Re: HABEAS_ACCREDITED SPAMMER

[jdow]

From: "Robert Lopez" 
Sent: Friday, 2009/December/04 11:24


On Fri, Dec 4, 2009 at 7:33 AM, Bowie Bailey  wrote:

LuKreme wrote:

On 4-Dec-2009, at 01:18, jdow wrote:


With all the animosity on this issue I decided to give the HABEAS
rules a score, a negligible score to be sure, just to see what the
state of HABEAS is for me today.

In the last four days - nothing either spam or ham.



I tend to see little clusters of HABEAS scores, but they are rare. I 
might see only 10-20 a month.


After following this thread for a while, I decided to take a look at my
server. So here's one more data point:

In the last month, I have seen 718 messages that hit one of the HABEAS
rules. Of those, none of them had an overall score higher than 4, and
there were only 12 that would have been scored as spam without the rule.

Since I don't have access to look at the actual messages and I don't
know what lists my customers may be signed up for, I can't say anything
for sure, but it looks like it's working fine here based on the numbers.

--
Bowie



Here is one more data point:
Since October 18th I have seen HABEAS rules listed in Spamassassin
score lines 496122 times.
One such phishing email this week was successfully delivered to 387 
in-boxes.

Were it not for the HABEAS_ACCREDITED_SOI -4.30 other rules would have
lead to successfully stopping the message.

<< jdow: OK a 0.07% failure rate is remarkably good, In My Pathetic
Opinion. It ought to earn a fairly respectable negative score on that
basis. How far off was your -4.30 score on that spam/phish? Was that
the ONLY one that got through?

{^_^} 

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[jdow]

From: 
Sent: Friday, 2009/December/04 06:04



On Fri, 2009-12-04 at 06:55 -0700, LuKreme wrote:

On 3-Dec-2009, at 23:06, R-Elists wrote:
> certainly we understand your point here, yet what about accountability 
> for

> Return Path Inc (and other RPI companies) related rules in the default
> Spamassassin configs?


My position on HABEAS is well-know by anyone who cares (I score it +0.5 
and +2.0); that's not what I'm talking about: it's the constant whinging 
by richard and falk at each other. Obviously they WANT to be 
communicating since otherwise they could easily ignore/killfile each 
other. I'm just tired of them doing it on this mailinglist.



Your idea of 'constant' amuses me and is stretching the truth
exponentially.

I'm curious why a commercial whitelist from a bulk mailing company has
such a positive inroad in Spamassassin. It's a fair question. I'm not
interested in your personal views of me, my question or my posting. You
have a killfile? You able to ignore on subject? Skills you may find
useful to learn yes?


Have you two gentlemen reported these spammers to ReturnPath, Lukreme's
long unused address might be a good source for scrubbing the ReturhPath
lists. (So far I've not seen one either way here.) I presume you two
gentlemen are telling me that you never see HABEAS on ham, right?

{^_^} 

Re: actual facts (was Re: HABEAS_ACCREDITED SPAMMER)

[Michael Parker]

FYI, the original bug is here: 
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=3998

All the bitching about it, took me about 30 seconds to find it.

Michael

Re: actual facts (was Re: HABEAS_ACCREDITED SPAMMER)

[J.D. Falk]

On Dec 4, 2009, at 12:24 PM, John Hardin wrote:

> On Fri, 4 Dec 2009, J.D. Falk wrote:
> 
>> The current defaults for both the HABEAS and BSP rules were set long before 
>> Return Path operated either service, so we have no clue where they came from 
>> either.
> 
> J.D., may I suggest you open a SA Bugzilla ticket suggesting that the scores 
> be reviewed in light of this large change in how HABEAS operates?

Glad to.

--
J.D. Falk 
Return Path Inc

Re: actual facts (was Re: HABEAS_ACCREDITED SPAMMER)

[Kris Deugau]

J.D. Falk wrote:

There's only one Safe list (which SA still calls Habeas.)  In other words: no 
difference between the SOI and COI lists.  Or at least, that's how it's 
supposed to be -- so Kris's results were somewhat surprising.


*shrug*  I haven't seen enough evidence in the mail flow here to bother 
messing with the stock scores in the installations here, but there *are* 
three different rules in the stock SA set (up to date via sa-update):


# Habeas Accredited Senders
#Last octet of the returned A record indicates the Habeas-assigned
#   "Permission Level" of the Sender.
#   10 to 39Personal, transactional, and Confirmed 
Opt In

#   40 to 59Secure referrals and Single Opt In
#   60 to 99Checked but not accredited by Habeas.
#
# sa-accredit.habeas.com is for SpamAssassin use.
#
header HABEAS_ACCREDITED_COIeval:check_rbl('habeas-firsttrusted', 
'sa-accredit.habeas.com.', '127\.\d+\.\d+\.[123]\d')

describe HABEAS_ACCREDITED_COI  Habeas Accredited Confirmed Opt-In or Better
tflags HABEAS_ACCREDITED_COInet nice
header HABEAS_ACCREDITED_SOI 
eval:check_rbl_sub('habeas-firsttrusted', '127\.\d+\.\d+\.[45]\d')

describe HABEAS_ACCREDITED_SOI  Habeas Accredited Opt-In or Better
tflags HABEAS_ACCREDITED_SOInet nice
header HABEAS_CHECKED 
eval:check_rbl_sub('habeas-firsttrusted', '127\.\d+\.\d+\.[6789]\d')

describe HABEAS_CHECKED Habeas Checked
tflags HABEAS_CHECKED   net nice

score HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
score HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3
score HABEAS_CHECKED 0 -0.2 0 -0.2

-kgd

Re: [sa] actual facts (was Re: HABEAS_ACCREDITED SPAMMER)

[Charles Gregory]

On Fri, 4 Dec 2009, J.D. Falk wrote:
They have to police themselves, or else they get kicked off the list. 
Simple, neh?


Neh. Definitely NEH. That is the logic of spambots. They get on there, 
abuse the heck out of it until someone files a complaint and then they get 
cut off, but not before millions of spams have gone out the door with your 
'blessing'. The notion of waiting for complaints opens the doors to
failure of systems through overburdening (gee, we got so many complaints 
we couldn't get to them all in a timely manner).


For example, you've heard a complaint about 'thedateuk' being tossed 
around this list. Seems to me that if your above statement represented an 
effective policy, the comment from the original complainant should be
"I saw a flood of spam from these IP's and then it just stopped a few 
hours later." But that's not what I'm reading.


And I don't want excuses. No claims that a certain reporting mechanism 
"should" have been used. There are enough people receiving spam that if 
any mechanism were reputable and worthwhile, *someone* would have used it 
and the spam would have stopped. At the very least, judging by the 
comments here, no attempt was made to 'group' the offending IP's and the 
offender just switched to another IP in their block?


Anyway you look at it, there is a reliability issue here

- Charles

Re: HABEAS_ACCREDITED SPAMMER

[Robert Lopez]

On Fri, Dec 4, 2009 at 7:33 AM, Bowie Bailey  wrote:
> LuKreme wrote:
>> On 4-Dec-2009, at 01:18, jdow wrote:
>>
>>> With all the animosity on this issue I decided to give the HABEAS
>>> rules a score, a negligible score to be sure, just to see what the
>>> state of HABEAS is for me today.
>>>
>>> In the last four days - nothing either spam or ham.
>>>
>>
>> I tend to see little clusters of HABEAS scores, but they are rare. I might 
>> see only 10-20 a month.
>
> After following this thread for a while, I decided to take a look at my
> server.  So here's one more data point:
>
> In the last month, I have seen 718 messages that hit one of the HABEAS
> rules.  Of those, none of them had an overall score higher than 4, and
> there were only 12 that would have been scored as spam without the rule.
>
> Since I don't have access to look at the actual messages and I don't
> know what lists my customers may be signed up for, I can't say anything
> for sure, but it looks like it's working fine here based on the numbers.
>
> --
> Bowie
>

Here is one more data point:
Since October 18th I have seen HABEAS rules listed in Spamassassin
score lines 496122 times.
One such phishing email this week was successfully delivered to 387 in-boxes.
Were it not for the HABEAS_ACCREDITED_SOI -4.30 other rules would have
lead to successfully stopping the message.

