[mailop] Information About the Issue with Delivering to Gmail from Microsoft

[Anne P. Mitchell, Esq. via mailop]

I have been waiting to post this until I could get permission, which I just 
have.  We have been working with a sender having the issue of Google (Gmail) 
rejecting all email coming from their Microsoft account, giving a "domain 
reputation issue" response.   We knew it was an issue specific to Microsoft 
sending to Gmail, as in fact the same domain had no issue at all delivering to 
Gmail from other platforms, we had gone over their authentication with a 
fine-toothed comb, etc., and posited that the "domain" referenced in the 
rejection notice was actually the *Microsoft* domain, and not this sender's.

A few days ago we received confirmation of that from the Google side:  "I can 
see that you are sending the emails from the Outlook server. Previously Outlook 
was using IPV6 to send the emails then all of the emails were marked as spam 
just because of the reputation. And due to that past interaction, whatever 
emails coming from Outlook IPV6, Gmail has detected them as spam and just to 
protect our end user, they are rejecting the emails."

And now, just a few minutes ago, from Microsoft:

"Our teams have been in contact with the Google team over these issues, 
apparently it was affecting some other users as well."

This of course doesn't mean that the issue is resolved, but it does mean that 
both sides are acknowledging the issue, and we have noted that the sender with 
whom we were working (which is what led to these dialogues with Google and 
Microsoft) is now able to deliver to Gmail.

Simon Branch, you posted about having this issue, has it resolved for you?

Anne

__
Get the Good Sender Seal of Approval!  Our Good Senders List™ email 
certification and deliverability assistance is respected around the world so 
that the email you send goes to the inbox, not the junk folder.  Learn more at 
gettotheinbox.com

Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Get to the Inbox by ISIPP SuretyMail
Creator of the term 'deliverability' and co-founder of the deliverability 
industry
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Board of Directors, Denver Internet Exchange

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ongoing issue with sending emails to Gmail / Google hosted domains from our MS 365 Tenant

[Anne P. Mitchell, Esq. via mailop]

Just to validate Simon's issue, we are working with a sender having the exact 
same issue.  What's more, the domain clearly is *not*  "likely suspicious due 
to the very low reputation of the sending domain", as the exact same sending 
domain has zero issue sending to Gmail from Mailchimp and Netsuite.  It is 
*only* an issue when sending from Microsoft to Gmail.  This sender is doing 
everything right, and their PMT generally looks great, but the outright 
rejection of email from Microsoft persists.

Our theory is that as they are being delivered from Mailchimp and Netsuite, 
which are bulk sends, the sender has been classified as "bulk sender" somewhere 
in the Gmail system, and so they are looking for unsub headers in the 
Microsoft-sent email (all of which are transactional, such as receipts, 
correspondence, etc.).  It's the only thing that makes sense (for some value of 
'sense'); either that or Gmail is complaining about the *Microsoft* domain from 
which these are being sent.  (Again, all authentication is correct.)

There is no dedicated IP address here because these are transactional emails, 
and Microsoft requires sending volumes of above 1million at least 3x a week.  
(So yeah, it could be the Microsoft domain about which Gmail is complaining but 
that somehow seems even less likely than the other theory.)

Anne

--- 
Anne P. Mitchell, Esq.
Internet Law & Policy Attorney
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and co-founder of the deliverability 
industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)



> On May 20, 2024, at 8:55 AM, Michael Irvine via mailop  
> wrote:
> 
> Hi, 
>  
> Please share the Domain name and IP address that is having the issues so that 
> we can better assist. If possible, can you also share the email header of an 
> email that is failing.
>  
> As for the error,  Gmail is clearly seeing an issue with the domain in the 
> SPF and DKIM records. It is very possible that the SPF while correct, has too 
> much calls and does not complete the check.
>  
> They have posted in their guide that in April 2024, they will start to BLOCK 
> emails that do not have the following 
> (https://support.google.com/a/answer/14229414?hl=en#bulk-sender-def&:~:text=Sender%20guidelines%20enforcement):
>  
> The table below describes the enforcement timeline and will be updated as 
> needed:
> Sender requirement
> Enforcement
> SPF and DKIM authentication
> Gmail From: header impersonation
> From: header alignment
> Valid forward and reverse DNS records
> Messages formatted according RFC 5322
> Messages sent using TLS
> Temporary failures with error codes
>  
>  
> Starting in April 2024, we’ll begin rejecting non-compliant traffic. 
> Rejection will be gradual and will impact non-compliant traffic only. We 
> strongly recommend senders use the temporary failure enforcement period to 
> make any changes required to become compliant.
> Enforcement for these requirements will begin no earlier than June 2024:
>   • DMARC record with a minimum policy of none (p=none). Learn more about 
> DMARC record values.
>   • One-click unsubscribe in marketing messages
>   • Mitigations unavailable when user-reported spam rates exceed 0.3% or 
> if the sender has not met the authentication or one-click unsubscribe 
> requirements.
>  
> Gmail is blocking you based on the information above and your error.
>  
>  
> Michael Irvine
>  
> From: mailop  On Behalf Of Simon Branch via mailop
> Sent: Monday, May 20, 2024 01:26
> To: mailop@mailop.org
> Subject: [mailop] Ongoing issue with sending emails to Gmail / Google hosted 
> domains from our MS 365 Tenant
>  
> CAUTION: This email originated from outside of the organization. Do not click 
> any links or open attachments unless you recognize the sender and know the 
> content is safe.
>  
> 
> Hello,
>  
> This is my second time of posting about this issue, which involves messages 
> sent from our MS 365 Tenant being rejected by Google’s mail servers.
>  
> Around the beginning of April, several of our users started to get messages 
> bouncing back, when sending messages to Google-hosted domains.
>  
> The error received each time was as follows:
>  
> Error:
> 550 5.7.350 Remote server returned message detected as spam -> 550 5.7.1 
> [2a01:111:f403:261b::701 19] Gmail has detected that this message;is likely 
> suspicious due to the very low reput

Re: [mailop] Anyone from Microsoft?

[Anne P. Mitchell, Esq. via mailop]

> On Mar 5, 2024, at 11:36 PM, Michael Rathbun via mailop  
> wrote:
> 
> You might wish to consider omphaloskepsis.  The chances of a useful outcome
> will be closely similar.

I think that's a bit unfair.  Omphaloskepsis can lead to, lint detection, which 
can be quite useful.

Anne

--- 
Anne P. Mitchell, Esq.
Internet Law & Policy Attorney
CEO ISIPP SuretyMail Sender Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Anne P. Mitchell, Esq. via mailop]

> On Feb 24, 2024, at 12:41 PM, Andrew C Aitchison  
> wrote:
> 
> Do you read "visiting a single Internet Web page"
> as excluding interaction with that page ?
> 
> If so, how do I provide my opt-out preferences by ...
> "visiting a single Internet Web page" ?

A strict construction of that language would suggest to me that yes, that's 
what it says - *however*, I also don't think that's what was intended, and it 
is on these ambiguous (regardless of how slightly) turns of phrase that entire 
cases are decided.  

If I were brought in on a case that turned on deciding what this language 
meant, I could argue either side, and convincingly so, I believe.

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Anne P. Mitchell, Esq. via mailop]

> 
> You're confusing unrelated things. The one-click unsubscribe is
> literally one click, no intermediate web page or anything returned to
> the user. It's intended for mail systems that do the unsub on the
> user's behalf. The most familiar is Gmail, where you can click the
> junk button, and it sometimes gives you the option to unsubscribe
> instead.

No I'm not, I'm simply adding to the general conversation, as somewhere in the 
thread there was talk about removing the link altogether, and I'm pointing out 
that Federal law mandates a one-step method; completely removing an unsub link 
(and, for example, relying on the one-step in the header) could open one up to 
risk.

> I'd be interested to see case law saying that the usual
> two-click unsub is illegal. I'm pretty sure there isn't any.

I would too, but of course that part of the law has never been litigated, and I 
think it's unlikely to. When we are asked whether it's ok to have a two-step 
method, even though a one-step is implicit in the law's "visiting a single 
Internet Web page" (i.e. having to click 'submit' on that page takes you to a 
second page, making it not 'visiting a single Internet Web page") we answer 
based on experience and pragmatism:  no Federal agency is likely to come after 
you for having that second step, so long as you are doing everything else that 
you are supposed to.

Where I think that it's going to get interesting is when senders start removing 
the visible, in the body, unsub link that people are used to looking for, and 
relying _only_ on the header-embedded unsub.  And that is more likely from 
where the litigation will come.

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Anne P. Mitchell, Esq. via mailop]

> On Feb 23, 2024, at 4:59 PM, John Levine via mailop  wrote:
> 
> 'd leave the links in the bodies for now. A lot of mail programs give
> you a way to use the ones in the header, but some major ones like
> Outlook still don't.

Not to mention that Federal law requires a one-step unsubscribe method.

As I often seem to get challenged on this, here is the text of the law:

"§ 316.5 Prohibition on charging a fee or imposing other requirements on 
recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that 
any recipient pay any fee, provide any information other than the recipient’s 
electronic mail address and opt-out preferences, or take any other steps except 
sending a reply electronic mail message or visiting a single Internet Web page, 
in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, 
required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future 
commercial electronic mail messages from a sender; or

(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and 
(a)(4)."

You can read more about it, in plain English, here:

https://www.isipp.com/a-one-step-unsubscribe-is-required-by-federal-law/

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Anne P. Mitchell, Esq. via mailop]

> On Jan 12, 2022, at 11:30 PM, Jay Hennigan via mailop  
> wrote:
> 
> A single acknowledgement of a successful unsubscribe is fine, but don't make 
> them jump through another flaming hoop. 

It's also a violation of Federal law, which requires a "one-step unsubscribe 
method".

Anne

--
Anne P. Mitchell, Attorney at Law
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
In-house Counsel: Mail Abuse Prevention System (MAPS) (Closed in 2004)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Bizarre GDPR/CCPA scam spam from Princeton researchers)

[Anne P. Mitchell, Esq. via mailop]

P.S.  These two notes from Jonathan Mayer are appended to the 
https://privacystudy.cs.princeton.edu/ site;  the newest is from yesterday.

Note from Jonathan Mayer, the Principal Investigator (Saturday, December 18 @ 
11:30pm)

Hi, my name is Jonathan Mayer. I’m the Principal Investigator for this academic 
research study. I have carefully read every single message sent to our research 
team, and I am dismayed that the emails in our study came across as security 
risks or legal threats. The intent of our study was to understand privacy 
practices, not to create a burden on website operators, email system operators, 
or privacy professionals. I sincerely apologize. I am the senior researcher, 
and the responsibility is mine.

The touchstone of my academic and government career, for over a decade, has 
been respecting and empowering users. That’s why I study topics like web 
tracking, dark patterns, and broadband availability, and that’s why I launched 
this study on privacy rights. I aim to be beyond reproach in my research 
methods, both out of principle and because my work often involves critiquing 
powerful companies and government agencies. In this instance, I fell short of 
that standard. I take your feedback to heart, and here is what I am doing about 
it.

First, our team will not send any new automated inquiries for this study. We 
suspended sending on December 15, and that is permanent.

Second, our team is prioritizing a possible one-time follow-up email to 
recipients, identifying the academic study and recommending that they disregard 
the prior email. If that is feasible, and if experts in the email operator 
community agree with the proposal, we will send the follow-up emails as 
expeditiously as possible.

Third, I will use the lessons learned from this experience to write and post a 
formal research ethics case study, explaining in detail what we did, why we did 
it, what we learned, and how researchers should approach similar studies in the 
future. I will teach that case study in coursework, and I will encourage 
academic colleagues to do the same. While I cannot turn back the clock on this 
study, I can help ensure that the next generation of technology policy 
researchers learns from it.

Fourth, I will engage with the communities that have contacted me about this 
study, which have already offered valuable suggestions for future directions to 
simplify, standardize, and enhance transparency for GDPR and CCPA data rights 
processes. I very much appreciate the earnest outreach so far, and I will be 
reciprocating.

If you have questions or concerns about the study, please do not hesitate to 
reach out. I gratefully acknowledge the feedback that we have received.

Thank you for reading, and again, my sincere apologies.

Update from Jonathan Mayer, the Principal Investigator (Tuesday, December 21 @ 
7:40pm)

Thank you to the website operators, email system operators, privacy 
professionals, academic colleagues, and all others who have reached out about 
our privacy rights study. I am writing to provide an update about how we are 
acting on the feedback that we have received.

Our top priority has been issuing a one-time follow-up message that identifies 
our study and that recommends disregarding prior email. We are sending those 
messages.

We have also received consistent feedback encouraging us to promptly discard 
responses to study email. We agree, and we will delete all response data on 
December 31, 2021.

Please do not hesitate to reach out with further questions or concerns, and I 
again offer my heartfelt apologies for the burdens caused by this study.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Bizarre GDPR/CCPA scam spam from Princeton researchers)

[Anne P. Mitchell, Esq. via mailop]

> 
> Yes they do communicate but they are now sugesting to spam everybody once 
> more with some explanation. ...

And here is that follow-up spam (below), note that the novatormail.ru is the 
domain from which our client originally received the email, obviously the 
domain will change depending on from where the first spam originated.  It's 
interesting to note they have started using .ru and such domains, the two that 
I personally received were from yosemitemail.com and potomacmail.com.  When I 
first received those if you went to the sending domain there was almost nothing 
there (it certainly didn't point to any useful information about the sender). 
*Now* these domains, including novatormail.ru, point to 
https://privacystudy.cs.princeton.edu/, which has been substantially updated.

