Re: Open letter to Yahoo and Hotmail concerning junkmail
On Mar 6, 2011, at 3:37 AM, Mynabbler wrote: The amount of junkmail coming from your systems is unbelievable. How hard is it to implement a cap on the amount of messages people can send out daily with your systems. They do that. And that includes the number of Cc's and Bcc's one message generates. And that. If you would cap that on, say, a 1000 users, you would be doing us an incredible favor. And how hard is it, if that cap is reached, to check the messages that are being generated and when spam (which it will be in 9 of 10 cases) to block the originating IP or cap the originating IP to a maximum of 100 addresses that can be spammed daily. Not that, exactly (last I heard), but they do have a variety of IP-based rate limits. Oh, and while you are at it, to block that account abusing your service as well. Yep, that happens already too. There is no filtering in the world more effective then you taking this action and it would take an intern about two hours to implement. Are you offering yourself up as the intern? Yahoo! Mail is looking for an anti-spam intern right now: http://careers.yahoo.com/jdescription.php?frm=search_resultsoid=35925 I don't see a similar listing at Microsoft, but I could ask some folks if you're interested. Sigh. Yeah, I know it's frustrating. It's even more frustrating to constantly work on implementing and improving rate limits and other features to handle outbound spam, and know that it's still not enough. What's hard to see from the outside is exactly how much work the bad guys are putting into attacking the big webmail providers. When I worked there, we watched the spammers reduce their output to fewer than five messages per fake or stolen account per day, each message just different enough to be hard to detect, rotating through an effectively infinite number of IP addresses -- and this was BEFORE botnets got as big and as cheap as they are now. I'm not saying you should forgive the amount of spam that still gets through -- you should still block it, and outside pressure helps those teams get the resources they need to continue improving the systems. But when you do complain, do it effectively. Consider that they might have already thought of the simple stuff that's been discussed here, and on other lists, and at every academic anti-spam conference for years. And, remember that the people who make actual decisions at big companies don't read this list. Or if that was just a rant and not actually intended as a positive contribution towards reducing spam for the internet, I do understand. Ranting is necessary sometimes. The anti-spam folks at Microsoft and Yahoo! do it too. -- J.D. Falk the leading purveyor of industry counter-rhetoric solutions
Re: Should Emails Have An Expiration Date
On Feb 28, 2011, at 1:57 PM, Jay Plesset wrote: How about something that doesn't depend on the SENDER setting something? I've set my system up to automatically empty the trash after 30 days, and dump the spam folder after 2 weeks. I could easily set up an archive folder for my users and automatically expire their inbox at whatever time period I want If they want to keep something forever, move it to the archive folder.. Exactly! What's needed here is to give the user more filtering choices whenever they need 'em (after, yet complementing, SA's delivery-time filtering.) http://www.returnpath.net/blog/received/2011/03/x-expires/ -- J.D. Falk the leading purveyor of industry counter-rhetoric solutions
Re: RCVD_IN_RP_SAFE where to report spam? http://www.returnpath.net/commercialsender/certification/
On Jan 28, 2011, at 9:23 PM, Michael Scheidell wrote: that said, I still think there needs to be a easy link to report spam on returnpath's web site. under contact, and/or, like most of their ESP clients who have a clearly stated anti-spam link with a abuse@ address for reporting spam. It's in progress (finally.) Once everything's ready, we'll also request updates to the relevant descriptions in the rulesets. -- J.D. Falk Director, Internet Standards and Governance Email Intelligence Group Return Path Inc.
Re: overlapping HABEAS_ACCREDITED_SOI and RCVD_IN_BSP_TRUSTED
On Oct 13, 2010, at 9:25 AM, Matus UHLAR - fantomas wrote: I've received a spam that his both HABEAS_ACCREDITED_SOI and RCVD_IN_BSP_TRUSTED. I believe it's because both BSP and HABEAS were bought by ReturnPath Inc. However those two rules seems to be superflous to each other and while I can of course manually disable them or lower the scores, I would like ask if there's any plan to push updates for 3.2.5 and remove one of those. Those rules were renamed re-scored for 3.3.0 and above.