-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106

Re: actual facts (was Re: HABEAS_ACCREDITED SPAMMER)

[John Hardin]

On Fri, 4 Dec 2009, J.D. Falk wrote:

The current defaults for both the HABEAS and BSP rules were set long 
before Return Path operated either service, so we have no clue where 
they came from either.


J.D., may I suggest you open a SA Bugzilla ticket suggesting that the 
scores be reviewed in light of this large change in how HABEAS operates?


3.3.0 is in beta right now, it's still not too late to adjust the default 
scores for these rules for this major release.


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  You do not examine legislation in the light of the benefits it
  will convey if properly administered, but in the light of the
  wrongs it would do and the harms it would cause if improperly
  administered.  -- Lyndon B. Johnson
---
 11 days until Bill of Rights day

actual facts (was Re: HABEAS_ACCREDITED SPAMMER)

[J.D. Falk]

On Dec 4, 2009, at 1:18 AM, jdow wrote:

> And JD, I don't see on your site what it "costs" people to get listed
> on your DNS approval lists other than some tests and documentation. Is
> it possible spammers simply submit some buttered up documentation, get
> approved, and accept getting it knocked back off your lists rapidly as
> a business "time" expense?

No, there's a lengthy application process and a lot of monitoring involved.  
I'd be happy to ask someone from the Certification team to join the list and 
explain further as soon as I can be certain they won't be harassed and insulted 
here.  In the meantime I'll answer as well as I can, considering that I work on 
entirely different products at Return Path.

> I note that JD is quite willing to discuss (and seemed to recommend)
> a lowered default score. That seems quite reasonable.

The current defaults for both the HABEAS and BSP rules were set long before 
Return Path operated either service, so we have no clue where they came from 
either.


On Dec 4, 2009, at 9:08 AM, Charles Gregory wrote:

> As soon as any whitelist service like 'returnpath' accepts a client, they 
> perform the following:
> 
> 1) Review the client's address list - look for honeypot addresses.
>   If any are found, clearly the client has not vetted their list.

Our staff doesn't review their list, but we do operate a great many honeypots 
of our own -- and we receive feeds of honeypot messages from ISPs and other 
data partners.  So, spammers can't hide that way.

We also get feeds of complaints, where users click "this is spam" in a partner 
ISP's webmail interface.  Spammers can't hide that way, either.

(You can see the results of much of this data at senderscore.org.)

I saw some other interesting ideas in the conversation, but they all assume the 
accreditor is able to change messages or otherwise interrupt the sender's 
mailstream.  We don't have that ability, and don't want to.  They have to 
police themselves, or else they get kicked off the list.  Simple, neh?


On Dec 4, 2009, at 10:06 AM, Greg Troxel wrote:

> Probably "SOI" should be entirely dropped.

There's only one Safe list (which SA still calls Habeas.)  In other words: no 
difference between the SOI and COI lists.  Or at least, that's how it's 
supposed to be -- so Kris's results were somewhat surprising.


On Dec 4, 2009, at 11:08 AM, Charles Gregory wrote:

> By the by, I think I posted on this list a while ago on a similar question, 
> as to whether we could really trust *any* whitelists, as they simply made for 
> a *deliberate* target of botnet owners. No one made a fuss about it before, 
> but what about now? Maybe, once again, the flaw is in having a whitelisting 
> system that relies upon third party servers with unknown security.

We're EXTREMELY concerned about this as well, and we've got a 24x7 operations 
staff keeping an eye on things.  That's one of the reasons we charge money for 
the service: it lets us buy hardware and software and hire staff to keep it 
running smoothly, and securely.

--
J.D. Falk 
Return Path Inc

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[Justin Mason]

On Fri, Dec 4, 2009 at 14:04, rich...@buzzhost.co.uk  wrote:

> On Fri, 2009-12-04 at 06:55 -0700, LuKreme wrote:
> > On 3-Dec-2009, at 23:06, R-Elists wrote:
> > > certainly we understand your point here, yet what about accountability
> for
> > > Return Path Inc (and other RPI companies) related rules in the default
> > > Spamassassin configs?
> >
> >
> > My position on HABEAS is well-know by anyone who cares (I score it +0.5
> and +2.0); that's not what I'm talking about: it's the constant whinging by
> richard and falk at each other. Obviously they WANT to be communicating
> since otherwise they could easily ignore/killfile each other. I'm just tired
> of them doing it on this mailinglist.
> >
> Your idea of 'constant' amuses me and is stretching the truth
> exponentially.
>
> I'm curious why a commercial whitelist from a bulk mailing company has
> such a positive inroad in Spamassassin. It's a fair question. I'm not
> interested in your personal views of me, my question or my posting. You
> have a killfile? You able to ignore on subject? Skills you may find
> useful to learn yes?
>

Richard, quit it.

It's unreasonable to assume that all of the subscribers to this list should
have to listen to, or need to set up a killfile just to avoid, your ranting.


-- 
--j.

Re: HABEAS_ACCREDITED SPAMMER

[Bowie Bailey]

LuKreme wrote:
> On 4-Dec-2009, at 01:18, jdow wrote:
>   
>> With all the animosity on this issue I decided to give the HABEAS
>> rules a score, a negligible score to be sure, just to see what the
>> state of HABEAS is for me today.
>>
>> In the last four days - nothing either spam or ham.
>> 
>
> I tend to see little clusters of HABEAS scores, but they are rare. I might 
> see only 10-20 a month.

After following this thread for a while, I decided to take a look at my
server.  So here's one more data point:

In the last month, I have seen 718 messages that hit one of the HABEAS
rules.  Of those, none of them had an overall score higher than 4, and
there were only 12 that would have been scored as spam without the rule.

Since I don't have access to look at the actual messages and I don't
know what lists my customers may be signed up for, I can't say anything
for sure, but it looks like it's working fine here based on the numbers.

-- 
Bowie

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[rich...@buzzhost.co.uk]

On Fri, 2009-12-04 at 06:55 -0700, LuKreme wrote:
> On 3-Dec-2009, at 23:06, R-Elists wrote:
> > certainly we understand your point here, yet what about accountability for
> > Return Path Inc (and other RPI companies) related rules in the default
> > Spamassassin configs?
> 
> 
> My position on HABEAS is well-know by anyone who cares (I score it +0.5 and 
> +2.0); that's not what I'm talking about: it's the constant whinging by 
> richard and falk at each other. Obviously they WANT to be communicating since 
> otherwise they could easily ignore/killfile each other. I'm just tired of 
> them doing it on this mailinglist.
> 
Your idea of 'constant' amuses me and is stretching the truth
exponentially.

I'm curious why a commercial whitelist from a bulk mailing company has
such a positive inroad in Spamassassin. It's a fair question. I'm not
interested in your personal views of me, my question or my posting. You
have a killfile? You able to ignore on subject? Skills you may find
useful to learn yes? 

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On 4-Dec-2009, at 01:18, jdow wrote:
> With all the animosity on this issue I decided to give the HABEAS
> rules a score, a negligible score to be sure, just to see what the
> state of HABEAS is for me today.
> 
> In the last four days - nothing either spam or ham.

I tend to see little clusters of HABEAS scores, but they are rare. I might see 
only 10-20 a month.


> Those seeing HABEAS hits: are the hits ancient haiku hits or are they
> the modern DNS test version?

I haven't seen the haiku in ages. But then again, I am very aggressive about 
dropping mail early vi helo checks and zen, etc.

> And how was the email determined to be unsolicited? (I believe in one
> case it was a "never used spam trap address.")


In my case I see them on THIS email address in non-list mail (I don't check 
list mail with SpamAssassin) and since this email address is exclusively 100% 
used for mailing lists… I also see it on a very old email address that hasn't 
been used for real mail in close to 10 years and simply sits there collecting 
spam for me.


-- 
'What shall we do?' said Twoflower.
'Panic?' said Rincewind hopefully. --The Light Fantastic

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[LuKreme]

On 3-Dec-2009, at 23:06, R-Elists wrote:
> certainly we understand your point here, yet what about accountability for
> Return Path Inc (and other RPI companies) related rules in the default
> Spamassassin configs?


My position on HABEAS is well-know by anyone who cares (I score it +0.5 and 
+2.0); that's not what I'm talking about: it's the constant whinging by richard 
and falk at each other. Obviously they WANT to be communicating since otherwise 
they could easily ignore/killfile each other. I'm just tired of them doing it 
on this mailinglist.