Here's the follow-up spam:

Hello,

You may have recently received an email from novatormail.ru regarding your 
process for responding to General Data Protection Regulation (GDPR) or 
California Consumer Privacy Act (CCPA) data requests for the following 
domain(s): cybergreen.net. Please disregard that email.

The email was sent as part of an academic research study on GDPR and CCPA, 
which we have concluded. We will delete all responses received on December 31, 
2021. We sincerely apologize for any burdens caused by our study.

If you would like more information about the study or to contact our research 
team, please see: https://privacystudy.cs.princeton.edu.

Sincerely,

Princeton-Radboud Study on Privacy Law Implementation

---

Anne

---
Anne P. Mitchell,  
Attorney at Law
CEO Get to the Inbox by SuretyMail,
Your outsourced email deliverability team

Author: Section 6 of the Federal Email Marketing Anti-Spam Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cyber Security, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

[Anne P. Mitchell, Esq. via mailop]

Yuval this is awesome, and an awesome result!

FWIW, this is what I told Jonathan (after two previous replies/re-replies), 
yesterday morning, in part - cc:ed to the chair of the compsci department, and 
the Princeton legal department:

He wrote:

> Thank you for reaching out about our research on the European Union General 
> Data Protection Regulation (GDPR) and the California Consumer Privacy Act 
> (CCPA). A component of the study involves requesting information from 
> websites about how they have implemented the consumer data access provisions 
> of the GDPR and the CCPA. Both the GDPR and CCPA provide for these types of 
> information requests. We would be glad to answer any questions you have about 
> the study goals, methods, and safeguards, and we welcome any additional 
> feedback you would like to provide.

I responded:

That GDPR and CCPA provide for such requests is immaterial (not the least of 
which because neither is controlling law here).  You are in violation of U.S. 
Federal law, namely CAN-SPAM, which states, in relevant part:

‘‘§1037. Fraud and related activity in connection with electronic mail

‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, 
knowingly —

‘‘(2) uses a protected computer to relay or retransmit multiple commercial 
electronic mail messages, with the intent to deceive or mislead recipients, or 
any Internet access service, as to the origin of such messages,
‘‘(3) materially falsifies header information in multiple commercial electronic 
mail messages and intentionally initiates the transmission of such messages,
‘‘(4) registers, using information that materially falsifies the identity of 
the actual registrant, for five or more electronic
mail accounts or online user accounts or two or more domain names, and 
intentionally initiates the transmission of multiple commercial electronic mail 
messages from any combination of such accounts or domain names, or

...shall be punished as provided in subsection (b).

‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, 
if—

‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is 
an offense under subsection (a)(4)
and involved 20 or more falsified electronic mail or online user account 
registrations, or 10 or more falsified domain name registrations;
‘‘(C) the volume of electronic mail messages transmitted in furtherance of the 
offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day 
period, or 250,000 during any 1-year period;
‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more 
in value during any 1-year period;
‘‘(E) as a result of the offense any individual committing the offense obtained 
anything of value aggregating $5,000 or more during any 1-year period; or
‘‘(F) the offense was undertaken by the defendant in concert with three or more 
other persons with respect to whom the defendant occupied a position of 
organizer or leader;

As you can see, you and your team, and your actions, fit squarely within 
several of the acts detailed above, having registered domains specifically to 
send out falsified headers and false information, claiming to be individuals 
looking for information, when in fact it is not those individuals but members 
of your team, and in fact you are doing a study, not seeking such information 
as an individual, making the entire email false and misleading.

In addition, each response you have received generated a cost to the responder 
both in terms of time and, in some cases, dollar amounts as they had to pay 
their employees, and sometimes pay legal fees, to determine how to respond.

...

I then reiterated my offer that there were many professionals in the email 
receiving and policy communities who would be happy to assist them in designing 
a method to accomplish their goal in a way that does it right and does not run 
afoul of best practices, abuse polices, and the law.

His response to the above was that CAN-SPAM didn't apply as it was academic and 
not commercial email, at which point I pointed out to him that he and I both 
knew that reasonable minds can differ on what is "commercial", and it would be 
a fun court case, but that at this point I was going to bow out and watch from 
the sidelines.  I figured with my two emails going to the department chair, and 
the legal department, and Yuval's email, someone there would hit 'pause' on it.

So, again, Yuval, well done!  We make a good 'good cop bad cop' team! ;-)

Anne

Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Law
Board of Directors, Denver Internet Exchange
Professor Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist


> On Dec 17, 2021, at 7:40 AM, yuv via mailop  wrote:
> 
> UPDATE:
> 
> * I had waited for the answer to my direct note to Jonathan Mayer and
> fell asleep.  It arrived at 01:44 EST.  This morning I 

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

[Anne P. Mitchell, Esq. via mailop]

As a follow up, to my letter, I received the following:

> Thank you for reaching out about our research on the European Union General 
> Data Protection Regulation (GDPR) and the California Consumer Privacy Act 
> (CCPA). A component of the study involves requesting information from 
> websites about how they have implemented the consumer data access provisions 
> of the GDPR and the CCPA. Both the GDPR and CCPA provide for these types of 
> information requests. We would be glad to answer any questions you have about 
> the study goals, methods, and safeguards, and we welcome any additional 
> feedback you would like to provide.
> 
> Sincerely,
> Jonathan

That was really the wrong response.  I responded explaining *exactly* how they 
are in violation of U.S. Federal law (CAN-SPAM), and I cc:ed the chair of the 
compsci department, and Princeton's general legal counsel.  If you are going to 
send something, please let it be soon so as to make clear that I'm not a single 
cartoony voice crying in the wilderness.

FWIW, here is the section of CAN-SPAM of which they are in violation:

‘‘§1037. Fraud and related activity in connection with electronic mail

‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, 
knowingly —

‘‘(2) uses a protected computer to relay or retransmit multiple commercial 
electronic mail messages, with the intent to deceive or mislead recipients, or 
any Internet access service, as to the origin of such messages,
‘‘(3) materially falsifies header information in multiple commercial electronic 
mail messages and intentionally initiates the transmission of such messages,
‘‘(4) registers, using information that materially falsifies the identity of 
the actual registrant, for five or more electronic
mail accounts or online user accounts or two or more domain names, and 
intentionally initiates the transmission of multiple commercial electronic mail 
messages from any combination of such accounts or domain names, or

...shall be punished as provided in subsection (b).

‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, 
if—

‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is 
an offense under subsection (a)(4)
and involved 20 or more falsified electronic mail or online user account 
registrations, or 10 or more falsified domain name registrations;
‘‘(C) the volume of electronic mail messages transmitted in furtherance of the 
offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day 
period, or 250,000 during any 1-year period;
‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more 
in value during any 1-year period;
‘‘(E) as a result of the offense any individual committing the offense obtained 
anything of value aggregating $5,000 or more during any 1-year period; or
‘‘(F) the offense was undertaken by the defendant in concert with three or more 
other persons with respect to whom the defendant occupied a position of 
organizer or leader;

---

Anne

Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Law
Board of Directors, Denver Internet Exchange
Professor Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] New "What is your GDPR" or "What is your CCPA" policy email scam?

[Anne P. Mitchell, Esq. via mailop]

On Friday, we received the following email, purporting to be asking about GDPR 
policies for our property The Internet Patrol:

From: tomhar...@yosemitemail.com:
Subject: Questions About GDPR Data Access Process for theinternetpatrol.com

To Whom It May Concern:

My name is Tom Harris, and I am a resident of Sacramento, California. I have a 
few questions about your process for responding to General Data Protection 
Regulation (GDPR) data access requests:

• Would you process a GDPR data access request from me even though I am 
not a resident of the European Union?
• Do you process GDPR data access requests via email, a website, or 
telephone? If via a website, what is the URL I should go to?
• What personal information do I have to submit for you to verify and 
process a GDPR data access request?
• What information do you provide in response to a GDPR data access 
request?
To be clear, I am not submitting a data access request at this time. My 
questions are about your process for when I do submit a request.

Thank you in advance for your answers to these questions. If there is a better 
contact for processing GDPR requests regarding theinternetpatrol.com, I kindly 
ask that you forward my request to them.

I look forward to your reply without undue delay and at most within one month 
of this email, as required by Article 12 of GDPR.

Sincerely,

Tom Harris

---

Now, when I saw it, my spidey sense tingled a bit (referring to the property as 
a URL, a US-based individual asking about GDPR with a US-based outlet, etc.). 
And the from domain seemed..interesting.  (Created in March of 2020.)  Nothing 
seemed *obviously* off, so we responded politely. 

The next day, we got *this* email:

From: kurtmayf...@potomacmail.com
Subject: Questions About CCPA Data Access Process for theinternetpatrol.com

To Whom It May Concern:

My name is Kurt Mayfair, and I am a resident of Norfolk, Virginia. I have a few 
questions about your process for responding to California Consumer Privacy Act 
(CCPA) data access requests:

• Would you process a CCPA data access request from me even though I am 
not a resident of California?
• Do you process CCPA data access requests via email, a website, or 
telephone? If via a website, what is the URL I should go to?
• What personal information do I have to submit for you to verify and 
process a CCPA data access request?
• What information do you provide in response to a CCPA data access 
request?
To be clear, I am not submitting a data access request at this time. My 
questions are about your process for when I do submit a request.

Thank you in advance for your answers to these questions. If there is a better 
contact for processing CCPA requests regarding theinternetpatrol.com, I kindly 
ask that you forward my request to them.

I look forward to your reply without undue delay and at most within 45 days of 
this email, as required by Section 1798.130 of the California Civil Code.

Sincerely,

Kurt Mayfair

---

potomocmail.com having identical creation/registration details as 
yosemitemail.com

Both being sent out through Amazon SES, so nothing much useful in the headers 
that I could see. NO links, no anything other than what's in the above email.

We're trying to figure out just what exactly the scam is...anybody have any 
thoughts? Anybody else seeing this?

Anne

--
Anne P. Mitchell, Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WhatCounts/Costco silliness

[Anne P. Mitchell, Esq. via mailop]

Here is what CAN-SPAM requires, following the updated rules issued by the FTC 
in May of 2008; this is the "single step" requirement:

§ 316.5 Prohibition on charging a fee or imposing other requirements on 
recipients who wish to opt out.

Neither a sender nor any person acting on behalf of a sender may require that 
any recipient pay any fee, provide any information other than the recipient's 
electronic mail address and opt-out preferences, or take any other steps except 
sending a reply electronic mail message or visiting a single Internet Web page, 
in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, 
required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future 
commercial electronic mail messages from a sender; or

(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and 
(a)(4).

From: https://www.ecfr.gov/current/title-16/part-316

Anne
---

Anne P. Mitchell, 
Attorney at Law
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SendX?

[Anne P. Mitchell, Esq. via mailop]

We have someone asking us for info on SendX, their reputation, etc., and 
honestly we have never heard of them; while ordinarily we would consider that 
in and of itself as a data point, I'm wondering if anybody has any experience 
with them?

Anne

---
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Got any users in Texas? Better turn off your spam filters by Dec 2

[Anne P. Mitchell, Esq. via mailop]

> On Sep 23, 2021, at 9:08 PM, John Levine via mailop  wrote:
> 
> It appears that Jarland Donnell via mailop  said:
>>> * “the provider has a good faith, reasonable belief that the message
>>> contains malicious computer code, obscene material, material depicting
>>> sexual conduct, or material that violates other law”
>> 
>> And guess what I have on all of my spam filters? Good faith, reasonable 
>> evidence and belief that it contains material which violates the law: 
>> https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003
> 
> CAN SPAM *allows* you to filter but it does not *require* you to filter.  
> Under CAN SPAM,
> unsolicited ads are entirely legal if they have an opt-out link and are not 
> deceptive.

However, CAN-SPAM is Federal law, which trumps state law - even, yes, Texas law 
(editorial comment about Texas and their view of their laws withheld).

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO Get to the Inbox - We get you into the inbox!
Author: The Email Deliverability Handbook
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Email Marketing Deliverability and Best Practices Expert
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Xfinity / Comcast / rsys5.com

[Anne P. Mitchell, Esq. via mailop]

> On Sep 15, 2021, at 12:55 AM, Daniele Nicolodi via mailop  
> wrote:
> 
> I understand that industry back practice recommends to have
> "unsubscribe" links in promotional bulk messages. Shouldn't these links
> direct to some form that effectively allows to remove the recipient
> address from the distribution list?
> 
> Xfinity spamms (apparently through rsys5.com) with messages with
> "unsubscribe" links that bring to a web form whose settings have no
> effect on the reception of these promotional emails.

To be clear, these are requirements of *Federal law* (CAN-SPAM), not just 
industry practice.