CEAS paper on SpamAssassin
I hadn't seen this mentioned here yet, though perhaps I missed it. At CEAS last week, some researchers from Brazil presented a paper where they tracked the evolution of spamming techniques against the parallel evolution of SpamAssassin rulesets. It was heartening to see that each new SA version caught a whole bunch more spam for a while before the spammers caught on. http://ceas.cc/2010/papers/Paper%2019.pdf -- J.D. Falk Return Path
Re: List of cell phone company hosts
On Jun 11, 2010, at 7:23 PM, Marc Perkel wrote: Also - I'd like to make a list of host names where email from celll phones comes from. Does anyone have a list of domain name or host names where cell phone email is sent from? The US FCC maintains a do not email list of domains of email/sms gateways, which might be a start. (Sorry, I'm on a plane and can't look up the URL just now.) Thing is, my cell phone submits messages via the same authenticated relays as my laptop, and that's increasingly more common than the fugly old gateway architecture. Maybe there's another way to achieve whatever it is you're trying to do? -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: List of cell phone company hosts
On Jun 14, 2010, at 7:33 AM, J.D. Falk wrote: On Jun 11, 2010, at 7:23 PM, Marc Perkel wrote: Also - I'd like to make a list of host names where email from celll phones comes from. Does anyone have a list of domain name or host names where cell phone email is sent from? The US FCC maintains a do not email list of domains of email/sms gateways, which might be a start. (Sorry, I'm on a plane and can't look up the URL just now.) Here it is: http://www.fcc.gov/cgb/policy/DomainNameDownload.html Thing is, my cell phone submits messages via the same authenticated relays as my laptop, and that's increasingly more common than the fugly old gateway architecture. Maybe there's another way to achieve whatever it is you're trying to do? -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: yahoo X-YMail-OSG
On May 8, 2010, at 8:18 AM, Michael Scheidell wrote: Yahoo's own DKIM implementation? header signing? Neither. It's related to their anti-spam system, but not intended for end-user parsing. would adding 1 point for each 1K of header length help? Interesting idea! I don't know the precise semantics of the contents of that header, but this certainly sounds possible. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Blacklists Compared 17 October 2009
On Apr 7, 2010, at 4:15 AM, Justin Mason wrote: he doesn't take FPs into account. this is a very serious problem with the methodology. +1 -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: return-path program
On Mar 12, 2010, at 11:20 AM, Alexandre Chapellon wrote: I would like to know if someone here is part of the returnpath.net (http://www.returnpath.net/emailserviceprovider/certification/) certification program? Does it really increase deliverability of email and to which MSP? What are the necessary steps to get into that program and is it free or do I have to pay something? I work for Return Path, but am not directly involved with the Certification program. Most of your questions are answered on the page you referenced above; I'll put you in touch with someone who can help with the rest. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Yahoo Feedback Loop - off topic
On Feb 19, 2010, at 9:09 AM, Jeff Koch wrote: The only large ISP that seems to have an FBL friendly approach is AOL. We've been on their FBL for years. If anyone knows of another ISP with a friendly FBL I'd love to know. What's your definition of friendly in this context? -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Yahoo Feedback Loop - off topic
On Feb 18, 2010, at 10:05 PM, ram wrote: But for an ISP this is so painful. That's why they do it by IP for ISPs (if you ask them, and get a correctly-trained customer service agent.) -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Yahoo Feedback Loop - off topic
On Feb 14, 2010, at 10:31 PM, ram wrote: Anyway ReturnPath operates FBL's for yahoo and they provide IP address based feedback loops at Cox etc I dont know why this diff for yahoo. Because that's how Yahoo! wants it. There are a lot of advantages to routing feedback by authenticated domain: ease of maintenance, survives forwarding, et cetera. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: blog article on 3.3.0