-- 
'They come back to the mountains to die,' said the King.
'They live in Ankh-Morpork.' --The Fifth Elephant

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[jdow]

From: "LuKreme" 
Sent: Thursday, 2009/December/03 20:55



On Dec 3, 2009, at 13:43, "rich...@buzzhost.co.uk"  wrote:

On Thu, 2009-12-03 at 11:23 -0700, J.D. Falk wrote:

On Dec 2, 2009, at 12:59 AM, rich...@buzzhost.co.uk wrote:


Look, get a room. Or at least take this twisted courtship dance  offlist 
and spare us, please.


With all the animosity on this issue I decided to give the HABEAS
rules a score, a negligible score to be sure, just to see what the
state of HABEAS is for me today.

In the last four days - nothing either spam or ham.

Those seeing HABEAS hits: are the hits ancient haiku hits or are they
the modern DNS test version? I imagine the haiku is still used by
some spammers. The DNS tests should legitimately show a rather small
percentage of spam. It appears (weasel word notice) ReturnPath puts
its members through a wringer to get the approval levels.

And how was the email determined to be unsolicited? (I believe in one
case it was a "never used spam trap address.")

Let's lay some facts out on the table rather than heap a load of
anecdotal poo on JD over various HABEAS hits.

And JD, I don't see on your site what it "costs" people to get listed
on your DNS approval lists other than some tests and documentation. Is
it possible spammers simply submit some buttered up documentation, get
approved, and accept getting it knocked back off your lists rapidly as
a business "time" expense?

Less shouting and more data and facts seems to be called for on both
sides. And for the nonce I'll grant both sides the legitimacy of their
frustrations on this HABEAS thing.

I note that JD is quite willing to discuss (and seemed to recommend)
a lowered default score. That seems quite reasonable.

{^_^}(Another JD, Jolly Dirty Old Woman type.) 

RE: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[R-Elists]

 

> From: LuKreme 
> 
> Look, get a room. Or at least take this twisted courtship 
> dance offlist and spare us, please.
> 

LuKreme,

certainly we understand your point here, yet what about accountability for
Return Path Inc (and other RPI companies) related rules in the default
Spamassassin configs?

we all know we can change them, yet why are they even there as a default?

how did they get in there in the first place?

i do not know and/or forgot specifically where to check...

last but not least, has any of that been changed in the upcoming future
version(s) of Spamassassin?

tia

 - rh
 

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[LuKreme]

On Dec 3, 2009, at 13:43, "rich...@buzzhost.co.uk" > wrote:

On Thu, 2009-12-03 at 11:23 -0700, J.D. Falk wrote:

On Dec 2, 2009, at 12:59 AM, rich...@buzzhost.co.uk wrote:


Look, get a room. Or at least take this twisted courtship dance  
offlist and spare us, please.

Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER)

[rich...@buzzhost.co.uk]

On Thu, 2009-12-03 at 11:23 -0700, J.D. Falk wrote:
> On Dec 2, 2009, at 12:59 AM, rich...@buzzhost.co.uk wrote:
> 
> > As for
> > insulting you - grow up. You work in the business of sending unwanted
> > junk email.
> 
> You haven't done any research at all, have you?
> 
> http://www.cauce.org/about/bod.html
> http://www.circleid.com/members/3217/
> 
> I expect an apology.
> 
> --
> J.D. Falk 
> Return Path Inc
> 
> 
> 
> 
Me to. I'll give you a hand written apology if you give me an individual
handwritten apology for every item of UCE I've had from a RP customer?
Sound fair?

Whilst your links fill me with laughter - the first Google I do for
'return path' says it all:

"Return Path
Improve email delivery and avoid email blacklists with Return Path."

So you sold out El Spamtard?

Richard's baseless insults (Re: HABEAS_ACCREDITED SPAMMER)

[J.D. Falk]

On Dec 2, 2009, at 12:59 AM, rich...@buzzhost.co.uk wrote:

> As for
> insulting you - grow up. You work in the business of sending unwanted
> junk email.

You haven't done any research at all, have you?

http://www.cauce.org/about/bod.html
http://www.circleid.com/members/3217/

I expect an apology.

--
J.D. Falk 
Return Path Inc

Re: HABEAS_ACCREDITED SPAMMER

[J.D. Falk]

On Nov 30, 2009, at 12:37 PM, Thomas Harold wrote:

> I'm more curious as to why those two rules get such high scores in a default 
> SA setup.  Why are they so heavy?

I've been curious about that, too.  What's the process for suggesting more 
appropriate default scores?

--
J.D. Falk 
Return Path Inc

Re: HABEAS_ACCREDITED SPAMMER

[rich...@buzzhost.co.uk]

On Tue, 2009-12-01 at 15:06 -0700, J.D. Falk wrote:
> On Nov 30, 2009, at 12:38 PM, rich...@buzzhost.co.uk wrote:
> 
> > So please, spare me the sob story about what a wonderful idea HABEAS is.
> > Talk is cheap, action speaks louder than words.
> 
> Who's sobbing?  I'm merely explaining how it works today.
> 
> If you disagree with a particular entry on either the (formerly Habeas) Safe 
> list or the Certified list, we've made it extremely easy for you to tell the 
> people who operate those lists.  Hint: insulting me on this mailing list has 
> no effect.
> 
It's far easier to invert the action and use it as a block list. As for
insulting you - grow up. You work in the business of sending unwanted
junk email. If I were to share with you my thoughts on what I would like
to do to someone like you, I'd be locked up again.
> --
> J.D. Falk 
> Return Path Inc
> 
> 
> 
> 

RE: HABEAS_ACCREDITED SPAMMER

[R-Elists]

 

> 
> If you disagree with a particular entry on either the 
> (formerly Habeas) Safe list or the Certified list, we've made 
> it extremely easy for you to tell the people who operate 
> those lists.  Hint: insulting me on this mailing list has no effect.
> 
> --
> J.D. Falk 
> Return Path Inc
> 

JD

i asked for some clarification from Neal on the spam-l list in this last
week and havent seen it yet...

if he has been tied up, is understandablew..

yet if he is ignoring, would be nice to know so that appropriate actions can
be taken

thanks...

 - rh

Re: HABEAS_ACCREDITED SPAMMER

[J.D. Falk]

On Nov 30, 2009, at 12:38 PM, rich...@buzzhost.co.uk wrote:

> So please, spare me the sob story about what a wonderful idea HABEAS is.
> Talk is cheap, action speaks louder than words.

Who's sobbing?  I'm merely explaining how it works today.

If you disagree with a particular entry on either the (formerly Habeas) Safe 
list or the Certified list, we've made it extremely easy for you to tell the 
people who operate those lists.  Hint: insulting me on this mailing list has no 
effect.

--
J.D. Falk 
Return Path Inc

Re: HABEAS_ACCREDITED SPAMMER

[John Hardin]

On Mon, 30 Nov 2009, jdow wrote:


I've often found that ... are far broader ... than I am.

{^_^}


... must ... resist ... straight ... line ... NNN!

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  You do not examine legislation in the light of the benefits it
  will convey if properly administered, but in the light of the
  wrongs it would do and the harms it would cause if improperly
  administered.  -- Lyndon B. Johnson
---
 15 days until Bill of Rights day

Re: HABEAS_ACCREDITED SPAMMER

[jdow]

From: 
Sent: Monday, 2009/November/30 11:38



On Mon, 2009-11-30 at 12:19 -0700, J.D. Falk wrote:

On Nov 25, 2009, at 3:57 AM, Hajdú Zoltán wrote:

> Then whos job? :) Habeas doesnt monitor Your Inbox.
>
> If You have the time to write here just for 'flaming' against a ~good 
> concept...
> ...Maybe it would be a better idea to spend that time on supporting 
> them with Your feedback.


Thanks for the support, but there's no point.  Some of the folks on this 
list are way too angry to ever do anything that might be helpful to 
others.


--
J.D. Falk 
Return Path Inc


Perhaps that should read "Some of the folks on this list are way too
angry to ever do anything that might be helpful companies who try to
pass off bulk mail in a white list"

JD, I appreciate your role is to grease the wheels for you 'legitimate'
bulk mailers and make money, but don't take it personally when people
don't want your rubbish - no matter how much you sex it up.