Anne
--
Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Email Marketing Deliverability and Best Practices Expert
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] MailChimp to be Acquired by Intuit

[Anne P. Mitchell, Esq. via mailop]

So this is apparently happening:

> Begin forwarded message:
> 
> From: Ben Chestnut, Mailchimp  >
> Subject: Big News from Mailchimp: We're Planning to be Acquired by Intuit
> Date: September 13, 2021 at 1:56:01 PM PDT
> Reply-To: Ben Chestnut, Mailchimp  >
> 
> 
> To our Mailchimp customers,
> 
> My partner Dan Kurzius and I founded Mailchimp nearly 20 years ago. We’ll 
> never forget the early days in a tiny office we rented on the west side of 
> Atlanta. I sketched logo after logo before finally deciding that the monkey 
> with a mail carrier hat struck just the right tone, while Dan sat next to me 
> writing code and talking with customers. 
> 
> We both come from entrepreneurial families. Dan’s dad owned a bakery, and my 
> mom was a small business owner who ran a hair salon out of our family 
> kitchen. From the very beginning, we always wanted to empower small 
> businesses to grow. It’s in our DNA, and it became our mission with 
> Mailchimp. For a long time, we focused on doing one thing extremely well: 
> email marketing. Customers started asking us to sprinkle the Mailchimp magic 
> on other channels, and we did. Along the way, we built an amazing team and 
> innovated fast to meet your needs, eventually building an all-in-one 
> marketing platform for small businesses. 
> 
> Today, I’m excited to share that we’re accelerating this evolution by joining 
> forces with Intuit. Read the press release here 
> .
> 
> Since day one, setting our customers up for success has been our top 
> priority, and we’re confident that our acquisition by Intuit will advance 
> that mission and secure the legacy of support for small businesses that we’ve 
> built over the last 20 years. 
> 
> Like Mailchimp, understanding small businesses is embedded in Intuit’s DNA, 
> which affirms my belief that this is the right next step for Mailchimp, our 
> employees, and importantly, our customers. Intuit is a mission-driven global 
> financial technology platform, and you might already use some of their 
> products – like TurboTax and QuickBooks – that enable small and mid-sized 
> businesses to prosper. Combining our marketing platform with Intuit’s 
> AI-driven expert platform will allow us to create products and services that 
> solve our customers’ biggest challenges, so you can thrive. 
> 
> Together with Intuit, we’ll deliver an innovative small business growth 
> engine powered by marketing automation, customer relationship management, 
> accounting and compliance, payments and expense, and e-commerce solutions, 
> creating a single source of truth for your business. We’ll also be able to 
> offer more personalized support and onboarding, expand our international 
> footprint, and scale our teams to innovate faster and deliver the solutions 
> you want and need. 
> 
> While our ownership will change once the transaction closes, which we expect 
> to happen prior to the end of Intuit’s second quarter fiscal 2022, our 
> platform will stay Mailchimp through and through: the same user-friendly 
> products and tools, the same resources and support, and the same brand you 
> know and love. In fact, our goal is for all of these things to get even 
> better as part of Intuit. And, in the meantime, you’ll have the customer 
> experience you’ve come to expect from Mailchimp – including your monthly plan 
> and 24/7 access to our award-winning support team. We know that our customers 
> and partners expect consistency and continuity as much as they expect new 
> features and functionality, and we’re committed to meeting your needs as we 
> move forward together with Intuit. We’ll keep you updated as things progress.
> 
> Thanks for trusting us to help you grow your business. At our core, Mailchimp 
> will always be the humble little monkey 
> 
>  that I sketched in those early days, and our mission to empower the underdog 
> will always be our north star. 
> 
> Onward! 
> 
> Ben Chestnut
> Co-founder and CEO
> @benchestnut 
> 
>  
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Recommendation for inbox provider?

[Anne P. Mitchell, Esq. via mailop]

All,

I know someone who is setting up a business domain, and needs an inbox host.  
Her registrar/webhost is GoDaddy and they are discontinuing their free hosted 
email, and referring people to paid Office365. It seems that all of the general 
info out there points to either 365 or Gmail.   Surely there must be others out 
there?  Anybody have one they recommend?  Bonus if they help with 
authentication setup because she is ..um...tech challenged.

Thanks!

Anne

--
Anne P. Mitchell,  Esq.
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone seen this "email warmup" pattern?

[Anne P. Mitchell, Esq. via mailop]

>> I've been catching my customers left and right lately signing up for 
>> some email warmup service.
> 
> OK, I see I've been completely out of touch with that segment of the industry.

Michael, another, somewhat related and somewhat new service model is the one 
like "MailShake", which gives the user an ESP-like interface, but then sends 
out the bulk email through the *user's* Gmail account, one at a time (and with 
no unsubscribe link, to boot).  It's disgusting.

Anne

--
Anne P. Mitchell,  Esq.
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Anne P. Mitchell, Esq. via mailop]

Brielle wrote:

> Litigation is WAY overused to resolve issues.

I generally agree.  However, on the other hand it's a pretty good way to get 
the attention of people who *know* they are doing wrong, and continue to do it 
unrepentingly all the way to the bank.

Anne "Cartoony at Large" Mitchell

--
Anne P. Mitchell,  Esq.
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6* of the Federal Email Marketing Law (CAN-SPAM)   
 *Why yes, I *did* have a certain unrepentant coffee entity in mind 
   when I wrote the vendor liability section of CAN-SPAM
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anybody know Anthony Mitchell or Inboxsys?

[Anne P. Mitchell, Esq. via mailop]

> On May 20, 2021, at 1:32 PM, Florian Vierke via mailop  
> wrote:
> 
> I‘ve been working with Anthony a few Years back at Teradata/eCircle. He 
> joined Adobe and later Inboxsys. I can confirm, that he‘s 10y+ in the 
> industry and has been to M3aawg, csa summit, was speaker at emailing 2020 
> (https://youtu.be/Snue0SHOG3g) and so on. So yes, he does have some contacts 
> ;)
> 
> We’re still running our Youtube channel deliverability.tv together, as much 
> as time allows. :)
> 
> Regarding inboxsys - it‘s a rebranding of ‚mailmike‘ and exists for a few 
> Years now as well. Mailmike was developed by Sebastiaan de Vos, formerly 
> managing Deliverability at Emarsys.
> 
> Deliverability is a small, but nice family ;)

Florian, thank you so much!  That makes us feel much better!  Happy to share 
with a colleague, but so often it's people looking for intel to use for 
nefarious purposes.  I've also been provided with an intro through LinkedIn 
from another mutual contact.  

Thank you again!

Anne

--
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anybody know Anthony Mitchell or Inboxsys?

[Anne P. Mitchell, Esq. via mailop]

All,

We've been contacted by Anthony Mitchell, representing Inboxsys.com - they are 
brand new in the deliverability space, and yet they claim to have relationships 
with all of the ISPs and ESPs; however I can find *nothing* about them, 
anywhere, other than on archive.org, which shows that they only spun up the 
service within the past 6 months.

Does anybody have any insight into Mr. Mitchell (obviously no relation) and/or 
his inboxsys.com?

Anne

--
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Registered @ Microsoft JMRP - blacklisted without feedback received

[Anne P. Mitchell, Esq. via mailop]

> On May 11, 2021, at 11:45 AM, André Peters via mailop  
> wrote:
> 
> because you MS guys are so clever,

I'd like to suggest that personal attacks, *especially* on such a trusted, 
respected member of the community - not to mention one who is one of the good 
guys, is not only unwarranted, but gouche.  Michael puts up with a *lot* to be 
here and to be helpful, he doesn't need personal attacks on top of it all.

Anne  (Who has known Michael for nearly 20 years)
--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] EmailDeliverablityReport.com?

[Anne P. Mitchell, Esq. via mailop]

Does anybody know who is behind EmailDeliverabilityReport.com?  I note it's 
only about a year old, and I want to know about the trustworthiness/reliability 
of what they are putting out - for example they are ranking ESPs based on 
deliverability... their data and info may be completely accurate based on their 
methods, but I'm always a bit suspicious of sites that purport to put out 
expert data but don't reveal who is actually behind the organization.

Anne

--
Anne P. Mitchell,  Attorney at Law
Founder/CEO, SuretyMail Email Reputation Certification & Deliverability Services
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..

[Anne P. Mitchell, Esq. via mailop]

> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop  
> wrote:
> 
> You can not trust users to identify spam. 

Sure you can.  You can trust them to identify what *they* consider to be spam.  
It just doesn't jive with what we consider to be spam. 

That is, always has been, and always will be part of the problem.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] scam prevention

[Anne P. Mitchell, Esq. via mailop]

> Background:
> 
> Some people at work fell for a scam email  where the From line was
> 
> From: =?UTF-8?Q?Darren_Smith=C2=A0?= 

We have been beating this drum for ages, most recently here:

https://www.theinternetpatrol.com/warning-having-email-display-senders-contact-image-and-info-helps-scammers-get-in-through-the-cracks/

..which implores businesses to get rid of the so-called 'friendly' name (the 
same thing you are talking about) and includes an example where a company was 
scammed out of $4million dollars with exactly this method - hopefully your 
company's losses were much less. :-(

Anne
--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Suddenlink Contact

[Anne P. Mitchell, Esq. via mailop]

> Is there anyone with Suddenlink on this list, or does anyone have any 
> contacts with them, if so please contact me off list.  It seems that emails 
> sent to their postmaster account bounce.

Having *just* gone 'round with them on this for a client, and (after many 
emails and phone calls) getting a response, what we have learned is that you 
actually need to speak with Synchronoss - Synchronoss is their inbound border 
patrol, so to speak, and it is Synchronoss who is blocking any email access to 
Suddenlink accounts.

Unfortunately I don't have a Synchronoss contact for you - in fact if anybody 
here does, please let me know!

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative and Legal Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] sendgrid.net

[Anne P. Mitchell, Esq. via mailop]

> I've been very saddened.  Sendgrid was a reputable ESP that has fallen
> from grace.  About 6-7 months ago, we started seeing pretty large
> amounts of spam from them.

Exactly - this tracks with the timeline when a) they ceased being certified by 
us, b)  certain key people who *had* been involved with making sure that 
SendGrid did the right thing left, and then c) they were acquired by Twilio.  
Acquisitions of reputable players in the email space generally lead to a 
decline in how white hat they are, because of course the acquirers are almost 
always only (or at least primarily) interested in a return on their $ 
investment (witness Habeas).

>  I've personally tried reaching out to Twilio / Sendgrid leadership to alert 
> them to the issue.

I did as well, and was assured that they have a unit whose task it is to ensure 
all Sendgrid/Twilio communications are "wanted, secure and legal."  

Sigh.

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

>> 
>> It was Mr. Charles Benn who, according to the service of process affidavit, 
>> was authorized to receive process on their behalf. 
> 
> It won't surprise you to learn that we have absolutely no clue who "Charles 
> Benn" is, literally never heard of the guy.

Steve, my working theory is that Charlie Benn is a receptionist at the W1 
communications office building which you used to list as an address;  I've seen 
this sort of scenario happen on several occasions, and the proof of service 
filed by the process server bears that out.  Of course, if he could not accept 
service for Spamhaus he should have told the process server so, instead of 
accepting service.  Given that the location is a virtual office type place, in 
which, I imagine, nobody from Spamhaus has set foot in some years (if ever), it 
makes perfect sense that nobody in our communities knows who Charlie Benn is, 
if he is the receptionist at such a place.  

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

> Another relevant piece of data. The organization that was named in the suit 
> and has received a permanent injunction against it has been voluntarily 
> dissolved and struck off the UK registry of companies. 
> 
> https://beta.companieshouse.gov.uk/company/05303831
> 
> There is no one covered under this injunction as the entity does not exist. 

They still technically (at least nominally) seemed to have an agent for service 
in London, who was served in October, 2019;  Spamhaus didn't dissolve  that 
particular UK entity until March of 2020 (see 
https://beta.companieshouse.gov.uk/company/05303831), five months after they 
were (ostensibly) served in London.  Also, SpamhausTech still lists its address 
as being in London - so under the doctrine of piercing the corporate veil (i.e. 
a court may find that they can't claim they don't exist in the UK if they have 
an affiliated entity that does) they can/could have/may be able to enforce 
against them:  https://www.spamhaustech.com/privacy-policy/

Of course, this is all basically mooted by the fact that the final judgement 
was only for $1 as DBUSA never submitted a damages accounting, and they are in 
Chapter 11, so it seems highly unlikely that they are going to spend money to 
pursue this on the off chance that they might pervail.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

>> From the judgement:
>> "The plaintiff has shown that it has complied with the Hague Convention and 
>> personally served a representative authorized to accept service of process 
>> in London."
> 
> Rule #1 of spam: Spammers lie.

Absolutely.

However, a court isn't going to take a party's word that they served someone, 
you are required to file a proof of service, which is served by someone *other* 
than the party (a process server).  Parties to a lawsuit are not allowed to 
serve process on the other party, for that very reason.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

>> Did you not read what I quoted from the Spamhaus website? They are based
>> in Switzerland and Andorra, not the UK. My assumption is that there is
>> basically no chance of any U.S. ruling being enforced in either of these
>> two countries, unless it is related to a serious crime.

I should elaborate:  Spamhaus has (had?) always had offices in London.  Perhaps 
they have moved primary operations to Switzerland an Andorra, however that 
doesn't mean that they don't still have a presence in the UK, and given that 
they were served *in* the UK, that suggests that they do, in fact, still 
maintain a presence in the UK.  Now, I don't know that for certain, but I *do* 
know for certain that they were served in the UK (according to the judgement).
> 


> From the judgement:
> 
> "The plaintiff has shown that it has complied with the Hague Convention and 
> personally served a representative authorized to accept service of process in 
> London."
> 
> Anne
> 
> --
> Anne P. Mitchell,  Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> CEO, SuretyMail Email Reputation Certification
> Advisor, Governor's Innovation Response Team Task Force
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado
> 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

> Did you not read what I quoted from the Spamhaus website? They are based
> in Switzerland and Andorra, not the UK. My assumption is that there is
> basically no chance of any U.S. ruling being enforced in either of these
> two countries, unless it is related to a serious crime.

From the judgement:

"he plaintiff has shown that it has complied with the Hague Convention and 
personally served a representative authorized to accept service of process in 
London."

