Re: [Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback
On 12/15/21 1:00 PM, Riccardo Alfieri wrote: We’d like to say a big “thank you” to all of you who have been testing the beta version of the Spamhaus Domain Blocklist (DBL) with hostnames. :-) You're welcome. Thank you for making it available. How are you getting on with it? Have you encountered issues? Are you noticing a reduction in false positives with the abused-legit component of the DBL? How’s the plug-in (with the recommended configuration changes) working for you? If you could find the time to let us know we would really appreciate it. I've noticed a small down turn in the amount of spam entering my personal systems. My personal systems are small enough that I don't have good counters of before / after to share. This means that if you have changed your plug-in config to test the beta DBL you will need to upgrade it to use the production DBL. An updated plug-in will be released on Jan 11^th , 2022. Will free / non-commercial DQS subscribers need to do anything other than upgrading the plugin come January 11th? Am I correct in assuming that you will be sending out notification(s) around the time you make the changes on January 11th? We will continue to make the beta zone available for two weeks after the Production version of the blocklist goes live to provide time to ensure these config changes are made. What will happen to the beta zone after the two week window? Will it remain with increasingly stale data? Will the zone be emptied to start answering as if nothing was listed? Will it have a wildcard to start inducing false positives a la. fail hard / fail fast? Again, just trying to set my expectations. Thank you again. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature
Re: Do these domains merit blocking?
On 12/15/21 9:39 AM, Bill Cole wrote: There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study. Insert obligatory $Postmaster...Liberty...Filter...Discression message here. I've added rejections for policy reasons to systems that I administer. A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I want to support research. But I can't stand research that takes a cavalier attitude because it's research. To whit I saw some comments on another mailing list, mailop?, that indicated that the researcher admitted that s/he was sending the messages and the attitude was "so what". I feel like the institution needs to be held accountable for this. This is now (at least) the 2nd mailing list where I've seen this discussed and engineer hours are being consumed. There are real world costs to the purported research. So I say not on the systems that I administer. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature
[Spamhaus Notice] Reminder of changes to the Spamhaus beta Domain Blocklist & request for feedback
We’d like to say a big “thank you” to all of you who have been testing the beta version of the Spamhaus Domain Blocklist (DBL) with hostnames. How are you getting on with it? Have you encountered issues? Are you noticing a reduction in false positives with the abused-legit component of the DBL? How’s the plug-in (with the recommended configuration changes) working for you? If you could find the time to let us know we would really appreciate it. REMINDER - Access to the beta version of the DBL with hostnames is through the free Public Mirrors until January 31st, 2022. However, when it moves to production on February 1st, 2022, it will only be available via the Data Query Service (DQS) or rsync, i.e., not the Public Mirrors. The DQS is available for free to non-commercial users; _https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account/_. This means that if you have changed your plug-in config to test the beta DBL you will need to upgrade it to use the production DBL. An updated plug-in will be released on Jan 11^th , 2022. We will continue to make the beta zone available for two weeks after the Production version of the blocklist goes live to provide time to ensure these config changes are made. -- Best regards, Riccardo Alfieri Spamhaus Technology https://www.spamhaustech.com/
Re: Do these domains merit blocking?
On Wed, 2021-12-15 at 10:55 -0800, Alan Hodgson wrote: > > I got a couple to an actual human who answered > ab...@princeton.edu. I can forward them privately. Let me rephrase that; I complained to ab...@princeton.edu and actually heard back from a human, to whom I have since sent copies of the spam messages.
Re: Do these domains merit blocking?
On Wed, 2021-12-15 at 13:24 -0500, Charles Sprickman wrote: > Does anyone have a sample of one of their emails? > > I’m composing a brief nastygram and would like to get my eyes on > one before finishing up. > I got a couple to an actual human who answered ab...@princeton.edu. I can forward them privately.
Re: Do these domains merit blocking?
You can find the email we received from them here http://paste.debian.net/1223611/ (just the body, idk if anyone also want headers) Must admit I thought it was a scam, just because it was its own domain, out of the blue and as many have mentioned unsolicited. Bert On 15/12/2021 19:24, Charles Sprickman wrote: Does anyone have a sample of one of their emails? I’m composing a brief nastygram and would like to get my eyes on one before finishing up. Thanks, Charles On Dec 15, 2021, at 11:39 AM, Bill Cole wrote: There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study. Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist. I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence... A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
Re: Do these domains merit blocking?
