Re: : 9D character used in words to avoid detection
On Wed, 21 Nov 2018 09:10:25 -0800 (PST) John Hardin wrote: > > >> https://ruleqa.spamassassin.org/20181119-r1846888-n/__UNICODE_OBFU_ZW/detail > >> > > > > > > For this to work with 'normalize_charset 1', \x9d needs to be > > replaced with (?:\x9d|\xe2\x80\x8c) > > That makes an *enormous* difference: > > https://ruleqa.spamassassin.org/20181121-r1847080-n/UNICODE_OBFU_ZW/detail > > Without the normalized version it was only hitting ~5 spams in the > entire corpus. I presume the mass checks run with defaults, which looks to be still 'normalize_charset 0' in trunk. So the new hits appear to be coming from spams with actual UTF-8, rather than 9D normalized to UTF-8. This seems a bit strange.
Re: DKIMWL_WL_MED spams
On 11/21/18 12:13 PM, Matus UHLAR - fantomas wrote: > Hello, > > I have recently noticed spams spreading via amasonses.com and outlook.com. > hitting DKIMWL_WL_MED that pushed score below threshold. > > especially amazonses.com mail seemed to be amazon cloud servers. > > Has anyone noticed this too? > > I have disabled DKIMWL_WL_MED for now. > Amazon has either loosened up their security or they have some customers that weren't properly vetted. I have noticed an uptick in SES spam lately too. I report them to SpamCop which reports them to Amazon's email abuse. Please report them to Amazon to help all of us out. Just blocking them locally doesn't really help anyone because the spammer will use another throwaway domain via SES to spam again soon. The fact that Amazon will handle abuse reports properly means they should get some trust points subtracted. Users should be able to unsubscribe and give feedback that "I never signed up for this email" for the ones that get through. The type of spam that is coming from Amazon SES lately is mostly people trying to sell contact lists. I take it as a challenge to enhance my regex that blocks these types of emails not just from SES. -- David Jones
Re: semi-OT - reporting an organization that ignores unsubscribe requests
The "right to be forgotten" is the natural outcome of three decades of self-inflicted pain. Some argue that deleting old e-mails is like re-writing history. Other, like me, argue that e-mail was born as an informal medium, different than, for example, a published book or factual evidence of a genocide. I contend that e-mail can only be included as evidence in court if the forensics are both sound and complete, because (most) e-mails can be easily fabricated. Would you like to be convicted by a fake e-mail? I guess not. Also, many of those "archives" have no legal or commercial value. They are not a book you can re-sell. Granted that, there are people who committed suicide out of shame, because they were the object of defamation or cyberbullying, things that move almost no one, until it happens to their children. A number of lawyers in the EU just couldn't pass by without taking notice. Both the US and the UN at some point will follow up, and make the world a better place. On Wed, Nov 21, 2018 at 20:39, Anne P. Mitchell, Esq. wrote >> On Nov 21, 2018, at 12:03 PM, Bill Cole >> wrote: >> >> On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote: >> >>> Except for the private right of action provided in GDPR, and small claims >>> court in the U.S. >> >> Are you saying an EU law can create an actionable civil tort claim in a US >> state small claims court for actions which are not illegal under any US >> state or federal law? > > No, I'm saying that anybody can sue anybody for anything in the U.S., and > it's extremely easy to file an action in small claims court. It wouldn't even > have to be, technically, 'under' GDPR (as you mention, there is always tort) > - but GDPR would be the hook that they would use, and the authority (note I > said authority, not law) they would cite. > > That said, I think it's much more likely that the lawsuits already filed > against Google and Facebook by Max Schrems will be ones to test the > jurisdiction/enforcement issues. > > Anne > > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Legislative Consultant > CEO/President, Institute for Social Internet Public Policy > Board of Directors, Denver Internet Exchange > Board of Directors, Asilomar Microcomputer Workshop > Legal Counsel: The CyberGreen Institute > Legal Counsel: The Earth Law Center > California Bar Association > Cal. Bar Cyberspace Law Committee > Colorado Cyber Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> On Nov 21, 2018, at 12:03 PM, Bill Cole > wrote: > > On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote: > >> Except for the private right of action provided in GDPR, and small claims >> court in the U.S. > > Are you saying an EU law can create an actionable civil tort claim in a US > state small claims court for actions which are not illegal under any US state > or federal law? No, I'm saying that anybody can sue anybody for anything in the U.S., and it's extremely easy to file an action in small claims court. It wouldn't even have to be, technically, 'under' GDPR (as you mention, there is always tort) - but GDPR would be the hook that they would use, and the authority (note I said authority, not law) they would cite. That said, I think it's much more likely that the lawsuits already filed against Google and Facebook by Max Schrems will be ones to test the jurisdiction/enforcement issues. Anne Anne P. Mitchell, Attorney at Law GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center California Bar Association Cal. Bar Cyberspace Law Committee Colorado Cyber Committee Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: semi-OT - reporting an organization that ignores unsubscribe requests
Benny Pedersen wrote: > Kevin Miller wrote: > > My particular favorite fix is, if the mail list has a web preferences > > page, to go to there and edit the preferences then set the email address > > to postmaster@localhost. Now it's their problem. > > If thay test fqdn it Will be your problem > :) I have often done similar by sending the email to nobody@theirdomain where theirdomain is the sites fqdn. I am often surprised at how often it is rejected as already in use by another account! Someone else has beat me to it! Bob
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 21 Nov 2018, at 13:03, Anne P. Mitchell, Esq. wrote: Except for the private right of action provided in GDPR, and small claims court in the U.S. Are you saying an EU law can create an actionable civil tort claim in a US state small claims court for actions which are not illegal under any US state or federal law? That would be novel... have there actually been successful cases? -- Bill Cole
Re: semi-OT - reporting an organization that ignores unsubscribe requests
P.S. I should have added: the whole jurisdiction issue is, clinically speaking, one of the most interesting parts of GDPR. I've never seen a law that so broadly asserted that the country or union from which the law was promulgated will enforce it anywhere and everywhere - it's pretty damned gutsy. It will almost certainly be sorted out through lawsuits, and that will definitely be popcorn time. > On Nov 21, 2018, at 11:03 AM, Anne P. Mitchell, Esq. > wrote: > > > >> On Nov 21, 2018, at 8:48 AM, Bill Cole >> wrote: >> >> There is no reason for anyone without a commercial presence in the EU or CH >> to be concerned with GDPR. > > Except for the private right of action provided in GDPR, and small claims > court in the U.S. > > And, for entities that spam enough people "in the EU" (for our > analysis/explanation of that, along with why U.S. companies should comply > with GDPR, see here: > https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ > NB: GDPR does not state anywhere that it applies to EU residents or > citizens, only the vague and ambiguous "in the EU") the language in GDPR that > states they will go after anyone, anywhere in the world. > > Anne > > Anne P. Mitchell, > Attorney at Law > GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant > Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) > Legislative Consultant > CEO/President, Institute for Social Internet Public Policy > Board of Directors, Denver Internet Exchange > Board of Directors, Asilomar Microcomputer Workshop > Legal Counsel: The CyberGreen Institute > Legal Counsel: The Earth Law Center > California Bar Association > Cal. Bar Cyberspace Law Committee > Colorado Cyber Committee > Ret. Professor of Law, Lincoln Law School of San Jose > Ret. Chair, Asilomar Microcomputer Workshop > > > >
DKIMWL_WL_MED spams
Hello, I have recently noticed spams spreading via amasonses.com and outlook.com. hitting DKIMWL_WL_MED that pushed score below threshold. especially amazonses.com mail seemed to be amazon cloud servers. Has anyone noticed this too? I have disabled DKIMWL_WL_MED for now. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