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

> default judgment, Spamhaus is not a US organization or wasn't properly served 
> or whatever.


Right...the thing is that a default judgement is still a judgement.  And 
because they are in the UK doesn't mean that it can't be enforced against 
them.. in the UK.  Here are two good articles about enforcing U.S. judgements 
in the UK, in case anyone wants to read them or, you know, has insomnia:

https://www.penningtonslaw.com/news-publications/latest-news/2019/transatlantic-litigation-enforcing-us-judgments-in-england-and-wales

https://www.bclplaw.com/images/content/2/2/v2/2220/Bulletin-Enforcing-US-Judgments-American-version-August-2014.pdf

Note that the court has given DBUSA 30 days to come up with an accounting of 
how the Spamhaus listing impacted DBUSA monetarily.  Also note that DBUSA is 
now in Chapter 11 bankruptcy;  it will be interesting to see whether they 
attempt to attribute that to the SH listing.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

Following up on my own post, it was a default judgement (we just posted the 
memorandum here:

https://www.theinternetpatrol.com/databaseusa-wins-case-against-spamhaus-in-matter-of-databaseusa-v-spamhaus-in-federal-court/

..and will be adding our own commentary shortly).

DatabaseUSA has been given 30 days to determine and account for monetary 
damages and file that with the court.

Anne

> On Aug 3, 2020, at 4:46 PM, Anne P. Mitchell, Esq.  
> wrote:
> 
> This is disturbing, although I don't know any of the back story.  Is there 
> anything of which anybody is aware that would somehow change how concerning 
> this is?
> 
> --
> 
> DatabaseUSA Wins Case Against The Spamhaus Project
> 
> DatabaseUSA, a provider of data and email marketing services, has won a 
> victory over The Spamhaus Project.
> 
> A federal court found that Spamhaus defamed the company and interfered with 
> its business relations by “wrongfully listing DatabaseUSA.com on Spamhaus’s 
> domain block list from 2017 to the present.” 
> 
> DatabaseUSA suffered “damage to its reputation, a loss of customers, and loss 
> of potential revenue as a result of Spamhaus’s defamation and tortious 
> interference,” wrote Senior U.S. District Judge Joseph F. Bataillon in an 
> opinion on file with the U.S. District Court for the District of Nebraska. 
> 
> https://www.mediapost.com/publications/article/354343/databaseusa-wins-case-against-the-spamhaus-project.html
> 
> --
> 
> Anne
> 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

This is disturbing, although I don't know any of the back story.  Is there 
anything of which anybody is aware that would somehow change how concerning 
this is?

--

DatabaseUSA Wins Case Against The Spamhaus Project

DatabaseUSA, a provider of data and email marketing services, has won a victory 
over The Spamhaus Project.

A federal court found that Spamhaus defamed the company and interfered with its 
business relations by “wrongfully listing DatabaseUSA.com on Spamhaus’s domain 
block list from 2017 to the present.” 

DatabaseUSA suffered “damage to its reputation, a loss of customers, and loss 
of potential revenue as a result of Spamhaus’s defamation and tortious 
interference,” wrote Senior U.S. District Judge Joseph F. Bataillon in an 
opinion on file with the U.S. District Court for the District of Nebraska. 

https://www.mediapost.com/publications/article/354343/databaseusa-wins-case-against-the-spamhaus-project.html

--

Anne


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Anne P. Mitchell, Esq. via mailop]

Also, starting in this past week, Google (must have) changed their 
spam-detecting algorithm, as we are seeing that suddenly fully 50% of any day's 
load in the spam folder are false positives (i.e. has actually been legitimate 
email, even email that has a months - or even years - long history of being 
delivered to the inbox previously), and where prior to this week (and again, 
for months and years) there was typically maybe a 3%-5% false positive in the 
spam folder - it jumped to 50% overnight, several days ago.  Maybe not for 
everyone, but we've heard this from several others.

All of this to say that all of the advice in this thread (especially DKIM, SPF, 
and ipv4) is good advice, but you still may see problems until Google does a 
correction (assuming they do).

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] SendInBlue Contact?

[Anne P. Mitchell, Esq. via mailop]

Does anyone have a contact at Send in Blue?

Anne

--
Anne P. Mitchell, Attorney at Law.
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Urgently need contact at Facebook of Instagram and also Omegle

[Anne P. Mitchell, Esq. via mailop]

Hi Simon,

Those forms aren't very useful for things occuring RightNow, on a weekend.

However, we have gotten through to the right people now.

Thank you!

Anne

> On May 3, 2020, at 4:10 AM, Bressier Simon  wrote:
> 
> Hi Anne,
> 
> Not sure you are at the right place here, all the platforms you mentioned 
> have abuse forms for that kind of reports, and it will be much more efficient 
> than passing thru a mailing list related to email industry.
> 
> Le dim. 3 mai 2020 à 00:23, Anne P. Mitchell, Esq. via mailop 
>  a écrit :
> There is a woman torturing animals on Omegle, she is advertising it on her 
> Instagram account.  Need to get this in front of the right people to have her 
> traced and shut down.
> 
> Please let me know if you can provide a contact for either org.
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> Advisor, Colorado Innovation Response Team Task Force
> CEO/President, SuretyMail Email Reputation Certification
> Policy Drafting and Review for Businesses
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Also going on on TikTok (Re: Urgently need contact at Facebook of Instagram and also Omegle)

[Anne P. Mitchell, Esq. via mailop]

> On May 2, 2020, at 4:11 PM, Anne P. Mitchell, Esq.  
> wrote:
> 
> There is a woman torturing animals on Omegle, she is advertising it on her 
> Instagram account.  Need to get this in front of the right people to have her 
> traced and shut down.
> 
> Please let me know if you can provide a contact for either org.
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> Advisor, Colorado Innovation Response Team Task Force
> CEO/President, SuretyMail Email Reputation Certification
> Policy Drafting and Review for Businesses
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Urgently need contact at Facebook of Instagram and also Omegle

[Anne P. Mitchell, Esq. via mailop]

There is a woman torturing animals on Omegle, she is advertising it on her 
Instagram account.  Need to get this in front of the right people to have her 
traced and shut down.

Please let me know if you can provide a contact for either org.

Anne

---
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Colorado Innovation Response Team Task Force
CEO/President, SuretyMail Email Reputation Certification
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Offer for Mailop *Only*: Waiving Application Fee for Email Reputation Certification

[Anne P. Mitchell, Esq. via mailop]

All,

As more and more businesses are having to shut down their offices, and rely 
nearly completely on doing business online, making sure that business email 
gets to the inbox is becoming more important than ever to these businesses.

While we of course are also a business, we don't want to profit from the 
current situation.  We want to help.  So I have made the decision to waive the 
application fee for SuretyMail email reputation certification for my 
colleagues.  I want to be clear:  our application fee (which is $500) doesn't 
actually even fully cover our processing of an application, and we still need 
to pay our folks who process these applications, so this is coming out of our 
pocket.  But it's something that we can do, and I've made the decision that we 
should do it.

Please don't share this outside of this group (I am making the same offer to my 
colleagues in a couple of other groups I am in, but it is for me to decide to 
whom we extend this offer).

Also to that end, if you would like to take advantage of this, contact me 
directly, and offlist, and I will make the introduction to our customer service 
manager, Shannon, so that she knows to process your application without payment.

Be safe out there.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Anne P. Mitchell, Esq. via mailop]

Thank you, everyone, for helping solve this mystery!   The document actually 
does have attribution in the Slideshare version (what I had found was a plain 
PDF file, with no attribution).

Thank you again!

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyber Law & Cyber Security, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Anne P. Mitchell, Esq. via mailop]

I came across a pdf titled Spam Lawsuits: What's the Worst that Can Happen? 
...no author, no sponsoring org (although I suspect a connection with MailChimp 
owing to a line say saying "If you're a MailChimp customer" and another saying 
"As you're a MailChimp customer")

You can see it here:

https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf

I'd like to give proper attribution...anybody recognize it?

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security, Lincoln 
Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

[Anne P. Mitchell, Esq. via mailop]

> I can't recall the exact quote but a key rule is basically this;
> 
> "Spam is whatever my users say it is."

And, delightfully, even CAN-SPAM says (essentially) that spam is whatever ISPs 
say it is.

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

[Anne P. Mitchell, Esq. via mailop]

While most of the misdirected email I get is just a nuisance, just last week a 
lawyer at a law firm in California, with whom I have no connection, emailed 
documents in a case, with which I have no connection, to opposing counsel, with 
whom I have no connection (are you a detecting a theme here?) - only somehow 
they sent them to me instead of opposing counsel.  I say "somehow" because 
there is literally no connection at all - the fact that I am a lawyer was a 
coincidence, but a fun one, because I got to reply-all pointing out the error 
of their ways (and an egregious one at that). ;~)

Anne

Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] A Facebook curiosity: lots of people suddenly have accounts at honet.com?

[Anne P. Mitchell, Esq. via mailop]

> Nadine, is that you?

Please to provide a C warning next time (yes, I audibly snorted, loudly 
enough for my other half to hear it and ask what I was laughing at).

Anne

--
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Reasons to add plain text alternative to email?

[Anne P. Mitchell, Esq. via mailop]

> On Dec 9, 2019, at 4:32 AM, Andreas Schamanek via mailop  
> wrote:
> 
>> we were wondering if there's still a good reason for adding plain text to a 
>> html message. Is there a significant audience reading in plain text? Is 
>> plain text important for accessibility?
> 

Let me turn this question around:

Is there a good reason to *stop* including plain text?

(I fully agree with all of the various reasons put forward for continuing to do 
it, but am wondering why one, once already doing it, would stop?)

FWIW, we *require* all of our certification customers to email us *only* in 
plain text (and there has never been any pushback, again, FWIW).

Anne

Anne P. Mitchell, Esq., Dean of Cyberlaw, Lincoln Law School 
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mailop made Hacker News

[Anne P. Mitchell, Esq. via mailop]

> 
> And the comments on Brandon about him being helpful and respectful are well 
> deserved.

Indeed they are!

This is also a reminder, however, that nothing said here is confidential, and 
that something you say here may end up repeated (and attributed) where you 
don't want it to be repeated.

There are some mail operations group mailing lists that have a strict 
confidentiality rule, however even that is only a thin protection, at best.  
Such is the nature of email lists.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act
GDPR, CCPA  & CCDPA Compliance Consultant
Boards of Directors: Denver Internet Exchange | Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Certified Senders Alliance

[Anne P. Mitchell, Esq. via mailop]

> We were certified by ISIPP (as an ESP) many years ago, and I don't remember 
> going through an extensive check process for that.

You did. :-)  However it was all in the background, based on your responses to 
your application. 

> As we didn't see any improvement in the deliverability, we stopped not long 
> after.

That was back in 2009, so I don't have immediate access to your info, however I 
do hope that you told our staff that, and also brought any deliverability 
problems you were having to our attention - we can't help with issues that we 
don't know about.  If you'd like to try again, we'd be happy to waive the 
reapplication fee (tell them I said so :-) )

Anne

--

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [ext] Re: Return Path / Sender Score

[Anne P. Mitchell, Esq. via mailop]

> On Sep 6, 2019, at 8:01 AM, Ewald Kessler | Webpower via mailop 
>  wrote:
> 
> Not short, but certainly sweet:
> 
> I don't care what method people devise to make sure that people don't get 
> added to a mailing list without their consent, so long as it actually works. 
> I don't care if they call it "sucking chest wound" so long as the process 
> they adopt effectively prevents abuse. Dogma and jargon should never be more 
> important than stopping spam.

I think that 'sucking chest wound' is what usually happens after someone spams 
someone here. ;-)

Anne




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop Digest, Vol 142, Issue 35

[Anne P. Mitchell, Esq. via mailop]

> On Aug 24, 2019, at 7:03 PM, Al Iverson via mailop  wrote:
> 
> Wait. There was spam before Anne Mitchell defined it for the rest of us?
> 

Actually it was Paul Vixie who defined it - then we worked together to refine 
the wording and put it up on the MAPS website. 

Anne

---

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [ext] Re: Return Path / Sender Score

[Anne P. Mitchell, Esq. via mailop]

> Spam being unsolicited broadcast email, I would say that if you agree to
> receive it, it cannot be spam.  This definition has held up well over the
> twenty-five years I've been involved in the industry.

Indeed, and it was formalized in item (2) in the Vixie/Mitchell defintion of 
spam, which was promulgated ~20 years ago:

“An electronic message is “spam” IF: (1) the recipient’s personal identity and 
context are
irrelevant because the message is equally applicable to many other potential 
recipients;
AND (2) the recipient has not verifiably granted deliberate, explicit, and 
still-revocable
permission for it to be sent; AND (3) the transmission and reception of the 
message
appears to the recipient to give a disproportionate benefit to the sender.”

Interesting sidenote: While this definition was originally posted on the  MAPS 
website, lo those ~20 years ago, I note that it is now posted on thousands of 
sites. 

Anne

---

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Happy Resident: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Issue with Mailop 'From' header

[Anne P. Mitchell, Esq. via mailop]

Something has changed in the past several weeks so that email from Mailop now 
comes:

From: 
To: mailop@mailop.org

Whereas before the change the email would come:

From: Anne Mitchell 
To: mailop@mailop.org

..making triage, etc., of reading Mailop mail more onerous now, as one has to 
actually open each email, and scan for a signature - and if there is no 
signature then one has to actually read the reply-to headers, to figure out who 
something is from.

Is anybody else seeing this?  My OS (OS 10.13.6) hasn't been updated in that 
time period so I don't think that it's on my end.