On Jan 28, 2010, at 11:52 AM, Warren Togami wrote: I wasn't planning on responding to this thread, but other positive responses have annoyed me. There were positive responses? -- J.D. Falk jdf...@returnpath.net Return Path Inc
blog article on 3.3.0
http://www.returnpath.net/blog/2010/01/spamassasin-rarely-misses.php Yeah, it's partly self-serving, but that's what corporate blogs are for. The people who read this blog are mostly marketers with very little exposure to the open source community, so this should help them understand a bit more of how the real email ecosystem operates. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: semi-legit senders in DNSWL and habeas - a hard problem
On Jan 5, 2010, at 6:01 PM, Greg Troxel wrote: Thanks. A link like report spam in the top bar, alongside marketers I'll pass all of this along to the appropriate folks. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: [sa] Re: semi-legit senders in DNSWL and habeas - a hard problem
On Jan 5, 2010, at 3:52 PM, Michael Scheidell wrote: or an industry standard, RFC REQUIRED abuse@ address. Section 1 of RFC2142 abuse@ works, but it isn't the fastest method for reaching the correct team. What I think a lot of y'all are missing is that we have more than one product, and (unfortunately) a lot of legacy domain names, so anything sent to abuse@ goes into a general queue which gets sorted later. Neil and I have been trying to give you the fastest method for resolving issues, but if you'd rather take it slow... *shurg* One of the things I've noticed about the anti-spam community over the years is that we'll always heap way more abuse on anyone who is willing to listen than we do on the spammers who aren't listening at all. That's never a good idea, because it chases away people who might otherwise be listening -- or even helping. (Oh BTW, take a look at the acknowledgements section of RFC 2142.) -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: semi-legit senders in DNSWL and habeas - a hard problem
On Jan 5, 2010, at 10:10 AM, Greg Troxel wrote: Once again I went to returnpath and senderscorecertified's web pages, and found no link to an email address to report being spammed by one of their customers. Is the font size for Contact Us and Support too small? I'll forward your report to the appropriate team. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: bondedsender return path? emediausa?
On Dec 28, 2009, at 3:18 PM, Michael Scheidell wrote: its in their email Why would you trust ANY claim made by a spammer? found email address to report it to, thanks That report you made was full of kooky threats. I understand that you're angry, but that's not very professional. Our customer service representative, on the other hand, answered entirely appropriately: If they're including references to our program in mail delivered via non-certified IPs they're in violation of our program standards and will be dealt with accordingly. We appreciate you informing us of this. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: bondedsender return path? emediausa?
On Dec 24, 2009, at 1:23 PM, Michael Scheidell wrote: where do we report spam from emediausa.com? in their url's they claim (and publish) 'certified' www.bondedsender.com from their web site, it looks like they 'inherit' the email addresses from their clients. I couldn't find the link you're referring to, but it's safe to assume that anyone still claiming to be on Bonded Sender is either mistaken or lying. It was replaced by Return Path's Certified program in 2006. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: habeas - tainted white list
On Dec 18, 2009, at 2:26 PM, Justin Mason wrote: it can be measured by finding the WL rule's page on ruleqa.spamassassin.org, then examining the OVERLAP section for overlaps with BL rules. I'd expect that most whitelist operators will automatically de-list any IP which appears on a respected blacklist, so it's likely there's some unseen feedback here as well. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Whitelists, not directly useful to spamassassin...
