.. Frankly in volume, Facebook is second highest only to the Amazon spam problem for sending to invalid email accounts.. I questioned in the past whether someone is using Facebook itself for list washing, however it is more likely to be simply bad practices over there, but because certain domains see a lot more of it, I still have suspicions of some type of abuse.. Of course, while it still falls in the too big to block category, (and wish they would change their PTR naming convention), it is all coming from MAIL FROM: But interestingly, the MTA sends a RSET/QUIT rather than just a QUIT when delivering notifications successfully, which makes you wonder if they have a separate system that is performing these checks. Successful attempt: FROM: SIZE=28160 BODY=8BITMIME Failed attempt: FROM: SIZE=13585 BODY=8BITMIME But it does seem that it was trying to send actual data, rather than simply list washing.. And looking at the addresses that do not exist, they do seem like they were legitimate addresses at one time, not simply faked addresses someone is using to game a system. It probably is a simple as Facebook doesn't clear out people's contacts when the address doesn't exist, so when someone tries to 'share' it still goes out to all the legacy contacts. 69.171.232.128 11 69-171-232-128.mail-mail.facebook.com 69.171.232.12918 69-171-232-129.mail-mail.facebook.com 69.171.232.13013 69-171-232-130.mail-mail.facebook.com 69.171.232.13116 69-171-232-131.mail-mail.facebook.com 69.171.232.13214 69-171-232-132.mail-mail.facebook.com 69.171.232.13318 69-171-232-133.mail-mail.facebook.com 69.171.232.13416 69-171-232-134.mail-mail.facebook.com 69.171.232.13516 69-171-232-135.mail-mail.facebook.com 69.171.232.13619 69-171-232-136.mail-mail.facebook.com 69.171.232.13715 69-171-232-137.mail-mail.facebook.com 69.171.232.13814 69-171-232-138.mail-mail.facebook.com 69.171.232.13918 69-171-232-139.mail-mail.facebook.com 69.171.232.14029 69-171-232-140.mail-mail.facebook.com 69.171.232.14130 69-171-232-141.mail-mail.facebook.com 69.171.232.14230 69-171-232-142.mail-mail.facebook.com 69.171.232.14332 69-171-232-143.mail-mail.facebook.com 69.171.232.14432 69-171-232-144.mail-mail.facebook.com 69.171.232.14530 69-171-232-145.mail-mail.facebook.com 69.171.232.14632 69-171-232-146.mail-mail.facebook.com 69.171.232.14735 69-171-232-147.mail-mail.facebook.com 69.171.232.14829 69-171-232-148.mail-mail.facebook.com 69.171.232.149 (RS) 4 69-171-232-149.mail-mail.facebook.com 69.171.232.15033 69-171-232-150.mail-mail.facebook.com 69.171.232.15134 69-171-232-151.mail-mail.facebook.com -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Well, not just that. For some reason, except the valid email addresses with %firstname%.%lastna...@domain.tld, I am seeing a lot of %na...@domain.tld emails coming from Facebook, which does not exist and you can't just follow unsubscribe links to these. Same happens with Twitter too. They don't even check if these emails belong to valid users, they happily accept these. And in my case, maybe these were before validation code checks. Now, maybe using a validation service CAN be acceptable to reduce these for them. But still doesn't solve the opt-in problem where a validated user keeps getting spam that they do not want. So my take on validation services would only be they promote spam in a way, whether it's black or gray... M. Omer GOLGELI --- AS202365 https://as202365.peeringdb.com https://bgp.he.net/AS202365 January 17, 2020 12:47 PM, "Mark Foster" wrote: > ... because other users of Facebook can give your email address to Facebook > in order to trigger an invite to join Facebook. And then you get reminders, > again and again. > It was eventually possible to 'unsubscribe' so that further invites would > not be generated, but this again runs against common wisdom not to confirm > your email address as valid to an unsolicited sender. > And fair enough - why should you have to in the first place? > > For similar reasons LinkedIn also had an awful reputation as a spammer years > ago, I expect there's still a few out there who boycott on principle alone. > It could readily be argued that your friend or colleague who gave your email > address away, has done you a wrong - but the damage is done, and in most > cases they wouldn't be aware that what they'd done was so problematic. > > Anecdotally I've not seen new social things ask for email addresses in order > to recommend/invite friends to join lately, but I havn't joined any new > services in several years either. > Did someone finally realise it was a bad idea? > > From memory - and it was years ago - I caved and used the 'do not mail me > again' links in examples from both LinkedIn and Facebook (as I have multiple > email addresses) as the path of least resistance and because at least I was > aware of both platforms and they had vague legitimacy. But it should > probably not be necessary. > > Caveat - this anecdote is quite dated. I've no idea what their current > practice is. > > Mark. > > -Original Message----- > From: Jaroslaw Rafa > Sent: Friday, 17 January 2020 9:47 pm > To: M. Omer GOLGELI > Cc: Mark Foster ; Brandon Long ; > mailop ; Jay Hennigan > Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing > services, industry feedback.. > > Dnia 17.01.2020 o godz. 07:16:35 M. Omer GOLGELI via mailop pisze: > >> Guess that is exactly why I don't add a whitelist rule to Facebook mails > > and let them rot in Quarantine boxes. >> If they send to unverified, non-existing users without content, no matter > > where it is from, they are spam. > > Hm... I don't understand. I don't use Facebook much, besides administering > some low-traffic fanpage, but AFAIK Facebook sends mail to the e-mail > address you gave when you registered on Facebook. And to register on > Facebook, you must have access to this e-mail address, because you have to > type in the code that is sent to this address (which meets the criteria of > double opt-in, I guess). So how it is possible to give a non-existing > address to Facebook? > -- > Regards, > Jaroslaw Rafa > r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
