RE: [LinkedIn Spam] Re: unwhitelist from_dkim?
At 15:11 19-03-10, Chris Richman wrote: If anyone knows of a reliable way to identify mailing list addresses, I'd love to know so we could block mail to them. Currently, we just do it when it's reported to us. I suppose one approach might be to block list.* domains or email addresses in the format *-l...@.* or other common mailing list address formats. It wouldn't catch all of them, I'm sure (m...@gnome.org, for example), but it might help. There isn't a reliable way to identify mailing list addresses. Regards, -sm
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
At 15:11 19-03-10, Chris Richman wrote: If anyone knows of a reliable way to identify mailing list addresses, I'd love to know so we could block mail to them. Currently, we just do it when it's reported to us. I suppose one approach might be to block list.* domains or email addresses in the format *-l...@.* or other common mailing list address formats. It wouldn't catch all of them, I'm sure (m...@gnome.org, for example), but it might help. On 21.03.10 23:06, SM wrote: There isn't a reliable way to identify mailing list addresses. Correct, but these services could cooperate with mailing lists so these invitations would not pass. Is there reliable way to detect the type of mail that shouldn't go to mailing list? So the list could refuse it, apparently with SA's help? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese.
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
pgpbkzDGoM3Fr.pgp Description: PGP signature
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
On 3/19/10 8:33 AM, Greg Troxel wrote: Am 2010-03-18 14:26:31, schrieb Chris Richman: Hi, Michael. If there is an email address that you'd like to never receive email from LinkedIn, let me know and I can add it to our suppression list. Sorry for the troubles. you want a list of 237,456 email addresses? I think it is just easier if I blacklist linkedin. I have NEVER gotten a FORGED linkedin/facebook spam. Not sure why they needed to dkim whitelist them. every spam claiming to be from linkedin/facebook and the like actually originated from their network. ObOnTopic: I realize it's moving beyond the usual SA rules, but perhaps rules that assign scores based on failure to follow reasonable policies are in order. Giving 3 points to invitations that could be bulk-generated seems reaononable. or not add rules that whitelist domains that have known, documented abusive practices. -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 __ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ __
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
Hello Michael, and of course Chris Richman which I have added to show him a real live example of LinkedIn sSpam on mailinglists. Am 2010-03-19 09:25:10, hacktest Du folgendes herunter: you want a list of 237,456 email addresses? I think it is just easier if I blacklist linkedin. I have NEVER gotten a FORGED linkedin/facebook spam. Not sure why they needed to dkim whitelist them. every spam claiming to be from linkedin/facebook and the like actually originated from their network. Here an example mail from a mailingist I have gotten today morning: 8-- Return-Path: pgsql-odbc-owner+m10...@postgresql.org Delivered-To: xx4miche...@tamay-dogan.net Received: from mx1.hub.org (mx1.hub.org [:::200.46.208.106]) by mail.tamay-dogan.net with esmtp; Fri, 19 Mar 2010 04:34:47 +0100 id 0002BF29.4BA2F0D7.73AA Received: from postgresql.org (mail.postgresql.org [200.46.204.86]) by mx1.hub.org (Postfix) with ESMTP id 8ECDA32670A5; Fri, 19 Mar 2010 00:34:45 -0300 (ADT) Received: from maia.hub.org (unknown [200.46.204.183]) by mail.postgresql.org (Postfix) with ESMTP id AB07D632461 for pgsql-odbc-postgresql@mail.postgresql.org; Fri, 19 Mar 2010 00:34:43 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.183]) (amavisd-maia, port 10024) with ESMTP id 60481-02 for pgsql-odbc-postgresql@mail.postgresql.org; Fri, 19 Mar 2010 03:34:33 + (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail14-a-aa.linkedin.com (mail14-a-aa.linkedin.com [64.74.98.135]) by mail.postgresql.org (Postfix) with ESMTP id 26282632277 for pgsql-o...@postgresql.org; Fri, 19 Mar 2010 00:34:32 -0300 (ADT) DomainKey-Signature: s=prod; d=linkedin.com; c=nofws; q=dns; h=Sender:Date:From:To:Message-ID:Subject:MIME-Version: Content-Type:X-LinkedIn-fbl; b=uhlXCWHilLQ5PX/JlXtHAWgkbs7B0VEQIXH3P2fygO9cdoeIlw/y3gYX zZJk7L4cjuLObe5xTds1LF+vFFRSgD/X0yoZzUjioN9xM+9fOdZ/IWCUg UwR0b+c5ec78H6Y; Date: Thu, 18 Mar 2010 20:34:32 -0700 (PDT) From: Steve Richfield steve.richfi...@gmail.com To: pgsql-o...@postgresql.org Message-ID: 223678924.12635840.1268969672387.javamail@ech3-cdn06.prod Subject: [ODBC] Steve Richfield wants to stay in touch on LinkedIn MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_Part_12635839_1571495511.1268969672386 X-LinkedIn-fbl: fYe9k6HTqohLs9YmPG0ro0JrIOB7DdW8-0P780BKHIpZlXGTDAgaOUGWDiTF X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-0.428 tagged_above=-10 required=5 tests=BAYES_00=-2.599, DCC_CHECK=2.17, HTML_MESSAGE=0.001 X-Spam-Level: X-Mailing-List: pgsql-odbc List-Archive: http://archives.postgresql.org/pgsql-odbc List-Help: mailto:majord...@postgresql.org?body=help List-ID: pgsql-odbc.postgresql.org List-Owner: mailto:pgsql-odbc-ow...@postgresql.org List-Post: mailto:pgsql-o...@postgresql.org List-Subscribe: mailto:majord...@postgresql.org?body=sub%20pgsql-odbc List-Unsubscribe: mailto:majord...@postgresql.org?body=unsub%20pgsql-odbc Precedence: bulk Sender: pgsql-odbc-ow...@postgresql.org X-TDMailSerialnumber: 9712627 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit LinkedIn I'd like to add you to my professional network on LinkedIn. - Steve Richfield Confirm that you know Steve Richfield https://www.linkedin.com/e/isd/1159074827/uez9p3MT/EML-invg_56/ -- (c) 2010, LinkedIn Corporation 8-- I get tonns of them per day... Thanks, Greetings and nice Day/Evening Michelle Konzack 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature
RE: [LinkedIn Spam] Re: unwhitelist from_dkim?
Hi, Michelle. I've added those domains to our suppression list so they shouldn't receive email from us anymore. I wasn't able to add gnome.org because we have several users with confirmed gnome.org email addresses. Chris -Original Message- From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net] Sent: Thursday, March 18, 2010 5:40 PM To: Chris Richman Cc: SpamAssassin Users List Subject: [LinkedIn Spam] Re: unwhitelist from_dkim? Hello Chris, Am 2010-03-18 14:26:31, schrieb Chris Richman: Hi, Michael. If there is an email address that you'd like to never receive email from LinkedIn, let me know and I can add it to our suppression list. Sorry for the troubles. Is this a Joke? Should forward you all arround 3200 Linkedin Invites and remindesr? I suggest to blocklist following domains: @postgesql.org- Mailinglist server @gnome.org- Mailinglist server but unfortunately some private EMails too @lists.denx.de- Mailinglist server (e.g. u-boot) @lists.freeradius.org - Mailinglist server @lists.sourceforge.net- Mailinglist server (e.g. alleg-main) @lists.fedoraproject.org - Mailinglist server @bugs.debian.org - Debian Bug Tracking System if you mailbox support it, I have a script to forward all LinkedIn spams to your Mailbox. I have a script which forward any Invite/Reminder spam coming over Mailinglists or the Debian BTS or to my E-Mails michelle.konzack and linux4michelle and bsd4michelle to your ABUSE addresses, but spaming continues... Currently following spamers are known: facebook.com facebookmail.com twitter.com myspace.com linkedin.com gmail.com dropbox.com blogger.com Do you realy believe, I have found in less the 2 years more then 40.000 friends worldwide? And do you realy believe, I klick on ANY links which claim hat I can OptOut? Do you realy think, I have to click arround 180.00 per day for every spam which mit my account? I get more then 2 spams per second or if you want arround 14 milion spams total on my 4 main servers. I HATE the above services!! Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
Chris Richman wrote: Hi, Michelle. I've added those domains to our suppression list so they shouldn't receive email from us anymore. I wasn't able to add gnome.org because we have several users with confirmed gnome.org email addresses. I would like to recommend that you find a way to segregate mail types: 1) mail to confirmed user addresses 2) mail attempting to confirm a new user address (but DO NOT try to do anything else at the same time) 3) all other mail (invitations, or whatever ... to too many of us, it's spam) The first two types are welcome at the domains I personally control. The third is not, and you should consider finding a way to ban it for me - something your message indicates you currently do not have. Bob speaking for myself --
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
Hello Chris, Am 2010-03-19 11:06:08, hacktest Du folgendes herunter: Hi, Michelle. I've added those domains to our suppression list so they shouldn't receive email from us anymore. I wasn't able to add gnome.org because we have several users with confirmed gnome.org email addresses. The mailingisst from GNOME.org are gtk-app-devel-l...@gnome.org gtk-l...@gnome.org m...@gnome.org at least because I am subscribed there. What I do not understand is, WHY so big websites like LinkedIn does not carefuly block such domains from begining BEFORE someone has the idea to put any of you in RBL or somethinglike this I run a courier mailigist server with 80 lists currently and I BLOCK any messages TO and FROM a blocklist (contain more then 700 domains). Also I have to add nearly each week a new one. Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature
RE: [LinkedIn Spam] Re: unwhitelist from_dkim?
Thanks, Michelle, I've added those to our suppression list, too. Oddly enough, a user had actually confirmed gtk-l...@gnome.org, so I removed it from his account. If anyone knows of a reliable way to identify mailing list addresses, I'd love to know so we could block mail to them. Currently, we just do it when it's reported to us. I suppose one approach might be to block list.* domains or email addresses in the format *-l...@.* or other common mailing list address formats. It wouldn't catch all of them, I'm sure (m...@gnome.org, for example), but it might help. I'm open to suggestions. We face the same pressure for growth that all social networks do, but most of the folks here really do want to do the right thing. We recognize that it doesn't benefit us (and, in fact, hurts us) to send mail to people who don't want to receive it. Chris -Original Message- From: Michelle Konzack [mailto:linux4miche...@tamay-dogan.net] Sent: Friday, March 19, 2010 2:34 PM To: users@spamassassin.apache.org Subject: Re: [LinkedIn Spam] Re: unwhitelist from_dkim? Hello Chris, Am 2010-03-19 11:06:08, hacktest Du folgendes herunter: Hi, Michelle. I've added those domains to our suppression list so they shouldn't receive email from us anymore. I wasn't able to add gnome.org because we have several users with confirmed gnome.org email addresses. The mailingisst from GNOME.org are gtk-app-devel-l...@gnome.org gtk-l...@gnome.org m...@gnome.org at least because I am subscribed there. What I do not understand is, WHY so big websites like LinkedIn does not carefuly block such domains from begining BEFORE someone has the idea to put any of you in RBL or somethinglike this I run a courier mailigist server with 80 lists currently and I BLOCK any messages TO and FROM a blocklist (contain more then 700 domains). Also I have to add nearly each week a new one. Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193
RE: [LinkedIn Spam] Re: unwhitelist from_dkim?
We've got a project planned for Q2 that might help with this. We currently segregate some of our mail streams by sending IP. Unfortunately, too many types of messages (including invitations) are still sent from the catch-all IPs. With this project, we should have all of the major mail streams clearly separated. In addition, we'll be including an X-LinkedIn-Class header that identifies the type of email (member-to-member invitation, member-to-guest invitation, group digest email, email confirmation message, etc., etc.) Will that allow you to do the kind of filtering you're talking about? Obviously we'd prefer that nobody filter our mail, but, like I said before, we recognize that it only hurts us to send mail to people who don't want it. We'll continue taking steps to prevent mail from gong to people who don't want it, and hopefully in the meantime some of these projects will make it easier for you to selectively filter our mail, if you choose. Chris -Original Message- From: Bob O'Brien [mailto:bobr...@barracuda.com] Sent: Friday, March 19, 2010 11:28 AM To: SpamAssassin Users List Subject: Re: [LinkedIn Spam] Re: unwhitelist from_dkim? Chris Richman wrote: Hi, Michelle. I've added those domains to our suppression list so they shouldn't receive email from us anymore. I wasn't able to add gnome.org because we have several users with confirmed gnome.org email addresses. I would like to recommend that you find a way to segregate mail types: 1) mail to confirmed user addresses 2) mail attempting to confirm a new user address (but DO NOT try to do anything else at the same time) 3) all other mail (invitations, or whatever ... to too many of us, it's spam) The first two types are welcome at the domains I personally control. The third is not, and you should consider finding a way to ban it for me - something your message indicates you currently do not have. Bob speaking for myself --
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
Hello Chris, Am 2010-03-19 15:11:37, hacktest Du folgendes herunter: Thanks, Michelle, I've added those to our suppression list, too. Oddly enough, a user had actually confirmed gtk-l...@gnome.org, so I removed it from his account. OK, If anyone knows of a reliable way to identify mailing list addresses, I'd love to know so we could block mail to them. Currently, we just do it when it's reported to us. I suppose one approach might be to block list.* domains or email addresses in the format *-l...@.* or other Three servers which I had forgotten in the list: lists.debian.org General Mailinglist Server list.alioth.debian.org Project server packages.debian.org Package Tracking System common mailing list address formats. It wouldn't catch all of them, I'm sure (m...@gnome.org, for example), but it might help. Right, this is sometimes annoying. I'm open to suggestions. We face the same pressure for growth that all social networks do, but most of the folks here really do want to do the right thing. We recognize that it doesn't benefit us (and, in fact, hurts us) to send mail to people who don't want to receive it. It is logical for social networks to cooperate du to there huge investment and the very negative reputtion which can happen du to spams. Chris Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
Hello Chris, Am 2010-03-19 15:20:40, hacktest Du folgendes herunter: Obviously we'd prefer that nobody filter our mail, but, like I said before, we recognize that it only hurts us to send mail to people who don't want it. We'll continue taking steps to prevent mail from gong to people who don't want it, and hopefully in the meantime some of these projects will make it easier for you to selectively filter our mail, if you choose. I could even say Block my domain tamay-dogan.net but what is IF one of my employees want to use LinedIn, Facebook or Twitter? So I have to deal with my singel E-Mails and hope, those social networks are cooperative... Thanks, Greetings and nice Day/Evening Michelle Konzack Systemadministrator 24V Electronic Engineer Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # http://www.tamay-dogan.net/ Michelle Konzack http://www.can4linux.org/ Apt. 917 http://www.flexray4linux.org/ 50, rue de Soultz Jabber linux4miche...@jabber.ccc.de 67100 Strabourg/France IRC#Debian (irc.icq.com) Tel. DE: +49 177 9351947 ICQ#328449886 Tel. FR: +33 6 61925193 signature.pgp Description: Digital signature
Re: [LinkedIn Spam] Re: unwhitelist from_dkim?
Michelle Konzack wrote: I could even say Block my domain tamay-dogan.net but what is IF one of my employees want to use LinedIn, Facebook or Twitter? This is exactly what I'm asking for. If my users choose to sign up, fine, let them use it and then /those/ addresses can receive invitations, or any crap at all. Just don't send _unconfirmed_ addresses in my domain anything other than confirmation requests. It is EASY to characterize the three mail streams. I should not have to be the one to parse custom headers to throw out the invitations and other crap. Really, this should be standard in EVERY industry: Don't send _unconfirmed_ addresses in my domain anything other than confirmation requests. Bob --