Very interesting data indeed -- and a testament to the accuracy of the SpamAssassin rules weighting process. On Dec 16, 2009, at 4:10 PM, Warren Togami wrote: While whitelists are not directly effective (statistically, when averaged across a large corpus), whitelists are powerful tools in indirect ways including: * Pushing the score beyond the auto-learn threshold for things like Bayes to function without manual intervention. * The albeit controversial method where some automated spam trap blacklists use whitelists to help determine if they really should list an IP address. Another indirect benefit (according to other users of our whitelists) is that when they implement a new spam-blocking method, the whitelists serve as kind of a safety valve to let legitimate mail through even when the new rule turns out to have false positives. Site-specific whitelists are important for this, too. That being said, whitelists should be constantly policed to maintain their reputation and trust levels. Agreed. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: Whitelists in SA
On Dec 16, 2009, at 8:35 AM, LuKreme wrote: The fact is I *AM* their customer. The people writing them checks are not, they're just their funders. Whitelist companies ha to convince admins to use their list. The only way to do that is to have really really really high quality lists that really do prevent spam delivery. If I don't use their whitelist, and others don't use their whitelist, then their model falls apart and they don't make money Exactly what Return path has been saying (and acting upon) for years. (We could debate whether Habeas followed that rule before we bought the company, but it's impolite to speak ill of the dead.) but no company is enlightened enough to realise this. Heh. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: emailreg.org - tainted white list
On Dec 16, 2009, at 8:11 AM, Christian Brel wrote:
It's also fair to say any ESP such as Return Path taking money to
deliver mail should be optimising it {or offering advice on
optimisation) so it does *not* score high. Otherwise what are their
customers paying them for?
Return Path is not an ESP by any of the common definitions.
http://en.wikipedia.org/wiki/ESP
(No wonder you're confused.)
--
J.D. Falk jdf...@returnpath.net
Return Path Inc
Re: emailreg.org - tainted white list
On Dec 15, 2009, at 12:04 PM, Charles Gregory wrote: Which finally brings us back to the core questions which seem to go unanswered: They've all been answered many times, in other threads. Habeas wasn't involved in emailreg.org, though. No connection at all. -- J.D. Falk jdf...@returnpath.net Return Path Inc
hacking whitelists (was Re: [sa] RE: emailreg.org - tainted white list)
On Dec 14, 2009, at 1:35 PM, Charles Gregory wrote: I ask again, on the issue of whitelists, is there a serious issue with spammers targetting white-listed IP's as favored candidates for hacking? I'm okay with the answer being 'no'. I'm sure people with large servers and good statistics could answer this question. But I get no answer at all. I don't think it is because of any conspiracy. But perhaps the people who know are just too busy? We're fairly certain the bad guys haven't been targeting whitelists (ours, or others) -- yet. Occasionally some spam will come from a whitelisted IP after a server gets infected, but then that IP doesn't stay whitelisted for very long -- and there's no proof that the botnet operator had any idea the IP was whitelisted. Besides, there's not all that much value for them. When the big ISPs use whitelists like ours, they'll give IPs on the list a lot of leeway -- but not a free pass forever. There are still volume limits (though higher than for non-whitelisted IPs), and they're still watching complaint rates. If there's a problem, they'll let us know. It's very similar to how SpamAssassin uses whitelists: enough points are subtracted to override /some/ spam rules, but not all. When a message is extremely spammy, the whitelist won't be enough to rescue it. And that's how it should be. All that said, I think it's only a matter of time until the bad guys DO intentionally go after whitelisted IPs, or (worse) whitelisting services. We'll detect if spam suddenly starts coming from any IP we're monitoring, and it won't stay whitelisted for long -- that's the core of our program. We've also put a lot of effort into the security of our own systems. I've been involved with computer security issues for too long to say it could never ever happen, but I can say we're always watching. -- J.D. Falk jdf...@returnpath.net Return Path Inc
actual facts (was Re: HABEAS_ACCREDITED SPAMMER)