> On Nov 21, 2018, at 8:48 AM, Bill Cole > wrote: > > There is no reason for anyone without a commercial presence in the EU or CH > to be concerned with GDPR. Except for the private right of action provided in GDPR, and small claims court in the U.S. And, for entities that spam enough people "in the EU" (for our analysis/explanation of that, along with why U.S. companies should comply with GDPR, see here: https://www.isipp.com/resources/how-email-marketing-must-comply-with-the-eu-general-data-protection-regulation-gdpr/ NB: GDPR does not state anywhere that it applies to EU residents or citizens, only the vague and ambiguous "in the EU") the language in GDPR that states they will go after anyone, anywhere in the world. Anne Anne P. Mitchell, Attorney at Law GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) Legislative Consultant CEO/President, Institute for Social Internet Public Policy Board of Directors, Denver Internet Exchange Board of Directors, Asilomar Microcomputer Workshop Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law Center California Bar Association Cal. Bar Cyberspace Law Committee Colorado Cyber Committee Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Re: Lost mail during update
> John Hardin kirjoitti 21.11.2018 kello 18.52: > > On Wed, 21 Nov 2018, Bill Cole wrote: > >> On 21 Nov 2018, at 1:56, @lbutlr wrote: >> >>> While updating spamassassin, several emails were destructive lost because >>> of the absence of spamc. To be fair, the date did get stuck unexpectedly >>> asking for a confirmation, but still I’d like to avoid this happening again. >>> Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: >>> to=, orig_to=, relay=spam-filter, >>> delay=0.63, delays=0.61/0/0/0.02, dsn=2.0.0, status=sent (delivered via >>> spam-filter service (/usr/local/bin/spam-filter: line 23: >>> /usr/local/bin/spamc: No such file or directory)) >>> Nov 20 10:20:34 mail postfix/qmgr[85457]: 42zsss3jHVzcfQ1: removed >>> The result is a message that has a minimal set of headers and no content. >> >> This is a Postfix configuration problem. Don't use the 'pipe' transport for >> spam filtering or make sure that whatever it is calling is a *robust* script >> that does not rely on the pipe transport to handle breakage. > > I'm not familiar with Postfix. > > Is /usr/local/bin/spam-filter a standard Postfix message processing interface > mechanism that has been locally configured to call spamc in a fragile manner? > > Or is /usr/local/bin/spam-filter a third-party filtering tool with SA hooks > such that this failure should be reported to *them*? > s/missing spam/missing spamc/ Damned autocorrect…
Re: Lost mail during update
> John Hardin kirjoitti 21.11.2018 kello 18.52: > > On Wed, 21 Nov 2018, Bill Cole wrote: > >> On 21 Nov 2018, at 1:56, @lbutlr wrote: >> >>> While updating spamassassin, several emails were destructive lost because >>> of the absence of spamc. To be fair, the date did get stuck unexpectedly >>> asking for a confirmation, but still I’d like to avoid this happening again. >>> Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: >>> to=, orig_to=, relay=spam-filter, >>> delay=0.63, delays=0.61/0/0/0.02, dsn=2.0.0, status=sent (delivered via >>> spam-filter service (/usr/local/bin/spam-filter: line 23: >>> /usr/local/bin/spamc: No such file or directory)) >>> Nov 20 10:20:34 mail postfix/qmgr[85457]: 42zsss3jHVzcfQ1: removed >>> The result is a message that has a minimal set of headers and no content. >> >> This is a Postfix configuration problem. Don't use the 'pipe' transport for >> spam filtering or make sure that whatever it is calling is a *robust* script >> that does not rely on the pipe transport to handle breakage. > > I'm not familiar with Postfix. > > Is /usr/local/bin/spam-filter a standard Postfix message processing interface > mechanism that has been locally configured to call spamc in a fragile manner? > > Or is /usr/local/bin/spam-filter a third-party filtering tool with SA hooks > such that this failure should be reported to *them*? > The spam-filter script must not ignore or discard the error code that OS gets from missing spam. If it does not have the shebang as #!/bin/bash -e and executes some other command after spamc the script return code will be the last commands exit status. It seems that something along those lines took place now. Br. jarif
Re: : 9D character used in words to avoid detection