... because other users of Facebook can give your email address to Facebook in order to trigger an invite to join Facebook. And then you get reminders, again and again. It was eventually possible to 'unsubscribe' so that further invites would not be generated, but this again runs against common wisdom not to confirm your email address as valid to an unsolicited sender. And fair enough - why should you have to in the first place? For similar reasons LinkedIn also had an awful reputation as a spammer years ago, I expect there's still a few out there who boycott on principle alone. It could readily be argued that your friend or colleague who gave your email address away, has done you a wrong - but the damage is done, and in most cases they wouldn't be aware that what they'd done was so problematic. Anecdotally I've not seen new social things ask for email addresses in order to recommend/invite friends to join lately, but I havn't joined any new services in several years either. Did someone finally realise it was a bad idea? From memory - and it was years ago - I caved and used the 'do not mail me again' links in examples from both LinkedIn and Facebook (as I have multiple email addresses) as the path of least resistance and because at least I was aware of both platforms and they had vague legitimacy. But it should probably not be necessary. Caveat - this anecdote is quite dated. I've no idea what their current practice is. Mark. -Original Message- From: Jaroslaw Rafa Sent: Friday, 17 January 2020 9:47 pm To: M. Omer GOLGELI Cc: Mark Foster ; Brandon Long ; mailop ; Jay Hennigan Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback.. Dnia 17.01.2020 o godz. 07:16:35 M. Omer GOLGELI via mailop pisze: > Guess that is exactly why I don't add a whitelist rule to Facebook mails and let them rot in Quarantine boxes. > If they send to unverified, non-existing users without content, no matter where it is from, they are spam. Hm... I don't understand. I don't use Facebook much, besides administering some low-traffic fanpage, but AFAIK Facebook sends mail to the e-mail address you gave when you registered on Facebook. And to register on Facebook, you must have access to this e-mail address, because you have to type in the code that is sent to this address (which meets the criteria of double opt-in, I guess). So how it is possible to give a non-existing address to Facebook? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Dnia 17.01.2020 o godz. 07:16:35 M. Omer GOLGELI via mailop pisze: > Guess that is exactly why I don't add a whitelist rule to Facebook mails and > let them rot in Quarantine boxes. > If they send to unverified, non-existing users without content, no matter > where it is from, they are spam. Hm... I don't understand. I don't use Facebook much, besides administering some low-traffic fanpage, but AFAIK Facebook sends mail to the e-mail address you gave when you registered on Facebook. And to register on Facebook, you must have access to this e-mail address, because you have to type in the code that is sent to this address (which meets the criteria of double opt-in, I guess). So how it is possible to give a non-existing address to Facebook? -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Dnia 17.01.2020 o godz. 15:49:27 Mark Foster via mailop pisze: > > The amount of spam I receive to gmail is not insignificant. > I'm in New Zealand, yet i've somehow managed to book travel, accomodation > and rental vehicles all across the USA. I've somehow managed to opt-in to > various news services in India. > And i'm on alumni distribution lists for several education providers > (again mostly in the USA). I guess the fact that this spam originates mostly from USA has a lot to do with the fact that USA doesn't have a data protection law like GDPR in EU. Some years ago, when I had an email account under a different domain, I used to receive quite a lot of American spam too, and also some Chinese and Japanese spam. Under my current domain, however, looks like American spammers didn't find me yet (or they are effectively filtered by RBLs). Chinese and Japanese spam continues, but it isn't much. The majority of spam I did receive on my current address was however marketing mailing from my own country, from websites, companies and services I never subscribed to. I noticed a tremendous drop in amount of those messages once GDPR came into effect, so I can say that this law is really efficient. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Guess that is exactly why I don't add a whitelist rule to Facebook mails and let them rot in Quarantine boxes. If they send to unverified, non-existing users without content, no matter where it is from, they are spam. Especially when all those mails belong to Bot accounts. To me, double opt-in and following bounce messages must be the way as it has been said before. If I had spare time to list them all, considering ~50% of the spam hitting our spam gateway is commercial grade spam, I would block these verification services to get more spam, train SA and report these unsolicited mails to blacklists. I also do have some unused gmail accounts. One of them constantly receives Indonesian spam. Even legit mail from time to time. I presume along with a person mistyping their email address, it is also common for people mistyping it when they are sending the email. M. Omer GOLGELI --- AS202365 https://as202365.peeringdb.com (https://as202365.peeringdb.com) https://bgp.he.net/AS202365 (https://bgp.he.net/AS202365) January 17, 2020 9:48 AM, "Mark Foster via mailop" mailto:mailop@mailop.org?to=%22Mark%20Foster%20via%20mailop%22%20)> wrote: Yes, I assume that’s the root of how I got on those mailing lists – someone deciding my email address was theirs. But what’s the difference between that, and spam? In my eyes it’s all unwanted email in my inbox. And it’s not once or twice. It’s hundreds of times. Far from isolated cases. I’ve had to delink my email address from random accounts at services like MySpace (yes, really), Club Penguin (I’m not the target market) and at some point it’s gotta be malicious. Where does one draw the line? I’ve always subscribed to the maxim that if I didn’t opt-in, I’m not gonna opt-out. If you run a service that doesn’t have effective double-opt-in, (or even a ‘click this if it wasn’t you!’ early in the process), this is the risk you run, right? Mark. From: Brandon Long mailto:bl...