On Dec 4, 2009, at 1:18 AM, jdow wrote: And JD, I don't see on your site what it costs people to get listed on your DNS approval lists other than some tests and documentation. Is it possible spammers simply submit some buttered up documentation, get approved, and accept getting it knocked back off your lists rapidly as a business time expense? No, there's a lengthy application process and a lot of monitoring involved. I'd be happy to ask someone from the Certification team to join the list and explain further as soon as I can be certain they won't be harassed and insulted here. In the meantime I'll answer as well as I can, considering that I work on entirely different products at Return Path. I note that JD is quite willing to discuss (and seemed to recommend) a lowered default score. That seems quite reasonable. The current defaults for both the HABEAS and BSP rules were set long before Return Path operated either service, so we have no clue where they came from either. On Dec 4, 2009, at 9:08 AM, Charles Gregory wrote: As soon as any whitelist service like 'returnpath' accepts a client, they perform the following: 1) Review the client's address list - look for honeypot addresses. If any are found, clearly the client has not vetted their list. Our staff doesn't review their list, but we do operate a great many honeypots of our own -- and we receive feeds of honeypot messages from ISPs and other data partners. So, spammers can't hide that way. We also get feeds of complaints, where users click this is spam in a partner ISP's webmail interface. Spammers can't hide that way, either. (You can see the results of much of this data at senderscore.org.) I saw some other interesting ideas in the conversation, but they all assume the accreditor is able to change messages or otherwise interrupt the sender's mailstream. We don't have that ability, and don't want to. They have to police themselves, or else they get kicked off the list. Simple, neh? On Dec 4, 2009, at 10:06 AM, Greg Troxel wrote: Probably SOI should be entirely dropped. There's only one Safe list (which SA still calls Habeas.) In other words: no difference between the SOI and COI lists. Or at least, that's how it's supposed to be -- so Kris's results were somewhat surprising. On Dec 4, 2009, at 11:08 AM, Charles Gregory wrote: By the by, I think I posted on this list a while ago on a similar question, as to whether we could really trust *any* whitelists, as they simply made for a *deliberate* target of botnet owners. No one made a fuss about it before, but what about now? Maybe, once again, the flaw is in having a whitelisting system that relies upon third party servers with unknown security. We're EXTREMELY concerned about this as well, and we've got a 24x7 operations staff keeping an eye on things. That's one of the reasons we charge money for the service: it lets us buy hardware and software and hire staff to keep it running smoothly, and securely. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: actual facts (was Re: HABEAS_ACCREDITED SPAMMER)
On Dec 4, 2009, at 12:24 PM, John Hardin wrote: On Fri, 4 Dec 2009, J.D. Falk wrote: The current defaults for both the HABEAS and BSP rules were set long before Return Path operated either service, so we have no clue where they came from either. J.D., may I suggest you open a SA Bugzilla ticket suggesting that the scores be reviewed in light of this large change in how HABEAS operates? Glad to. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Richard's baseless insults (Re: HABEAS_ACCREDITED SPAMMER)
On Dec 2, 2009, at 12:59 AM, rich...@buzzhost.co.uk wrote: As for insulting you - grow up. You work in the business of sending unwanted junk email. You haven't done any research at all, have you? http://www.cauce.org/about/bod.html http://www.circleid.com/members/3217/ I expect an apology. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: HABEAS_ACCREDITED SPAMMER
On Nov 30, 2009, at 12:38 PM, rich...@buzzhost.co.uk wrote: So please, spare me the sob story about what a wonderful idea HABEAS is. Talk is cheap, action speaks louder than words. Who's sobbing? I'm merely explaining how it works today. If you disagree with a particular entry on either the (formerly Habeas) Safe list or the Certified list, we've made it extremely easy for you to tell the people who operate those lists. Hint: insulting me on this mailing list has no effect. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: HABEAS_ACCREDITED SPAMMER