Anne

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lawsuit to watch: Tulsi v. Google

[Anne P. Mitchell, Esq. via mailop]

> Also, doesn't CAN-SPAM only apply to senders?

No, there is a little-known (apparently) clause in CAN-SPAM that specifically 
states that ISPs can make any delivery decision that they want to, for any 
reason or no reason whatsoever. It’s nearly (but not quite) the codification of 
“their server, their rules“.  Apparently her attorneys haven't bothered to ... 
you know ...read the actual law.

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Lawsuit to watch: Tulsi v. Google

[Anne P. Mitchell, Esq. via mailop]

While at first blush the big news about this lawsuit is that Google is being 
sued for suppressing presidential candidate Tulsi Gabbard's campaign's ads, 
there is also a piece of the lawsuit where they are suing Google because (they 
claim) a disproportionate number of her campaign's email was being put in the 
Gmail spam folder.  They talk about the opacity of how the spam filter works, 
etc...

Now, of course, years ago, when I was at MAPS, we dealt with several lawsuits 
from spammers about how unfair it was that they were being filtered because of 
the RBL, etc., etc., and they fairly roundly lost.

This however is different, because we have a political candidate claiming that 
Google is suppressing *political* speech, the free pass for which is baked 
right into CAN-SPAM, as we all know only too well.

Here is our plain English write up of it, which I doubt anyone here needs (the 
plain English part), but we also are hosting a full copy of the lawsuit, which 
is linked here as well:

https://www.theinternetpatrol.com/presidential-candidate-tulsi-gabbard-sues-google-over-disabling-ads-and-going-to-the-spam-folder-full-text-of-lawsuit-included/

Anne

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] How to identify source of email sent via Google?

[Anne P. Mitchell, Esq. via mailop]

> On Jul 19, 2019, at 12:30 AM, Angelo Giuffrida via mailop  
> wrote:
> 
> I find it rich that Michael is in here throwing stones... can't exactly throw 
> stones when you live in a glass house there big Mikey!

I find it rich that you would disparage Michael like this, especially when, to 
the best of my knowledge you have only been around here since about 2016 (my 
archives go back to 2004, and, at least, 2016 is when you first appear in 
them).  

Michael, on the other hand, has been around for as long as have I and many of 
the others here, some of us for 20 years.  Of course, you were only 8 years old 
back then, so you can be forgiven for not knowing that.

More curious, though, is that during that first appearance of you here in 2016, 
you said this:

> Welcome to the fun game of Microsoft & Hotmail blocks. If you do a search
> through the list archives you'll find responses from Michael (and others)
> that will be helpful. That should provide you with some information to get
> started whilst you wait for others to reply.

That, of course, would be the very same Michael against whom you are now 
casting aspersions.

You've done great things with VentraIP;  please try to do great, and not petty, 
things here.

Anne

---

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

[Anne P. Mitchell, Esq. via mailop]

Relatedly, do we have any idea what is going to happen with SenderScore now 
that they have been acquired by Validity, and 200 RP employees have been laid 
off?

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] About to blacklist Marketo - has anyone received non-spam from them?

[Anne P. Mitchell, Esq. via mailop]

I'm pretty much giving up on Marketo - and about to BL them and also recommend 
to others that they do so - as I have *never* received anything other than spam 
from them, and while they may still have a few good people there, it doesn't 
seem to make a blind bit of difference overall.

Does anyone have any counter-arguments?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] DigitalOcean responds to DMCA takedown (was re: DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..))

[Anne P. Mitchell, Esq. via mailop]

Just an update on our own issue - which was that DigitalOcean is hosting 
privacy-formula.com, which is doing wholesale rip-off of content from places 
like Sophos, Washington Times, Medium, NY Times, etc... and one of our 
publications (The Internet Patrol).  They are basically grabbing the RSS feeds 
of these places and republishing them as their own.

We filed a DMCA takedown with Digital Ocean over this, and they did clearly 
process it, as all of our stuff is now gone from the site - however, not only 
is the site still up, but privacy-formula.com is still ripping off everybody 
else.  So..one more data point about DO.


Anne

Anne P. Mitchell,
Attorney at Law
CEO/President, Institute for Social Internet Public Policy
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..)

[Anne P. Mitchell, Esq. via mailop]

> I Twittered to @digitalocean about the lack of responsiveness from their
> abuse desk.
> 
> They promptly replied via Twitter:
> 
> "We apologise for the trouble. Our security & operation team is already
> looking into it."
> 
> As I still had a case open with them, I appended your nice list of
> pgHammer IP Addresses.
> 
> This time, they replied promptly:
> 
> "As we are an unmanaged cloud hosting provider, we do not create,
> administer, or have direct access to our customers' Droplets. This
> means that we cannot make direct changes to any programs or websites
> hosted there."

Sigh, well then I guess there is little hope for the DCMA takedown that I just 
Saturday sent to them for privacy-formula.com, which is wholesalely ripping off 
all sorts of content sites (including ours).  That said, a few of the others 
include Sophos, Bloomberg, and Politico, and I've clued all of their legal 
departments into the situation, so...maybe...

I wonder if we should *all* tweet to them, including the hashtag 
#DigitalOceanHostsBadGuys ? ;-)

Anne

Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail Contact?

[Anne P. Mitchell, Esq.]

> On Apr 16, 2019, at 10:02 AM, Brandon Long via mailop  
> wrote:
> 
>  followed by "don't be too similar to the bad guys"

THIS!!! ^^^

SO much this!!

I would say that "trying to be 'clever' and 'fix' things themselves, making 
themselves look like bad guys in the process" is the #1 thing that we see 
otherwise legitimate senders do that backfires, making things worse. :-\

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] charter.net contact

[Anne P. Mitchell, Esq.]

Hi Marc,

We can probably help you with that if you haven't already found a contact.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose


> On Mar 14, 2019, at 6:33 PM, Marc Bradshaw via mailop  
> wrote:
> 
> Hi,
> 
> I'm looking for a contact at charter.net to talk about a deliverability issue 
> we are having with forwarded mail.
> If you are such a person (or know of one) could you please contact me off 
> list via the fastmailteam.com address in my signature.
> Thanks.
> 
> --
> 
>   Marc Bradshaw - Deliverability/Abuse at FastMail
>   m...@fastmailteam.com | @marcbradshaw
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Webroot contact?

[Anne P. Mitchell, Esq.]

Is there anyone here from Webroot?  All of the contacts I have are returning 
'not found'.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from Mandrill/Mailchimp here?

[Anne P. Mitchell, Esq.]

Paul, please pass the info to us offlist and we'll get it in front of the right 
person ASAP.

Anne

*Typed with 1.5 eyes as I'm recuperating from a torn retina, so apologies for 
any typos.

> On Feb 27, 2019, at 10:47 AM, Paul Smith  wrote:
> 
> We've just received what I'm 99% sure is a phishing email - sent through the 
> Mandrill/Mailchimp infrastructure, claiming there's a problem with our 
> Mailchimp account. The links go to landing pages on MailChimp, and it's 
> clever.
> 
> So, it needs sorting, ASAP, because it's quite likely to catch people out, 
> given that it's claiming to be from Mailchimp, the links go to Mailchimp 
> pages (which look like Mailchimp login pages, but aren't quite), etc.
> 
> I've reported it to ab...@mandrillapp.com as well, but that may take a while 
> to get through, so thought I'd try a different channel as well...
> 
> Headers:
> 
> Return-Path: 
> 
> DomainKey-Status: non-participant from=nore...@drsha.net; domainkeys=fail
> Authentication-Results: lmail.pscs.co.uk; spf=Pass
>  
> smtp.mailfrom=bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com
>  smtp.helo=mail136-28.atl41.mandrillapp.com; dkim=pass (signature verified)
>  header.i=nore...@drsha.net; dkim=pass (signature verified)
>  header.i=@mandrillapp.com; auth=none
> Received-SPF: Pass client-ip=198.2.136.28; 
> envelope-from=bounce-md_30903452.5c76c31e.v1-cef683aebe194acebd48d0ee66249...@mandrillapp.com;
>  helo=mail136-28.atl41.mandrillapp.com; identity=mailfrom
> Received: from mail136-28.atl41.mandrillapp.com ([198.2.136.28] 
> (mail136-28.atl41.mandrillapp.com)) by lmail.pscs.co.uk ([192.168.66.70] 
> running VPOP3) with ESMTPS (TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384) for 
> ; Wed, 27 Feb 2019 17:04:37 -
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=mandrill; d=drsha.net;
>  h=From:Subject:Message-Id:To:Date:MIME-Version:Content-Type; 
> i=nore...@drsha.net;
>  bh=bjT9fpLnOr3an+CY799OLe4k3utaSPU5laFCWT8pwCg=;
>  
> b=gQinse9xWTicS6IrV9weXt2IV1IcoZfAU7bSiuz+iVUqUs4FbEwORfiYx3xatb1VPmjHq2PSeYbR
> bEYOgo/YmI87WzJMOgCIdBFQoNMzYmRg8pmJiQKAWzaTv8kT14AJzChsZbnsT0/H9tiQ/N5rqjU3
>x2G+/fYQ/zkjhbW95JM=
> Received: from pmta04.mandrill.prod.atl01.rsglab.com (127.0.0.1) by 
> mail136-28.atl41.mandrillapp.com id her1ia1sb1ku for ; 
> Wed, 27 Feb 2019 17:04:30 + (envelope-from 
> )
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com;
>  i=@mandrillapp.com; q=dns/txt; s=mandrill; t=1551287070; h=From :
>  Subject : Message-Id : To : Date : MIME-Version : Content-Type : From :
>  Subject : Date : X-Mandrill-User : List-Unsubscribe;
>  bh=bjT9fpLnOr3an+CY799OLe4k3utaSPU5laFCWT8pwCg=;
>  b=Ftc1ffes3M9osTYrxu23+LeE++UDNvFpKZMEUjD1F6FuYJIQ2gp0rUgiLqQy4TUM9VI9Qr
>  1jL/nIskU8jImnlHy6jyv//1mlU2W+FoJ5KJTTr09SkWzdQ03EFexi2Gv3zIK0MerQxED/rR
>  SPhuTsNtFXI2kBhK7OsbgWra44C5M=
> From: MailChimp Billing 
> Subject: MailChimp Billing Dispute In Progress
> Return-Path: 
> 
> Received: from [138.68.74.240] by mandrillapp.com id 
> cef683aebe194acebd48d0ee662499fe; Wed, 27 Feb 2019 17:04:30 +
> X-Mailer: Apple Mail (2.2104)
> Message-Id: <2b2604b9-8adc-e769-5633-d2471df00...@drsha.net>
> To: 
> X-Report-Abuse: Please forward a copy of this message, including all headers, 
> to ab...@mandrill.com
> X-Report-Abuse: You can also report abuse here: 
> http://mandrillapp.com/contact/abuse?id=30903452.cef683aebe194acebd48d0ee662499fe
> X-Mandrill-User: md_30903452
> Date: Wed, 27 Feb 2019 17:04:30 +
> MIME-Version: 1.0
> Content-Type: multipart/alternative; boundary="_av-tmIbwtKaFByrlcctRqVPTg"
> 
> 
> -- 
> 
> 
> Paul Smith Computer Services
> Tel: 01484 855800
> Vat No: GB 685 6987 53
> 
> Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] iCloud abuse

[Anne P. Mitchell, Esq.]

Daniel - please see email that I have sent you offlist.

Anne

---

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose


> On Feb 4, 2019, at 2:15 AM, Daniel Baqueiro via mailop  
> wrote:
> 
> Hi, 
> 
> If there's anyone from the iCloud abuse team, could you please reach out to 
> me off list? We've been trying to reach out to your team with no success.
> 
> Thank you!
> 
> Daniel Baqueiro
> Lead Deliverability Operations Specialist | GROUPON
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Contact

[Anne P. Mitchell, Esq.]

> Is anyone from Comcast on this list or does anyone have a good contact for 
> email admins there?  Looking to troubleshoot end users messages that are 
> being delivered to their MTAs but never arrive in the recipients’ mailboxes.  
> 

Rob, if you reply to me off-list (amitch...@isipp.com) with the details of the 
ask, we'll see what we can do with our Comcast contacts for you.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Contact at txt.att.net?

[Anne P. Mitchell, Esq.]

> On Jan 20, 2019, at 5:25 AM, Josiah Ritchie 
>  wrote:
> 
> We're trying to deal with what appears to be new rate limiting with domains 
> handled at txt.att.net. I'd really appreciate a contact who may be able to 
> help us get mail flowing again. 
> 

We may not be able to put you in touch directly, but if you want to email me 
offlist with exactly what is going on, and samples, we can certainly get it in 
front of our AT contacts.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification
http://www.SuretyMail.com/
Certified Sender DNSBL here: iadb.isipp.com 
Info here: https://www.isipp.com/email-accreditation/for-isps/
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] If you're from Cox - check your SPF records

[Anne P. Mitchell, Esq.]

Cox has been notified and they are on it. :-)

Happy Friday!

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification
http://www.SuretyMail.com/
Certified Sender DNSBL here: iadb.isipp.com 
Info here: https://www.isipp.com/email-accreditation/for-isps/
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting


> On Jan 10, 2019, at 3:46 PM, David Carriger  
> wrote:
> 
> If we have anyone from Cox on the list, I was doing some SPF lookups against 
> large mail providers and stumbled across this...
> 
> "v=spf1 include:%{d}.7b.spf-protect.agari.com 
> exists:%{i}._i.%{d}._d.espf.agari.com -all",
> 
> "v=spf1 ip4:24.248.74.254 ip4:98.178.246.9 ip4:98.178.246.69 
> include:spf.protection.outlook.cominclude:email.zerochaos.com 
> include:mailcontrol.com ip4:67.220.124.60 ip4:208.89.12.0/22 
> include:spf.constantcontact.comip4:50.31.46.119 ip4:52.38.191.241 
> ip4:64.70.1.114 ip4:192.35.250.0/24 ip4:205.209.52.87 ip4:205.234.30.154 
> ip4:208.89.14.202/31 ip4:209.34.66.0/28 ip4:209.34.91.104 ip4:209.67.227.197 
> ip4:66.210.40.128 ip4:70.169.76.248/29 ip4:66.210.40.160/29 ip4:66.210.40.167 
> ip4:148.163.151.18 ip4:148.163.154.218 ~all"
> 
> Just a heads up - you should probably fix your SPF.
> 
> Small Business Growth Expert
> DAVID CARRIGER
> Linux Systems Administrator
> --
> david.carri...@infusionsoft.com
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] If you're from Cox - check your SPF records

[Anne P. Mitchell, Esq.]

David, may we share this with our Cox contact?

Anne

> On Jan 10, 2019, at 3:46 PM, David Carriger  
> wrote:
> 
> If we have anyone from Cox on the list, I was doing some SPF lookups against 
> large mail providers and stumbled across this...
> 
> "v=spf1 include:%{d}.7b.spf-protect.agari.com 
> exists:%{i}._i.%{d}._d.espf.agari.com -all",
> 
> "v=spf1 ip4:24.248.74.254 ip4:98.178.246.9 ip4:98.178.246.69 
> include:spf.protection.outlook.cominclude:email.zerochaos.com 
> include:mailcontrol.com ip4:67.220.124.60 ip4:208.89.12.0/22 
> include:spf.constantcontact.comip4:50.31.46.119 ip4:52.38.191.241 
> ip4:64.70.1.114 ip4:192.35.250.0/24 ip4:205.209.52.87 ip4:205.234.30.154 
> ip4:208.89.14.202/31 ip4:209.34.66.0/28 ip4:209.34.91.104 ip4:209.67.227.197 
> ip4:66.210.40.128 ip4:70.169.76.248/29 ip4:66.210.40.160/29 ip4:66.210.40.167 
> ip4:148.163.151.18 ip4:148.163.154.218 ~all"
> 
> Just a heads up - you should probably fix your SPF.
> 
> Small Business Growth Expert
> DAVID CARRIGER
> Linux Systems Administrator
> --
> david.carri...@infusionsoft.com
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Campaign Monitor Spewing Their Own Spam Now

[Anne P. Mitchell, Esq.]

Hello, Carissa,

Generally we are used to dealing with an individual - upon receipt of the first 
spam from your Faye Nagpigkit to a role account (!), on January 8, I wrote to 
your abuse@ asking for Heather to contact me (this is how we have always worked 
with you guys in in the past). I never heard back, so I sent a second follow up 
to abuse@ again yesterday, with absolutely no response (frankly I was very 
surprised, as this has not been the case in the past) - however, Ms. Nagpigkit 
*did* send us a another spam today, to the same role account, having not heard 
back from us (obviously) because "she knows I have a ton in my inbox". How very 
thoughtful.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board Member, Board of Directors, Denver Internet Exchange
Legal Counsel: The CyberGreen Institute
Ret. Professor of Law, Lincoln Law School of San Jose



> On Jan 10, 2019, at 12:34 PM, Carissa Phillips  
> wrote:
> 
> Hi Anne, 
> 
> Carissa from Campaign Monitor's deliverability team here. I can confirm that 
> our abuse team is very responsive and abuse@ is still the best way to reach 
> them. I didn't see any details about or samples of spam in your previous 
> email to abuse@, would you mind sending those through, please? We'd love to 
> deal with those quickly as soon as we hear from you.
> 
> Thank you!
> 
> Carissa Phillips
> Deliverability Support Manager
> campaignmonitor.com


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Campaign Monitor Spewing Their Own Spam Now

[Anne P. Mitchell, Esq.]

Campaign Monitor is now spamming on their own behalf..and our original abuse 
contact there is unresponsive - in fact abuse@ is unresponsive..maybe 
gone...anybody have any reason why anything coming from Campaign Monitor's 
space shouldn't be rejected on sight?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Something VERY weird going on with BitBounce

[Anne P. Mitchell, Esq.]

We just sent out a mailing to a list of several thousand subscribers - we have 
*never* (at least for the past several years) had a user respond with a 
BitBounce auto-demand for the 5 cents.  We sent out a mailing just a few days 
ago and there were no users using BitBounce.

We *only* use COI so these users have already confirmed.

Today we sent out a mailing, and already have 4 BitBounce demands for 5cent 
payment, with only 2% of the mailings even opened. 

They all have gmail addresses - some of them have been receiving our mailings 
for years, all of them for at least months, so these are not new users.

The links all actually go to BitBounce.

So, either BitBounce made some sort of big push to Gmail users after December 
21st, or they have somehow managed to get themselves installed in Gmail 
accounts without users knowing, or __ ? (Any other ideas?)

Colour me...curious..and irked at this pay-to-get-into-the-inbox scheme.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/
http://www.SuretyMail.eu/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anybody know anybody at Target.com?

[Anne P. Mitchell, Esq.]

Target has a *serious* problem..as in...  *no* unsubscribe option at all for 
the very generic marketing email I just received.

And, they are doing their own mailing, from mail-target.com, so I can't even 
complain to their ESP.

Anybody have a contact?

Thanks in advance!

Anne

---

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GoDaddy TakeDown requests

[Anne P. Mitchell, Esq.]

Ryan, 

Send me the info and we'll get it in front of the right person.

Anne

> On Dec 6, 2018, at 12:27 PM, Ryan Harris via mailop  wrote:
> 
> Hello,
> 
> I sent a takedown request to ab...@godaddy.com, also filled out an abuse form 
> on a domain they are hosting which is phishing/malware. No response and 
> domain is still up. 
> 
> Does anyone have suggestions on how to get GoDaddy to respond to a take down 
> request?
> 
> 
> Ryan
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Pet Peeve of the day, legalese signatures

[Anne P. Mitchell, Esq.]

> On Nov 29, 2018, at 4:33 AM, Noel Butler  wrote:
> 
> On 29/11/2018 03:36, Anne P. Mitchell, Esq. wrote:
> 
>> 
>>>>> This Email, including any attachments, may contain legally privileged
>>>>> information, therefore remains confidential and subject to copyright
>>>>> protected under international law. You may not disseminate, discuss, or
>>>>> reveal, any part, to anyone, without the authors express written
>>>>> authority to do so. If you are not the intended recipient, please notify
>>> 
>>> I find these threats very useful.  They tell me with 100% reliability
>>> that the person sending the mail is a nitwit, or if applied by a
>>> company mail server, he works for nitwits.
>>> 
>>> Anyone with even the slightest familiarity with contract law knows why
>>> they're meaningless.
>> 
>> Not only that, but they do not, by any  measure, protect the 'privileged' 
>> nature of the content, and so it absolutely does not remain confidential.
>> 
>> Anne
>>  
>  
>  
> you're of course speaking from U.S.A. law point,  NEWSFLASH: the U.S.A is not 
> the only country in the world that uses this thing called The Internet (I 
> know it will be hard for americans to grasp that fact, but, suck it up)

Noel, I was responding to John Levine, a colleague whom I know to be in the 
U.S..

Anne

--

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Pet Peeve of the day, legalese signatures (was: Pet Peeve of the day, Bulk Notice Mailers from Do Not Reply.)

[Anne P. Mitchell, Esq.]

>>> This Email, including any attachments, may contain legally privileged
>>> information, therefore remains confidential and subject to copyright
>>> protected under international law. You may not disseminate, discuss, or
>>> reveal, any part, to anyone, without the authors express written
>>> authority to do so. If you are not the intended recipient, please notify
> 
> I find these threats very useful.  They tell me with 100% reliability
> that the person sending the mail is a nitwit, or if applied by a
> company mail server, he works for nitwits.
> 
> Anyone with even the slightest familiarity with contract law knows why
> they're meaningless.

Not only that, but they do not, by any  measure, protect the 'privileged' 
nature of the content, and so it absolutely does not remain confidential.

Anne

--

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Godaddy Postmasters?

[Anne P. Mitchell, Esq.]

> are there any Godaddy postmasters on this list? If so could one contact me 
> offlist?

We can put you in touch with someone...what is going on?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board Member, Board of Directors, Denver Internet Exchange
Board Member, Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] O365 discarding mail after User-Agent change

[Anne P. Mitchell, Esq.]

> On Oct 31, 2018, at 11:48 AM, Bill Cole 
>  wrote:
> 
> On 31 Oct 2018, at 12:53, Steve Dodd wrote:
> 
>> The two recipient orgs here are actually a local govt department, and a
>> state-funded charity. Would be interesting to see what a lawyer made of
>> their "right" to randomly drop mail from taxpaying clients.
> 
> I am not specifically familiar with UK law, but a good lawyer here in the US 
> would control his giggling long enough to point at the safe harbor provisions 
> in federal law that let ISPs be as sloppy as they care to be in filtering out 
> junk as long as they are acting in good faith. I don't follow the case law as 
> closely as I used to, but for many years there was a perfect record of such 
> attempted cases being thrown out very swiftly. Here in the US, you'd need 
> evidence of MS or the receiving parties intentionally targeting the specific 
> senders or GMail users as a whole in order to get anywhere. *EVIDENCE*, not 
> an assertion or a guess.

Well, I'm a lawyer, although not sure everyone would agree that I'm a good one 
;-)..and, as others have pointed out (cf. Laura), the bottom line is that it's 
still "my server, my rules"..if your email in any way touches my server, then 
it gets processed under my rules.  Couple that with Bill's right-on analysis 
and there is absolutely no need to put 'right' in quotation marks.  It is, in 
fact, a right.  In point of fact, under our Federal law, ISPs are *specifically 
exempted* from liability for delivery decisions that they make.  (Were it to 
come to light that they were maliciously acting against a particular entity, 
there are of course other ways you could hold them liable.)

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any Century Link email admins lurking on the list?

[Anne P. Mitchell, Esq.]

We have someone at CenturyLink...can you give me a bit more for us to go on 
when reaching out to them?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell


 
> 
> Please reach out to me offline, regarding sending practices..
> 
> 
> 
> -- 
> "Catch the Magic of Linux..."
> 
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
> A Wizard IT Company - For More Info http://www.wizard.ca
> "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada
> 
> This email and any electronic data contained are confidential and intended
> solely for the use of the individual or entity to which they are addressed.
> Please note that any views or opinions presented in this email are solely
> those of the author and are not intended to represent those of the company.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Monumetric - unabated spamming through Google / GTT

[Anne P. Mitchell, Esq.]

This spammer is spamming through the Gmail api, and GTT is the last 
identifiable hop to get to their google-hosted site. This is the 4th spam to 
this role account that we've received in the space of a week - we have now 
reported this spammer three times to Google, GTT and Sucuri (they are hosted by 
googledomains and 'protected' by Sucuri - Sucuri says they can't do anything 
because they are only a front-end protection), and monumetric continues 
spamming unabated.

So, please have fun, boys and girls.

P.S. between the time that I drafted this and am hitting send, we received a  
*5th* spam from them.

P.P.S.  So apparently registering and hosting with google, and adding a service 
like sucuri, is the golden egg to bulletproof spamming these days.