@google.com)> Sent: Friday, 17 January 2020 5:28 pm To: Mark Foster mailto:blak...@blakjak.net)> Cc: Jay Hennigan mailto:mailop-l...@keycodes.com)>; mailop mailto:mailop@mailop.org)> Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback.. Honestly, that sounds like someone else thinks that's their account... unless I'm misinterpreting what you're saying. I have a couple friends with common name accounts, and they get a lot of mail obviously meant for other people. Anyhoo, that's its own major issue that's complicated by sites with lack of coi, of course. In any case, I fail to see how not using unsubscribe in that case is useful, but to each their own. Brandon On Thu, Jan 16, 2020, 6:49 PM Mark Foster mailto:blak...@blakjak.net)> wrote: I couldn't help but respond to this one... > I'd say if it's even remotely gray mail, and not pure spam, go for the > unsubscribe. On Gmail, we only provide a ui unsub link if the sender > reputation is ok, for example, but arguably anything from a mainstream esp > or company is fine to unsub from. I see a lot of local companies and > non-profits who have bad sending practices and often go to spam that are > completely fine to unsub from, for example, and helps clear out the spam > label to make it easier to find the false positives. > > This is also informed both by the prevalence of spam (something like 90% > of > active users get a spam a week) and the effectiveness of our spam filters. > When I see other folks saying they don't get much spam, only 5 or more > messages a day past their filters... I can understand why they don't want > to get anymore. > I have a gmail account. It's used for 'some' email but not the vast majority - I have my own domains and MTA for that. But the gmail account is used for some mailing lists I use relatively infrequently, and I also use it for other Google services, particular the Calendar. Sure. The amount of spam I receive to gmail is not insignificant. I'm in New Zealand, yet i've somehow managed to book travel, accomodation and rental vehicles all across the USA. I've somehow managed to opt-in to various news services in India. And i'm on alumni distribution lists for several education providers (again mostly in the USA). Every single one of these emails is spam to my mind, because I did not opt-in. I did not publically disclose my email address. I never emailed these organisations. Each one probably has a vaguely legitimate or perhaps even positive sender reputation (in all cases I click 'report as spam' and I get the dialogue that asks whether I want to unsubscribe, which I never do). So it's not about being grey, it really does come down to, did I opt-in in any way,
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Yes, I assume that’s the root of how I got on those mailing lists – someone deciding my email address was theirs. But what’s the difference between that, and spam? In my eyes it’s all unwanted email in my inbox. And it’s not once or twice. It’s hundreds of times. Far from isolated cases. I’ve had to delink my email address from random accounts at services like MySpace (yes, really), Club Penguin (I’m not the target market) and at some point it’s gotta be malicious. Where does one draw the line? I’ve always subscribed to the maxim that if I didn’t opt-in, I’m not gonna opt-out. If you run a service that doesn’t have effective double-opt-in, (or even a ‘click this if it wasn’t you!’ early in the process), this is the risk you run, right? Mark. From: Brandon Long Sent: Friday, 17 January 2020 5:28 pm To: Mark Foster Cc: Jay Hennigan ; mailop Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback.. Honestly, that sounds like someone else thinks that's their account... unless I'm misinterpreting what you're saying. I have a couple friends with common name accounts, and they get a lot of mail obviously meant for other people. Anyhoo, that's its own major issue that's complicated by sites with lack of coi, of course. In any case, I fail to see how not using unsubscribe in that case is useful, but to each their own. Brandon On Thu, Jan 16, 2020, 6:49 PM Mark Foster mailto:blak...@blakjak.net> > wrote: I couldn't help but respond to this one... > I'd say if it's even remotely gray mail, and not pure spam, go for the > unsubscribe. On Gmail, we only provide a ui unsub link if the sender > reputation is ok, for example, but arguably anything from a mainstream esp > or company is fine to unsub from. I see a lot of local companies and > non-profits who have bad sending practices and often go to spam that are > completely fine to unsub from, for example, and helps clear out the spam > label to make it easier to find the false positives. > > This is also informed both by the prevalence of spam (something like 90% > of > active users get a spam a week) and the effectiveness of our spam filters. > When I see other folks saying they don't get much spam, only 5 or more > messages a day past their filters... I can understand why they don't want > to get anymore. > I have a gmail account. It's used for 'some' email but not the vast majority - I have my own domains and MTA for that. But the gmail account is used for some mailing lists I use relatively infrequently, and I also use it for other Google services, particular the Calendar. Sure. The amount of spam I receive to gmail is not insignificant. I'm in New Zealand, yet i've somehow managed to book travel, accomodation and rental vehicles all across the USA. I've somehow managed to opt-in to various news services in India. And i'm on alumni distribution lists for several education providers (again