On Nov 25, 2009, at 9:03 AM, Matus UHLAR - fantomas wrote: On 25.11.09 03:23, jdow wrote: Having a little help might help them maintain a better product. But (that bitter word), the basic concept is broken. If the spammer can make more money than it costs to get on the Habeas whitelist then they will pull the same trick I've seen here in California in the construction trades. Some time ago they used to sue spammers, according to discussion here they don't anymore. Maybe that's one of their biggest problems. Actually, the legal threat over the old X-Habeas header never accomplished anything. It's been much more effective to simply stop whitelisting anyone who is sending spam. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: HABEAS_ACCREDITED SPAMMER
On Nov 25, 2009, at 3:57 AM, Hajdú Zoltán wrote: Then whos job? :) Habeas doesnt monitor Your Inbox. If You have the time to write here just for 'flaming' against a ~good concept... ...Maybe it would be a better idea to spend that time on supporting them with Your feedback. Thanks for the support, but there's no point. Some of the folks on this list are way too angry to ever do anything that might be helpful to others. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: HABEAS_ACCREDITED SPAMMER
On Nov 23, 2009, at 6:14 AM, Matus UHLAR - fantomas wrote: You should complain to ReturnPath. Iirc, HABEAS used to sue spammers misusing their technology. Don't know if ReturnPath continues prac ticing this. Actually, you're confusing Habeas's first technology (which involved suing misuse of their copywritten header, and was abandoned years ago) with their safe list whitelist product, which Return Path now operates. Rather than suing them, we'll simply kick 'em off the list if they don't meet our standards. http://wiki.apache.org/spamassassin/Rules/HABEAS_ACCREDITED_COI has some basic info, including an address to complain at if you're receiving spam from a safelisted IP. -- J.D. Falk jdf...@returnpath.net Return Path Inc
Re: More of a philosophical question
Jason Bertoch wrote: I've been hit with that response on a number of occasions. However, I've found that if I reply, pointing out their obvious error, I get a positive response. Probably wasted effort, though. Customer service drones get measured on how quickly they can make the questioner go away, so when someone replies it reflects negatively on them. When that happens enough times, their bosses notice, and they get reeducated or replaced. Have any of you ever worked in large-scale customer service? It sucks, and there's a LOT of turnover -- which means a lot of newbies making newbie mistakes. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Auth questions
Adam Katz wrote: Messages2 and/or mkt058.com have been thorough in working to ensure their mail gets delivered cleanly, using SPF, DKIM, and Habeas (which are all sender verification tools, the last of which is a sort of we promise this isn't spam tool). The message also has a List-Unsubscribe header while lacking a Precedence header (hmm...). Anyone can add a Habeas header. At best, it means they've got an outdated configuration; at worst, it means they're spammers trying to get past filters. https://senderscore.org/lookup.php?lookup=208.85.50.30 reveals that the 208.85.50.30 is not currently accredited under the Return Path Safe program criteria, which used to be Habeas before Return Path borged 'em. The IP has a very high Sender Score, which indicates that it doesn't send particularly spammy mail most of the time. Beyond that, I'll let you decide for yourself. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Other DNSBL's
Warren Togami wrote: I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. http://www.dnsbl.com/ has some test results which aren't bad, though his ham corpus does include some legitimate commercial email (which I know some folks on this list would claim could never, ever, ever, ever not be spam.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: White lists and white rules
Ted Mittelstaedt wrote: Thus, any reputable blacklist service will ALSO need to constantly monitor to make sure that any IP that's listed still deserves to be there. Absolutely. I keep forgetting that anyone would think otherwise; major spam sources haven't been stationary in years. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: White lists and white rules
Aaron Wolfe wrote: Not true. There are servers that say send out bank statements and 100% of what it sends is bank statements. Until the day those servers get hacked, or they take on a new client who sends a different type of mail, etc. That's why any serious 3rd party whitelist service will constantly monitor to make sure that any IP that's listed still deserves to be there. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Backscatter.org used as RBL??
Marc Perkel wrote: If someone is doing sender address verification then they are filtering spam and those who filter spam are not sending spam. Do you have any stats on that? -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: privacy policy updates?
