RE: Constant Contact
Tara Natanson wrote: On Fri, Oct 16, 2009 at 12:49 PM, Adam Katz antis...@khopis.com wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abuse@ address but you won't ever hear what happened to it there other than an auto-ack. If you'd like to send me any complaints I can let you know what became of them. We have a very large compliance and list review group who investigates the complaints and speaks with customers about where their lists came from etc.. Of course we do a lot of preprocessing of their lists when they upload them so we can detect bad senders before they even mail. Therein lies the problem. Some of your less-reputable customers (if not all of them - we have no way of telling) are uploading dodgy distribution lists which have not been double-opted in. When Constant Contact gets a clue and automatically requests an opt-in confirmation for ALL email addresses uploaded in bulk by their customers then I'll stop adding a a high score in SA. Obviously some gets through (or we wouldn't be having this conversation) and for that we rely on complaints/bounce rates/unsubscribe rates to point us to the problems. feel free to reply to me offlist if you want further info. Tara Natanson If it is any consolation, you're not the only bulk-email service that suffers from this problem. Cheers, Phil -- Phil Randal | Networks Engineer NHS Herefordshire Herefordshire Council | Deputy Chief Executive's Office | I.C.T. Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT Tel: 01432 260160 email: pran...@herefordshire.gov.uk Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it. Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Herefordshire Council. You should be aware that Herefordshire Council monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it.
Re: Constant Contact
I get junk from these guys all of the time, others that have followed the 'opt-out' IMO just use it to confirm an email address for sale to others, such as themselves. Maybe I am just extra paranoid, but marketers should just stick to a web search for people that want to purchase from them. Unsolicited email is a quagmire, email marketers do it indiscriminately. If they want to advertise on my server, ad time costs money, they can pay me for using my server for their stuff. Once it enters my ethernet port, it is mine, quite frankly, they should pay me to advertise on my servers. Their junk cost me time and maintenance, so I need to recover those costs, or blacklist them. No such thing as a 'good' spammer, JMO.
Re: Constant Contact
When Constant Contact gets a clue and automatically requests an opt-in confirmation for ALL email addresses uploaded in bulk by their customers then I'll stop adding a a high score in SA. The problem with that is that most of Constant Contact's customers are small business that may have users who opted in out-of-band. Hey, Mr. Pooser, we have an email list with monthly discounts-- can we add you to that list? Yeah, I'd read that. Great, just write your email address here on this clipboard If CC makes it too hard for those mom and pop shops to use their service, they'll go somewhere else. So CC can't be too draconian (or they'll lose customers) or too loosey-goosey (or they'll be blacklisted). My own experience with CC has been fine-- when I report a spammer they get nuked fast, and over 99% of the mail received from CC at $ORKPLACE is requested by my users. No complaints here. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com And the beer I had for breakfast Wasn't bad, so I had one more for dessert.
Re: Constant Contact
On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? It's so you can pay someone to send spam, skip past lots of things like Barracuda Network$$$ devices and other filters and not have to face the music and termination from your provider for spamming. Constant Contact = Constant Spam. A IPTables dropping all of their ranges from SYN is a great way to cut *lots* of crap mail
Re: Constant Contact
Hi! One factor in scoring white list like mine is that different people have different definitions as to what is spam. And people have different values as to blocking spam at the expense of blocking good email. In my business if I block a good email it's worse than 100 spams getting through. I am possibly too generous on white listing but that's what my customers want. I think thats generic, like i tell in most of my presentations. Its not hard to blacklist mail, any fool can do that. The hard part is to let the good stuff come in! And since thats only 3-4% of the actual mail flow...any mistake made comes down hard. Bye, Raymond.
Re: Constant Contact
On Sat, Oct 17, 2009 at 5:47 AM, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? It's so you can pay someone to send spam, skip past lots of things like Barracuda Network$$$ devices and other filters and not have to face the music and termination from your provider for spamming. Constant Contact = Constant Spam. A IPTables dropping all of their ranges from SYN is a great way to cut *lots* of crap mail For a personal server, I'd agree they send nothing I want to receive. However, for anything more, I think you will get complaints. Constant Contact is one of the better ESPs, kind of like a kick in the shin is better than a kick in the teeth. They do have some legitimate customers, and they do have some spamming customers. The truth is not so good as Tara would like it to be, and not so bad as some have claimed. What I really can't understand is why they are on any kind of whitelist. Putting this type of company on a whitelist is great if you're trying to support their revenue model.. now they can tell their clients to use their service because they are on whitelists, this is very attractive to spammers. But what good does it do for anyone else? Why not let their messages meet the same scrutiny as any other potential source of spam? If they get blacklisted, great, now their revenue model is hurt until they find ways to avoid it. If they manage to stay off the lists, even better, they are running as spam free as they claim to be. Why are we covering for their mistakes and supporting a company that profits from sending spam, even if its only sometimes, by whitelisting them?
Re: Constant Contact
On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote: On Sat, Oct 17, 2009 at 5:47 AM, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? It's so you can pay someone to send spam, skip past lots of things like Barracuda Network$$$ devices and other filters and not have to face the music and termination from your provider for spamming. Constant Contact = Constant Spam. A IPTables dropping all of their ranges from SYN is a great way to cut *lots* of crap mail For a personal server, I'd agree they send nothing I want to receive. However, for anything more, I think you will get complaints. Constant Contact is one of the better ESPs, kind of like a kick in the shin is better than a kick in the teeth. They do have some legitimate customers, and they do have some spamming customers. The truth is not so good as Tara would like it to be, and not so bad as some have claimed. Tara is very good at 'reputation management' and getting into bed with all the right people. She pops up in Spam lists, NANAE and other places to tell people just how positive CC are on dealing with abuse. Of course it's all spin - their core revenue is to help to deliver bulk mail that would normally be blocked on reputation based RBL's. Remember, if the sender was really clean, their would be zero need for CC. I won't go into the nuts and bolts of it, but I've been giving 550 'no such user' and '550 blocked' messages to CC on a honeypot domain. Still they keep knocking What I really can't understand is why they are on any kind of whitelist. Putting this type of company on a whitelist is great if you're trying to support their revenue model.. now they can tell their clients to use their service because they are on whitelists, this is very attractive to spammers. But what good does it do for anyone else? Why not let their messages meet the same scrutiny as any other potential source of spam? If they get blacklisted, great, now their revenue model is hurt until they find ways to avoid it. If they manage to stay off the lists, even better, they are running as spam free as they claim to be. Why are we covering for their mistakes and supporting a company that profits from sending spam, even if its only sometimes, by whitelisting them? Whitelisting them is a total travesty and the only reason for it has to be money or favours changing hands. It's really that simple. They appear on the Barracuda Whitelist and there has been some suggestion, albeit uncited, that Baraspammer Micheal Perone has some kind of 'interest' in them. I'm not sure of the status of whitelisting elsewhere for Constant Spamcrap anywhere else, but as it's being discussed here - I'm guessing somewhere in SA something is 'greasing the wheels' for them. The crux is this - they emit a constant stream of trash that would be rightly blocked if it were not whitelisted - so whitelisting them is clearly not appropriate at all for anyone interested in blocking spam. Still, what you will now see is Tara and friends go into meltdown stating they take spam seriously and request 'off list' resolution.