> Spencer Myers mailto:spen...@monumetric.com>> 
> Re: New Advertisers for www.theinternetpatrol.com/ 
> 
> To: There TBD  > 
> X-Spam-Level: ⁨⁩
> X-Cmae-Envelope: 
> ⁨MS4wfICF2c7pV3yacZ7790CdB0Yrtccdy02jI25E6EvKgVf714nqXW3N8DU7qjcI7AhGn4no3HqIw+FTmnIVGQoxnlyJRrrLILTlNF8qWbktFnz25+DsLosQ
>  
> PRcomf5qF0h2w2Xu40CNrmfBKHlkq46uWz2ZF6WdJgZMJaPdhc5lm4cRVhxYjWCTr6dYrJZJE+52sMdovho6CBYvqS3aJctUigA=⁩
> Arc-Seal: ⁨i=1; a=rsa-sha256; t=1537369945; cv=none; d=google.com 
> ; s=arc-20160816; 
> b=q+V8L4kb2CQv1/PWwY8MbyRNxSXjsjktEo9n3t2wIyz+bueofzSoi6Nbww/saWVEuk 
> /sNuXJTwYL5sb2yq1a8p/TdiRL3acfnmefNLxzTnRD1hhRFHB5gYg1QMKJbuL5u2sRcK 
> 0pRcTS8QRE0o355Zqn0x09AMJSrjV6naEJeN+lbH0u7OR9tBIFZf/2e/LC50lOKSHZK8 
> amTsQ7KtFS/lZo+YFzopdSf+0lm18nlHI+aWrbcWGBIEZWFRTsS6NF1llIBk4blywH6w 
> SoqrDhvBpmmmvX0BLv1Afpe8X9ENhYhJDiZWAXIJt2A9Me4AmaAQYVDL82dIRBv99Zjj EIlw==⁩
> ⁨ >⁩
> X-Received: ⁨by 2002:a63:d946:: with SMTP id 
> e6-v6mr33028719pgj.24.1537369945108; Wed, 19 Sep 2018 08:12:25 -0700 (PDT)⁩
> X-Received: ⁨by 2002:aca:d4cd:: with SMTP id 
> l196-v6mr1843848oig.15.1537369938395; Wed, 19 Sep 2018 08:12:18 -0700 (PDT)⁩
> X-Gm-Message-State: ⁨APzg51CP/4Ackzujn5h7alRAm00DwokIz78aAYSN6clm2JcoGXVLqvxv 
> QPe591gjHrNPrPd+1FUzk8L27KbwXMM1XWveYelecrQE⁩
> Return-Path: ⁨ >⁩
> Arc-Authentication-Results: ⁨i=1; mx.google.com ; 
> dkim=pass header.i=@monumetric.com  
> header.s=google header.b="GjPN9ZA/"; spf=fail (google.com 
> : domain of 
> srs0=yxhb=mb=monumetric.com=spen...@bounce.secureserver.net 
>  does not 
> designate 69.12.213.130 as permitted sender) 
> smtp.mailfrom="SRS0=yXhb=MB=monumetric.com=spen...@bounce.secureserver.net 
> "⁩
> X-Google-Smtp-Source: 
> ⁨ANB0VdahNQV0GFj6mGZtXu70l35CiBWONQEG5kyAmCNhQRlsb6R/Gb6eSy1RGu0VwxnD7k87sozG⁩
> X-Virus-Scanned: ⁨Content scanner at isipp.com ⁩
> Mime-Version: ⁨1.0⁩
> Authentication-Results: ⁨mx.google.com ; dkim=pass 
> header.i=@monumetric.com  header.s=google 
> header.b="GjPN9ZA/"; spf=fail (google.com : domain of 
> srs0=yxhb=mb=monumetric.com=spen...@bounce.secureserver.net 
>  does not 
> designate 69.12.213.130 as permitted sender) 
> smtp.mailfrom="SRS0=yXhb=MB=monumetric.com=spen...@bounce.secureserver.net 
> "⁩
> X-Outreach-Sent: ⁨true⁩
> Arc-Message-Signature: ⁨i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com 
> ; s=arc-20160816; 
> h=to:subject:message-id:date:mime-version:references:in-reply-to:from 
> :dkim-signature:delivered-to; 
> bh=94QniIOXIK7qmn0tHsrIEiy6UnZUcbGO6y+Q2WjmOn8=; 
> b=buUo3XdBUc+6TdlWfCe2larT+N/o3BtrLg5bpKFMrPwlU3Owp1cWjzuKdk4jd8YeRR 
> v3m9GOHBr4hxlaY8dSJMQgryPYCGHP4HIwGk6I0iXFL9LmroKfleTWNgxOYunvOakgtR 
> L31e1hoUv1M+ClU/sz+vpyhnu9jRcjtq7Mli8DwHy2DuBVw/gjLQYO7iYIDtnave1oiY 
> hSH4KGcqrYoLmIEXIJ+Z6gCK1I6fGtRoBVyitPvKD8jmFVIKLUvRREh93pOXE9ushhVs 
> cSrwOpBzQ8RlwqbrUX4nzkAXjEJHPB3EnIHS2qsXHKEflAvzKjuEJ72k95cnetIX0tjj smfw==⁩
> ⁨ >⁩
> Dkim-Signature: ⁨v=1; a=rsa-sha256; c=relaxed/relaxed; d=monumetric.com 
> ; s=google; 
> h=from:in-reply-to:references:mime-version:date:message-id:subject:to; 
> bh=94QniIOXIK7qmn0tHsrIEiy6UnZUcbGO6y+Q2WjmOn8=; 
> b=GjPN9ZA/QAT+OHjAdYjuaJgtSPWtmMf2SdbdMhuG+pBYWQqPLNspIwPRDL0t8c8ks1 
> r4mixeH92O5tpqbBfwzX1gyZtQWiP4MPsRbKKhmg/MzBmxdCGKfPoLJkjpILHiIU/zoF 
> Rd3C3Sfs7V6l9Xq9Lw3lRhBB0lhrU5bGffCNNcsii23+iX3UgHo08O/OrO+Gdkzm3lqn 
> 5QQ/mbr/Nq8eRqHaIuxkiZB1vAp9dUy9agSVQ99x3h4DhgAvtL6pQGVUrfMdTQis9b1T 
> +jBeV5x47GnQYMg3v23NA1E/qWJCylPHlyOUVFyvBJ3k1JSQVZVK831sSRYnMnYL0v+u lgTA==⁩
> X-Spam-Score: 

Re: [mailop] apple contact?

[Anne P. Mitchell, Esq.]

Dave, we have a contact at Apple, but can't share it - but if you want to 
forward me the questions offlist we can send them over and they may well 
contact you as a result.

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/



 
> 
> Hi,
> 
> Any apple folks here that can contact me off-list?   I have some questions
> as relates to oauth2 and a largish isp.
> 
> Thanks,
> 
> Dave
> 
> -- 
> 
> Dave Lugo   dl...@etherboy.comLC Unit #260   TINLC
> Have you hugged your firewall today?   No spam, thanks.
> 
> Are you the police?  . . . .  No ma'am, we're sysadmins.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Problem with the new Microsoft's support form

[Anne P. Mitchell, Esq.]

> Anyone else not getting response from the outlook's support request form 
> (https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75)
> 
> We recently verify that this forward for a new page with a different form.
> 
> However all request through this form don't generate the automated response 
> or receive any replies neither.

We have reputation certification customers seeing that as well.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR & CCPA Compliance Consultant
GDPR & CCPA Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Bitcoin password ransom email from user at outlook.com

[Anne P. Mitchell, Esq.]

Geoff, may I forward this to our contact at Microsoft?

Dictated on my phone, apologies for any tupos.

> On Jul 11, 2018, at 9:26 PM, Geoff Mulligan  wrote:
> 
> We received a password ransom email requesting payment via bitcoin from an 
> outlook.com user.
> 
> Is there someone from outlook.com that I can contact off list.
> 
> Thanks,
> Geoff
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Contact from ATT/BELLSOUTH

[Anne P. Mitchell, Esq.]

Marc, if you want to hmu offlist and give me the details, we can pass them on 
to our AT contacts.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR Compliance Consultant
GDPR Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell


 
> 
> Hi Mailop team,
> 
> Is there anyone from ATT/Bellsouth on this list who can reach out to me off 
> list. We have been trying to get some delisting requests addressed for some 
> time to no avail.
> 
> If there isnt anyone here, if someone can give me a referral I would greatly 
> appreciate it.
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Amazon contact

[Anne P. Mitchell, Esq.]

Melinda, if this is not (I have to emphasize that, *not*) an email delivery 
issue, but *is* some sort of network-to-network issue, I can probably put you 
in touch with someone.

 
> 
> Hi
>  
> Anyone from Amazon on the mailing list?  Would you mind contacting me off 
> list?
>  
>  
> Thanks
> Melinda Plemel
> Postmaster Team
> Proofpoint, Inc
>  
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GDPR and SMTP in general

[Anne P. Mitchell Esq.]

> On May 25, 2018, at 4:40 AM, Paul Smith  wrote:
> 
>>> But, how it interacts with email, it all seems to get very horrible. I 
>>> suspect the *intention* is OK, but I'm struggling with the actual 
>>> regulations.
>>> 
>> Whilst this specific article (written by Andrew Cormack of Jisc UK) pertains 
>> to packet-pushing, it's conceptually identical to the SMTP "issue" you raise:
>> 
>> 
>> https://community.jisc.ac.uk/blogs/regulatory-developments/article/are-networks-data-processors
>> 
>> 
>> In your context, the processor is the sender (or sending organisation). It's 
>> not you. They're the ones making the decision to shift data from A to B, you 
>> are only the conduit (or one of many).
>> 
> 
> I wish that was the case, but it's not what GDPR says, certainly for SMTP 
> relay services
> 
> Article 28: (1) "Where processing is to be carried out on behalf of a 
> controller, the controller shall use only processors providing sufficient 
> guarantees to implement appropriate technical and organisational measures in 
> such a manner that processing will meet the requirements of this Regulation 
> and ensure the protection of the rights of the data subject."
> 
> Article 4: (2) "Processing means any operation or set of operations which is 
> performed on personal data or on sets of personal data, whether or not by 
> automated means, such as collection, recording, organisation, structuring, 
> storage, adaptation or alteration, retrieval, consultation, use, disclosure 
> by transmission, dissemination or otherwise making available, alignment or 
> combination, restriction, erasure or destruction;"
> 
> SMTP relay services do the highlighted operations on personal data. Thus they 
> are Data Processors. Whether a pure network operator is is more debatable, 
> but 'any operation' is a broad brush.

Right..and GDPR specifically admits of the potential for many 
processors/co-processors in a chain.  Moreover, the controller  is required to 
have an executed contract with the processor to whom they are handing off the 
data which explicitly states that the processor is GDPR compliant...and that 
holds true for contracts between processors and additional processors.

And because liability can pass back up the chain in the even to of a breach, to 
the tune of even the *full* amount of fines, we have been recommending that 
orgs be sure to insist on an indemnification clause with all of their 
third-party processors with which they do business. It would even be smart to 
include a clause about the processor warranting that they will ensure that any 
additional processors to whom they pass on data are also GDPR compliant.

http://www.gettingemaildelivered.com/what-your-contracts-must-contain-to-be-gdpr-compliant-and-gdpr-proof

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
GDPR Compliance Consultant
GDPR Compliance Certification
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from Chase or ZetaImpact/Delivery.net here (or have a contact there)?

[Anne P. Mitchell Esq.]

Chase is in gross violation of even our laxer U.S. anti-spam law - specifically 
they have *no* unsubscribe in their marketing email (pretty shocking).

Their ESP is ZetaImpact/Delivery.net.

Would love to hear from someone, or be put in touch, before I escalate.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GDPR and WHOIS PRIVACY

[Anne P. Mitchell Esq.]

 
> 
> Since GDPR has pushed for a public WHOIS to disappear  (even though ICANN 
> seems to be resistant), how do those of you in the email world feel this will 
> affect those of us who believe in the best practice of having clients/users 
> turn off WHOIS Privacy on their domains?
> 
> E.G we have - for both our ESP & SMTP service, made WHOIS PRIVACY a 
> validation check upon setting up and sending and those with WHOIS PRIVACY 
> enabled are unable to send through our service(s) until its disabled.

First, I just really want to applaud that policy.  We always caution our 
certification customers that private WHOIS is seen by some as a one indicator 
(out of many, to be sure, but still one) that you may be more blackhat than 
whitehat, or, at least, some shade of grey.

> 
> I would guess this would now be a null and void policy or one that will soon 
> be impossible to enforce/rely upon?
> 

Do we yet know which registrars will be making WHOIS private by default (and 
among them, who will be offering the "outing yourself" option - i.e. making it 
public?) and which ones (if any) will still be having public as a default?

I'm actually surprised that there hasn't been more registrar pushback, as some 
of them have been charging all along for making your WHOIS data private, so 
this is impacting their revenue.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from iWeb around? (And generally feel free to block/list the below)

[Anne P. Mitchell Esq.]

Apologies to the list - this was intended for a different mail (spam reporting) 
list.  Am shooting my auto-fill as we speak.

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop

 
> 
> Dear whole internet, Anni got a spam? I beg you, please do not turn
> this into SDLU.
> 
> Is this an operational issue ? Is a system down ?
> 
> They sent many millions of spams and the ISP ignored your report for
> many months ?
> 
> No? Then...
> 
> On Fri, Apr 13, 2018 at 2:41 PM, Anne P. Mitchell Esq.
> <amitch...@isipp.com> wrote:
>> Is there anyone from iWeb here? And generally, this spammer - and his many 
>> domains - needs a lesson :-\
>> 
>> Anne
>> 
>> 
>>> From: "Anne P. Mitchell Esq." <amitch...@isipp.com>
>>> Subject: Spam and Violation of Law complaint
>>> Date: April 13, 2018 at 12:39:26 PM MDT
>>> To: ab...@iweb.com, Enom Domain Abuse <ab...@enom.com>, ab...@ultradns.com
>>> 
>>> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone from iWeb around? (And generally feel free to block/list the below)

[Anne P. Mitchell Esq.]