mostly in the USA). Every single one of these emails is spam to my mind, because I did not opt-in. I did not publically disclose my email address. I never emailed these organisations. Each one probably has a vaguely legitimate or perhaps even positive sender reputation (in all cases I click 'report as spam' and I get the dialogue that asks whether I want to unsubscribe, which I never do). So it's not about being grey, it really does come down to, did I opt-in in any way, shape or form, or not? That opt-in may include legitimately doing business with that organisation. And if it were my commercial email address, i'd have to view that question in a commercial context At work, unsolicited emails from vendors where _others_ in my organisation hold the relationship, and i've never corresponded with them - are still spam in my eyes. Usually overzealous marketing types, and usually corrected via our account management, along with an apology. But to my personal gmail account? Which I use in a very small number of places? As much as a lot of spam _is_ filtered successfully, plenty more isn't, event legit senders frequently don't have effective double-opt-in and from half way around the world, finding an out-of-band way to report/complain/resolve the issue is almost impossible. So the report-as-spam button gets a bit of use. I still like the New Zealand legal definitions of consent, quite a bit of work was done to define the various types of consent and what that means. https://www.dia.govt.nz/Spam-Frequently-Asked-Questions#con Cheers Mark. > I don't believe spammers are really selling clean lists, our experience is > they email everyone they possibly can. Maybe there are some dark gray > spammers who try to use various legitimate deli
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Honestly, that sounds like someone else thinks that's their account... unless I'm misinterpreting what you're saying. I have a couple friends with common name accounts, and they get a lot of mail obviously meant for other people. Anyhoo, that's its own major issue that's complicated by sites with lack of coi, of course. In any case, I fail to see how not using unsubscribe in that case is useful, but to each their own. Brandon On Thu, Jan 16, 2020, 6:49 PM Mark Foster wrote: > I couldn't help but respond to this one... > > > I'd say if it's even remotely gray mail, and not pure spam, go for the > > unsubscribe. On Gmail, we only provide a ui unsub link if the sender > > reputation is ok, for example, but arguably anything from a mainstream > esp > > or company is fine to unsub from. I see a lot of local companies and > > non-profits who have bad sending practices and often go to spam that are > > completely fine to unsub from, for example, and helps clear out the spam > > label to make it easier to find the false positives. > > > > This is also informed both by the prevalence of spam (something like 90% > > of > > active users get a spam a week) and the effectiveness of our spam > filters. > > When I see other folks saying they don't get much spam, only 5 or more > > messages a day past their filters... I can understand why they don't want > > to get anymore. > > > > I have a gmail account. It's used for 'some' email but not the vast > majority - I have my own domains and MTA for that. > But the gmail account is used for some mailing lists I use relatively > infrequently, and I also use it for other Google services, particular the > Calendar. > Sure. > > The amount of spam I receive to gmail is not insignificant. > I'm in New Zealand, yet i've somehow managed to book travel, accomodation > and rental vehicles all across the USA. I've somehow managed to opt-in to > various news services in India. > And i'm on alumni distribution lists for several education providers > (again mostly in the USA). > > Every single one of these emails is spam to my mind, because I did not > opt-in. I did not publically disclose my email address. I never emailed > these organisations. > Each one probably has a vaguely legitimate or perhaps even positive sender > reputation (in all cases I click 'report as spam' and I get the dialogue > that asks whether I want to unsubscribe, which I never do). > > So it's not about being grey, it really does come down to, did I opt-in in > any way, shape or form, or not? > That opt-in may include legitimately doing business with that > organisation. And if it were my commercial email address, i'd have to > view that question in a commercial context > > At work, unsolicited emails from vendors where _others_ in my organisation > hold the relationship, and i've never corresponded with them - are still > spam in my eyes. Usually overzealous marketing types, and usually > corrected via our account management, along with an apology. > But to my personal gmail account? Which I use in a very small number of > places? As much as a lot of spam _is_ filtered successfully, plenty more > isn't, event legit senders frequently don't have effective double-opt-in > and from half way around the world, finding an out-of-band way to > report/complain/resolve the issue is almost impossible. So the > report-as-spam button gets a bit of use. > > I still like the New Zealand legal definitions of consent, quite a bit of > work was done to define the various types of consent and what that means. > https://www.dia.govt.nz/Spam-Frequently-Asked-Questions#con > > Cheers > Mark. > > > > I don't believe spammers are really selling clean lists, our experience > is > > they email everyone they possibly can. Maybe there are some dark gray > > spammers who try to use various legitimate delivery techniques to curate > > their lists and expand their inboxing, but they seem to mostly want to > > work > > around spam filter weaknesses instead of trying to be more legit. > > > > Brandon > > > >> > > ___ > > mailop mailing list > > mailop@mailop.org > > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