Re: Constant Contact
On Saturday 17 October 2009, rich...@buzzhost.co.uk wrote: On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote: On Sat, Oct 17, 2009 at 5:47 AM, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? It's so you can pay someone to send spam, skip past lots of things like Barracuda Network$$$ devices and other filters and not have to face the music and termination from your provider for spamming. Constant Contact = Constant Spam. A IPTables dropping all of their ranges from SYN is a great way to cut *lots* of crap mail For a personal server, I'd agree they send nothing I want to receive. However, for anything more, I think you will get complaints. Constant Contact is one of the better ESPs, kind of like a kick in the shin is better than a kick in the teeth. They do have some legitimate customers, and they do have some spamming customers. The truth is not so good as Tara would like it to be, and not so bad as some have claimed. Tara is very good at 'reputation management' and getting into bed with all the right people. She pops up in Spam lists, NANAE and other places to tell people just how positive CC are on dealing with abuse. Of course it's all spin - their core revenue is to help to deliver bulk mail that would normally be blocked on reputation based RBL's. Remember, if the sender was really clean, their would be zero need for CC. I won't go into the nuts and bolts of it, but I've been giving 550 'no such user' and '550 blocked' messages to CC on a honeypot domain. Still they keep knocking What I really can't understand is why they are on any kind of whitelist. Putting this type of company on a whitelist is great if you're trying to support their revenue model.. now they can tell their clients to use their service because they are on whitelists, this is very attractive to spammers. But what good does it do for anyone else? Why not let their messages meet the same scrutiny as any other potential source of spam? If they get blacklisted, great, now their revenue model is hurt until they find ways to avoid it. If they manage to stay off the lists, even better, they are running as spam free as they claim to be. Why are we covering for their mistakes and supporting a company that profits from sending spam, even if its only sometimes, by whitelisting them? Whitelisting them is a total travesty and the only reason for it has to be money or favours changing hands. It's really that simple. They appear on the Barracuda Whitelist and there has been some suggestion, albeit uncited, that Baraspammer Micheal Perone has some kind of 'interest' in them. I'm not sure of the status of whitelisting elsewhere for Constant Spamcrap anywhere else, but as it's being discussed here - I'm guessing somewhere in SA something is 'greasing the wheels' for them. The crux is this - they emit a constant stream of trash that would be rightly blocked if it were not whitelisted - so whitelisting them is clearly not appropriate at all for anyone interested in blocking spam. Still, what you will now see is Tara and friends go into meltdown stating they take spam seriously and request 'off list' resolution. Which verse/chorus would this upcoming instance be? -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp I'd rather have a free bottle in front of me than a prefrontal lobotomy. -- Fred Allen [Also attributed to S. Clay Wilson. Ed.]
Re: Constant Contact
On Sat, 2009-10-17 at 09:30 -0400, Gene Heskett wrote: On Saturday 17 October 2009, rich...@buzzhost.co.uk wrote: On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote: On Sat, Oct 17, 2009 at 5:47 AM, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: On Fri, 2009-10-16 at 13:29 -0700, John Hardin wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? It's so you can pay someone to send spam, skip past lots of things like Barracuda Network$$$ devices and other filters and not have to face the music and termination from your provider for spamming. Constant Contact = Constant Spam. A IPTables dropping all of their ranges from SYN is a great way to cut *lots* of crap mail For a personal server, I'd agree they send nothing I want to receive. However, for anything more, I think you will get complaints. Constant Contact is one of the better ESPs, kind of like a kick in the shin is better than a kick in the teeth. They do have some legitimate customers, and they do have some spamming customers. The truth is not so good as Tara would like it to be, and not so bad as some have claimed. Tara is very good at 'reputation management' and getting into bed with all the right people. She pops up in Spam lists, NANAE and other places to tell people just how positive CC are on dealing with abuse. Of course it's all spin - their core revenue is to help to deliver bulk mail that would normally be blocked on reputation based RBL's. Remember, if the sender was really clean, their would be zero need for CC. I won't go into the nuts and bolts of it, but I've been giving 550 'no such user' and '550 blocked' messages to CC on a honeypot domain. Still they keep knocking What I really can't understand is why they are on any kind of whitelist. Putting this type of company on a whitelist is great if you're trying to support their revenue model.. now they can tell their clients to use their service because they are on whitelists, this is very attractive to spammers. But what good does it do for anyone else? Why not let their messages meet the same scrutiny as any other potential source of spam? If they get blacklisted, great, now their revenue model is hurt until they find ways to avoid it. If they manage to stay off the lists, even better, they are running as spam free as they claim to be. Why are we covering for their mistakes and supporting a company that profits from sending spam, even if its only sometimes, by whitelisting them? Whitelisting them is a total travesty and the only reason for it has to be money or favours changing hands. It's really that simple. They appear on the Barracuda Whitelist and there has been some suggestion, albeit uncited, that Baraspammer Micheal Perone has some kind of 'interest' in them. I'm not sure of the status of whitelisting elsewhere for Constant Spamcrap anywhere else, but as it's being discussed here - I'm guessing somewhere in SA something is 'greasing the wheels' for them. The crux is this - they emit a constant stream of trash that would be rightly blocked if it were not whitelisted - so whitelisting them is clearly not appropriate at all for anyone interested in blocking spam. Still, what you will now see is Tara and friends go into meltdown stating they take spam seriously and request 'off list' resolution. Which verse/chorus would this upcoming instance be? The 'add' libs... LOL managed to get in a nice advertising pun. I'll get my coat. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp I'd rather have a free bottle in front of me than a prefrontal lobotomy. -- Fred Allen [Also attributed to S. Clay Wilson. Ed.]
RE: Constant Contact
I wouldn't say they are perfect but they try to be. It's close enough for my white list. They shut down abusers and the opt out works. marc, we shouldnt have to opt out... -rh
Re: Constant Contact
On Sat, 2009-10-17 at 14:24 +0100, rich...@buzzhost.co.uk wrote:
On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote:
[...] Why are we covering for their mistakes and
supporting a company that profits from sending spam, even if its only
sometimes, by whitelisting them?
We aren't. If you would have closely followed the thread, you would
have understood that this is about a DNS [BW]L listing that is *not*
part of the stock rules.
We don't operate white or blacklists. Neither do we use the list in
question by default.
[...] but as it's being discussed here - I'm guessing
somewhere in SA something is 'greasing the wheels' for them.
This is plain FUD.
Richard, you're eloquently showing off you didn't read the thread.