On Tue, 20 Nov 2018, RW wrote: On Mon, 19 Nov 2018 13:31:47 -0800 (PST) John Hardin wrote: On Mon, 19 Nov 2018, Joseph Brennan wrote: Example: Obvi=9Do=9Dusly yo=9Du=9D ca=9Dn can cha=9Dnge=9D i=9Dt In windows-1256, the presence of =9D between characters under decimal-128 is suspicious, regardless of Bitcoin. It seems like a simple rule but even rawbody does not check quoted-printable patterns. Plugin maybe? Has this already been done and I've missed it? It's there, but performing poorly: https://ruleqa.spamassassin.org/20181119-r1846888-n/__UNICODE_OBFU_ZW/detail For this to work with 'normalize_charset 1', \x9d needs to be replaced with (?:\x9d|\xe2\x80\x8c) That makes an *enormous* difference: https://ruleqa.spamassassin.org/20181121-r1847080-n/UNICODE_OBFU_ZW/detail Without the normalized version it was only hitting ~5 spams in the entire corpus. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- [For Earth Day] Obama flew a 747 all the way to the Everglades then rode in a massive SUV motorcade to tell you to cut carbon emissions.-- Twitter satirist @hale_razor --- 601 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On Wed, 21 Nov 2018, Rupert Gallagher wrote: On Wed, Nov 21, 2018 at 03:41, John Hardin wrote: On Tue, 20 Nov 2018, Rupert Gallagher wrote: The email address is an address, part of your personally identifiable data. I'm not disputing that. I write software that deals with PII in my day job. If an identifiable entity in the US sends mass mail to European addresses, then they must have a representative in Europe and comply with the GDPR. (1) how do you *force* someone in the US to have a representative in Europe? You file a complaint with your national ombudsman. In your case, stress the fact that they are processing political data in addition to common data. Do not expect immediate termination of spam. The ombudsman will proceed to verify the facts, identify the parties involved, check compliance claims, and enforce the EU-US bilateral agreement. see the discussion of the bilateral agreement below. In the end, the spammers Point of order: we're not talking about spammers per se, we're talking about a legitimate US-only organization (NOT necessarily a business) that is sending email to an EU correspondant, possibly at that person's automatically-processed request (e.g. by subscribing to a mailing list). will most likely refuse to appoint an EU representative, Why would the organization do so, if their only interest is in the US? and the EU will shut down their website. If the organization has no presence in the EU, and the website is not hosted in the EU, *how*? The EU is *not* the World Government and Ultimate Internet Regulatory Authority. (2) if they do no business in the EU, and do not have any presence in the EU (sending email to addresses in the EU is not "having a presence in the EU"), how are they subject to fines for violating the law in the EU? If, for example, I - a private, non-commercial entity - hosted a mailing list on my private server (which I have done in the past), and someone in the EU subscribed and posted to that list and their email address was captured in the list archives, and they later unsubscribed and asked for their email address to be removed from the list archives, and I (for whatever reason) did not do so, *how* would an EU court levy fines against me? The US is not a signatory to the GDPR as far as I am aware, and I have *no* legal presence outside the US. The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ By my quick reading: (1) that only applies to businesses and (apparently) common carriers - I don't see any suggestion that something like a domestic political advocacy group would be affected (I'm presuming that since such is not a commercial entity or common carrier they are not subject to the jurisdiction of the FTC or DOT), and certainly not a private citizen acting on their own behalf (like in my mailing list hypothetical above). (2) it is a *voluntary* framework for assuring your customers you abide by requirements aligned with the GDPR, with certification by a third party that you do so. (3) it only provides for punishment of companies that have *voluntarily* enrolled and don't actually implement the required controls, which is punished as "deceptive advertising" (i.e. claiming to protect your privacy but not actually doing so); there are fines, but apparently there is no provision for the *huge* fines that GDPR threatens, and I see no provision for "shutting down a website" (though that may be dragged in via other FTC regulations related to deceptive advertising). If a company persistently violates the terms of their enrollment they will be removed from the program. So: that does not appear to apply at all to me as a private citizen running a mailing list, and *probably* does not apply to purely-US non-business entities (e.g. a political advocacy organization) that have not applied for membership in the program so that they can publicly claim to be protecting your privacy under a framework similar to