I couldn't help but respond to this one... > I'd say if it's even remotely gray mail, and not pure spam, go for the > unsubscribe. On Gmail, we only provide a ui unsub link if the sender > reputation is ok, for example, but arguably anything from a mainstream esp > or company is fine to unsub from. I see a lot of local companies and > non-profits who have bad sending practices and often go to spam that are > completely fine to unsub from, for example, and helps clear out the spam > label to make it easier to find the false positives. > > This is also informed both by the prevalence of spam (something like 90% > of > active users get a spam a week) and the effectiveness of our spam filters. > When I see other folks saying they don't get much spam, only 5 or more > messages a day past their filters... I can understand why they don't want > to get anymore. > I have a gmail account. It's used for 'some' email but not the vast majority - I have my own domains and MTA for that. But the gmail account is used for some mailing lists I use relatively infrequently, and I also use it for other Google services, particular the Calendar. Sure. The amount of spam I receive to gmail is not insignificant. I'm in New Zealand, yet i've somehow managed to book travel, accomodation and rental vehicles all across the USA. I've somehow managed to opt-in to various news services in India. And i'm on alumni distribution lists for several education providers (again mostly in the USA). Every single one of these emails is spam to my mind, because I did not opt-in. I did not publically disclose my email address. I never emailed these organisations. Each one probably has a vaguely legitimate or perhaps even positive sender reputation (in all cases I click 'report as spam' and I get the dialogue that asks whether I want to unsubscribe, which I never do). So it's not about being grey, it really does come down to, did I opt-in in any way, shape or form, or not? That opt-in may include legitimately doing business with that organisation. And if it were my commercial email address, i'd have to view that question in a commercial context At work, unsolicited emails from vendors where _others_ in my organisation hold the relationship, and i've never corresponded with them - are still spam in my eyes. Usually overzealous marketing types, and usually corrected via our account management, along with an apology. But to my personal gmail account? Which I use in a very small number of places? As much as a lot of spam _is_ filtered successfully, plenty more isn't, event legit senders frequently don't have effective double-opt-in and from half way around the world, finding an out-of-band way to report/complain/resolve the issue is almost impossible. So the report-as-spam button gets a bit of use. I still like the New Zealand legal definitions of consent, quite a bit of work was done to define the various types of consent and what that means. https://www.dia.govt.nz/Spam-Frequently-Asked-Questions#con Cheers Mark. > I don't believe spammers are really selling clean lists, our experience is > they email everyone they possibly can. Maybe there are some dark gray > spammers who try to use various legitimate delivery techniques to curate > their lists and expand their inboxing, but they seem to mostly want to > work > around spam filter weaknesses instead of trying to be more legit. > > Brandon > >> > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
We have a professional services customer that collects email addresses at home and garden shows. As you can imagine, there’s lots of messy handwriting and some people are likely writing down a fake email address so they can get a free something-or-other. We’ve told our customer the same thing – don’t wait until having visited all 10+ home and garden shows, send them a “welcome” email right away, and if comes back bad, remove their email address from your lists. Frank From: mailop On Behalf Of Luke via mailop Sent: Thursday, January 16, 2020 11:36 AM To: Jaroslaw Rafa Cc: mailop@mailop.org; Jesse Thompson Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback.. I actually work for a company that sells a validation tool as a part of our platform and I'm still pretty confused by the appeal of such a thing. As Mr. Wise said before, "bounce processing!" I want to believe a legitimate use case for validation exists but if you collect addresses in an appropriate manner, monitor engagement, pay attention to bounces and suppress addresses accordingly, there is no need to programmatically validate/invalidate address. Ever. Sometimes I hear about this scenario where someone collected the addresses appropriately, but it has been years since they've sent to them and they need to ensure they are valid before they try to re-engage them. So people think it makes sense to run the list through a validation service to eliminate the obviously bad addresses before sending to the rest. Or, you could just send to this list slowly over some period of time and let the bad ones bounce and let the good ones deliver. SMTP has build in address validation. And its free :) Luke On Thu, Jan 16, 2020 at 9:54 AM Jaroslaw Rafa via mailop mailto:mailop@mailop.org> > wrote: Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze: > > Another factor that complicates things is that users are afraid to > unsubscribe (to send the signal directly to the marketer) > 1) when the message was obviously unsolicited > 2) because they're constantly told not to click on links within spam > messages Myself, I never unsubscribe from any mass mailings if I didn't previously knowingly and willingly subscribe to them (and I very rarely subscribe to any). I guess that's pretty reasonable approach. If I didn't subscribe and someone is sending me mass mailings nevertheless, these people do not qualify to send them any "direct signals", because they will most likely ignore it (or even treat the "unsubscribe" operation as a confirmation that I actually read their messages, so they will put me on more mailing lists). I didn't subscribe to their mailings, why should I ask them to unsubscribe me? The only thing to be done about such messages is to delete them or block the senders if they send too much. -- Regards, Jaroslaw Rafa r...