LuKreme wrote: I haven't gone to any of the sites, and it could all be coincidence, but it seemed a little suspicious to me. Over-reaction? I'd be suspicious, too, but there are regulations (in some jurisdictions, for some industries) stating that companies have to alert you when their privacy policy changes. These still hold true after the company gets bought out or changes names, and may even apply to info which was harvested or purchased from shady list brokers. What you're describing sounds like they may have even outsourced the notification process to some other company, and this 3rd party doesn't know how to make their mail look less phishy. (This isn't to say that the mail isn't spam, of course.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Return Path Safe whitelist UPDATE [was: Opt In Spam]
Robert wrote: the thing is, the SA community and the world at large should not be your free customer compliance labor force. Of course not! The SA community isn't part of the formal compliance process at all; there are automated processes running 24x7, and an human enforcement team investigating both alerts from our systems and complaints from outside. We like SpamAssassin, and we know that many of the participants on this list are good at recognizing spammy behavior, so when someone complains here we always take it seriously. If you don't want to tell our compliance team that you've seen a problem, that's fine. Keep it to yourself. Adjust your scoring as you feel is appropriate. But when you complain out loud -- here, or elsewhere in public -- we're likely to ask why, because it's important to us to keep the list clean and the list's users satisfied. There's nothing disingenuous going on here. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Hostkarma Blacklist Climbing the Charts
Charles Gregory wrote: A more interesting comparison would be to see how much stuff is NOT caught by spamhaus, but caught by your list or others :) Right -- that gives you more of a sense of the value of a new list for a system which already checks other lists. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Freelotto.com
I AM NOT DEFENDING FREELOTTO.COM, merely discussing the theory behind the Certified service which is queried in the BSP rules in SpamAssassin. RobertH wrote: shouldnt you folks know that your customers are spamming before we do? How can a 3rd party automatically discern whether or not you subscribed to a particular bit of mail? Or whether or not you consider the mail to be living up to your expectations for those messages? I can think of a few ways, but they'd all involve serious privacy violations -- and possibly brain surgery. Much better for all concerned if you'd be willing to tell us when you're unhappy about one of the IPs on the list. or at least charge them a lot more for abusing your services ;-) Nope. If they're proven to be violating the standards, they're no longer part of the program. maybe it isnt the smartest idea in the world, yet shouldnt your types of companies have several stealth email addresses on yourt customers lists that get email from them just like everyone else that is getting spammed? and then actually have eyeballs on your clients workings ??? Of course we do -- but those addresses /did/ subscribe to the list, and they don't make value judgments. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: constantcontact.com
rich...@buzzhost.co.uk wrote: sorry, I am on several private lists. Lists I have been on for 10 years through a few different employers. If I signed up for those lists with my @constantcontact.com address my employer would own that mail. I don't really think they'd read my mail, but I'm still not comfortable with that so I sign up for all lists (even the public ones like this) with my own personal domain. Its just my family domain, the website is nothing more than that. Well, I can only take you at face value that you are here representing Constant Contact. If I call up the office switchboard Tara, can I speak with you there? It's just I've called up Constant Contact and hit #9 for the directory and your name is not in there? Perhaps there is a misspelling or something? You probably won't trust this, either, but here goes: I've met Tara and other Constant Contact employees at conferences many times, and they all say she works there. (I'm similarly not using my employer's domain, because none of the available Exchange-compatible clients have appropriate message threading for discussion lists.) But who are /you/, Richard? How do we know you're /really/ a SpamAssassin user, and not just pretending? -- J.D. Falk
Re: Freelotto.com
Kasper Sacharias Eenberg wrote: Is this site spamming? I really can't figure it out! (They have full names/addresses) and hit the 'RCVD_IN_BSP_TRUSTED -4.30' rule. But the mails look obviously like spam to me. If you've got any proof of spam from any BSP_TRUSTED IP, please report it to senderscorecertified@abuse.net or via the web form at http://www.returnpath.net/support/ and our compliance team will take appropriate action. Thanks! -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: SORBS bites the dust
Arvid Picciani wrote: Michael Grant wrote: Unless I've missed a message... this is the 100th reply to this thread. This has to be one of the longest threads I've seen on this list in years. Shows there is much to discuss on this matter. Isn't there a generic spam related mailing list? There are many. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: SORBS bites the dust