the GDPR. On Tue, Nov 20, 2018 at 17:03, John Hardin wrote: On Tue, 20 Nov 2018, Rupert Gallagher wrote: Yes, if you are European, and might get some money as compensation. From a US political advocacy group which has no commercial presence in EU? How does GDPR apply in that situation? On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: Gents, I somehow became subscribed to a list, political in nature, in whose mail I have no interest. This is a legitimate AFAIK, US organization. Thus far, several uses of their unsubscribe link had not provided relief. Direct email to the founder and operations manager seem to have been ignored as well. While I can just dump their mail, it offends my finely hones sense of propriety, justice and my all around good nature. Besides, it hoses me off. So, is there some "authority" to which I can report these a**holes? that might have an effect? -- John Hardin KA7OHZ
Re: Lost mail during update
On Wed, 21 Nov 2018, Bill Cole wrote: On 21 Nov 2018, at 1:56, @lbutlr wrote: While updating spamassassin, several emails were destructive lost because of the absence of spamc. To be fair, the date did get stuck unexpectedly asking for a confirmation, but still I’d like to avoid this happening again. Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: to=, orig_to=, relay=spam-filter, delay=0.63, delays=0.61/0/0/0.02, dsn=2.0.0, status=sent (delivered via spam-filter service (/usr/local/bin/spam-filter: line 23: /usr/local/bin/spamc: No such file or directory)) Nov 20 10:20:34 mail postfix/qmgr[85457]: 42zsss3jHVzcfQ1: removed The result is a message that has a minimal set of headers and no content. This is a Postfix configuration problem. Don't use the 'pipe' transport for spam filtering or make sure that whatever it is calling is a *robust* script that does not rely on the pipe transport to handle breakage. I'm not familiar with Postfix. Is /usr/local/bin/spam-filter a standard Postfix message processing interface mechanism that has been locally configured to call spamc in a fragile manner? Or is /usr/local/bin/spam-filter a third-party filtering tool with SA hooks such that this failure should be reported to *them*? -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Vista: because the audio experience is *far* more important than network throughput. --- 601 days since the first commercial re-flight of an orbital booster (SpaceX)
Re: Lost mail during update
On 21 Nov 2018, at 1:56, @lbutlr wrote: While updating spamassassin, several emails were destructive lost because of the absence of spamc. To be fair, the date did get stuck unexpectedly asking for a confirmation, but still I’d like to avoid this happening again. Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: to=, orig_to=, relay=spam-filter, delay=0.63, delays=0.61/0/0/0.02, dsn=2.0.0, status=sent (delivered via spam-filter service (/usr/local/bin/spam-filter: line 23: /usr/local/bin/spamc: No such file or directory)) Nov 20 10:20:34 mail postfix/qmgr[85457]: 42zsss3jHVzcfQ1: removed The result is a message that has a minimal set of headers and no content. This is a Postfix configuration problem. Don't use the 'pipe' transport for spam filtering or make sure that whatever it is calling is a *robust* script that does not rely on the pipe transport to handle breakage.
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On 21 Nov 2018, at 9:03, Rupert Gallagher wrote: On Wed, Nov 21, 2018 at 03:41, John Hardin wrote: [...] The US is not a signatory to the GDPR as far as I am aware, and I have *no* legal presence outside the US. The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ It's widely misunderstood how hard it is for the US government to enforce the laws of other countries on US people and companies. Participation in Privacy Shield is an entirely voluntary program and the only punishment for a self-certifying entity that claims to be complying is that if the FTC determines that they persist in non-compliance, they are removed from the list of complying entities and added to a list of persistent non-compliers. Beyond that, the only punishment would be if they continue to claim participation in Privacy Shield (i.e. simple fraud.) There is no reason for anyone without a commercial presence in the EU or CH to be concerned with GDPR.
Re: Sought Rules
On 21 Nov 2018, at 4:04, @lbutlr wrote: The page at https://wiki.apache.org/spamassassin/ImproveAccuracy lists Sought rules as recommended. The link leads to https://wiki.apache.org/spamassassin/SoughtRules which states "this is no longer active, and should not be used.” Fixed.