I do note that the company concerned continues spamming on a daily basis
and remains white listed:

80.75.69.201
sa-accredit.habeas.com
list.dnswl.org

So please, spare me the sob story about what a wonderful idea HABEAS is.
Talk is cheap, action speaks louder than words.


That seems to be my biggest problem with the whitelist concept. It's 
reaction
time is too limited. Maybe what I should do is leave the whitelisting 
enabled and

use a meta rule to cancel it out if any of the block lists hit.

Of course, a problem I've always admired those running ISP spam filters for
willingly and at least partially successfully facing is the simple fact that 
one

person's spam is another person's ham. I've often found that whitelists are
far broader, for that reason, than I am.

{^_^} 

RE: HABEAS_ACCREDITED SPAMMER

[Michael Hutchinson]

> I do note that the company concerned continues spamming on a daily
> basis
> and remains white listed:
> 
> 80.75.69.201
> sa-accredit.habeas.com
> list.dnswl.org
> 
> So please, spare me the sob story about what a wonderful idea HABEAS
> is.
> Talk is cheap, action speaks louder than words.

+1 to that. I can't understand why anyone on this list would still be 
whitelisting Habeas to the tune of 4, or even 8 points after the discussions in 
here. 

There should be no option at all for spammers, and currently Habeas is an 
option for them.

Surely if we (mail admins) wanted something that Habeas is pushing, we can 
enable our own whitelist rules, or whatever to get the mail through. We 
certainly don’t need to start whitelisting an outfit, out-of-the-box, that 
obviously many people don’t trust.

Cheers,
Mike
 

Re: HABEAS_ACCREDITED SPAMMER

[rich...@buzzhost.co.uk]

On Mon, 2009-11-30 at 12:19 -0700, J.D. Falk wrote:
> On Nov 25, 2009, at 3:57 AM, Hajdú Zoltán wrote:
> 
> > Then whos job? :) Habeas doesnt monitor Your Inbox.
> > 
> > If You have the time to write here just for 'flaming' against a ~good 
> > concept...
> > ...Maybe it would be a better idea to spend that time on supporting them 
> > with Your feedback.
> 
> Thanks for the support, but there's no point.  Some of the folks on this list 
> are way too angry to ever do anything that might be helpful to others.
> 
> --
> J.D. Falk 
> Return Path Inc
> 
Perhaps that should read "Some of the folks on this list are way too
angry to ever do anything that might be helpful companies who try to
pass off bulk mail in a white list"

JD, I appreciate your role is to grease the wheels for you 'legitimate'
bulk mailers and make money, but don't take it personally when people
don't want your rubbish - no matter how much you sex it up.

I do note that the company concerned continues spamming on a daily basis
and remains white listed:

80.75.69.201
sa-accredit.habeas.com
list.dnswl.org

So please, spare me the sob story about what a wonderful idea HABEAS is.
Talk is cheap, action speaks louder than words.

Re: HABEAS_ACCREDITED SPAMMER

[Thomas Harold]

On 11/23/2009 4:37 PM, J.D. Falk wrote:

On Nov 23, 2009, at 6:14 AM, Matus UHLAR - fantomas wrote:


You should complain to ReturnPath. Iirc, HABEAS used to sue
spammers misusing their technology. Don't know if ReturnPath
continues prac ticing this.


Actually, you're confusing Habeas's first technology (which involved
suing misuse of their copywritten header, and was abandoned years
ago) with their "safe list" whitelist product, which Return Path now
operates.  Rather than suing them, we'll simply kick 'em off the list
if they don't meet our standards.

http://wiki.apache.org/spamassassin/Rules/HABEAS_ACCREDITED_COI has
some basic info, including an address to complain at if you're
receiving spam from a safelisted IP.



I'm more curious as to why those two rules get such high scores in a 
default SA setup.  Why are they so heavy?


HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0
HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3

(I've turned them down drastically in our configuration to about 1/3 to 
1/4 of their original values.)

Re: HABEAS_ACCREDITED SPAMMER

[J.D. Falk]

On Nov 25, 2009, at 3:57 AM, Hajdú Zoltán wrote:

> Then whos job? :) Habeas doesnt monitor Your Inbox.
> 
> If You have the time to write here just for 'flaming' against a ~good 
> concept...
> ...Maybe it would be a better idea to spend that time on supporting them with 
> Your feedback.

Thanks for the support, but there's no point.  Some of the folks on this list 
are way too angry to ever do anything that might be helpful to others.

--
J.D. Falk 
Return Path Inc

Re: HABEAS_ACCREDITED SPAMMER

[J.D. Falk]

On Nov 25, 2009, at 9:03 AM, Matus UHLAR - fantomas wrote:

> On 25.11.09 03:23, jdow wrote:
>> Having a little help might help them maintain a better product.
>> But (that bitter word), the basic concept is broken. If the spammer
>> can make more money than it costs to get on the Habeas whitelist
>> then they will pull the same trick I've seen here in California in the
>> construction trades.
> 
> Some time ago they used to sue spammers, according to discussion here they
> don't anymore. Maybe that's one of their biggest problems.

Actually, the legal threat over the old X-Habeas header never accomplished 
anything.  It's been much more effective to simply stop whitelisting anyone who 
is sending spam.

--
J.D. Falk 
Return Path Inc

Re: HABEAS_ACCREDITED SPAMMER

[Michelle Konzack]

Am 2009-11-25 00:23:34, schrieb LuKreme:
> I get HABEAS mail sent to email addresses that have not been active in
> 10 years and have never EVER signed up for anything whatsoever. I get
> HABEAS mail sent to new admin@ email addresses on new domains, domains
> that have never sent any email at all.

I have never  send  an  E-Mail  using  my  domains  ,
 and  so how can  it  be?  There  is  only  a
, ,  and  on the domain, which will
never send messages outside, because they are configured to do so.

> No I won't, because I don't use spamassassin to BLOCK mail. I simply
> score it and if it scores over 5.0 it gets moved to the .SPAM folder
> where people are free to recover it if they want. I've never had a
> single complaint about HABEAS messages being misstagged as spam.

Here too, at least for the 73 users of 

> I prefer to give it a positive score as in my tests, it is a definite
> spam sign


Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   Apt. 917
   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strabourg/France
IRC#Debian (irc.icq.com)  Tel. DE: +49 177 9351947
ICQ#328449886 Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

Re: HABEAS_ACCREDITED SPAMMER

[Michelle Konzack]

Am 2009-11-24 17:23:29, schrieb Jeff Mincy:
> I find it a little hard to believe that your spam is so much different from
> my spam.  On my mail, not one single spam message (out of 228k total) hit
> HABEAS for all of 2009.  The few messages (480 out of 11k) that hit HABEAS
> were all ham, either professional organizations/newsletters, transactions
> from places like Vanguard or retail stores that I have a relationship with.

I think, this depends where you live, because my french/german customers
have not such contact, and even not me.  How can it be, that all 4 EMail
used by me

  linux4miche...@tamay-dogan.net
@freenet.de

michelle.konz...@tam.gan.net
@freenet.de

are hit by the same 2000 HABEAS spam yearly?

>I don't know who these legitimate marketers are, but I don't feel I'm  
>missing anything.
>
> You WILL 'block' legitimate mail.  However, It's your email, so you
> can do anything you want.  If you think HABEAS is so bad just set the
> HABEAS scores to zero and save the network bandwidth.

These "legitimate" messages maybe interesting for peoples/enterprises in
the USA and maybe in te UK, but not in France or Germany

And yes, in the last two month I have nearly rejected 50% of all  HABEAS
spam of this year.

The same count for TWITTER, Facebook, Blogger and other social  networks
spam including invitations.  I get per day  10-20  of  them...  Can  you
believe, I have arround  6500  friends  worldwide?  Facebook  of  course
believe it.  Time to sue them from spain since they have very nice laws.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   Apt. 917
   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strabourg/France
IRC#Debian (irc.icq.com)  Tel. DE: +49 177 9351947
ICQ#328449886 Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

Re: HABEAS_ACCREDITED SPAMMER

[Michelle Konzack]

Am 2009-11-23 17:08:11, schrieb LuKreme:
> On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas 
> wrote:
> 
> >Yes, why to differ between non-abusing and abusing marketers...
> 
> We've been through this before. On my mail, habeas is a very strong
> indicator of spam. It does not appear in legitimate mail.

Here too.

> I don't know who these legitimate marketers are, but I don't feel
> I'm missing anything.

I do not get very much HABEAS spam, but arround 2000  per  year.  Not  a
singel one was legitimate.  What is th difference between a spamer and a
"legitimate" marketer if I even do not know both?

By definition:  Both are non-welcome @me.

Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   Apt. 917
   50, rue de Soultz
Jabber linux4miche...@jabber.ccc.de   67100 Strabourg/France
IRC#Debian (irc.icq.com)  Tel. DE: +49 177 9351947
ICQ#328449886 Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

Re: HABEAS_ACCREDITED SPAMMER

[Matus UHLAR - fantomas]

On 25.11.09 03:23, jdow wrote:
> Having a little help might help them maintain a better product.
> But (that bitter word), the basic concept is broken. If the spammer
> can make more money than it costs to get on the Habeas whitelist
> then they will pull the same trick I've seen here in California in the
> construction trades.

Some time ago they used to sue spammers, according to discussion here they
don't anymore. Maybe that's one of their biggest problems.

> A business owner creates a new business, incorporates it, accepts a job,
> and when the job goes sour bankrupt and fold the shell corporation. The
> same trick is available for the HABEAS spoof. Hence, I figure the concept
> is unworkable on its face.

Btw, would be nice from you if you quoted mail you are replying to.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Your mouse has moved. Windows NT will now restart for changes to take
to take effect. [OK]

Re: HABEAS_ACCREDITED SPAMMER

[Matus UHLAR - fantomas]

> On Nov 25, 2009, at 3:03, Matus UHLAR - fantomas   
> wrote:
>> I'm not saying that companies registered in habeas do not spam.
>> I'm saying that those who do should be reported, which could make  
>> habeas
>> worth using.

On 25.11.09 03:16, LuKreme wrote:
> Ah, well that's a whole other issue. Habeas is a commercial enterprise  
> and I don't work for them, so reporting their abusive customers isn't my 
> job.

of course, why to report spam at all. especially to those who can make
something with it...

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Due to unexpected conditions Windows 2000 will be released
in first quarter of year 1901

RE: HABEAS_ACCREDITED SPAMMER

[R-Elists]

 

> From: Hajdú Zoltán wrote
> 
> Then whos job? :) Habeas doesnt monitor Your Inbox.
> 
> If You have the time to write here just for 'flaming' against 
> a ~good concept...
> ...Maybe it would be a better idea to spend that time on 
> supporting them with Your feedback.
> 
> Cheers,

Hajdu,

we took a worldwide SA list mental telepathy vote and guess what ?!?!?!?

you are the lucky person to be the NEW worldwide HABEAS unpaid pay spam
police & advocate...

we see your zeal, pleasd do a good job...  :-)

as a side note, in this somewhat rough economic environment, at least you
are more employed...

this time of year, arent you glad you arent a turkey in the USA though?

happy thanks "gobble" giving...

 - rh

Re: HABEAS_ACCREDITED SPAMMER

[jdow]

From: "Per Jessen" 
Sent: Wednesday, 2009/November/25 03:03


Hajdú Zoltán wrote:


LuKreme írta:

On Nov 25, 2009, at 3:03, Matus UHLAR - fantomas 
wrote:


I'm not saying that companies registered in habeas do not spam.
I'm saying that those who do should be reported, which could make
habeas worth using.


Ah, well that's a whole other issue. Habeas is a commercial
enterprise and I don't work for them, so reporting their abusive
customers isn't my job.



Then whos job? :) Habeas doesnt monitor Your Inbox.



It can only be Habeas' job to police their own customers.  It's in their
own interest.  How else can they retain any trustworthiness?


/Per Jessen, Zürich



Having a little help might help them maintain a better product.
But (that bitter word), the basic concept is broken. If the spammer
can make more money than it costs to get on the Habeas whitelist
then they will pull the same trick I've seen here in California in the
construction trades. A business owner creates a new business,
incorporates it, accepts a job, and when the job goes sour bankrupt
and fold the shell corporation. The same trick is available for the
HABEAS spoof. Hence, I figure the concept is unworkable on its
face.

{^_^} 

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On 25-Nov-2009, at 03:57, Hajdú Zoltán wrote:
> Then whos job?

The people who are making money from the Habeas list, of course.

> Habeas doesnt monitor Your Inbox.

Nope, they just claim that spammers flooding my inbox should be 'trusted'

> If You have the time to write here just for 'flaming' against a ~good 
> concept...
> ...Maybe it would be a better idea to spend that time on supporting them with 
> Your feedback.

No thanks, I don't work for others for free when they are getting paid. Not 
now, not ever.


-- 
TAR IS NOT A PLAYTHING
Bart chalkboard Ep. 7F02

Re: HABEAS_ACCREDITED SPAMMER

[Hajdú Zoltán]

I'm sure they monitor them in various ways, but there could be exceptions (there is no absolutely perfect solution for this problem) - and 
the blue pill for that is called feedback.


Per Jessen írta:

Hajdú Zoltán wrote:


LuKreme írta:

On Nov 25, 2009, at 3:03, Matus UHLAR - fantomas 
wrote:


I'm not saying that companies registered in habeas do not spam.
I'm saying that those who do should be reported, which could make
habeas worth using.

Ah, well that's a whole other issue. Habeas is a commercial
enterprise and I don't work for them, so reporting their abusive
customers isn't my job.



Then whos job? :) Habeas doesnt monitor Your Inbox.



It can only be Habeas' job to police their own customers.  It's in their
own interest.  How else can they retain any trustworthiness?


/Per Jessen, Zürich

Re: HABEAS_ACCREDITED SPAMMER

[Per Jessen]

Hajdú Zoltán wrote:

> LuKreme írta:
>> On Nov 25, 2009, at 3:03, Matus UHLAR - fantomas 
>> wrote:
>> 
>>> I'm not saying that companies registered in habeas do not spam.
>>> I'm saying that those who do should be reported, which could make
>>> habeas worth using.
>> 
>> Ah, well that's a whole other issue. Habeas is a commercial
>> enterprise and I don't work for them, so reporting their abusive
>> customers isn't my job.
>> 
>> 
> Then whos job? :) Habeas doesnt monitor Your Inbox.
> 

It can only be Habeas' job to police their own customers.  It's in their
own interest.  How else can they retain any trustworthiness?


/Per Jessen, Zürich

Re: HABEAS_ACCREDITED SPAMMER

[Hajdú Zoltán]

Then whos job? :) Habeas doesnt monitor Your Inbox.

If You have the time to write here just for 'flaming' against a ~good concept...
...Maybe it would be a better idea to spend that time on supporting them with 
Your feedback.

Cheers,

LuKreme írta:

On Nov 25, 2009, at 3:03, Matus UHLAR - fantomas  wrote:


I'm not saying that companies registered in habeas do not spam.
I'm saying that those who do should be reported, which could make habeas
worth using.


Ah, well that's a whole other issue. Habeas is a commercial enterprise 
and I don't work for them, so reporting their abusive customers isn't my 
job.

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On Nov 25, 2009, at 3:03, Matus UHLAR - fantomas   
wrote:



I'm not saying that companies registered in habeas do not spam.
I'm saying that those who do should be reported, which could make  
habeas

worth using.


Ah, well that's a whole other issue. Habeas is a commercial enterprise  
and I don't work for them, so reporting their abusive customers isn't  
my job.

Re: HABEAS_ACCREDITED SPAMMER

[Matus UHLAR - fantomas]

On 25.11.09 07:53, rich...@buzzhost.co.uk wrote:
> A good marketing company would *not* require a whitellist, as their mail
> would be fully compliant, score low and come from an IP with a good
> reputation. If spammers can tick these boxes, a paid for ESP should have
> no difficulty *without* the need for a white list.

well, a marketing company sending newsletters COULD ask for whitelisting to
prevent them from being rejected or tagged as spam. There are many filters
in the world and many people tending to tag as spam something they have
signed for.

I'm not saying that companies registered in habeas do not spam.
I'm saying that those who do should be reported, which could make habeas
worth using.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
(R)etry, (A)bort, (C)ancer

Re: HABEAS_ACCREDITED SPAMMER

[rich...@buzzhost.co.uk]

On Wed, 2009-11-25 at 00:23 -0700, LuKreme wrote:
> On 24-Nov-2009, at 15:23, Jeff Mincy wrote:
> >   From: LuKreme 
> >>   On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
> > 
> >>> Yes, why to differ between non-abusing and abusing marketers...
> > 
> >>   We've been through this before. On my mail, habeas is a very strong  
> >>   indicator of spam. It does not appear in legitimate mail.
> >> 
> > I find it a little hard to believe that your spam is so much different from
> > my spam.  On my mail, not one single spam message (out of 228k total) hit
> > HABEAS for all of 2009.  The few messages (480 out of 11k) that hit HABEAS
> > were all ham, either professional organizations/newsletters, transactions
> > from places like Vanguard or retail stores that I have a relationship with.
> 
> I get HABEAS mail sent to email addresses that have not been active in 10 
> years and have never EVER signed up for anything whatsoever. I get HABEAS 
> mail sent to new admin@ email addresses on new domains, domains that have 
> never sent any email at all.
> 
> >   I don't know who these legitimate marketers are, but I don't feel I'm  
> >   missing anything.
> > 
> > You WILL 'block' legitimate mail.
> 
> No I won't, because I don't use spamassassin to BLOCK mail. I simply score it 
> and if it scores over 5.0 it gets moved to the .SPAM folder where people are 
> free to recover it if they want. I've never had a single complaint about 
> HABEAS messages being misstagged as spam.
> 
> > However, It's your email, so you
> > can do anything you want.  If you think HABEAS is so bad just set the
> > HABEAS scores to zero and save the network bandwidth.
> 
> I prefer to give it a positive score as in my tests, it is a definite spam 
> sign
> 
I absolute have to agree with this. I see it in nothing but unwanted email and 
spam.
Any form of commercial whitelisting = commercial mail (usually bulk and
unwanted). 

A good marketing company would *not* require a whitellist, as their mail
would be fully compliant, score low and come from an IP with a good
reputation. If spammers can tick these boxes, a paid for ESP should have
no difficulty *without* the need for a white list.

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On 24-Nov-2009, at 15:23, Jeff Mincy wrote:
>   From: LuKreme 
>>   On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
> 
>>> Yes, why to differ between non-abusing and abusing marketers...
> 
>>   We've been through this before. On my mail, habeas is a very strong  
>>   indicator of spam. It does not appear in legitimate mail.
>> 
> I find it a little hard to believe that your spam is so much different from
> my spam.  On my mail, not one single spam message (out of 228k total) hit
> HABEAS for all of 2009.  The few messages (480 out of 11k) that hit HABEAS
> were all ham, either professional organizations/newsletters, transactions
> from places like Vanguard or retail stores that I have a relationship with.

I get HABEAS mail sent to email addresses that have not been active in 10 years 
and have never EVER signed up for anything whatsoever. I get HABEAS mail sent 
to new admin@ email addresses on new domains, domains that have never sent any 
email at all.

>   I don't know who these legitimate marketers are, but I don't feel I'm  
>   missing anything.
> 
> You WILL 'block' legitimate mail.

No I won't, because I don't use spamassassin to BLOCK mail. I simply score it 
and if it scores over 5.0 it gets moved to the .SPAM folder where people are 
free to recover it if they want. I've never had a single complaint about HABEAS 
messages being misstagged as spam.

> However, It's your email, so you
> can do anything you want.  If you think HABEAS is so bad just set the
> HABEAS scores to zero and save the network bandwidth.

I prefer to give it a positive score as in my tests, it is a definite spam sign


-- 
THIS IS NOT A CLUE...OR IS IT?
Bart chalkboard Ep. 2F16

Re: HABEAS_ACCREDITED SPAMMER

[jdow]

From: "Jeff Mincy" 
Sent: Tuesday, 2009/November/24 14:23



  From: LuKreme 
  Date: Mon, 23 Nov 2009 17:08:11 -0700

  On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas 
  wrote:

  > Yes, why to differ between non-abusing and abusing marketers...

  We've been through this before. On my mail, habeas is a very strong
  indicator of spam. It does not appear in legitimate mail.

I find it a little hard to believe that your spam is so much different 
from

my spam.  On my mail, not one single spam message (out of 228k total) hit
HABEAS for all of 2009.  The few messages (480 out of 11k) that hit HABEAS
were all ham, either professional organizations/newsletters, transactions
from places like Vanguard or retail stores that I have a relationship 
with.


  I don't know who these legitimate marketers are, but I don't feel I'm
  missing anything.

You WILL 'block' legitimate mail.  However, It's your email, so you
can do anything you want.  If you think HABEAS is so bad just set the
HABEAS scores to zero and save the network bandwidth.

-jeff


I have a compulsion to be as honest as I can. So I'll note that the
MODERN HABEAS seems to be a DNS test rather than a chunk of copyrighted
text. Nonetheless, I have been bitten often enough I simply ignore the
HABEAS tests and get on with my email. There are things that come from
"certified" senders in my snail-mail, too. I jettison them to the
shredder. At least I leave the HABEAS marked email with the SA markup
and check the low scoring spam for misplaced ham. (I have some quirky
people sending me email. Some of them manage to get marked as spam.
Eventually I whitelist them. I also have a fun game with some sources
of email. Sometimes they manage to blow 5 and other times they do not.
It's fun to watch as they try to "tune" their emails.)

{^_^} 

Re: HABEAS_ACCREDITED SPAMMER

[Jeff Mincy]

   From: LuKreme 
   Date: Mon, 23 Nov 2009 17:08:11 -0700
   
   On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
   wrote:
   
   > Yes, why to differ between non-abusing and abusing marketers...
   
   We've been through this before. On my mail, habeas is a very strong  
   indicator of spam. It does not appear in legitimate mail.
   
I find it a little hard to believe that your spam is so much different from
my spam.  On my mail, not one single spam message (out of 228k total) hit
HABEAS for all of 2009.  The few messages (480 out of 11k) that hit HABEAS
were all ham, either professional organizations/newsletters, transactions
from places like Vanguard or retail stores that I have a relationship with.

   I don't know who these legitimate marketers are, but I don't feel I'm  
   missing anything.
   
You WILL 'block' legitimate mail.  However, It's your email, so you
can do anything you want.  If you think HABEAS is so bad just set the
HABEAS scores to zero and save the network bandwidth.

-jeff

Re: HABEAS_ACCREDITED SPAMMER

[Alex]

Hi,

> Obviously every admin has to decide what to block and not
> to block, but I just wanted to add a data point. I try
> not to block stuff my users have signed up for, as inane
> as the messages may be (to me).

The trouble is, which users have actually subscribed and wish to
receive free credit checks every other day, and which is the victim?
You certainly can't tell from the message itself...

I've shut down a few of those, and haven't yet received a complaint
that they're missing anything important, and in the end I probably
look better for it.

Regards,
Alex

Re: HABEAS_ACCREDITED SPAMMER

[Matt Garretson]

Matt Garretson wrote:
> FWIW, a good number of those in your list I'm pretty sure 
> are legit opt-in "newsletters" (term used loosely... they
> mainly consist of ads and "special offers").  Sure, the're 


Followup to myself: I have no opinion on the HABEAS issue,
but a couple years ago I decided to disable the rules 
altogether, and still don't really see a need to score 
either way on the accreditation.

Re: HABEAS_ACCREDITED SPAMMER

[Matt Garretson]

Daniel J McDonald wrote:
> Although these don't all appear to be business related, very few would
> be marked as spam without the HABEAS_ACCREDITED bonus.
> First, the suspicious ones:
> [snip]


FWIW, a good number of those in your list I'm pretty sure 
are legit opt-in "newsletters" (term used loosely... they
mainly consist of ads and "special offers").  Sure, the're 
stupid and ultimately useless from my point of view, but 
AFAICT they are sent only to people who've requested them 
(at least in my experience, with my users).

Obviously every admin has to decide what to block and not
to block, but I just wanted to add a data point. I try 
not to block stuff my users have signed up for, as inane
as the messages may be (to me).

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On 24-Nov-2009, at 01:17, Hajdú Zoltán wrote:

> forces them to provide unsubscription options in their advertising messages, 
> etc. If there wasnt any unsubscribe option


Sorry, not good enough.  The support SPAMMERS who sned messages to addresses 
that never subscribed, period.

And the simple fact is, they show up in SPAM and they don't show up in ham, so 
it makes no difference what their intentions are, they ARE a spam sign. That's 
just a fact.

-- 
I WILL NOT FAKE SEIZURES
Bart chalkboard Ep. 8F23

Re: HABEAS_ACCREDITED SPAMMER

[rich...@buzzhost.co.uk]

On Tue, 2009-11-24 at 09:17 +0100, Hajdú Zoltán wrote:
> Habeas (nowdays ReturnPath) certifies their clients, forces them to provide 
> unsubscription options in their advertising messages, etc. If 
> there wasnt any unsubscribe option then contact their support/abuse team. 
> They list many important parties who sends transactional messages 
> and so on, that you propably dont want to miss.
> 
I can assure you I *do* want to miss it. If I want information on a
company or a product, I WILL LOOK FOR IT. I don't want it unsolicited in
my inbox.

The sender had an unsubscribe option, but for the last 30 days I've
tried that daily, only to get more and more spam from them. They are, in
fact, emailing MY DOG. I left his email address on a facebook group
comment regarding Farmville of all things, and they fished it from
there. 

I will believe that Return Path are fantastic when I see them drop this
customer. As the smell of $$$ is too sweet - I'm sure they will just
drop the email address concerned and turn a blind eye to how they built
their 'opt in' list in the first instance.

Re: HABEAS_ACCREDITED SPAMMER

[Hajdú Zoltán]

Habeas (nowdays ReturnPath) certifies their clients, forces them to provide unsubscription options in their advertising messages, etc. If 
there wasnt any unsubscribe option then contact their support/abuse team. They list many important parties who sends transactional messages 
and so on, that you propably dont want to miss.


rich...@buzzhost.co.uk írta:

On Mon, 2009-11-23 at 17:08 -0700, LuKreme wrote:
On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
wrote:



Yes, why to differ between non-abusing and abusing marketers...
We've been through this before. On my mail, habeas is a very strong  
indicator of spam. It does not appear in legitimate mail.


I don't know who these legitimate marketers are, but I don't feel I'm  
missing anything.



AMEN TO THAT!
The only person(s) who should be deciding what is or what is not
unwanted commercial email, is the recipient. Any commercial 'whitelist'
is by design, an utter travesty of an idea.

I can see the IP's of Return Path getting adding to my IP Tables drop
list. They can join Constant Contact, Dot Mailer, IHM and 'The Planet'.

Re: HABEAS_ACCREDITED SPAMMER

[rich...@buzzhost.co.uk]

On Mon, 2009-11-23 at 17:08 -0700, LuKreme wrote:
> On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
> wrote:
> 
> > Yes, why to differ between non-abusing and abusing marketers...
> 
> We've been through this before. On my mail, habeas is a very strong  
> indicator of spam. It does not appear in legitimate mail.
> 
> I don't know who these legitimate marketers are, but I don't feel I'm  
> missing anything.
> 
AMEN TO THAT!
The only person(s) who should be deciding what is or what is not
unwanted commercial email, is the recipient. Any commercial 'whitelist'
is by design, an utter travesty of an idea.

I can see the IP's of Return Path getting adding to my IP Tables drop
list. They can join Constant Contact, Dot Mailer, IHM and 'The Planet'.

Re: HABEAS_ACCREDITED SPAMMER

[Daniel J McDonald]

On Mon, 2009-11-23 at 17:08 -0700, LuKreme wrote:
> On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
> wrote:
> 
> > Yes, why to differ between non-abusing and abusing marketers...
> 
> We've been through this before. On my mail, habeas is a very strong  
> indicator of spam. It does not appear in legitimate mail.
> 
> I don't know who these legitimate marketers are, but I don't feel I'm  
> missing anything.
> 

Although these don't all appear to be business related, very few would
be marked as spam without the HABEAS_ACCREDITED bonus.
First, the suspicious ones:
$ grep HABEAS_ACCREDITED /var/log/mail/info | grep -v score=- | grep -o
-P '@.+?> ->' | cut -d\> -f 1 | sort | uniq -c | sort -rn
 20 @mail.beliefnet.com
  8 @dellconsumer.bounce.ed10.net
  5 @news.college.us.com
  4 @cmpgnr.com
  3 @Zip-Times.com
  3 @mailengine.nelsonpub.com
  3 @mail.classmates.com
  2 @yournewsletters.net
  2 @mta-inbound.cluster3.convio.net
  2 @financial2.net
  1 @pbinews.com
  1 @me20218.mailengine1.com
  1 @mailengine.dermstore.com
  1 @e.macys.com


Now, the list thus far this week...

$ grep HABEAS_ACCREDITED /var/log/mail/info | grep -o -P '@.+?> ->' |
cut -d\> -f 1 | sort | uniq -c | sort -rn
 64 @mail.beliefnet.com
 45 @bounce.linkedin.com
 30 @pmcorpsend.com
 26 @b.mypoints.com
 25 @b.e.bathandbodyworks.com
 23 @yournewsletters.net
 23 @mailva.evite.com
 21 @returns.sales.overstock.com
 20 @bounce.homedepotemail.com
 18 @dellconsumer.bounce.ed10.net
 17 @reply.newsmax.com
 17 @info.lanebryant.com
 17 @b.e.victoriassecret.com
 16 @health.webmd.com
 15 @pbinews.com
 13 @enews.potterybarn.com
 13 @cmpgnr.com
 13 @bounce.convio.net
 12 @taggedmail.com
 11 @us.emarsys.net
 11 @prod-mail1.inboxmarketer-mail.com
 11 @email.bn.com
 10 @bounce.shermanstravel.com
  8 @singlesnet.com
  8 @ebay.com
  8 @b.update.hallmark.com
  8 @b.news.lowermybills.com
  8 @b2a.mx0.net
  7 @unionvoice.org
  7 @shopittome.com
  7 @mailengine.nelsonpub.com
  7 @list.cheapflights.com
  7 @financial2.net
  7 @bounce.walmart.com
  7 @bounce.astrology.com
  7 @b.email.brylanehome.com
  6 @post.taipan2.net
  6 @hsci2.net
  6 @flixster.com
  6 @express2.email-advantage.com
  6 @b.e.drugstore.com
  6 @b.e.allposters.com
  6 @b.e.1800flowers.com
  5 @pminews.com
  5 @news.college.us.com
  5 @info.catherines.com
  5 @clickmail.VacationRentals.com
  4 @wb.com
  4 @TexasR.fbmta.com
  4 @realage-mail.com
  4 @mydailymoment.com
  4 @membership.ufcu.org
  4 @intliv2.net
  4 @email.electronicdesign.com
  4 @email.businessfinancemag.com
  4 @Dennys.fbmta.com
  4 @bounce.stnlmailsvc.com
  4 @b.e.art.com
  4 @australia.care2.com
  3 @Zip-Times.com
  3 @twconnect.co.uk
  3 @reply.collegeboard.com
  3 @qmail7.arcamax.com
  3 @qmail1.arcamax.com
  3 @myusairways.com
  3 @mail.classmates.com
  3 @Lyrismail.CelebrateExpress.com
  3 @ientrynetwork.net
  3 @enews.williams-sonoma.com
  3 @email.kgstores.com
  3 @compusaonline.com
  3 @bounce.ivnlmailsvc.com
  3 @bounce.hsnlmailsvc.com
  3 @bounce.expediamail.com
  3 @boardroomdhn.bounce.ed10.net
  3 @b.cts.vresp.com
  2 @zt03.net
  2 @www1.nmgmail.com
  2 @sharpdirect.sharpusa.com
  2 @response.ideeli.com
  2 @r4lmail2.recipe4living-recipes.com
  2 @pmemailer.com
  2 @peppersandrogersgroup.com
  2 @partner.pch.bounce.ed10.net
  2 @oxford2.net
  2 @ndc-fulmailapp3.walmart.com
  2 @mta-inbound.cluster3.convio.net
  2 @mmorning.net
  2 @manidoo-village.com
  2 @mailings5.cygnusb2b.com
  2 @LyrisMail.Buycostumes.com
  2 @learning2.net
  2 @email.azamaracruises.com
  2 @e.justmysize.com
  2 @cvs.bounce.ed10.net
  2 @cp20.com
  2 @cantina.fbmta.com
  2 @briantracyintl.com
  2 @bounce.mkt2180.com
  2 @bounce.mkt1031.com
  2 @bounce.glnlmailsvc.com
  2 @b.email.womanwithin.com
  2 @b.email.kingsizedirect.com
  2 @b.email.jessicalondon.com
  1 @wout3.gliq.com
  1 @trk.fcs-newsletters1.net
  1 @tmkrmssmtp1.tmkrms.com
  1 @specials.firemountaingems.com
  1 @response.whatcounts.com
  1 @reply.projectsatwork.com
  1 @post.hsci2.net
  1 @pmedianews.com
  1 @orvisnews.com
  1 @numbersusa.com
  1 @npdor.com
  1 @netlogmail.com
  1 @myhealthwealthandhappiness.com
  1 @MizzouAlumni.org
  1 @me20218.mailengine1.com
  1 @mam11.gliq.com
  1 @mail.us.pampers.com
  1 @mail.thefunnystuff.net
  1 @mailengine.dermstore.com
  1 @mail9.job.com
  1 @mail96.subscribermail.com
  1 @mail5.job.com
  1 @mail4.nextjump.com
  1 @mail1.eventbrite.com
  1 @LISTSERV.DIRECTMAILEXPRESS.NET
  1

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On Nov 23, 2009, at 7:39, Matus UHLAR - fantomas   
wrote:



Yes, why to differ between non-abusing and abusing marketers...


We've been through this before. On my mail, habeas is a very strong  
indicator of spam. It does not appear in legitimate mail.


I don't know who these legitimate marketers are, but I don't feel I'm  
missing anything.

Re: HABEAS_ACCREDITED SPAMMER

[Aaron Wolfe]

On Mon, Nov 23, 2009 at 4:46 PM, jdow  wrote:
> From: "J.D. Falk" 
> Sent: Monday, 2009/November/23 13:37
>
>
> On Nov 23, 2009, at 6:14 AM, Matus UHLAR - fantomas wrote:
>
>> You should complain to ReturnPath. Iirc, HABEAS used to sue spammers
>> misusing their technology. Don't know if ReturnPath continues prac ticing
>> this.
>
> Actually, you're confusing Habeas's first technology (which involved suing
> misuse of their copywritten header, and was abandoned years ago) with their
> "safe list" whitelist product, which Return Path now operates.  Rather than
> suing them, we'll simply kick 'em off the list if they don't meet our
> standards.
>
> http://wiki.apache.org/spamassassin/Rules/HABEAS_ACCREDITED_COI has some
> basic info, including an address to complain at if you're receiving spam
> from a safelisted IP.
>
> --
> J.D. Falk 
> Return Path Inc
>
>
>
> As a sort of intolerant b**ch is my interpretation of what you just
> said as "Habeas is useless" a reasonable statement? If not, why not?
>
> {^_^}    Habeas gets a zero score here now.
>

Habeas accredited spam has been getting a positive score here for some years.

-Aaron

Re: HABEAS_ACCREDITED SPAMMER

[jdow]

From: "J.D. Falk" 
Sent: Monday, 2009/November/23 13:37


On Nov 23, 2009, at 6:14 AM, Matus UHLAR - fantomas wrote:


You should complain to ReturnPath. Iirc, HABEAS used to sue spammers
misusing their technology. Don't know if ReturnPath continues prac ticing
this.


Actually, you're confusing Habeas's first technology (which involved suing 
misuse of their copywritten header, and was abandoned years ago) with their 
"safe list" whitelist product, which Return Path now operates.  Rather than 
suing them, we'll simply kick 'em off the list if they don't meet our 
standards.


http://wiki.apache.org/spamassassin/Rules/HABEAS_ACCREDITED_COI has some 
basic info, including an address to complain at if you're receiving spam 
from a safelisted IP.


--
J.D. Falk 
Return Path Inc



As a sort of intolerant b**ch is my interpretation of what you just
said as "Habeas is useless" a reasonable statement? If not, why not?

{^_^}Habeas gets a zero score here now. 

Re: HABEAS_ACCREDITED SPAMMER

[J.D. Falk]

On Nov 23, 2009, at 6:14 AM, Matus UHLAR - fantomas wrote:

> You should complain to ReturnPath. Iirc, HABEAS used to sue spammers
> misusing their technology. Don't know if ReturnPath continues prac ticing
> this.

Actually, you're confusing Habeas's first technology (which involved suing 
misuse of their copywritten header, and was abandoned years ago) with their 
"safe list" whitelist product, which Return Path now operates.  Rather than 
suing them, we'll simply kick 'em off the list if they don't meet our standards.

http://wiki.apache.org/spamassassin/Rules/HABEAS_ACCREDITED_COI has some basic 
info, including an address to complain at if you're receiving spam from a 
safelisted IP.

--
J.D. Falk 
Return Path Inc

Re: HABEAS_ACCREDITED SPAMMER

[Matus UHLAR - fantomas]

> On Nov 23, 2009, at 6:14, Matus UHLAR - fantomas   
> wrote:
>
>> You should complain to ReturnPath

On 23.11.09 06:40, LuKreme wrote:
> Or just change the scores from -8.0 to +2.0

Yes, why to differ between non-abusing and abusing marketers...
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux - It's now safe to turn on your computer.
Linux - Teraz mozete pocitac bez obav zapnut.

Re: HABEAS_ACCREDITED SPAMMER

[rich...@buzzhost.co.uk]

Thanks to Matus for the explanation, LuKreme for the suggestion on
scoring and Hajdu for the contact details. I am obliged to you and thank
you for your time.

Re: HABEAS_ACCREDITED SPAMMER

[Hajdú Zoltán]

Or just report it...

"Sender Abuse and Complaint Reporting

Any concerns or complaints regarding the Return Path Certification program can be 
submitted to certificat...@returnpath.net. "

Cheers,

rich...@buzzhost.co.uk írta:

I'm not really familiar with HABEAS_ACCREDITED_COI and I'm interested to
know who is behind it, and how it relates to the Spamassassin project.

I'm seeing loads of spam from a UK company called  datetheuk.com AKA
EasyDate LTD from mail.redut.net [80.75.69.201]. They fished a tagged
honeypot address from Facebook. It was never opt-in and being the kind
of guy I am, I've even tried to opt out (despite not opting in) some ten
times.

What I'm interested is the fact I block at 7, but it was given -9
because:

* -8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or
Better
*  [80.75.69.201 listed in sa-accredit.habeas.com]
* -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
low trust

I'm not dropping all redut.net in the firewall (should keep them hanging
around like a tarpit as they try to connect) - but I would love to know
what got them in scope for such a great lowering of their score?

Re: HABEAS_ACCREDITED SPAMMER

[LuKreme]

On Nov 23, 2009, at 6:14, Matus UHLAR - fantomas   
wrote:



You should complain to ReturnPath


Or just change the scores from -8.0 to +2.0

 

Re: HABEAS_ACCREDITED SPAMMER

[Matus UHLAR - fantomas]

On 23.11.09 12:19, rich...@buzzhost.co.uk wrote:
> I'm not really familiar with HABEAS_ACCREDITED_COI and I'm interested to
> know who is behind it, and how it relates to the Spamassassin project.

HABEAS was company acquired by ReturnPath. It tries to help out differing
between legal marketing companies and spammers.

> I'm seeing loads of spam from a UK company called  datetheuk.com AKA
> EasyDate LTD from mail.redut.net [80.75.69.201]. They fished a tagged
> honeypot address from Facebook. It was never opt-in and being the kind
> of guy I am, I've even tried to opt out (despite not opting in) some ten
> times.
> 
> What I'm interested is the fact I block at 7, but it was given -9
> because:
> 
> * -8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or
> Better
> *  [80.75.69.201 listed in sa-accredit.habeas.com]
> * -1.0 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
> low trust
> 
> I'm not dropping all redut.net in the firewall (should keep them hanging
> around like a tarpit as they try to connect) - but I would love to know
> what got them in scope for such a great lowering of their score?

You should complain to ReturnPath. Iirc, HABEAS used to sue spammers
misusing their technology. Don't know if ReturnPath continues prac ticing
this.
-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
How does cat play with mouse? cat /dev/mouse