DAve wrote: Jack Pepper wrote: How long will this go before Godwin's law finally kicks in? Now I'm just watching for the fun of it . Yea, this is why when my bosses ask where I get my information I tell them from a closed forum. If they read the adolescent ramblings that got posted on email/spam lists they wouldn't allow us to use half the software we do. One of my co-workers was recently talking as if he thought SpamAssassin was some businesslike organization we could negotiate with. I've been tempted to send him this thread. (Not sure what he wanted to negotiate /for/, either.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
whitelists (was Re: Barracuda Blacklist)
Rob McEwen wrote: Additionally, I'd like to ask, other than being a superb cash-generating machine, what good is a whitelist built upon pay-to-enter and NOT based on editorial decisions made by non-biased e-mail administrators? Those two aren't necessarily exclusive. The standards for inclusion in a whitelist can (and in many cases do) include the same performance metrics that help e-mail administrators stay non-biased, such as user complaint rate, spamtrap hits, and so forth. (I don't know whether Barracuda's whitelist includes those metrics.) The additional value to admins is that they don't have to keep watch over the whitelisted IPs -- the whitelist operator handles that. The fees cover that monitoring, and consulting on improving practices where necessary. And, of course, if the whitelist operator is lying or slow or otherwise not living up to expectations, the admin simply stops using that whitelist. Lists that nobody uses don't get much business, so there's a direct incentive for the whitelist operator to keep their list squeaky-clean. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Barracuda Blacklist
Karsten Bräckelmann wrote: Enabled = on the whitelist Suspended = removed from the whitelist, live in the client account Disabled = removed from the client account Suspended on request by the client, suspended due to complaints pending investigation, or forcefully suspended due to abuse and violating the terms of accreditation? Could be any of those. Why does it matter? Suspended IPs aren't on the list. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Personal SPF
John Hardin wrote: On Tue, 5 May 2009, Jonas Eckerman wrote: I can't speak for others, but this is one reason why I haven't given my opinions about your proposed PSPF. +1. If this OT discussion is going to get discourteous, please take it somewhere more appropriate. +1 If it were to become courteous again, one of the IETF lists might be appropriate -- that's where the standard would be developed, after all. -- J.D. Falk Return Path Inc http://www.returnpath.net/
automated reporting plugin (was Re: HABEAS_ACCREDITED_COI)
RobertH wrote: there is bound to be some way that those (of us or the SA Team) that want to participate, can help you and help us at the same time. some type of automated plugin that needs to be created that reports to us and returnpath info relevant to stopping the bad eggs yet allowing the good eggs! something that does not toss internal security in the trash... We already receive copies of user complaints from most of the ISPs who utilize our data (and some who don't. We also receive aggregate statistics from an even wider network. I'd love to find a way to participate with the SA community in a similar way. We've been scratching our heads over how to implement it, though. What do you have in mind? -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: spam bots guessing mx???
Bazooka Joe wrote: Last week I got a client that wanted me to spam virii filter for their in house exchange server. I changed the mx from mail.domain.tld (their exchange) to mail2.domain.tld (my sa box) which relayed to mail.domain.tld. Last week all worked as expected. The hundreds of spam droped to 0; until this weekend. Looking at the headers, mail is going directly to the mail.domain.tld even though it isn't listed as mx anywhere. I can tell the exchange server to only except mail from my server but has anyone else experienced this? Yeah, I've heard other stories of spam bots caching old MX records for months after they've been changed in the DNS. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: List-Post: NO
LuKreme wrote: The consistent part is the List-Post header. I hadn't seen this in the wild before, but it looks like NO is valid per RFC 2369 (http://www.ietf.org/rfc/rfc2369.txt): ] 3.4. List-Post ] ]The List-Post field describes the method for posting to the list. ]This is typically the address of the list, but MAY be a moderator, or ]potentially some other form of submission. For the special case of a ]list that does not allow posting (e.g., an announcements list), the ]List-Post field may contain the special value NO. So, it's possible (but I'd expect unlikely) that you'd catch some non-spam mail, too. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: ReturnPath, Habeas, BondedSender
Jason Bertoch wrote: That being said, maybe the rule description should include the reporting addresses. Why would I look on the SA wiki for a place to report ReturnPath, Habeas, and BondedSender complaints? What's the process for updating rule descriptions? (BTW, a quick visit to your favorite search engine should alleviate any fears that either Neil or I are marketers.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