@rafa.eu.org <mailto:r...@rafa.eu.org> -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org <mailto:mailop@mailop.org> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On Thu, Jan 16, 2020, 9:29 AM Jay Hennigan via mailop wrote: > On 1/16/20 07:44, Jesse Thompson via mailop wrote: > > > On the other side of the coin, recipients within the same institution > > are constantly baffled why they keep getting unsolicited marketing from > > companies who, by all appearances, are playing by the rules (except for > > the unsolicited part, of course) and can't realistically be classified > > as spam by anyone who assumes that marketers aren't all skirting the > rules. > > ...(except for the unsolicited part, of course)... > > ...can't realistically be classified as spam... > > Isn't that the very definition of spam? It's unsolicited, it's bulk, and > it's email. > Going by spam is what the receiver thinks, many business customers tend to view most marketing from consumer stuff as spam, even if opt-in (ie, Target), but are typically more welcoming to things that are closer to their business use cases, including conferences and even some more direct sales like messages. Many of those aren't quite as bulk as the more consumer oriented spam. There's also often multiple people involved in receiving, so the admins having some control, or corporate policies, overriding the specific employees. Which is just a way of saying that different receivers have different ideas about spam, and one size fits all doesn't. There's a lot more gray then one would like. > Another factor that complicates things is that users are afraid to > > unsubscribe (to send the signal directly to the marketer) > > 1) when the message was obviously unsolicited > > 2) because they're constantly told not to click on links within spam > > messages > > IMHO, they shouldn't unsubscribe. This validates their address and the > fact that they open and read spam. Unsubscribing to spam gets your > address sold to other spammers as "One who has responded to similar > messages." They should report the spam as abuse. And, as you suggest, > the unsubscribe link could very well be malware. > I'd say if it's even remotely gray mail, and not pure spam, go for the unsubscribe. On Gmail, we only provide a ui unsub link if the sender reputation is ok, for example, but arguably anything from a mainstream esp or company is fine to unsub from. I see a lot of local companies and non-profits who have bad sending practices and often go to spam that are completely fine to unsub from, for example, and helps clear out the spam label to make it easier to find the false positives. This is also informed both by the prevalence of spam (something like 90% of active users get a spam a week) and the effectiveness of our spam filters. When I see other folks saying they don't get much spam, only 5 or more messages a day past their filters... I can understand why they don't want to get anymore. I don't believe spammers are really selling clean lists, our experience is they email everyone they possibly can. Maybe there are some dark gray spammers who try to use various legitimate delivery techniques to curate their lists and expand their inboxing, but they seem to mostly want to work around spam filter weaknesses instead of trying to be more legit. Brandon > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
There are probably some legitimate use cases, such as pre-email validation attempts before even emailing for opt-in (ie, validating form subscriptions), and I imagine most esps have their own validation they use when a customer gives them a new address or list, though that's mostly trying to determine whether the list/customer is legitimate or not. You can probably even expand that list checking to see if it has a high equivalence to other bad lists you've seen in the past. Ie, even a single message to a spamtrap can be bad for their delivery, so it behooves them to try to prevent even one. I doubt most honeypots are distinguishing between seemingly legitimate coi requests. Not quite washing in the same sense, of course. Brandon On Thu, Jan 16, 2020, 9:38 AM Luke via mailop wrote: > I actually work for a company that sells a validation tool as a part of > our platform and I'm still pretty confused by the appeal of such a thing. > As Mr. Wise said before, "bounce processing!" > > I want to believe a legitimate use case for validation exists but if you > collect addresses in an appropriate manner, monitor engagement, pay > attention to bounces and suppress addresses accordingly, there is no need > to programmatically validate/invalidate address. Ever. > > Sometimes I hear about this scenario where someone collected the addresses > appropriately, but it has been years since they've sent to them and they > need to ensure they are valid before they try to re-engage them. So > people think it makes sense to run the list through a validation service to > eliminate the obviously bad addresses before sending to the rest. Or, you > could just send to this list slowly over some period of time and let the > bad ones bounce and let the good ones deliver. SMTP has build in address > validation. And its free :) > > Luke > > On Thu, Jan 16, 2020 at 9:54 AM Jaroslaw Rafa via mailop < > mailop@mailop.org> wrote: > >> Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze: >> > >> > Another factor that complicates things is that users are afraid to >> > unsubscribe (to send the signal directly to the marketer) >> > 1) when the message was obviously unsolicited >> > 2) because they're constantly told not to click on links within spam >> > messages >> >> Myself, I never unsubscribe from any mass mailings if I didn't previously >> knowingly and willingly subscribe to them (and I very rarely subscribe to >> any). I guess that's pretty reasonable approach. >> >> If I didn't subscribe and someone is sending me mass mailings >> nevertheless, >> these people do not qualify to send them any "direct signals", because >> they >> will most likely ignore it (or even treat the "unsubscribe" operation as a >> confirmation that I actually read their messages, so they will put me on >> more mailing lists). I didn't subscribe to their mailings, why should I >> ask >> them to unsubscribe me? The only thing to be done about such messages is >> to >> delete them or block the senders if they send too much. >> -- >> Regards, >>Jaroslaw Rafa >>r...@rafa.eu.org >> -- >> "In a million years, when kids go to school, they're gonna know: once >> there >> was a Hushpuppy, and she lived with her daddy in the Bathtub." >> >> ___ >> mailop mailing list >> mailop@mailop.org >> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop >> > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