You're even clearly stating you don't know, but yet accuse SA of helping
an unrelated business.
Stop the guessing and do check the code and rules before claiming
anything.
guenther
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Constant Contact
On Sat, 2009-10-17 at 18:53 +0200, Karsten Bräckelmann wrote:
On Sat, 2009-10-17 at 14:24 +0100, rich...@buzzhost.co.uk wrote:
On Sat, 2009-10-17 at 07:26 -0400, Aaron Wolfe wrote:
[...] Why are we covering for their mistakes and
supporting a company that profits from sending spam, even if its only
sometimes, by whitelisting them?
We aren't. If you would have closely followed the thread, you would
have understood that this is about a DNS [BW]L listing that is *not*
part of the stock rules.
We don't operate white or blacklists. Neither do we use the list in
question by default.
[...] but as it's being discussed here - I'm guessing
somewhere in SA something is 'greasing the wheels' for them.
This is plain FUD.
Richard, you're eloquently showing off you didn't read the thread.
You're even clearly stating you don't know, but yet accuse SA of helping
an unrelated business.
Stop the guessing and do check the code and rules before claiming
anything.
guenther
Guenther - you're eloquently showing off you didn't understand what I
have posted - despite quoting it:
I'm guessing somewhere in SA something is 'greasing the wheels' for
them.
I don't see that I'm stating it's in the core code and rules there - or
did you just 'guess' or 'imagine' that is what I meant? Clearly there
are whitelists out there that can be used with SA {which puts it on
topic} that WILL grease the wheels for them. Does that clarification
help?
On a personal note I'm sorry you so obviously feel sore at me. Get over
it. I hate spammers with an utter passion - make no mistake about it.
Constant Spamcrap are one of a couple of companies I despise and I can
assure you I'm moderating my views for the list - the simplest mention
of them makes me want to hurt people.
Re: Constant Contact
On Sat, 2009-10-17 at 18:24 +0100, rich...@buzzhost.co.uk wrote:
On Sat, 2009-10-17 at 18:53 +0200, Karsten Bräckelmann wrote:
On Sat, 2009-10-17 at 14:24 +0100, rich...@buzzhost.co.uk wrote:
[...] but as it's being discussed here - I'm guessing
somewhere in SA something is 'greasing the wheels' for them.
This is plain FUD.
Richard, you're eloquently showing off you didn't read the thread.
Sic.
You're even clearly stating you don't know, but yet accuse SA of helping
an unrelated business.
Stop the guessing and do check the code and rules before claiming
anything.
Guenther - you're eloquently showing off you didn't understand what I
have posted - despite quoting it:
I'm guessing somewhere in SA something is 'greasing the wheels' for
them.
I don't see that I'm stating it's in the core code and rules there - or
did you just 'guess' or 'imagine' that is what I meant? Clearly there
are whitelists out there that can be used with SA {which puts it on
topic} that WILL grease the wheels for them. Does that clarification
help?
Yes, it helps indeed -- you did not bother to read the thread before
jumping in, venting your personal opinion.
The OP clearly states the facts. Go read it, before coming back.
On a personal note I'm sorry you so obviously feel sore at me. Get over
it. I hate spammers with an utter passion - make no mistake about it.
Constant Spamcrap are one of a couple of companies I despise [...]
Quite an ego -- this is not about you. Sorry.
I'm sick of uninformed posts, spreading personal opinions, denunciating
others by lame word-plays -- as an end in and of itself. Rather than
actually trying to contribute something worthwhile to the discussion.
In other words, how comes you're only venting about the companies you
despise, and don't even mention the whitelist with a single word?
guenther
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Constant Contact
On Sat, 2009-10-17 at 19:58 +0200, Karsten Bräckelmann wrote: In other words, how comes you're only venting about the companies you despise, and don't even mention the whitelist with a single word? guenther You need to deal with your personality issues - this is *not* about *you* either. Are you done or are you going to go on trolling on with your spite?
Re: Constant Contact
On Sat, Oct 17, 2009 at 06:24, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: Remember, if the sender was really clean, their would be zero need for CC. Absolute unadulterated BS. This is equivalent to saying all of those lay-people who just get gmail or yahoo or hotmail accounts -- if they weren't spammers, they'd just run their own mail servers instead. All of those people who don't maintain their own cars? they must all be car thieves. Same BS logic. CC has legitimate customers, whether you want to admit it or not. Therefore, even if a sender is really clean, there can still be a need for CC.
Re: Constant Contact
Hi,
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
Ouch! Rawbody, that hurts.
Do you mean that it's much more resource-intensive than a regular
body check? When is it necessary (or possible) to use it over the
URIDetail substitute you mentioned?
For example, I have to use rawbody here because I'm searching within
HTML tags:
rawbodyDDN_SPAM_3 /\/.{5}\-.{4}\-.{3}\/.{5}\-.{4}\-.{3}\-1\.jpg
border=0\\\/a\\br\/
describe DDN_SPAM_3 New DDN Spam
score DDN_SPAM_3 2.201
However, I suspect it's pretty resource-intensive, and I have several
of them, along with dozens of rules like:
rawbody __SARE_HTML_INV_TAG /\w\!\w{18,60}\w/i^M
Is there a way to easily measure the overhead of a particular rule?
I'd love to find out which rules are consuming the most resources.
Certainly as the number of rules have increased, the constant load on
the server has increased. Does everyone systematically run sa-compile
on their rules?
Thanks,
Alex
This Subject has Changed (was: Constant Contact)
On Sat, 2009-10-17 at 17:37 -0400, Alex wrote:
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
Ouch! Rawbody, that hurts.
Do you mean that it's much more resource-intensive than a regular
body check?
You can't use body rules here -- the difference between rawbody and body
is, that HTML tags(!) and line breaks are removed before matching for
body rules. See the M::SA::Conf docs.
What I mean is, that URIDetail will be faster than the equivalent
rawbody rule. All URIs have already been parsed out, along with some
details. This holds especially true with large-ish text parts.
When is it necessary (or possible) to use it over the
URIDetail substitute you mentioned?
Possible always. Necessary only, in case some vital parts you need to
match on are not provided by URIdetail. But that should be kind of, err,
obvious, no?
rawbodyDDN_SPAM_3 /\/.{5}\-.{4}\-.{3}\/.{5}\-.{4}\-.{3}\-1\.jpg
border=0\\\/a\\br\/
Argh. Neither a dash, nor angle brackets need to be escaped. It just
makes reading the RE harder. Speaking of which...
I you want to use the dash in your RE, use the general m// with a
different delimiter. The // is just a shorthand for m// with its purpose
defeated by introducing fences. (No, I am not getting tired of repeating
this advice. Never.)
m~^http://[^/]{1,5}/~ is equivalent to /^http:\/\/[^\/]{1,5}\//, though
only one of them is easily readable. ;)
Is there a way to easily measure the overhead of a particular rule?