Re: Lost mail during update
@lbutlr wrote: While updating spamassassin, several emails were destructive lost because of the absence of spamc. To be fair, the date did get stuck unexpectedly asking for a confirmation, but still I’d like to avoid this happening again. Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: to=, orig_to=, relay=spam-filter, delay=0.63, delays=0.61/0/0/0.02, dsn=2.0.0, status=sent (delivered via spam-filter service (/usr/local/bin/spam-filter: line 23: /usr/local/bin/spamc: No such file or directory)) Nov 20 10:20:34 mail postfix/qmgr[85457]: 42zsss3jHVzcfQ1: removed The result is a message that has a minimal set of headers and no content. It's up to whatever calls spamc to handle this correctly. The custom delivery handler we use has a sub to check for several key "does this thing exist?" requirements, including "does spamc exist in the right place, and is it executable?". It also has a couple of last-minute checks for other, more subtle failures in piping a message to spamc (and other programs), and returns the appropriate error codes to the delivering MTA. -kgd
Re: Lost mail during update
On 21/11/18 07:56, @lbutlr wrote: While updating spamassassin, several emails were destructive lost because of the absence of spamc. To be fair, the date did get stuck unexpectedly asking for a confirmation, but still I’d like to avoid this happening again. Nov 20 10:20:34 mail postfix/pipe[73448]: 42zsss3jHVzcfQ1: to=, orig_to=, relay=spam-filter, delay=0.63, delays=0.61/0/0/0.02, dsn=2.0.0, status=sent (delivered via spam-filter service (/usr/local/bin/spam-filter: line 23: /usr/local/bin/spamc: No such file or directory)) Nov 20 10:20:34 mail postfix/qmgr[85457]: 42zsss3jHVzcfQ1: removed The result is a message that has a minimal set of headers and no content. Since you use Postfix, I highly advise you to switch either to a milter or a content_filter to scan emails. If you'd have used one of this systems, emails would have been 4xx'd and thus requeued by the original server. Regards Daniele
Re: semi-OT - reporting an organization that ignores unsubscribe requests
On Wed, Nov 21, 2018 at 03:41, John Hardin wrote: > On Tue, 20 Nov 2018, Rupert Gallagher wrote: > >> The email address is an address, part of your personally identifiable >> data. > > I'm not disputing that. I write software that deals with PII in my day job. > >> If an identifiable entity in the US sends mass mail to European >> addresses, then they must have a representative in Europe and comply >> with the GDPR. > > (1) how do you *force* someone in the US to have a representative in > Europe? > You file a complaint with your national ombudsman. In your case, stress the > fact that they are processing political data in addition to common data. Do > not expect immediate termination of spam. The ombudsman will proceed to > verify the facts, identify the parties involved, check compliance claims, and > enforce the EU-US bilateral agreement. In the end, the spammers will most > likely refuse to appoint an EU representative, and the EU will shut down > their website. > (2) if they do no business in the EU, and do not have any presence in the > EU (sending email to addresses in the EU is not "having a presence in the > EU"), how are they subject to fines for violating the law in the EU? > > If, for example, I - a private, non-commercial entity - hosted a mailing > list on my private server (which I have done in the past), and someone in > the EU subscribed and posted to that list and their email address was > captured in the list archives, and they later unsubscribed and asked for > their email address to be removed from the list archives, and I (for > whatever reason) did not do so, *how* would an EU court levy fines against > me? > > The US is not a signatory to the GDPR as far as I am aware, and I have > *no* legal presence outside the US. > The US signed a bilateral agreement with the EU: https://www.privacyshield.gov/ > >> On Tue, Nov 20, 2018 at 17:03, John Hardin wrote: >> >>> On Tue, 20 Nov 2018, Rupert Gallagher wrote: >>> Yes, if you are European, and might get some money as compensation. >>> >>> From a US political advocacy group which has no commercial presence in EU? >>> How does GDPR apply in that situation? >>> On Mon, Nov 19, 2018 at 04:19, Joe Acquisto-j4 wrote: > Gents, > > I somehow became subscribed to a list, political in nature, in whose mail > I have no interest. This is a legitimate AFAIK, US organization. > > Thus far, several uses of their unsubscribe link had not provided relief. > Direct email to the founder and operations manager seem to have been > ignored as well. > > While I can just dump their mail, it offends my finely hones sense of > propriety, justice and my all around good nature. Besides, it hoses me > off. > > So, is there some "authority" to which I can report these a**holes? that > might have an effect? > > -- > John Hardin KA7OHZ http://www.impsec.org/~jhardin/ > jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org > key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 > --- > The question of whether people should be allowed to harm themselves > is simple. They *must*. -- Charles Murray > --- > 600 days since the first commercial re-flight of an orbital booster (SpaceX)
Sought Rules
The page at https://wiki.apache.org/spamassassin/ImproveAccuracy lists Sought rules as recommended. The link leads to https://wiki.apache.org/spamassassin/SoughtRules which states "this is no longer active, and should not be used.” -- "I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me." — Hunter Thompson