I actually work for a company that sells a validation tool as a part of our platform and I'm still pretty confused by the appeal of such a thing. As Mr. Wise said before, "bounce processing!" I want to believe a legitimate use case for validation exists but if you collect addresses in an appropriate manner, monitor engagement, pay attention to bounces and suppress addresses accordingly, there is no need to programmatically validate/invalidate address. Ever. Sometimes I hear about this scenario where someone collected the addresses appropriately, but it has been years since they've sent to them and they need to ensure they are valid before they try to re-engage them. So people think it makes sense to run the list through a validation service to eliminate the obviously bad addresses before sending to the rest. Or, you could just send to this list slowly over some period of time and let the bad ones bounce and let the good ones deliver. SMTP has build in address validation. And its free :) Luke On Thu, Jan 16, 2020 at 9:54 AM Jaroslaw Rafa via mailop wrote: > Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze: > > > > Another factor that complicates things is that users are afraid to > > unsubscribe (to send the signal directly to the marketer) > > 1) when the message was obviously unsolicited > > 2) because they're constantly told not to click on links within spam > > messages > > Myself, I never unsubscribe from any mass mailings if I didn't previously > knowingly and willingly subscribe to them (and I very rarely subscribe to > any). I guess that's pretty reasonable approach. > > If I didn't subscribe and someone is sending me mass mailings nevertheless, > these people do not qualify to send them any "direct signals", because they > will most likely ignore it (or even treat the "unsubscribe" operation as a > confirmation that I actually read their messages, so they will put me on > more mailing lists). I didn't subscribe to their mailings, why should I ask > them to unsubscribe me? The only thing to be done about such messages is to > delete them or block the senders if they send too much. > -- > Regards, >Jaroslaw Rafa >r...@rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub." > > ___ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On 1/16/20 07:44, Jesse Thompson via mailop wrote: On the other side of the coin, recipients within the same institution are constantly baffled why they keep getting unsolicited marketing from companies who, by all appearances, are playing by the rules (except for the unsolicited part, of course) and can't realistically be classified as spam by anyone who assumes that marketers aren't all skirting the rules. ...(except for the unsolicited part, of course)... ...can't realistically be classified as spam... Isn't that the very definition of spam? It's unsolicited, it's bulk, and it's email. Another factor that complicates things is that users are afraid to unsubscribe (to send the signal directly to the marketer) 1) when the message was obviously unsolicited 2) because they're constantly told not to click on links within spam messages IMHO, they shouldn't unsubscribe. This validates their address and the fact that they open and read spam. Unsubscribing to spam gets your address sold to other spammers as "One who has responded to similar messages." They should report the spam as abuse. And, as you suggest, the unsubscribe link could very well be malware. -- Jay Hennigan - j...@west.net Network Engineering - CCIE #7880 503 897-8550 - WB6RDV ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze: > > Another factor that complicates things is that users are afraid to > unsubscribe (to send the signal directly to the marketer) > 1) when the message was obviously unsolicited > 2) because they're constantly told not to click on links within spam > messages Myself, I never unsubscribe from any mass mailings if I didn't previously knowingly and willingly subscribe to them (and I very rarely subscribe to any). I guess that's pretty reasonable approach. If I didn't subscribe and someone is sending me mass mailings nevertheless, these people do not qualify to send them any "direct signals", because they will most likely ignore it (or even treat the "unsubscribe" operation as a confirmation that I actually read their messages, so they will put me on more mailing lists). I didn't subscribe to their mailings, why should I ask them to unsubscribe me? The only thing to be done about such messages is to delete them or block the senders if they send too much. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On 1/6/20 2:04 PM, John Johnstone via mailop wrote: > It is interesting how quiet it is on this topic. IMO, that's because it falls into the "I know it when I see it, but I can't realistically prevent it" category. Legitimate marketers (for example, some people within my own institution) have a real interest in keeping their old, yet legitimately obtained, lists clean of addresses that are obviously no longer valid, and they have a real apprehension to completely throw away their lists and start over. Some of the savvy marketers will contract with an email validation service to solve this challenge. Sometimes it leaves them with a foul taste in their mouth once they realize the privacy conundrum (at least, that's the story I tell myself). On the other side of the coin, recipients within the same institution are constantly baffled why they keep getting unsolicited marketing from companies who, by all appearances, are playing by the rules (except for the unsolicited part, of course) and can't realistically be classified as spam by anyone who assumes that marketers aren't all skirting the rules. Another factor that complicates things is that users are afraid to unsubscribe (to send the signal directly to the marketer) 1) when the message was obviously unsolicited 2) because they're constantly told not to click on links within spam messages Maybe more ISPs and MUAs should leverage the List-Unsubscribe-Post process server-side when users click their Report Spam buttons. Maybe I'm grasping at straws here... Jesse ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On 1/3/20 3:14 PM, Michael Peddemors via mailop wrote: Our team is discussing this internally, and curious about others position on addressing list washing services.. Some are better than others of course, identifying themselves correctly.. But then there are those on Digital Ocean or AWS that use throwaway domains, or no clear identifiers.. While the idea of 'validating' an email address seems like a logical thing to do, some of the list washing services appear to be just used to wash old lists, or email address harvesting.. What is the position of the industry on these issues.. Would love to hear opinions and practices being used on list washers.. It is interesting how quiet it is on this topic. A quick review of logs here shows a new trend of the validators using Google and Microsoft as their sending platform. I would guess to reduce the likelihood of being blocked. 209.85.160.197 ductri54...@gmail.com 209.85.221.65 nguyenvanviet...@gmail.com 40.92.253.15 yzchiqui...@outlook.com 209.85.210.71 blueeyedinfec...@gmail.com 40.92.41.32 wjadomini...@outlook.com 40.92.91.99 anggiles...@outlook.com 40.92.75.50 qifredd...@outlook.com 209.85.166.197 ledang2...@gmail.com 209.85.167.68 quynhtrang...@gmail.com 209.85.219.196 nguyenvanlong...@gmail.com 209.85.160.195 phuonghoa...@gmail.com 209.85.166.66 phamthuha...@gmail.com 209.85.208.66 minhthuy3243...@gmail.com 40.92.42.90 fayyazmub...@hotmail.com 209.85.166.72 lethivankieu1...@gmail.com 209.85.217.70 nguyenhothanh52...@gmail.com 209.85.166.194 hoangthihuong...@gmail.com Perhaps in addition to our large providers considering the inbound attempts of validators as BlockOnSight, they can also consider the validators outbound efforts as BlockOnSight also. - John J. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
On Fri, 3 Jan 2020 12:14:02 -0800, Michael Peddemors via mailop wrote: >What is the position of the industry on these issues.. I am sometimes asked for our opinion on which "address verification" service we might recommend when providing our deliverability consulting service, usually as part of launching a new customer for our software. If they are also hosted on our network (our "cloud" solution) I point out that, if they intend to upload and send to a washed list, we will know about it almost immediately, and will notify them that they have been terminated for AUP violations. For others ("on prem" solution), depending on my mood and the apparent character of the customer (total babe-in-the-woods, ambitious newbie, seasoned spammer) I tend to ask how much money they have to waste. You are paying someone else to burn down their IP range determining whether some finite quantity of spamtrap addresses are valid at RCPT TO time. One poor sod, who gave up after a major network provider toasted their account due to Spamhaus, SpamCop, SORBS, and other issues, noted in sorrow that he had spent close to $5K getting to that point. Perhaps he can take up chinchilla ranching. mdr -- "There will be more spam." -- Paul Vixie ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..
Our team is discussing this internally, and curious about others position on addressing list washing services.. Some are better than others of course, identifying themselves correctly.. But then there are those on Digital Ocean or AWS that use throwaway domains, or no clear identifiers.. While the idea of 'validating' an email address seems like a logical thing to do, some of the list washing services appear to be just used to wash old lists, or email address harvesting.. What is the position of the industry on these issues.. Eg.. Jan 3 09:13:07 be msd[875]: EHLO command received, args: lfuzemail.co Jan 3 09:13:07 be msd[875]: MAIL command received, args: FROM: BODY=8BITMIME Jan 3 09:13:07 be msd[875]: MAIL FROM address: [verif...@lfuzemail.co] Jan 3 09:13:08 be msd[875]: RCPT command received (104.248.175.86), args: TO:<39hf7du28t8g5q0eb...@velocitynetworks.ca> Jan 3 09:13:08 be msd[875]: RCPT address [39hf7du28t8g5q0eb...@redaccted.ca] is local Jan 3 09:13:08 be msd[875]: 39hf7du28t8g5q0eb...@redaccted.ca BLOCKED as non-valid user (104.248.175.86) I think this is a test address to verify if the server supports valid user checking in the SMTP layer.. Jan 3 09:13:08 be msd[875]: RCPT command received (104.248.175.86), args: TO: Jan 3 09:13:08 be msd[875]: Doing server-wide checks Jan 3 09:13:08 be msd[875]: Looking up domain lfuzemail.co (this may take a while) Jan 3 09:13:08 be msd[875]: Done server-wide checks Jan 3 09:13:08 be msd[875]: RCPT address [REDACCTED] is local Jan 3 09:13:08 be msd[875]: REDACCCTED BLOCKED as non-valid user (104.248.175.86) Jan 3 09:13:08 be msd[875]: QUIT command received, args: host -t TXT lfuzemail.co lfuzemail.co descriptive text "v=spf1 include:_spf.google.com ~all" lfuzemail.co descriptive text "google-site-verification=6RebLaieQA1-0bYkmXM1r4blrusAGXJSHqGnNUTq1Fc" And of course, the SPF records don't jive with attempting to connect/send from Digital OceanIP Space.. Would love to hear opinions and practices being used on list washers.. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop