Re: [mailop] Return Path / Sender Score

[Mark Foster via mailop]

Michael,

I had a grump at Kogan / Dick Smith via email when I wound up on what I assume 
is the same distribution list.

Speaking very firmly with them via Twitter initially, and then ultimately via 
email with someone at Kogan, the spam seems to have stopped. 
They alleged that someone submitted my email address to them along with a bogus 
geographic location (An Auckland suburb I've never resided in), I pointed out 
that it was fraudulent.
So it appears to a be a case of poor double-opt-in practices, someone's 
submitted a bunch of addresses to them for direct marketing purposes and they 
havn't sanitised them at all.

I don't think engaging here is likely to be productive.

Mark.

-Original Message-
From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Michael Hallager 
via mailop
Sent: Thursday, 12 September 2019 10:07 a.m.
To: mailop@mailop.org
Subject: Re: [mailop] Return Path / Sender Score

Update:
After a brief respite (or maybe they didn't send anything out) kogan.com / 
dicksmith.co.nz are right back in to spamming.
I did note their latest email did not hit the Return Path rule, so I don't know 
what the status is there.

Michael

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Michael Hallager via mailop]

Update:
After a brief respite (or maybe they didn't send anything out) kogan.com 
/ dicksmith.co.nz are right back in to spamming.
I did note their latest email did not hit the Return Path rule, so I 
don't know what the status is there.


Michael

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Steven Champeon via mailop]

on Thu, Aug 22, 2019 at 06:39:07AM -0400, Rob McEwen via mailop wrote:
> This "no-javascript" loophole is HUGE!

We have a contact form and an evaluation request form that happen to use
mostly the same markup and CGI perl script to process them. I'd say
around 99% of the submissions we get from them are spam, from around 70
different ASNs (mostly Russian/Eastern European, but also M247 for some
reason) so I have implemented a way to refuse such submissions from
entire ASNs. This on top of the CAPTCHA we already added when things
started getting silly.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
Internet security and antispam hostname intelligence: http://enemieslist.com/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Tom Bartel via mailop]

Steve,

Yes there were significant cuts, which really sucked, but aa robust
Certification team remains intact and we are working diligently to provide
a quality list.  I think our team addressed this offline with Michael (or
that it's still under investigation).

On Wed, Aug 21, 2019 at 2:39 AM Steve Atkins via mailop 
wrote:

>
> On 21/08/2019 09:16, Michael Hallager via mailop wrote:
> > A well known Australian electronics retailer has recently started
> > spamming me. It's plainly obvious where they - or someone who provided
> > it to them - got the email address from the WHOIS because that is the
> > only place that address is published.
> >
> > Unfortunately, I have also noticed this sender is certified by Return
> > Path, and getting 3 points off our anti-spam because of this. I have
> > contacted Return Path and their response would suggest they basically
> > don't care.
> >
> > Has anyone else had this experience with Return Path?
>
> Return Path was bought out recently by https://www.validity.com/, with
> much of the staff being fired and many offices closed.
>
> If you find that Return Path certification doesn't correlate with
> senders being a source of wanted email you should probably configure
> your spam filtering rules to match.
>
> Cheers,
>Steve
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


-- 
Phone: 303.517.9655
Twitter: @barteltom
Instagram: https://instagram.com/bartel_photo
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Rob McEwen via mailop]

On 8/22/2019 3:40 AM, Michael Hallager via mailop wrote:
How they do this - and I kidd you not - if they offer "data entry" 
jobs to people in cheaper labour countries (the Philippines for 
example) to manually get past CAPCHAS.



That is what many think is happening - and maybe that is happening in 
some cases - but a couple of days ago I was on the phone talking with 
the main deliverability person for a leading ESP - and she said that she 
figured out that one of the main CAPTCHA services (Google's? - I forgot 
which) - has a feature whereby if the client have javascript turned off, 
then (a) the CAPTCHA stops even trying to work AND (b) the form STILL 
works. She said that this is the DEFAULT setting, and you have to change 
just one tiny setting to get it to NOT allow the form to work if 
javascript is off. So when this is at its default setting, humans have 
to fill out the CAPTCHA, but the CAPTCHA is 100% worthless against bots 
that aren't using (or needing) javascript to submit the form.


While CAPTCHAs are beat by some "cheap labor" tactics - this 
configuration might be the real problem the vast majority of the time - 
but it is causing many to think that CAPTCHAs are being beat more often 
than what is really happening.


This "no-javascript" loophole is HUGE!

NOTE: After I learn a little more about this, I'm going to repost this 
as its own thread.


--
Rob McEwen
https://www.invaluement.com
 



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Mathieu Bourdin via mailop]

Hi again,


First, a precision: my reply is missing 2 lines wich, for short, were saying: 
"but usually you don't get listed on the first sending to a trap, it's more an 
accumulation of emails to different traps that get you in trouble form what I 
understand of how traps work".
That's why when you ask for a bounce after data this is a problem to what traps 
users want: they don't mind about one or two emails sent to an address. They 
are much more interested in "repeat offenders", menaing senders who keep 
sending to the same adress time and time again without checking for reaction. 
Thay don't want to give any possible clue to bad actors by doing something that 
might be recognized as unusual for a mail server, and they want to keep 
receiving the mails wich prove someone is doing somthing wrong (on purpose or 
not is another question).

Second: yeah if the domain/address you are sending to was giving you "proof of 
life" (answers and so on) until very recently and is now being used as a trap 
that would be kinda rude (and not very useful to detect actual spammers), most 
trap owners I have spoken with usually say that they will bounce (hard) mails 
for at least 6 months straight on re-used addresses (and most say they do it 
for at least a year).


Mathieu Bourdin



-Message d'origine-
De : Ralf Hildebrandt [mailto:ralf.hildebra...@charite.de]
Envoyé : jeudi 22 août 2019 10:48
À : Mathieu Bourdin 
Cc : mailop@mailop.org
Objet : Re: Return Path / Sender Score



* Mathieu Bourdin mailto:m.bour...@dolist.com>>:



> >*** Shouldn't spam traps reject all mails after the END-OF-DATA? ***

>

> If they did, they would be easily identifiable, and thus would have no value.



Well, the sender wouldn't know if it's a trap or if the server is just FUBARed 
in some odd way.



> The thing with spamtraps is that they should not be in your DB in the

> first place (especially pristine ones) or should have been trimmed

> from your DB a long time ago (back when they went from a usable user

> address to a bouncing address before being reactivated as a spamtrap).



Yes, but we're using mailman, and always with double-opt in and (of

course) bounce processing (seriously, who wouldn't use bounce processing?!).



In fact, these spamtraps must have been hit quite recently when we already had 
the most recent version of mm2 (the one with reCaptcha). It's totally unclear. 
To me it looks as if a domain wen'T directly from "used for mail" to "used as a 
spamtrap".



--

Ralf Hildebrandt   Charite Universitätsmedizin Berlin

ralf.hildebra...@charite.deCampus 
Benjamin Franklin

https://www.charite.de Hindenburgdamm 30, 12203 Berlin

Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Ralf Hildebrandt via mailop]

* Mathieu Bourdin :

> >*** Shouldn't spam traps reject all mails after the END-OF-DATA? ***
> 
> If they did, they would be easily identifiable, and thus would have no value.

Well, the sender wouldn't know if it's a trap or if the server is just
FUBARed in some odd way.

> The thing with spamtraps is that they should not be in your DB in
> the first place (especially pristine ones) or should have been trimmed
> from your DB a long time ago (back when they went from a usable user
> address to a bouncing address before being reactivated as a spamtrap).

Yes, but we're using mailman, and always with double-opt in and (of
course) bounce processing (seriously, who wouldn't use bounce
processing?!). 

In fact, these spamtraps must have been hit quite recently when we already
had the most recent version of mm2 (the one with reCaptcha). It's
totally unclear. To me it looks as if a domain wen'T directly from
"used for mail" to "used as a spamtrap".

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Michael Hallager via mailop]

On 2019-08-22 19:30, Alberto Miscia via mailop wrote:


Same here and, as a word of warning, they find a way to get through
some of our anti-bot / anti-listbombing systems and we are working on
it. I guess we have to expect a new "flood" in the coming months..


How they do this - and I kidd you not - if they offer "data entry" jobs 
to people in cheaper labour countries (the Philippines for example) to 
manually get past CAPCHAS.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Alberto Miscia via mailop]

>
> We've been able to spot a bunch of our clients getting their (unprotected)
> forms abused since a few months. Bad guys seem to be at work, or maybe just
> preparing something for after the summer holidays.


Same here and, as a word of warning, they find a way to get through some of
our anti-bot / anti-listbombing systems and we are working on it. I guess
we have to expect a new "flood" in the coming months..

That said, if anyone is seeing unexpected confirmation/welcome emails
please report it directly to me or to our abuse dept, we want to collect
few more datapoints.

Thanks.

Alberto Miscia | Head of Deliverability & Compliance | MailUp


On Thu, Aug 22, 2019 at 1:04 AM Benjamin BILLON via mailop <
mailop@mailop.org> wrote:

> > They even had the audacity to send me welcome emails.
> Mhh there might be another scenario, then.
>
> I've been receiving on various email addresses a few Welcome or Confirm
> your subscription emails lately (from brands that don't even exist in my
> country), and I guess they simply don't have a secure form on their
> website, and that bots are playing with it.
> We've been able to spot a bunch of our clients getting their (unprotected)
> forms abused since a few months. Bad guys seem to be at work, or maybe just
> preparing something for after the summer holidays.
>
> It doesn't mean the brands aren't responsible for this; they're supposed
> to offer a secured environment, and not store personal data that aren't
> supposed to be stored. But _maybe_ they're not doing that on purpose.
>
> --
> Benjamin
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Michael Hallager via mailop]

On 2019-08-22 11:02, Benjamin BILLON via mailop wrote:

I've been receiving on various email addresses a few Welcome or
Confirm your subscription emails lately (from brands that don't even
exist in my country), and I guess they simply don't have a secure form
on their website, and that bots are playing with it.
We've been able to spot a bunch of our clients getting their
(unprotected) forms abused since a few months. Bad guys seem to be at
work, or maybe just preparing something for after the summer holidays.


The possibility did cross my mind and if the emails had been 
double-opt-in I would likely have given them the benefit of the doubt. 
But they were not double-opt-in. Neither did they respond to my PM on 
their Facebook page.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Benjamin BILLON via mailop]

> They even had the audacity to send me welcome emails.
Mhh there might be another scenario, then.

I've been receiving on various email addresses a few Welcome or Confirm your 
subscription emails lately (from brands that don't even exist in my country), 
and I guess they simply don't have a secure form on their website, and that 
bots are playing with it.
We've been able to spot a bunch of our clients getting their (unprotected) 
forms abused since a few months. Bad guys seem to be at work, or maybe just 
preparing something for after the summer holidays.

It doesn't mean the brands aren't responsible for this; they're supposed to 
offer a secured environment, and not store personal data that aren't supposed 
to be stored. But _maybe_ they're not doing that on purpose.

--
Benjamin
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Michael Hallager via mailop]

On 2019-08-22 08:47, John Levine via mailop wrote:
Is it "The Good Guys"?  They spammed me from am obviously purchased 
list
a while ago.  That's completely illegal in Australia but their 
authorities

were surprisingly uninterested.


Dick Smith and Kogan - ie: 2 mailing lists. They even had the audacity 
to send me welcome emails.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[John Levine via mailop]

In article <62354c038b62d2068d62284bf0888...@nettrust.nz> you write:
>A well known Australian electronics retailer has recently started 
>spamming me. It's plainly obvious where they - or someone who provided 
>it to them - got the email address from the WHOIS because that is the 
>only place that address is published.

Is it "The Good Guys"?  They spammed me from am obviously purchased list
a while ago.  That's completely illegal in Australia but their authorities
were surprisingly uninterested.

-- 
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Blake Hudson via mailop]

Steve Atkins via mailop wrote on 8/21/2019 3:30 AM:


On 21/08/2019 09:16, Michael Hallager via mailop wrote:
A well known Australian electronics retailer has recently started 
spamming me. It's plainly obvious where they - or someone who 
provided it to them - got the email address from the WHOIS because 
that is the only place that address is published.


Unfortunately, I have also noticed this sender is certified by Return 
Path, and getting 3 points off our anti-spam because of this. I have 
contacted Return Path and their response would suggest they basically 
don't care.


Has anyone else had this experience with Return Path?


Return Path was bought out recently by https://www.validity.com/, with 
much of the staff being fired and many offices closed.


If you find that Return Path certification doesn't correlate with 
senders being a source of wanted email you should probably configure 
your spam filtering rules to match.