Other than common sense and woodoo? No. :)
It depends on the RE (Is it properly anchored? Does it backtrack?) and
the specific test case you are evaluating, including the message's
text-parts size.
More specifically, as an example, this is a common source for false
security bugs filed, triggered by a self-DoS RE and a pathetic edge-case
message. The RE rule is fine processing hundreds of thousands of mails
without imposing any noticeable impact -- until that one, legit,
horribly broken HTML format mail comes along, bringing the server down
to its knees by backtracking the hell out of the poor RE engine.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Constant Contact
Daniel J McDonald wrote: On Fri, 2009-10-16 at 16:25 -0400, Adam Katz wrote: My own proposal to fixing this is to bring back Blue Security's do-not-email list, which is to say a freely available index of secure hashes representing email addresses that have opted out of bulk email. (Recall that the controversial aspect of Blue Security's methods is what they did to violators, which I'm not touching here.) The other problem with it is that it can be used to scrub lists and get a set of real users who don't want spam. There is no guarantee that spammers will be ethical and remove the DNE recipients - they may find a better return throwing out the addresses that don't match... You're thinking in terms of maliciousness and not profitability. Yes, a spammer can use the hash index to refine a list of known emails to just people who *don't* want bulk mail ... but how does that help? And then there are hash collisions... Not really. They're too rare (and they don't really matter). MD5 (the /simplest/ checksum to consider) has a one in 2^128 chance of a collision. To put that in perspective, the Mega Millions lottery has 1:176M odds, aka one in 2^27.4 -- that's larger by a factor of a binary googol (2^100). (Note, the not-at-all applicable collision attack has a complexity of 2^32.) I'm not worried. If the index is large enough to have ONE guaranteed collision, it's either improperly maintained (and therefore rubbish) or it's a victim of its own success and we no longer need it.
Re: Constant Contact
Karsten Bräckelmann wrote: Do note that Hostkarma WHITE is not part of the stock rule-set. Moreover, it is *your* score of a whopping -2.1 for the third-party DNS BL test you're complaining about, that results in FNs. Last I checked (which is a while ago, granted), I wouldn't score it that low, not even close. Your score, your trust. If you find yourself in the need to work around your own trust measures, maybe the underlying issue is deeper than a good game of whack-a-mole. And if the WHITE listing is going to be corrected in a timely manner, the rules are obsolete -- yet here to stay along with the hate-laden descriptions, waiting in archives for click- happy monkeys to copy-n-paste without even thinking. Yes, my score. Given one of Marc's other comments about how he maintains his white list (and his insistence on keeping Constant Contact on the white list rather than NOBL), I'm considering lowering its impact in my channel, with exceptions like the rule I posted here. If anybody is just browsing through this list for anything that resembles a rule, they deserve what they get for not reading the disclaimers in the same message or the responses the post generates. This also reminds me of a request I made for SA to support expiration times on rules... Regarding a rule to hunt for CC: Wholly inappropriate, IMHO. Seriously. Given ConstantContact's size, yes. However, it should safely discriminate against CC's bulk mail without catching anything else by accident, which is what R-Elists requested. Note my starting value of 4 so that nobody takes this too far out of context and into trouble. I have read quite a few comments by legitimate receivers in this thread. Makes a score of 4 feel over-board to say the least, requested by $nick or not. Also note, that my previous assessment is not limited to the score. I was trying to help satisfy a request so that the user doesn't get into trouble implementing something that might create extra FNs. I was *NOT* proposing that rule for a larger body. In hindsight, I should not have put my name in the rule.
Re: Constant Contact
R-Elists wrote: I wouldn't say they are perfect but they try to be. It's close enough for my white list. They shut down abusers and the opt out works. marc, we shouldnt have to opt out... -rh Perhaps, but it doesn't make it spam.
RE: Constant Contact
marc, yes, yes it does make it spam if i have no idea who they are or why they are emailing me and/or my clients. it sure as all get out makes it spam. marc, are you boozing or just tired? - rh Perhaps, but it doesn't make it spam.
Constant Contact
Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com servers using their Safe Unsubscribe feature. After some web searches, I decided to use the unsubscribe feature, but apparently I needed to unsubscribe every email address with every company that uses constantcontact.com. To me, this means it is quite clear that Constant Contact's anti-spam policy is improperly enforced at best and flagrantly ignored at worst. The biggest problem is that they're well seeded in the DNS whitelists, including HostKarma and IADB, and they often use SPF, which gets the OK from my double-check in khop-bl. Before I write a custom rule to add points to anything passing through a constantcontact.com relay, I was wondering if anybody here had thoughts on this. (Note, questionable custom rules like this get tested on my production servers with near-zero scores, then real scores, and /then/ they find their way to my sa-update channels.)
RE: Constant Contact
I've heard ads on the radio for Constant Contact before, so I would guess they're legitimate. Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State College Red Hat Certified Technician (RHCT) -Original Message- From: Adam Katz [mailto:antis...@khopis.com] Sent: Friday, October 16, 2009 12:50 PM To: Spamassassin Mailing List Subject: Constant Contact Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com servers using their Safe Unsubscribe feature. After some web searches, I decided to use the unsubscribe feature, but apparently I needed to unsubscribe every email address with every company that uses constantcontact.com. To me, this means it is quite clear that Constant Contact's anti-spam policy is improperly enforced at best and flagrantly ignored at worst. The biggest problem is that they're well seeded in the DNS whitelists, including HostKarma and IADB, and they often use SPF, which gets the OK from my double-check in khop-bl. Before I write a custom rule to add points to anything passing through a constantcontact.com relay, I was wondering if anybody here had thoughts on this. (Note, questionable custom rules like this get tested on my production servers with near-zero scores, then real scores, and /then/ they find their way to my sa-update channels.) smime.p7s Description: S/MIME cryptographic signature
Re: Constant Contact
Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Sometimes abused, but too legit to outright block based on sending IP, imo. The biggest problem is that they're well seeded in the DNS whitelists, Many of those whitelists are better used as don't check the sending IP against RBLs, but do all other content spam filtering... and should not be used as a skip filtering and send to inbox. Complaints liks this keep coming up for various whitelists. The usage alternative I just suggested may solve this problem for many people. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Constant Contact
Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Hi, Very legitimate. We have 4 or 5 clients who use it to send out emails to their subscribers. How ever, it can and does get abused by spammers from time to time, but they usually cut them off after receiving complaints. JMTC. Rick
Re: Constant Contact
On Oct 16, 2009, at 12:09 PM, Rick Macdougall wrote: Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Hi, Very legitimate. We have 4 or 5 clients who use it to send out emails to their subscribers. How ever, it can and does get abused by spammers from time to time, but they usually cut them off after receiving complaints. That has not been my experience. The responses I get from spam complaints just say they've removed my address from that person's list. As the original poster said they don't allow you to opt out globally. Nor do they make it easy to file an abuse complaint in the first place. There links at the bottom of the email to do all sorts of things but not to report the message as spam. Chris - Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -
Re: Constant Contact
Hi, Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Sometimes abused, but too legit to outright block based on sending IP, imo. In addition to constantcontact, can I add the following to the list of hosts I'd like people's input on as to whether it's spam: - blueskycommunications.com - pm0.net - topica.com I believe topica.com is very similar to constantcontact in that they send bulk mail for small businesses, and don't necessarily care what they send. The emails typically contain something like You may be eligible for a cash advance and a URL like macho-man-fitness.c.topica.com that is just a redirect to something like cashadvancenow.com. It's only on URIBLS grey list. Thanks, Alex
Re: Constant Contact
MySQL Student wrote: Hi, Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Sometimes abused, but too legit to outright block based on sending IP, imo. Just to add another data point -- There is a local network of small tech entrepreneurs in my region. They have an email list for discussing various aspects of running small businesses (sometimes just one person out of their home), and one of the questions that frequently comes up is how to get out bulk mailings to their customers. When that topic comes up, one of the most common recommendations, and what many of them use, is Constant Contact. It does the job cleanly and efficiently and fits in their budgets. Many of them have had an experience of trying to do it themselves and getting tangled up with their ISP's policies. So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. -- --- Chris Hoogendyk - O__ Systems Administrator c/ /'_ --- Biology Geology Departments (*) \(*) -- 140 Morrill Science Center ~~ - University of Massachusetts, Amherst hoogen...@bio.umass.edu --- Erdös 4
Re: Constant Contact
Chris Hoogendyk wrote: Just to add another data point -- There is a local network of small tech entrepreneurs in my region. They have an email list for discussing various aspects of running small businesses (sometimes just one person out of their home), and one of the questions that frequently comes up is how to get out bulk mailings to their customers. When that topic comes up, one of the most common recommendations, and what many of them use, is Constant Contact. It does the job cleanly and efficiently and fits in their budgets. Many of them have had an experience of trying to do it themselves and getting tangled up with their ISP's policies. So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. And one more data point: a bunch of local parent-teacher organizations use Constant Contact for their newsletters and announcements. -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
RE: Constant Contact
Complaints liks this keep coming up for various whitelists. The usage alternative I just suggested may solve this problem for many people. -- Rob McEwen Mc, what usage alternative? - rh
Re: Constant Contact
UCSC uses them for various announcement messages as well (I think they're mostly in-bound (ie. sending to UCSC addresses), but I don't know if that's 100% true). So, while I can't speak to whether or not they send spam, I can vouch that they are sometimes used to send ham. JRudd On Fri, Oct 16, 2009 at 10:54, Miles Fidelman mfidel...@meetinghouse.net wrote: Chris Hoogendyk wrote: Just to add another data point -- There is a local network of small tech entrepreneurs in my region. They have an email list for discussing various aspects of running small businesses (sometimes just one person out of their home), and one of the questions that frequently comes up is how to get out bulk mailings to their customers. When that topic comes up, one of the most common recommendations, and what many of them use, is Constant Contact. It does the job cleanly and efficiently and fits in their budgets. Many of them have had an experience of trying to do it themselves and getting tangled up with their ISP's policies. So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. And one more data point: a bunch of local parent-teacher organizations use Constant Contact for their newsletters and announcements. -- In theory, there is no difference between theory and practice. In practice, there is. Yogi Berra
RE: Constant Contact
here is a fine chance for everyone to vote on some new rule names... ill seed it... CONSTANT_PITA_BULK1 let's be creative now, it's Friday! well, it is always Friday, but you get the point... - rh
Re: Constant Contact
R-Elists wrote: Complaints liks this keep coming up for various whitelists. The usage alternative I just suggested may solve this problem for many people. Just what I said. If an IP whitelist cause too many spams to get a free pass, then instead of using that whitelist as a free pass to the inbox... instead... use it to bypass all checking of the sender IPs against blacklists, but still do content spam filtering on the message. This is actually what Marc Percel recommend with his Yellow list. I'm simply stating that this approach is good for additional whitelists if/when someone likes the whitelist overall, but find it leads to too many FNs. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
RE: Constant Contact
So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. snip Chris Hoogendyk Chris, -1 no disrespect to you intended, yet says who? our general experience with Constant Contact is negative. - rh
Re: Constant Contact
On Friday 16 October 2009, Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com servers using their Safe Unsubscribe feature. After some web searches, I decided to use the unsubscribe feature, but apparently I needed to unsubscribe every email address with every company that uses constantcontact.com. To me, this means it is quite clear that Constant Contact's anti-spam policy is improperly enforced at best and flagrantly ignored at worst. The biggest problem is that they're well seeded in the DNS whitelists, including HostKarma and IADB, and they often use SPF, which gets the OK from my double-check in khop-bl. Before I write a custom rule to add points to anything passing through a constantcontact.com relay, I was wondering if anybody here had thoughts on this. That domain name should earn an email that came through their servers an additional 2.5 points IMO. It has been a thorn in my side since 3, maybe 4 years now. (Note, questionable custom rules like this get tested on my production servers with near-zero scores, then real scores, and /then/ they find their way to my sa-update channels.) -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp Yield to Temptation ... it may not pass your way again. -- Lazarus Long, Time Enough for Love
RE: Constant Contact
That domain name should earn an email that came through their servers an additional 2.5 points IMO. It has been a thorn in my side since 3, maybe 4 years now. snip -- Cheers, Gene Gene, and anyone else that cares to share please... what are you using for your various rules to up the score on Constant Contact emails so that nothing slips by??? if semi proprietary you cannot share on list, please ping me off... - rh
Re: Constant Contact
On Friday 16 October 2009, R-Elists wrote: That domain name should earn an email that came through their servers an additional 2.5 points IMO. It has been a thorn in my side since 3, maybe 4 years now. snip -- Cheers, Gene Gene, and anyone else that cares to share please... what are you using for your various rules to up the score on Constant Contact emails so that nothing slips by??? if semi proprietary you cannot share on list, please ping me off... - rh Nothing proprietary, or even SA related, just a recipe in my .procmailrc, so its handed to /dev/null before SA is even called. Which works for me cuz I am the only 'customer', and I don't have a thing I'm subscribed to that comes through that server. So I could care less if it goes to /dev/null. :) That of course is a 100% kill. Shrug. -- Cheers, Gene There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) The NRA is offering FREE Associate memberships to anyone who wants them. https://www.nrahq.org/nrabonus/accept-membership.asp A small town that cannot support one lawyer can always support two.
Re: Constant Contact
I wrote:
Before I write a custom rule to add points to anything passing through
a constantcontact.com relay, I was wondering if anybody here had
thoughts on this.
R-Elists wrote:
what are you using for your various rules to up the score on Constant
Contact emails so that nothing slips by???
I lied. I actually wrote a rule and stuck it in my testing area. As
always, don't forget to adjust the wrapping and lint your rules before
going live.
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
meta KHOP_CONSTANTCONTACT __CCM_UNSUB RCVD_IN_HOSTKARMA_W
describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer
scoreKHOP_CONSTANTCONTACT 2.5 # combat dns whitelists
All this does is un-do the negative points HOSTKARMA_W assigns
(rather, the 2.1 points it assigns as implemented in my khop-bl
channel ... ymmv).
If you're not checking against a whitelist to undo it but rather
trying to block outright, I'd use something more like this:
header __CCM_RELAY X-Spam-Relays-Untrusted =~
/^[^\]]+ rdns=ccm\d\d\.constantcontact\.com\s/
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
meta KHOP_CONSTANTCONTACT __CCM_UNSUB __CCM_RELAY
describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer
scoreKHOP_CONSTANTCONTACT 4 # increase as needed
Re: Constant Contact
On 10/16/2009 01:14 PM, Chris Owen wrote: On Oct 16, 2009, at 12:09 PM, Rick Macdougall wrote: Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Hi, Very legitimate. We have 4 or 5 clients who use it to send out emails to their subscribers. How ever, it can and does get abused by spammers from time to time, but they usually cut them off after receiving complaints. That has not been my experience. The responses I get from spam complaints just say they've removed my address from that person's list. As the original poster said they don't allow you to opt out globally. Nor do they make it easy to file an abuse complaint in the first place. There links at the bottom of the email to do all sorts of things but not to report the message as spam. For reasons like this I will not manually unsubscribe spam from constantcontact.com or tell them what addresses were being sent. They deserve a hurt reputation if they have a poor anti-spam policy. Unsubscribing only the offending addresses only artificially hides the problem from the statistical analysis without solving it. Warren Togami wtog...@redhat.com
Re: Constant Contact
On Friday, October 16, 2009, 11:49:43 AM, Adam Katz wrote: AK After some web searches, I decided to use the unsubscribe feature, but AK apparently I needed to unsubscribe every email address with every AK company that uses constantcontact.com. To me, this means it is quite AK clear that Constant Contact's anti-spam policy is improperly enforced AK at best and flagrantly ignored at worst. FWIW - I have had two experiences with CC customers apparently not playing by the rules. One was a new hotel/conference center that was just built earlier this year. At that time, they helped themselves to the email addresses in the Chamber of Commerce directory and commenced mailing through CC. I complained, and was informed that they were suspended for the ToS violation, and I received no further mail from them. More recently, a political candidate for Governor (who I supported for Lt. Gov. last go around and may very well support for Gov. - BUT I'm reasonably sure I did not sign up on her mailing list) started mailing me - and there's been a lot of e-pending of voter registration lists going on. I was informed that they told CC that all of their lists are legit sign-ups from their web site. Even though I told CC that I'm not 100% sure I didn't sign up (but 95% sure) they are suspended pending further investigation. So in sum, they seem to be very sensitive to abusers causing problems for them (as well as their legitimate users.) I grepped my mail logs and found that my wife and I are among many other users on my system that receive legitimate, desired mail that is delivered through CC. -- Best regards, Robert Braver rbra...@ohww.norman.ok.us
Re: Constant Contact
Warren Togami wrote: For reasons like this I will not manually unsubscribe spam from constantcontact.com or tell them what addresses were being sent. They deserve a hurt reputation if they have a poor anti-spam policy. Unsubscribing only the offending addresses only artificially hides the problem from the statistical analysis without solving it. I was in the same boat until I realized just how much spam was coming from them. They keep sending despite the fact that I train their mail as spam (which includes BAYES_99 and an AWL swing of ~30 points), which means subsequent mail from them gets rejected at SMTP time (read: bounced). They disregard this, failing to clean up their lists --which is odd because I thought mass-emailing software was supposed to interpret consecutive bounces as unsubscribe requests-- and failing to force their customers to maintain their own lists (let alone shut down a customer for a grossly unmaintained list), and then I get mail from them again once the AWL swing has been worn down by HostKarma W et al. This presents itself with a three-piece solution: 1. Continue to report their spam (SpamCop, KnuJon, Pyzor, Razor, ...) 2. Write a rule to prevent DNS whitelisting (see my other email) 3. Utilize their SafeUnsubscribe anyway. I hate it when practicality trumps ideology.
Re: Constant Contact
On Fri, Oct 16, 2009 at 12:49 PM, Adam Katz antis...@khopis.com wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abuse@ address but you won't ever hear what happened to it there other than an auto-ack. If you'd like to send me any complaints I can let you know what became of them. We have a very large compliance and list review group who investigates the complaints and speaks with customers about where their lists came from etc.. Of course we do a lot of preprocessing of their lists when they upload them so we can detect bad senders before they even mail. Obviously some gets through (or we wouldn't be having this conversation) and for that we rely on complaints/bounce rates/unsubscribe rates to point us to the problems. feel free to reply to me offlist if you want further info. Tara Natanson
Re: Constant Contact
On Fri, Oct 16, 2009 at 11:07, R-Elists list...@abbacomm.net wrote: So, even though I cringe when I hear a name like Constant Contact, it does serve a legitimate business need. says who? Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users.
Re: Constant Contact
Rob McEwen schrieb: Just what I said. If an IP whitelist cause too many spams to get a free pass, then instead of using that whitelist as a free pass to the inbox... instead... use it to bypass all checking of the sender IPs against blacklists, but still do content spam filtering on the message. That's the recommended usage for dnswl.org data since it's beginning: skip grey/blacklisting for all trust levels, but only bypass spamfilter for medium/high trust levels (and never bypass virus filtering, if you have Windows users). -- Matthias
Re: Constant Contact
On Fri, 16 Oct 2009, Tara Natanson wrote: Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abuse@ address but you won't ever hear what happened to it there other than an auto-ack. If you'd like to send me any complaints I can let you know what became of them. We have a very large compliance and list review group who investigates the complaints and speaks with customers about where their lists came from etc.. Of course we do a lot of preprocessing of their lists when they upload them so we can detect bad senders before they even mail. Obviously some gets through (or we wouldn't be having this conversation) and for that we rely on complaints/bounce rates/unsubscribe rates to point us to the problems. Tara: May I suggest a feature for your website: a way for someone to find out exactly which of the mailing lists you process contain a given email address, and a way to unsubscribe or report abuse in bulk (e.g. in a grid)? In other words, a way to visit your website and see _all_ of the lists sending to my email address. I suggest you do _not_ use passwords or force registration for someone to access this. You could append a URI with a unique-to-the-recipient ID code to every mail sent (similar to unsubscribe or report abuse links), and that link would bring up the review page on your website for the recipient's email address. You could also have a spot on your website to enter an email address and have such a link sent to that email address, so that if I wanted to review I wouldn't have to have an email from one of your clients handy. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Taking my gun away because I *might* shoot someone is like cutting my tongue out because I *might* yell Fire! in a crowded theater. -- Peter Venetoklis --- 15 days since a sunspot last seen - EPA blames CO2 emissions
Re: Constant Contact
On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? I don't understand the concept of sending internal mail via an external third party... -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Taking my gun away because I *might* shoot someone is like cutting my tongue out because I *might* yell Fire! in a crowded theater. -- Peter Venetoklis --- 15 days since a sunspot last seen - EPA blames CO2 emissions
Re: Constant Contact
On 10/16/2009 10:25 PM, Adam Katz wrote: I suppose it's possible that your customer base is large enough that there aren't any repeat offenders and that each case is unique ... digging through my archives, I don't see more than 2x of any message from a CC customer. look at this way, some snowshoe IP, CC snowshoes customers
Re: Constant Contact
On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote:
Before I write a custom rule to add points to anything passing through
a constantcontact.com relay, I was wondering if anybody here had
thoughts on this.
I lied. I actually wrote a rule and stuck it in my testing area. As
always, don't forget to adjust the wrapping and lint your rules before
going live.
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
Ouch! Rawbody, that hurts.
If you really can't tell from the / a link URI alone, you'd better have
a look at the URIDetail plugin instead. The anchor text of an HTML link
is part of the internal URI data structure.
meta KHOP_CONSTANTCONTACT __CCM_UNSUB RCVD_IN_HOSTKARMA_W
describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer
Inappropriate description.
Inappropriate logic. IFF the terminology used would be appropriate, you
rather should take the then-false listing up with the whitelist.
If you're not checking against a whitelist to undo it but rather
trying to block outright, I'd use something more like this:
header __CCM_RELAY X-Spam-Relays-Untrusted =~ /^[^\]]+
rdns=ccm\d\d\.constantcontact\.com\s/
meta KHOP_CONSTANTCONTACT __CCM_UNSUB __CCM_RELAY
describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer
scoreKHOP_CONSTANTCONTACT 4 # increase as needed
Wholly inappropriate, IMHO. Seriously.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Constant Contact
On Fri, Oct 16, 2009 at 13:29, John Hardin jhar...@impsec.org wrote: On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? I don't understand the concept of sending internal mail via an external third party... Don't ask me. I didn't recommend that they go down that path. I'm merely vouching that there are legitimate business users of the service. However, probably one of the reasons that they would give is: as clients of Contant Contact, they don't have to directly maintain mailman, an MTA, a server, and manage the capacity, maintenance, and bandwidth of all of that. Add in the cost of a sysadmin, and they probably think it's cheaper to go to Constant Contact than to pay for all of that (or to pay the Central IT Service (me) to do it for them ... though, in at least one case, I think they weren't aware of the options the central IT service could offer them ... that, or they were afraid we'd make them behave responsibly, and may not feel that they have to worry about that if they outsource, instead). Essentially, though, your question is the same as why use Gmail/Yahoo/Hotmail instead of (any of the many free POP/IMAP/Webmail software) that you can run yourself? The answer, in both cases, is: outsourcing has a value, and this is one of the places where that's true for some people.
Re: Constant Contact
Karsten Bräckelmann wrote:
On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote:
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
Ouch! Rawbody, that hurts.
If you really can't tell from the / a link URI alone, you'd better have
a look at the URIDetail plugin instead. The anchor text of an HTML link
is part of the internal URI data structure.
Interesting. I didn't know about that.
ifplugin Mail::SpamAssassin::Plugin::URIDetail
uri_detail __CCM_UNSUB domain =~ /\bvisitor\.constantcontact.com$/
raw =~ /\?.{40}/ text =~ /^SafeUnsubscribe$/
else
rawbody __CCM_UNSUB
/https?:..visitor\.constantcontact.com\/[^]{60,200}SafeUnsubscribe/
endif
meta KHOP_CONSTANTCONTACT __CCM_UNSUB RCVD_IN_HOSTKARMA_W
describe KHOP_CONSTANTCONTACT Remove DNS WL blessing for spam relayer
Inappropriate description.
Inappropriate logic. IFF the terminology used would be appropriate, you
rather should take the then-false listing up with the whitelist.
Already did. I've requested the Constant Contact IPs find their way
to HostKarma's Yellow or NOBL lists and out of the White list.
If you're not checking against a whitelist to undo it but rather
trying to block outright, I'd use something more like this:
header __CCM_RELAY X-Spam-Relays-Untrusted =~ /^[^\]]+
rdns=ccm\d\d\.constantcontact\.com\s/
meta KHOP_CONSTANTCONTACT __CCM_UNSUB __CCM_RELAY
describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer
scoreKHOP_CONSTANTCONTACT 4 # increase as needed
Wholly inappropriate, IMHO. Seriously.
Given ConstantContact's size, yes. However, it should safely
discriminate against CC's bulk mail without catching anything else by
accident, which is what R-Elists requested. Note my starting value
of 4 so that nobody takes this too far out of context and into trouble.
Re: Constant Contact
On Fri, 2009-10-16 at 17:17 -0400, Adam Katz wrote:
Karsten Bräckelmann wrote:
On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote:
Inappropriate description.
Inappropriate logic. IFF the terminology used would be appropriate, you
rather should take the then-false listing up with the whitelist.
Already did. I've requested the Constant Contact IPs find their way
to HostKarma's Yellow or NOBL lists and out of the White list.
Do note that Hostkarma WHITE is not part of the stock rule-set.
Moreover, it is *your* score of a whopping -2.1 for the third-party DNS
BL test you're complaining about, that results in FNs. Last I checked
(which is a while ago, granted), I wouldn't score it that low, not even
close.
Your score, your trust. If you find yourself in the need to work around
your own trust measures, maybe the underlying issue is deeper than a
good game of whack-a-mole. And if the WHITE listing is going to be
corrected in a timely manner, the rules are obsolete -- yet here to stay
along with the hate-laden descriptions, waiting in archives for click-
happy monkeys to copy-n-paste without even thinking.
meta KHOP_CONSTANTCONTACT __CCM_UNSUB __CCM_RELAY
describe KHOP_CONSTANTCONTACT Constant Contact is a known spammer
scoreKHOP_CONSTANTCONTACT 4 # increase as needed
Wholly inappropriate, IMHO. Seriously.
Given ConstantContact's size, yes. However, it should safely
discriminate against CC's bulk mail without catching anything else by
accident, which is what R-Elists requested. Note my starting value
of 4 so that nobody takes this too far out of context and into trouble.
I have read quite a few comments by legitimate receivers in this thread.
Makes a score of 4 feel over-board to say the least, requested by $nick
or not.
Also note, that my previous assessment is not limited to the score.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Constant Contact
Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com servers using their Safe Unsubscribe feature. After some web searches, I decided to use the unsubscribe feature, but apparently I needed to unsubscribe every email address with every company that uses constantcontact.com. To me, this means it is quite clear that Constant Contact's anti-spam policy is improperly enforced at best and flagrantly ignored at worst. The biggest problem is that they're well seeded in the DNS whitelists, including HostKarma and IADB, and they often use SPF, which gets the OK from my double-check in khop-bl. Before I write a custom rule to add points to anything passing through a constantcontact.com relay, I was wondering if anybody here had thoughts on this. (Note, questionable custom rules like this get tested on my production servers with near-zero scores, then real scores, and /then/ they find their way to my sa-update channels.) I wouldn't say they are perfect but they try to be. It's close enough for my white list. They shut down abusers and the opt out works.
Re: Constant Contact
One factor in scoring white list like mine is that different people have different definitions as to what is spam. And people have different values as to blocking spam at the expense of blocking good email. In my business if I block a good email it's worse than 100 spams getting through. I am possibly too generous on white listing but that's what my customers want.
Re: Constant Contact
Hi, How is Constant Contact better than (say) GNU mailman for that purpose? I don't understand the concept of sending internal mail via an external third party... In addition to what's already been mentioned, CC also provides a nice template that people can drop their message into and click Send. This is very appealing to the local bagel shop or restaurant that wants to advertise their specials to their favorite customers without even having an Internet connection of their own. I don't doubt that if you solicited to these types of businesses with your mailman product and the ability to add their logo to the top of an HTML email, they'd choose your service just the same. Best, Alex
Re: Constant Contact
Tara Natanson wrote: On Fri, Oct 16, 2009 at 12:49 PM, Adam Katz antis...@khopis.com wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abuse@ address but you won't ever hear what happened to it there other than an auto-ack. If you'd like to send me any complaints I can let you know what became of them. We have a very large compliance and list review group who investigates the complaints and speaks with customers about where their lists came from etc.. Of course we do a lot of preprocessing of their lists when they upload them so we can detect bad senders before they even mail. Obviously some gets through (or we wouldn't be having this conversation) and for that we rely on complaints/bounce rates/unsubscribe rates to point us to the problems. feel free to reply to me offlist if you want further info. Tara Natanson Yep - and that's why I white list them.
Re: Constant Contact
On Fri, 2009-10-16 at 15:09 -0700, Marc Perkel wrote:
I wouldn't say they are perfect but they try to be. It's close enough
for my white list. They shut down abusers and the opt out works.
^
This implies there is, in fact, abuse. Thus, they are not trusted
nonspam only, which is your definition of WHITE. Some more of your own
definition and classification.
whilelist - trusted nonspam
yellowlist - mix of spam and nonspam
NOBL - This IP is not a spam only source and no blacklists need to be tested
Even if one does not equalize has abusers and sends occasional spam,
NOBL seems a more appropriate listing to me.
Note this is about ccmNN.constantcontact.com, not confirmedcc.com.
--
char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4;
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1:
(c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Constant Contact
On Fri, 2009-10-16 at 16:25 -0400, Adam Katz wrote: My own proposal to fixing this is to bring back Blue Security's do-not-email list, which is to say a freely available index of secure hashes representing email addresses that have opted out of bulk email. (Recall that the controversial aspect of Blue Security's methods is what they did to violators, which I'm not touching here.) The other problem with it is that it can be used to scrub lists and get a set of real users who don't want spam. There is no guarantee that spammers will be ethical and remove the DNE recipients - they may find a better return throwing out the addresses that don't match... And then there are hash collisions...
Re: Constant Contact
Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact http://www.constantcontact.com/anti_spam.jsp ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com servers using their Safe Unsubscribe feature. After some web searches, I decided to use the unsubscribe feature, but apparently I needed to unsubscribe every email address with every company that uses constantcontact.com. To me, this means it is quite clear that Constant Contact's anti-spam policy is improperly enforced at best and flagrantly ignored at worst. The biggest problem is that they're well seeded in the DNS whitelists, including HostKarma and IADB, and they often use SPF, which gets the OK from my double-check in khop-bl. Before I write a custom rule to add points to anything passing through a constantcontact.com relay, I was wondering if anybody here had thoughts on this. (Note, questionable custom rules like this get tested on my production servers with near-zero scores, then real scores, and /then/ they find their way to my sa-update channels.) They're cluefull; they monitor SPAM-L; they use one of my email addresses as a spamtrap. We don't use them, but they're still aware enough to email us and ask if something looks dodgy. Good folks, IMHO. -- -- tim -- Tim Boyer Chief Technical Officer Denman Tire Corporation
FWD offlist reply CONSTANT CONTACT
From: Chris Owen ow...@hubris.net To: rich...@buzzhost.co.uk Cc: Tara Natanson t...@natanson.net Subject: Re: constantcontact.com Date: Mon, 6 Jul 2009 13:02:07 -0500 (19:02 BST) Mailer: Apple Mail (2.935.3) On Jul 6, 2009, at 1:00 PM, rich...@buzzhost.co.uk wrote: I'm keen to hear a cross section of views. Can you please just give this a rest. It was stupid 3 days ago. Now it is just wasting everyone's time. Chris -- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 -A stupidity tax Hubris Communications Inc www.hubris.net -- Why? Are you in charge?
Re: FWD offlist reply CONSTANT CONTACT
+1 for ending this thread On Mon, Jul 6, 2009 at 2:25 PM, rich...@buzzhost.co.ukrich...@buzzhost.co.uk wrote: From: Chris Owen ow...@hubris.net To: rich...@buzzhost.co.uk Cc: Tara Natanson t...@natanson.net Subject: Re: constantcontact.com Date: Mon, 6 Jul 2009 13:02:07 -0500 (19:02 BST) Mailer: Apple Mail (2.935.3) On Jul 6, 2009, at 1:00 PM, rich...@buzzhost.co.uk wrote: I'm keen to hear a cross section of views. Can you please just give this a rest. It was stupid 3 days ago. Now it is just wasting everyone's time. Chris -- Chris Owen - Garden City (620) 275-1900 - Lottery (noun): President - Wichita (316) 858-3000 - A stupidity tax Hubris Communications Inc www.hubris.net -- Why? Are you in charge?
Re: FWD offlist reply CONSTANT CONTACT
On Mon, July 6, 2009 20:25, rich...@buzzhost.co.uk wrote: Received-SPF: unknown (nike.apache.org: error in processing during lookup of rich...@buzzhost.co.uk) priseless -- xpoint
Re: FWD offlist reply CONSTANT CONTACT
On Mon, 2009-07-06 at 20:55 +0200, Benny Pedersen wrote: On Mon, July 6, 2009 20:25, rich...@buzzhost.co.uk wrote: Received-SPF: unknown (nike.apache.org: error in processing during lookup of rich...@buzzhost.co.uk) priseless That should read 'priceless' - I hate to be the pedant, but as you are up for correcting people.