Does anyone have a sample of one of their emails? I’m composing a brief nastygram and would like to get my eyes on one before finishing up. Thanks, Charles > On Dec 15, 2021, at 11:39 AM, Bill Cole > wrote: > > There has recently been a spate of odd spams to harvested addresses asking > hypothetical questions about domains' privacy practices. It turns out this is > a grad student enrolling human subjects in a study without informed > consent... The explanation is at > https://measurement.cs.princeton.edu/privacystudy/ and there is a list of > domains there which were created to run this maldesigned study. > > Many of the early batch compounded the consent problem with outright fraud, > claiming to be from people who do not exist. > > I am curious about what the SA user world thinks of such domains. My personal > opinion is that the grad student, his faculty advisors, and his IRB should > all be forced to find new careers and the domains should have a null CNAME at > the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all > noticed the domains unflatteringly, which I suppose constitutes a more > balanced consequence... > > A customer has expressed mild dismay at the concept that a fine research > institution should be "punished for doing research." I'm less attached to > Princeton than my NJ-based customer and (having worked in a NIH-funded lab) > less idolizing of the Ivory Tower in general. I have no difficulty explaining > my position, but I am rather surprised that I need to in 2021. Am I missing > something special that makes such research spam somehow not spam? > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire
Re: Do these domains merit blocking?
You can quote me: If the pope itself is sending me the cure to cancer but he doesn't have my consent then it IS spam and I would block it and depending on the way the domain manager handles it I would block the domain. KAM On Wed, Dec 15, 2021, 11:40 Bill Cole < sausers-20150...@billmail.scconsult.com> wrote: > There has recently been a spate of odd spams to harvested addresses asking > hypothetical questions about domains' privacy practices. It turns out this > is a grad student enrolling human subjects in a study without informed > consent... The explanation is at > https://measurement.cs.princeton.edu/privacystudy/ and there is a list of > domains there which were created to run this maldesigned study. > > Many of the early batch compounded the consent problem with outright > fraud, claiming to be from people who do not exist. > > I am curious about what the SA user world thinks of such domains. My > personal opinion is that the grad student, his faculty advisors, and his > IRB should all be forced to find new careers and the domains should have a > null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus > DBL have all noticed the domains unflatteringly, which I suppose > constitutes a more balanced consequence... > > A customer has expressed mild dismay at the concept that a fine research > institution should be "punished for doing research." I'm less attached to > Princeton than my NJ-based customer and (having worked in a NIH-funded lab) > less idolizing of the Ivory Tower in general. I have no difficulty > explaining my position, but I am rather surprised that I need to in 2021. > Am I missing something special that makes such research spam somehow not > spam? > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) > Not Currently Available For Hire >
Re: Do these domains merit blocking?
On 12/15/2021 11:39 AM, Bill Cole wrote: Am I missing something special that makes such research spam somehow not spam? Everyone thinks that their own unsolicited bulk email - isn't spam. But a line must be drawn somewhere. In this case, the sender has absolutely no preexisting relationship to the recipient, and Raymond's statement about them sending to "scraped addresses" is, imo, devastating to their case. The closest argument that might have been possible is the idea that the email might potentially be of more benefit to the recipient than it is to the sender (e.g., sort of like a notification about a class action lawsuit) - but I can't find that argument anywhere in this situation either. But even class action lawsuit notifications are rarely sent to scraped addresses. It's on my "to do" list to add those domains as permanent additions to invaluement's URI/domain bl sometime this week, when I get some more time. (I'm in the middle of some intense upgrades, so I barely had time to type this message.) -- Rob McEwen, invaluement
Re: Do these domains merit blocking?
On Wed, 2021-12-15 at 11:39 -0500, Bill Cole wrote: > > A customer has expressed mild dismay at the concept that a fine > research institution should be "punished for doing research." I'm > less attached to Princeton than my NJ-based customer and (having > worked in a NIH-funded lab) less idolizing of the Ivory Tower in > general. I have no difficulty explaining my position, but I am > rather surprised that I need to in 2021. Am I missing something > special that makes such research spam somehow not spam? No. And that's about the stupidest "study" I've ever heard of. It's not like they're going to get any responses other than "fsck off" (which is what I added to my header_filters after getting the second one). It's hard to imagine anyone being that naive in 2021, but here we are.
Do these domains merit blocking?
There has recently been a spate of odd spams to harvested addresses asking hypothetical questions about domains' privacy practices. It turns out this is a grad student enrolling human subjects in a study without informed consent... The explanation is at https://measurement.cs.princeton.edu/privacystudy/ and there is a list of domains there which were created to run this maldesigned study. Many of the early batch compounded the consent problem with outright fraud, claiming to be from people who do not exist. I am curious about what the SA user world thinks of such domains. My personal opinion is that the grad student, his faculty advisors, and his IRB should all be forced to find new careers and the domains should have a null CNAME at the root forever. It appears that URIBL, SURBL, and Spamhaus DBL have all noticed the domains unflatteringly, which I suppose constitutes a more balanced consequence... A customer has expressed mild dismay at the concept that a fine research institution should be "punished for doing research." I'm less attached to Princeton than my NJ-based customer and (having worked in a NIH-funded lab) less idolizing of the Ivory Tower in general. I have no difficulty explaining my position, but I am rather surprised that I need to in 2021. Am I missing something special that makes such research spam somehow not spam? -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