Is there anyone from iWeb here? And generally, this spammer - and his many 
domains - needs a lesson :-\ 

Anne


> From: "Anne P. Mitchell Esq." <amitch...@isipp.com>
> Subject: Spam and Violation of Law complaint
> Date: April 13, 2018 at 12:39:26 PM MDT
> To: ab...@iweb.com, Enom Domain Abuse <ab...@enom.com>, ab...@ultradns.com
> 
> 
> To Whom it May Concern,
> 
> The below is 100% pure spam, sent to an email address (mine)  that not
> only did not sign up for anything, but that was sent by someone with whom I
> have *zero* relationship, meaning that this spam was sent to an email
> address which they either scraped, purchased, or otherwise acquired 
> without my permission  - in fact I have never heard of them until
> receiving this spam. To be certain of this, I have searched my email corpus 
> which contains every single email that I have received and sent since 2004.
> 
> You are receiving this report, with full headers and content below,
> because your company in some manner hosts or otherwise facilitates 
> the organization that is sending the spam.  Please note that the first spam 
> sample
> contains full headers, while the other 2 do not for the purpose of brevity;  
> all three
> spams were received within rapid succession. Please also note the inclusion 
> of many
> spammed-for domains in this spam, all registered to the same spammer.
> 
> iWeb, you are providing hosting for *all* of this spammer's spammed-for 
> domains, including mobe.com, mobedelivers.com, askmattlloyd.com,  
> mobeinspiration.com, wesellgoodtraffic.com, mattlloyd.tv, mattlloydsblog.com, 
> and the domain where they are providing their own DNS, mobedns.com.
> 
> iWeb, please also note that this spammer's actions put you in violation of 
> both the Australian Spam Act of 2003, and GDPR.
> 
> enom, you are the registrar of record for *all* of this spammer's payload and 
> otherwise spammed-for and spammed-from domains, including this spammer's 
> primary payload domain, mttbsystem.com, as well as their other spammed-for 
> domains, including mobe.com, mobedelivers.com, askmattlloyd.com,  
> mobeinspiration.com, wesellgoodtraffic.com, mattlloyd.tv, mattlloydsblog.com, 
> and the domain where they are providing their own DNS, mobedns.com.
> 
> UltraDNS, you are providing the DNS for this spammer's domain 
> mobedelivers.com (all of this spammer's other domains are running DNS through 
> their own domains).
> 
> If you are not hosting the server through which the spam email is
> being sent, then you are receiving this because you are the registrar
> of record for the domain of this spammer, you are hosting their DNS,
> or in some other way providing material support to their spamming. 
> 
> Please let us know if you need any further information, and please let
> us know what actions have been taken regarding my complaint.  Inaction
> or lack of reply will result in this matter being reported to
> Spamhaus, Spamcop, and other anti-spam blacklists. 
> 
> Thank you.
> 
> Kind regards,
> 
> Anne
> 
> Anne P. Mitchell, 
> Attorney at Law
> GDPR Compliance Consultant
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> CEO/President, Institute for Social Internet Public Policy
> Legal Counsel: The CyberGreen Institute
> Legal Counsel: The Earth Law Center
> Member, California Bar Association
> Member, Cal. Bar Cyberspace Law Committee
> Member, Colorado Cyber Committee
> Member, Board of Directors, Asilomar Microcomputer Workshop
> Ret. Professor of Law, Lincoln Law School of San Jose
> Ret. Chair, Asilomar Microcomputer Workshop
> 
> 
>> Matt Lloyd <mattll...@mobe.com> 
>> To: a...@annepmitchell.com <a...@annepmitchell.com> 
>> Reply-To: Matt Lloyd <mattll...@mobe.com> 
>> List-Unsubscribe: 
>> <mailto:unsubscribe-789ccb4d2cca4e2dc9cc4bd7cbcd4f4ad54bcecfd5494c2ec9cfd3313436b3b0d429d635303030d335343530d4c901b18dad2cd292532da01c0078081...@unsubscribe.b2b-mail.net>,
>>  
>> 
>> Feedback-Id: 13689:s-0006-1501:a86082b04147c2
>> Arc-Seal: i=1; a=rsa-sha256; t=1523617435; cv=none; d=google.com; 
>> s=arc-20160816; 
>> b=B0oZovgCYYpcb0sv6SkE1FwP3QfuC9jUJ2gMbD1Mp1BEjfaJOLHda4lIOsfYUS6jqM 
>> kyaH4tdpW6RqZrNu/tfQLAXh6HBrxXU7bbQqyhk/94CIyjs8ZWMZ/uxqZwYxZ5XlLnLW 
>> M+Qbl140IlvKa5L1dp84xD7NcN6+OONeuROGeqq9L32G/4GUia5WzLN0NWNPUIcmfQbP 
>> LGxDdbXCeZsvAD0Lsxftx62xudqI28SEbNYtdJEwi+xBwhqGTGsUdY48en/njUsg/9JM 
>> 8G/M3coHECOzaHUZZrs/pNcoj21vbLFHk0gnsAw0kCPZRtgWs1WspLhisEsCjiFf3eFb xkmw==
>> X-Received: by 2002:a17:902:9892:: with SMTP id 
>> s18-v6mr4807003plp.95.1523617435273; Fri, 13 Apr 2018 04:03:55 -0700 (PDT)
>> X-Messageid: VXACD.rEUUUX.CLIKC.mEUUUAEVZUV
>> Return-Path: 
>> 

[mailop] Email to rackspace.com bouncing?

[Anne P. Mitchell Esq.]

We just tried sending email to three different (known to be live a few weeks 
ago) Rackspace addresses, and all 3 bounced as 'recipient unknown'.  Either 
they just had a massive purge of employees, or their email is borked.

Anybody have any insight into this?

Anne

Anne P. Mitchell, 
Attorney at Law
GDPR Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone from Gmail ?

[Anne P. Mitchell Esq.]

 
> 
> 
> In my experience with the banking industry, they think of their email as 
> something that their customers always want to read for sure. Unless you've 
> handled the "double opt-in" yourself, I would be skeptical about that. Look 
> for typoed email addresses as those are a telltale sign of hand-entered 
> registrations.
> 
> Given your description, I think that these subscribers aren't really that 
> interested in the bank's messages.
> 
> Never an easy speech to give to your customer.

It's just become a whole lot easier though - wave GDPR at them.

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Association
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Anne P. Mitchell Esq.]

 
> 
> Also URLs in mail headers, which is perhaps reasonable, except that

...many ESPs now put unsub URLs in the headers.

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Heads Up

[Anne P. Mitchell Esq.]

 
> 
> On Sat, Jan 20, 2018 at 02:00:17PM +0800, ComKal Networks wrote:
>> You have been around long enough to know that a
>> secured commercial entity simply means it will take
>> longer for that their data to be leaked Vs a non secured
>> commercial entity :)
> 
> I have been running experiments in this area for the past few decades,
> using unique addresses created in a variety of domains on a variety
> of mail servers on a variety of networks.  The results have been
> enlightening - and sometimes, very disappointing.

Rich, have you published these anywhere (if not, do you intend to)?  I'd be 
*very* interested in seeing at least a summary, if not the data.

Anne
 
Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Issues delivering to Hotmail addresses

[Anne P. Mitchell Esq.]

 
> 
>  
> And as a follow-up, eyeballs have been successfully attracted.

Michael, you *totally* rock; you are *very* appreciated!

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Is BitBounce for real?

[Anne P. Mitchell Esq.]

As to why, given where they are, and that they already have a seed round, and 
the current sexiness of cryptocurrency, I have to imagine that their endgame is 
to get VC funds, and then maybe a cushy exit.

It's the Silicon Valley way.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Proofpoint contact please

[Anne P. Mitchell Esq.]

> Various organizations are reporting persistent issues delivering email to 
> various sites. Normal support channels aren't working. I would be grateful if 
> someone from Proofpoint could ping me off-list.


I agree -  we've had at least one ESP lose clients because the blackhole that 
is Proofpoint made it impossible to remediate whatever the issues were (if any) 
let alone to get legitimate email delivered.  Another said they were close to 
going under because of it (it being no way to determine what is going on over 
at and for Proofpoint).

Anne
 
Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Just because it is Friday.. Could and AT/SBC/Bellsouth contact me offlist?

[Anne P. Mitchell Esq.]

This is part of the service we offer (intermediating between senders and 
receivers)... if each of you wants to contact me offlist I'll see if we can 
help.

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
http://www.SuretyMail.com/
http://www.SuretyMail.eu/

Attorney at Law / Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, California Bar Cyberspace Law Committee
Member, Colorado Cybersecurity Consortium
Member, Board of Directors, Asilomar Microcomputer Workshop
Member, Advisory Board, Cause for Awareness
Member, Elevations Credit Union Member Council
Former Chair, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose

Available for consultations by special arrangement.
amitch...@isipp.com | @AnnePMitchell
Facebook/AnnePMitchell  | LinkedIn/in/annemitchell
 
> 
> Me too please, I’m not getting anywhere with formal channels.
>  
> Thanks
> Paul Burrows
> Forcepoint
>  
> From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Peddemors
> Sent: 01 December 2017 20:09
> To: mailop@mailop.org
> Subject: EXTERNAL: [mailop] Just because it is Friday.. Could and 
> AT/SBC/Bellsouth contact me offlist?
>  
> 
> 
>  
> -- 
> "Catch the Magic of Linux..." 
>  
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
>  
> A Wizard IT Company - For More Info http://www.wizard.ca 
> "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada 
>  
> This email and any electronic data contained are confidential and intended 
> solely for the use of the individual or entity to which they are addressed. 
> Please note that any views or opinions presented in this email are solely 
> those of the author and are not intended to represent those of the company. 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] WHAT can be done about Ezoic and their spamming through Google?

[Anne P. Mitchell Esq.]

 
> 
> On 23/12/2015 02:28, mikea wrote:
>> On Tue, Dec 22, 2015 at 09:14:51AM -0700, Anne Mitchell wrote:
>>> We are repeatedly being spammed by Ezoic, and we have reported them to 
>>> their providers (enom, scalr, Amazon and Google multiple times).
>>> Just *what* can be done about a non-moving target spammer who is sending 
>>> through Google (already reported to them) and hosting on Amazon? (ditto.)
>>> I don't mean at the local level, I mean about getting them shut down (or at 
>>> least listed).
>> At this point, all I can think of is this:
>>If you don't complain, then they can't ignore you.
>> Google and Amazon are "too big to be shut down", "too important to be
>> blocked", and "too big to be influenced from outside". That's a bad
>> combination.
> 
> 
> Rubbish! no-ones too big to be blocked, it's this type of attitude that 
> allows the bigger players to sit back and say "ah so what" when you do 
> complain.


As a follow up, either Google finally booted them, or they are sharing the 
wealth, as we just got this Ezoic spam and it went out through Amazon..here's 
the complaint we just sent in case any of you are interested:



> Hey Anne- I've reached out to you a handful of times in the last couple of 
> years and I thought, 'hey, what's one more time?' 

Hey Piper - I'll tell you what "one more time is"..it's the time I report you 
and Ezoic (already known as big fat spammers) for spamming us!

Providers:

The below is 100% pure spam, sent to a role account that cannot (and
indeed did not) sign up for anything. 

In other words, this spam was sent to a *scraped* email address.

You are receiving this report, with full headers and content below,
because your company in some manner hosts or otherwise facilitates 
the organization that is sending the spam.

Amazon, you are hosting this spammer's spam-sending on your EC2 system.

Amazon, you are also hosting this spammer's website.

Scalr, you are providing their DNS.

If you are not hosting the server through which the spam email is
being sent, then you are receiving this because you are the registrar
of record for the domain of this spammer, you are hosting their DNS,
or in some other way providing material support to their spamming. 

Please let us know if you need any further information, and please let
us know what actions have been taken regarding my complaint.  Inaction
or lack of reply will result in this matter being reported to
Spamhaus, Spamcop, and other anti-spam blacklists. 

Thank you.

Kind regards,

Anne

Anne P. Mitchell, Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Act of 2003
CEO/President: Institute for Social Internet Public Policy
Member: California Bar Cyberspace Law Committee
CEO: ISIPP SuretyMail Email Accreditation
http://www.ISIPP.com/
http://www.ISIPP.eu/



-- Original Message --
> From: Piper Lofrano 
> Subject: Google Certified Tools
> Date: November 15, 2017 at 5:29:25 PM MST
> To: i...@theinternetpatrol.com
> Message-Id: 
> Reply-To: Piper Lofrano 
> Delivered-To: anne.mitchell@gmail.com,
> i...@theinternetpatrol.com
> Received: by 10.25.228.77 with SMTP id b74csp1809564lfh; Wed, 15 Nov 2017 
> 16:29:32 -0800 (PST),
> from partita.isipp.com (partita.isipp.com. [69.12.213.130]) by mx.google.com 
> with ESMTPS id f19si19047909plr.675.2017.11.15.16.29.31 for 
>  (version=TLS1_2 
> cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 15 Nov 2017 16:29:32 
> -0800 (PST),
> from concerto.isipp.com (69-12-212-226.static.sonic.net [69.12.212.226]) by 
> partita.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id vAG0TUlc016183 for 
> ; Wed, 15 Nov 2017 16:29:30 -0800,
> from p3plsmtp02-06-26.prod.phx3.secureserver.net 
> (p3plsmtp02-06.prod.phx3.secureserver.net [72.167.218.36]) by 
> concerto.isipp.com (Postfix) with ESMTP id 04C244C0033 for 
> ; Wed, 15 Nov 2017 16:29:29 -0800 (PST),
> (qmail 27988 invoked from network); 16 Nov 2017 00:29:29 -,
> (qmail 27985 invoked by uid 30297); 16 Nov 2017 00:29:29 -,
> from unknown (HELO p3plibsmtp01-01.prod.phx3.secureserver.net) 
> ([72.167.238.33]) (envelope-sender ) by 
> p3plsmtp02-06-26.prod.phx3.secureserver.net (qmail-1.03) with SMTP for 
> ; 16 Nov 2017 00:29:29 -,
> from mail-qt0-f172.google.com ([209.85.216.172]) by bizsmtp with SMTP id 
> F83ce1epm1LtYF83ceAJfT; Wed, 15 Nov 2017 17:29:29 -0700,
> by mail-qt0-f172.google.com with SMTP id 1so38709450qtn.3 for 
> ; Wed, 15 Nov 2017 16:29:28 -0800 (PST),
> from s.ezoic.com (ec2-50-19-94-188.compute-1.amazonaws.com. [50.19.94.188]) 
> by smtp.gmail.com with ESMTPSA id p34sm4301107qkh.28.2017.11.15.16.29.26 for 
>  (version=TLS1 cipher=AES128-SHA bits=128/128); 
> Wed, 15 Nov 2017 16:29:26 -0800 (PST)