Cheers,


That would explain why I just received a sales call today from an 
employee of Validity after I updated our FBL and SenderScore settings 
with Return Path yesterday (even though I opted not to receive marketing 
communication). I assumed they sold a sales lead, but it sounds like 
just internal sharing and not necessarily honoring the opt-in settings 
chosen by users of their free services.




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Michael Wise via mailop]

Sometimes ... pristine ... isn't.

Presuppose y'all are doing bounce processing?

Maybe re-vetting your lists monthly to expose these ... pristine traps ... 
might be in order?



Plus maybe a side-order of …



   [A screenshot of a cell phone  Description automatically generated]

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?



-Original Message-
From: mailop  On Behalf Of Ralf Hildebrandt via 
mailop
Sent: Wednesday, August 21, 2019 1:47 AM
To: mailop@mailop.org
Subject: Re: [mailop] Return Path / Sender Score



* Michael Hallager via mailop mailto:mailop@mailop.org>>:



> Unfortunately, I have also noticed this sender is certified by Return

> Path, and getting 3 points off our anti-spam because of this. I have

> contacted Return Path and their response would suggest they basically don't 
> care.

>

> Has anyone else had this experience with Return Path?



Yes, but we're on the receiving end of the stick: We're running mail.python.org 
[188.166.95.178] (which basically runs hundreds of python-related Mailinglists) 
and get frequently listed for



  "Messages hitting global mailbox provider pristine spam traps"



Which is (given that we're using mailman with double-opt-in) rather unlikely, 
but possible. Who knows!



They're really unhelpful. That is - not helping at all.



--

Ralf Hildebrandt   Charite Universitätsmedizin Berlin

ralf.hildebra...@charite.de<mailto:ralf.hildebra...@charite.de>Campus 
Benjamin Franklin

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.charite.dedata=02%7C01%7Cmichael.wise%40microsoft.com%7Cdfd390d7372a4db6ee4708d72614768f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637019741638696703sdata=GI%2BQtT8gIOCPsCosHsGaVLhkeH7wfLScpIk31lsiLBI%3Dreserved=0
 Hindenburgdamm 30, 12203 Berlin

Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155



___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cdfd390d7372a4db6ee4708d72614768f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637019741638696703sdata=t5O28p5i%2F%2BfQzPDWgOPZqBvxqzM%2BPyPlGoQ2rXgIxJk%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Ralf Hildebrandt via mailop]

* Michael Hallager via mailop :

> Unfortunately, I have also noticed this sender is certified by Return Path,
> and getting 3 points off our anti-spam because of this. I have contacted
> Return Path and their response would suggest they basically don't care.
> 
> Has anyone else had this experience with Return Path?

Yes, but we're on the receiving end of the stick: We're running
mail.python.org [188.166.95.178] (which basically runs hundreds of
python-related Mailinglists) and get frequently listed for 

  "Messages hitting global mailbox provider pristine spam traps" 
  
Which is (given that we're using mailman with double-opt-in) rather
unlikely, but possible. Who knows!

They're really unhelpful. That is - not helping at all.

-- 
Ralf Hildebrandt   Charite Universitätsmedizin Berlin
ralf.hildebra...@charite.deCampus Benjamin Franklin
https://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Return Path / Sender Score

[Steve Atkins via mailop]

On 21/08/2019 09:16, Michael Hallager via mailop wrote:
A well known Australian electronics retailer has recently started 
spamming me. It's plainly obvious where they - or someone who provided 
it to them - got the email address from the WHOIS because that is the 
only place that address is published.


Unfortunately, I have also noticed this sender is certified by Return 
Path, and getting 3 points off our anti-spam because of this. I have 
contacted Return Path and their response would suggest they basically 
don't care.


Has anyone else had this experience with Return Path?


Return Path was bought out recently by https://www.validity.com/, with 
much of the staff being fired and many offices closed.


If you find that Return Path certification doesn't correlate with 
senders being a source of wanted email you should probably configure 
your spam filtering rules to match.


Cheers,
  Steve


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Return Path / Sender Score

[Michael Hallager via mailop]

A well known Australian electronics retailer has recently started 
spamming me. It's plainly obvious where they - or someone who provided 
it to them - got the email address from the WHOIS because that is the 
only place that address is published.


Unfortunately, I have also noticed this sender is certified by Return 
Path, and getting 3 points off our anti-spam because of this. I have 
contacted Return Path and their response would suggest they basically 
don't care.


Has anyone else had this experience with Return Path?

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop