Re: Barracuda Blacklist
BUZZHOST_STINGER wrote: On Sun, 2009-05-31 at 14:39 -0600, LuKreme wrote: On 29-May-2009, at 07:32, Andy Dorman wrote: 1. I could not find out WHY our IPs (we have a block of 32 for the cluster of servers that my email was being sent from) were being listed I do have to add this would be a lie. A call to Barracuda support and they will happily go through their evidence database with you. If your block was on the reputation list, it would have been because you were sending spam. It's really that simple. Sorry, I was not explicit enough when saying I could not find out WHY we were blocked. After spending a couple of hours at their site trying to figure out how to register our service, I gave up. At the time I did not know emailreg.org was a part of Baracudda. And if you look on their site (I just made a fresh pass) their "Contact us" is an email form. As for sending spam and getting listed, the crazy thing is that we don't send ANY email other than mail like this (which actually originates from a different IP block) and the email that is addressed to our customers and is passed by our filters (SA plus some other metrics we have added). And that email only goes to our customer's destination email servers. Of course, a small % of that will be spam (except when someone does something stupid on their white list and puts something like yahoo.com in it). The 'join emailreg.org' is the usual old B/S they give to non co-operative mongs that call them. Ahhh. That makes sense in a twisted sort of way. So, I hope this explains that I was not lying. I just did not see a fast/obvious way to get info on how our IP got black listed. And by the time I had more info, the blacklist had been lifted, again with no apparent reason. -- Andy Dorman Ironic Design, Inc. AnteSpam.com, HomeFreeMail.com, ComeHome.net
Re: Barracuda Blacklist
On Sun, 2009-05-31 at 14:39 -0600, LuKreme wrote: > On 29-May-2009, at 07:32, Andy Dorman wrote: > > 1. I could not find out WHY our IPs (we have a block of 32 for the > > cluster of servers that my email was being sent from) were being > > listed I do have to add this would be a lie. A call to Barracuda support and they will happily go through their evidence database with you. If your block was on the reputation list, it would have been because you were sending spam. It's really that simple. The 'join emailreg.org' is the usual old B/S they give to non co-operative mongs that call them. Much that I hate Barracuda for their digital shoplifting, they are unlike the money grabbers at $pamhaus and the cbl assholes. You can call them and they will tell you the date, time and quantity of the crap your IP has sent. Their data is good - very good. They even keep details of how many of their users marked the message as spam. So please go right ahead an call them and raise a 'BBL NON CUSTOMER CASE'. UK CONTACT: Adam Light +44 (0)1256 300102 US CONTACT: Jan Gobble ++1 408 342 5300 What is the IP range you have? I don't see it in the thread any place.
RE: Barracuda Blacklist
On Tue, 2009-06-02 at 13:40 -0700, Bob O'Brien wrote: > Actually, Richard, yes - I have management approval for what details I choose > to share with any given online community. Share? Oh Sorry Bob. I only had Barracuda down as digital thieves. Let me see; SPAM and 'VIRUS' (lol) 'FIREWALL' BSMTPD (Yours - I think not - ) POSTFIX CLAM AMAVIS OPENSSL OPENLDAP APACHE MYSQL BUILT IN SPAMHAUS RULE - you know the one: [PASS] RBL-> Builtin zen.spamhaus.org has no latency @ 45 msec I can cut and paste specifics if you would like? Perhaps I can run through the Load Balancer and Web Filter with you too? SNORT, HA PROXY, LVM, MYSQL, SQUID, CLAM, APACHE. Please point me to where you have given anything back of use? It would not be complete without a mention of your megabucks 'Patch me as often as you can' Archiver. You know the one that had to run WINE because you were unable to write an indexer. You take a 'hardened' (which means old mandrake Linux kernel with loads missing) OS handling email attachments and run WINE on it? Are you serious Let's then move on to the Energize Updates; EU = Lots of Clam & SA Rules sold to customers with a few of your own flaky ones thrown in. These have included such howlers as blocking anything with '.com' in the body. As for Juvenile - your guy Justin 'Always drunk' O'Brien will always eclipse me. Is he not on record as saying words to the effect of 'The older 200's are rubbish - they only have one amavis process and 256meg of RAM. Tell the customers to open them up and put more RAM in or buy a bigger unit'. That's technical support and customer care at it's best. I've got his email here somewhere Bob - any many more like it. If you want me to do 'Juvenile' I'm happy to do that. Barracuda is a shower of shit. Your products suck cock, your internal processes for a 'security' company are totally laughable and your developers are clueless. Favorite customer quote from the IM Firewall; Developers: "It's a known issue" Customer: "This is utter rubbish. It looks like something someone has put together in their bedroom" But to move away from my rant the facts are simple. You steal nearly everything you put in those cheap hardware boxes. Anything you code yourself is the weak link in the chain. RVERIFY a point in hand. Cut the crap that you ever give anything back. It's all one way - it all take. In short Bob, the only reason ANYONE from Barracuda would be on this list is to STEAL STUFF. You want your hands cutting off - and that is me being very restrained. Please carry on - I have jack all to loose Bob. What is it SP says in his totally Juvenile way 'Bob O Brien is no longer with us, Our choice not his'. I'll CC Drako and Perone as you have their permission. Perone knows all about spam :-) Please don't try and put yourself across as caring and sharing. It's bullshit and anyone can smell it. > I am also learning to count Jann among my friends, and I'm sure he would > *appropriately* acknowledge your greeting. > > If your participation is at all typical of this community, that will be > useful time-saving information for us indeed. > > > > Thanks! > > > > > > > -Original Message- > > From: "rich...@buzzhost.co.uk" > > Date: Tue, 2 Jun 2009 16:02:58 +0100 > > Message-ID: <1243954978.7028.73.ca...@rubikscube> > > > > > > > Does Drako know you are posting here Bob? > > > > It's a bit naughty. He had everyone sign a form saying they would not > > post to places like this? You really should know better. > > > > > > We all know that Barraucda are behind emailreg. We know that emailreg is > > 'cash for spamming'. We know that support have been told *NOT* to > > disable emailreg on Barracuda units. It's a done deal. The 'narrative' > > is to suggest that non customer pay to sign up at emailreg.org so cut > > the crap. > > > > As a side note, it's nice to see you here acknolwedging Spamassassin > > after stealing it and selling it for so long in Barracuda products. > > Your a bunch of digital thieves really, so on face value anything you > > say can only be taken as bullshit - so why not crawl back under that > > fucking rock you dragged your fat worthless ass out from? > > > > Give my love to that sick gay bastard Gobble gobble. > > > > > > > > > > > > > -- > Check out the Barracuda Spam & Virus Firewall - offering the fastest > virus & malware protection in the industry: www.barracudanetworks.com/spam >
Re: Barracuda Blacklist
Bob O'Brien wrote: Actually, Richard, yes - I have management approval for what details I choose to share with any given online community. I am also learning to count Jann among my friends, and I'm sure he would *appropriately* acknowledge your greeting. If your participation is at all typical of this community, that will be useful time-saving information for us indeed. Bob, I can not speak for anyone else, but rest assured his juvenile response did NOT represent me. Cheers, -- Andy Dorman Ironic Design, Inc. AnteSpam.com, HomeFreeMail.com, ComeHome.net
RE: Barracuda Blacklist
On Tue, 2009-06-02 at 13:40 -0700, Bob O'Brien wrote:
> Actually, Richard, yes - I have management approval for what details I
> choose to share with any given online community. I am also learning
> to count Jann among my friends, and I'm sure he would *appropriately*
> acknowledge your greeting.
>
> If your participation is at all typical of this community, that will
> be useful time-saving information for us indeed.
If by that you mean the rant below...
No, that is not typical at all of the discussions going on in here. Or
the tone.
> -Original Message-
> > From: "rich...@buzzhost.co.uk"
> > Date: Tue, 2 Jun 2009 16:02:58 +0100
> > Message-ID: <1243954978.7028.73.ca...@rubikscube>
>
> > Does Drako know you are posting here Bob?
> >
> > It's a bit naughty. He had everyone sign a form saying they would not
> > post to places like this? You really should know better.
> >
> >
> > We all know that Barraucda are behind emailreg. We know that emailreg is
> > 'cash for spamming'. We know that support have been told *NOT* to
> > disable emailreg on Barracuda units. It's a done deal. The 'narrative'
> > is to suggest that non customer pay to sign up at emailreg.org so cut
> > the crap.
> >
> > As a side note, it's nice to see you here acknolwedging Spamassassin
> > after stealing it and selling it for so long in Barracuda products.
> > Your a bunch of digital thieves really, so on face value anything you
> > say can only be taken as bullshit - so why not crawl back under that
> > fucking rock you dragged your fat worthless ass out from?
> >
> > Give my love to that sick gay bastard Gobble gobble.
Dude, that language really is not appropriate on this list.
And I didn't even learn any new phrases, have seen much worse. Next
time, please do better so I can enhance my swearing English...
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
RE: Barracuda Blacklist
Actually, Richard, yes - I have management approval for what details I choose to share with any given online community. I am also learning to count Jann among my friends, and I'm sure he would *appropriately* acknowledge your greeting. If your participation is at all typical of this community, that will be useful time-saving information for us indeed. Thanks! -Original Message- > From: "rich...@buzzhost.co.uk" > Date: Tue, 2 Jun 2009 16:02:58 +0100 > Message-ID: <1243954978.7028.73.ca...@rubikscube> > > Does Drako know you are posting here Bob? > > It's a bit naughty. He had everyone sign a form saying they would not > post to places like this? You really should know better. > > > We all know that Barraucda are behind emailreg. We know that emailreg is > 'cash for spamming'. We know that support have been told *NOT* to > disable emailreg on Barracuda units. It's a done deal. The 'narrative' > is to suggest that non customer pay to sign up at emailreg.org so cut > the crap. > > As a side note, it's nice to see you here acknolwedging Spamassassin > after stealing it and selling it for so long in Barracuda products. > Your a bunch of digital thieves really, so on face value anything you > say can only be taken as bullshit - so why not crawl back under that > fucking rock you dragged your fat worthless ass out from? > > Give my love to that sick gay bastard Gobble gobble. > > > > > -- Check out the Barracuda Spam & Virus Firewall - offering the fastest virus & malware protection in the industry: www.barracudanetworks.com/spam
LET'S KILL THIS THREAD (Was: whitelists (was Re: Barracuda Blacklist)
ANTICOM-STINGER a écrit : > On Fri, 2009-05-29 at 12:16 -0600, J.D. Falk wrote: >> Rob McEwen wrote: >> >>> Additionally, I'd like to ask, other than being a superb cash-generating >>> machine, what good is a whitelist built upon pay-to-enter and NOT based >>> on editorial decisions made by non-biased e-mail administrators? >> Those two aren't necessarily exclusive. The standards for inclusion in a >> whitelist can (and in many cases do) include the same performance metrics >> that help e-mail administrators stay non-biased, such as user complaint >> rate, spamtrap hits, and so forth. >> >> (I don't know whether Barracuda's whitelist includes those metrics.) >> >> The additional value to admins is that they don't have to keep watch over >> the whitelisted IPs -- the whitelist operator handles that. The fees cover >> that monitoring, and consulting on improving practices where necessary. >> >> And, of course, if the whitelist operator is lying or slow or otherwise not >> living up to expectations, the admin simply stops using that whitelist. >> Lists that nobody uses don't get much business, so there's a direct >> incentive for the whitelist operator to keep their list squeaky-clean. > > The Barracuda white list is an 'exclusive' club and I suspect money has > changed hands. It includes eBay, Amazon, Microsoft etc along with some > very big 'marketing' companies that Micheal Perone (former alleged > spammer now part of Barracuda) may have some involvement in. > > For the ordinary 'mongs' there is email.reg which is a 'pay to spam' > service :-) > > I guess everyone knows that the Barracuda is basically SpamAssasin on a > cheap Linux box. It's full of great open source software glued together > with some very flaky scripts. I cannot believe people pay the money they > do for it. I don't think Barracuda can believe it either. > I personally think this is non sense, but let's admit this is my personal opinion and that it would take us too far to debate this. so let's please kill this thread. PS. I am not affiliated with Barracuda, nor with anything affiliated with them. I do use their list in SA and I subscribed for access to their list, and that's all.
RE: Barracuda Blacklist
Does Drako know you are posting here Bob? It's a bit naughty. He had everyone sign a form saying they would not post to places like this? You really should know better. We all know that Barraucda are behind emailreg. We know that emailreg is 'cash for spamming'. We know that support have been told *NOT* to disable emailreg on Barracuda units. It's a done deal. The 'narrative' is to suggest that non customer pay to sign up at emailreg.org so cut the crap. As a side note, it's nice to see you here acknolwedging Spamassassin after stealing it and selling it for so long in Barracuda products. Your a bunch of digital thieves really, so on face value anything you say can only be taken as bullshit - so why not crawl back under that fucking rock you dragged your fat worthless ass out from? Give my love to that sick gay bastard Gobble gobble. On Mon, 2009-06-01 at 11:20 -0700, Bob O'Brien wrote: > April 29? > You started your narrative on 5/28 with an explicitly specified three week > time frame. On the 29th, I looked at four weeks of history, and the factual > numbers were lower. If that's where the discrepancy arose, then we may not > really disagree about anything of consequence. > > > No, I definitely did not say that I work for emailreg. > I said that one aspect of my duties here at Barracuda includes sending > "suggestions" to emailreg. Suggestions which they (at least for now) choose > to implement directly. > > > > > Bob > > > > -Original Message- > From: Neil Schwartzman [mailto:neil.schwartz...@returnpath.net] > Sent: Saturday, May 30, 2009 11:58 AM > To: Bob O'Brien; Spamassassin > Subject: Re: Barracuda Blacklist > > > > > On 29/05/09 4:09 PM, "Bob O'Brien" wrote: > > > Neil, > > > > Based on our "Requests for Removal" filed over the past 3+ weeks from > > ReturnPath, the number of IPs that you are claiming to have had issues with > > appears inflated by a factor of nearly 50%. > > > Bob, I don't want to waste this group's time with your incorrect assertion. > (this is beginning to be VERY off-topic). I have data for each and every IP > you listed and for which I requested a delisting. Happy to follow up with > you offlist. > > Indeed, the Barracuda auto-acks only stared coming in May 09, so perhaps the > system was hosed in some manner and it missed recording everything I did > between April 29 and May 08, for which we saw delistings the following days > in any event. > > > More importantly, I feel it is irresponsible to oversimplify a cleared > > listing > > as a "false positive" when speaking of *any* IP reputation system. > > > > Barracuda Reputation does not arbitrarily list hosts. Messages have passed > > through each host with characteristics indicative of spam. > > > I suggest Barracuda then work on the verbiage on the site and in the > auto-acks. What you are saying does not jibe with what is indicated > elsewhere. What you are saying ... Makes more sense. > > > Those listings > > would only have been cleared because someone contacted the BRBL team and > > requested their clearance - explicitly volunteering /some/ measure of > > responsibility for those hosts going forward. _Accepting_ your > > possibly-inflated numbers, the 409 IPs otherwise met the criteria for > > clearing, so they were cleared. Apparently 22 IPs did not, and those were > > not > > cleared. > > Yup. And that's great. > > Quick question though: You said that you work for emailreg.org, and have > some limited input into the BRBL, I believe. > > It seems to me there is a greater relationship between emailreg.org and > Barracuda than has been stated, given what appears to be intimate knowledge > of my delisting requests. Can you clarify? > > Thanks. >
RE: Barracuda Blacklist
April 29? You started your narrative on 5/28 with an explicitly specified three week time frame. On the 29th, I looked at four weeks of history, and the factual numbers were lower. If that's where the discrepancy arose, then we may not really disagree about anything of consequence. No, I definitely did not say that I work for emailreg. I said that one aspect of my duties here at Barracuda includes sending "suggestions" to emailreg. Suggestions which they (at least for now) choose to implement directly. Bob -Original Message- From: Neil Schwartzman [mailto:neil.schwartz...@returnpath.net] Sent: Saturday, May 30, 2009 11:58 AM To: Bob O'Brien; Spamassassin Subject: Re: Barracuda Blacklist On 29/05/09 4:09 PM, "Bob O'Brien" wrote: > Neil, > > Based on our "Requests for Removal" filed over the past 3+ weeks from > ReturnPath, the number of IPs that you are claiming to have had issues with > appears inflated by a factor of nearly 50%. Bob, I don't want to waste this group's time with your incorrect assertion. (this is beginning to be VERY off-topic). I have data for each and every IP you listed and for which I requested a delisting. Happy to follow up with you offlist. Indeed, the Barracuda auto-acks only stared coming in May 09, so perhaps the system was hosed in some manner and it missed recording everything I did between April 29 and May 08, for which we saw delistings the following days in any event. > More importantly, I feel it is irresponsible to oversimplify a cleared listing > as a "false positive" when speaking of *any* IP reputation system. > > Barracuda Reputation does not arbitrarily list hosts. Messages have passed > through each host with characteristics indicative of spam. I suggest Barracuda then work on the verbiage on the site and in the auto-acks. What you are saying does not jibe with what is indicated elsewhere. What you are saying ... Makes more sense. > Those listings > would only have been cleared because someone contacted the BRBL team and > requested their clearance - explicitly volunteering /some/ measure of > responsibility for those hosts going forward. _Accepting_ your > possibly-inflated numbers, the 409 IPs otherwise met the criteria for > clearing, so they were cleared. Apparently 22 IPs did not, and those were not > cleared. Yup. And that's great. Quick question though: You said that you work for emailreg.org, and have some limited input into the BRBL, I believe. It seems to me there is a greater relationship between emailreg.org and Barracuda than has been stated, given what appears to be intimate knowledge of my delisting requests. Can you clarify? Thanks. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038 -- Check out the Barracuda Spam & Virus Firewall - offering the fastest virus & malware protection in the industry: www.barracudanetworks.com/spam
Re: Barracuda Blacklist
On 29-May-2009, at 07:32, Andy Dorman wrote: 1. I could not find out WHY our IPs (we have a block of 32 for the cluster of servers that my email was being sent from) were being listed And there are a LOT of stories out there like this. At this point in time I don't care what anyone at Barracuda or Emailreg has to say, their actions speak loud enough, and their actions stink of scammer. Not only will I not use them, but I will blackhole servers that reject my mail because of Barracuda (Blackhole is the internal blacklist you never get off of). *NEVER* trust a RBL that doesn't disclose its criteria or that refers you to a pay subscription service to get off their list. Quacks like a scammer, walks like a scammer, *IS* a scammer. -- You try to shape the world to what you want the world to be. Carving your name a thousand times won't bring you back to me. Oh no, no I might as well go and tell it to the trees. Go and tell it to the trees, yeah.
Re: whitelists (was Re: Barracuda Blacklist)
On Fri, 29 May 2009, ANTICOM-STINGER wrote: The Barracuda white list is an 'exclusive' club and I suspect money has This applies to any whitelists, and I never use them, I think, I and my staff are the *only* ones in a position to decide who to whitelist, and I think most ISP/ASP's are of the same opinion For the ordinary 'mongs' there is email.reg which is a 'pay to spam' service :-) Tongue in cheek or not, it's essentially true! -- Res -Beware of programmers who carry screwdrivers
RE: Barracuda Blacklist
On Fri, 29 May 2009, Bob O'Brien wrote: Barracuda Reputation does not arbitrarily list hosts. Messages have passed through each host with characteristics indicative of spam. Those listings would only have been cleared because someone contacted the BRBL team and requested their clearance - explicitly volunteering /some/ measure of responsibility for those hosts going forward. _Accepting_ your possibly-inflated numbers, the 409 IPs otherwise met the criteria for clearing, so they were cleared. Apparently 22 IPs did not, and those were not cleared. Can you supply me on or offlist, a URL to a policy that states why you will block users querying your BRBL, this occurred some weeks ago to my own personal system, which does a few K messages a day for myself, family, friends and some of their friends, but yet not my employers which does a darn sight more than that. -- Res -Beware of programmers who carry screwdrivers
Re: Barracuda Blacklist
On 29/05/09 4:09 PM, "Bob O'Brien" wrote: > Neil, > > Based on our "Requests for Removal" filed over the past 3+ weeks from > ReturnPath, the number of IPs that you are claiming to have had issues with > appears inflated by a factor of nearly 50%. Bob, I don't want to waste this group's time with your incorrect assertion. (this is beginning to be VERY off-topic). I have data for each and every IP you listed and for which I requested a delisting. Happy to follow up with you offlist. Indeed, the Barracuda auto-acks only stared coming in May 09, so perhaps the system was hosed in some manner and it missed recording everything I did between April 29 and May 08, for which we saw delistings the following days in any event. > More importantly, I feel it is irresponsible to oversimplify a cleared listing > as a "false positive" when speaking of *any* IP reputation system. > > Barracuda Reputation does not arbitrarily list hosts. Messages have passed > through each host with characteristics indicative of spam. I suggest Barracuda then work on the verbiage on the site and in the auto-acks. What you are saying does not jibe with what is indicated elsewhere. What you are saying ... Makes more sense. > Those listings > would only have been cleared because someone contacted the BRBL team and > requested their clearance - explicitly volunteering /some/ measure of > responsibility for those hosts going forward. _Accepting_ your > possibly-inflated numbers, the 409 IPs otherwise met the criteria for > clearing, so they were cleared. Apparently 22 IPs did not, and those were not > cleared. Yup. And that's great. Quick question though: You said that you work for emailreg.org, and have some limited input into the BRBL, I believe. It seems to me there is a greater relationship between emailreg.org and Barracuda than has been stated, given what appears to be intimate knowledge of my delisting requests. Can you clarify? Thanks. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038
Re: whitelists (was Re: Barracuda Blacklist)
On Fri, 2009-05-29 at 12:16 -0600, J.D. Falk wrote: > Rob McEwen wrote: > > > Additionally, I'd like to ask, other than being a superb cash-generating > > machine, what good is a whitelist built upon pay-to-enter and NOT based > > on editorial decisions made by non-biased e-mail administrators? > > Those two aren't necessarily exclusive. The standards for inclusion in a > whitelist can (and in many cases do) include the same performance metrics > that help e-mail administrators stay non-biased, such as user complaint > rate, spamtrap hits, and so forth. > > (I don't know whether Barracuda's whitelist includes those metrics.) > > The additional value to admins is that they don't have to keep watch over > the whitelisted IPs -- the whitelist operator handles that. The fees cover > that monitoring, and consulting on improving practices where necessary. > > And, of course, if the whitelist operator is lying or slow or otherwise not > living up to expectations, the admin simply stops using that whitelist. > Lists that nobody uses don't get much business, so there's a direct > incentive for the whitelist operator to keep their list squeaky-clean. The Barracuda white list is an 'exclusive' club and I suspect money has changed hands. It includes eBay, Amazon, Microsoft etc along with some very big 'marketing' companies that Micheal Perone (former alleged spammer now part of Barracuda) may have some involvement in. For the ordinary 'mongs' there is email.reg which is a 'pay to spam' service :-) I guess everyone knows that the Barracuda is basically SpamAssasin on a cheap Linux box. It's full of great open source software glued together with some very flaky scripts. I cannot believe people pay the money they do for it. I don't think Barracuda can believe it either. >
RE: Barracuda Blacklist
Neil, Based on our "Requests for Removal" filed over the past 3+ weeks from ReturnPath, the number of IPs that you are claiming to have had issues with appears inflated by a factor of nearly 50%. More importantly, I feel it is irresponsible to oversimplify a cleared listing as a "false positive" when speaking of *any* IP reputation system. Barracuda Reputation does not arbitrarily list hosts. Messages have passed through each host with characteristics indicative of spam. Those listings would only have been cleared because someone contacted the BRBL team and requested their clearance - explicitly volunteering /some/ measure of responsibility for those hosts going forward. _Accepting_ your possibly-inflated numbers, the 409 IPs otherwise met the criteria for clearing, so they were cleared. Apparently 22 IPs did not, and those were not cleared. That those same 431 listings were not found on any other DNSBLs of which you are aware would be what most people call a feature. Bob -Original Message- From: Neil Schwartzman [mailto:neil.schwartz...@returnpath.net] Sent: Thursday, May 28, 2009 10:58 AM To: Karsten Bräckelmann; Spamassassin Subject: Re: Barracuda Blacklist On 28/05/09 10:42 AM, "Karsten Bräckelmann" wrote: > Yes, every list does have occasional FPs. So your point about those 22 > listings is what exactly? My point is the 409 false positives. Sorry if I was unclear or obtuse. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038 -- Check out the Barracuda Spam & Virus Firewall - offering the fastest virus & malware protection in the industry: www.barracudanetworks.com/spam
whitelists (was Re: Barracuda Blacklist)
Rob McEwen wrote: Additionally, I'd like to ask, other than being a superb cash-generating machine, what good is a whitelist built upon pay-to-enter and NOT based on editorial decisions made by non-biased e-mail administrators? Those two aren't necessarily exclusive. The standards for inclusion in a whitelist can (and in many cases do) include the same performance metrics that help e-mail administrators stay non-biased, such as user complaint rate, spamtrap hits, and so forth. (I don't know whether Barracuda's whitelist includes those metrics.) The additional value to admins is that they don't have to keep watch over the whitelisted IPs -- the whitelist operator handles that. The fees cover that monitoring, and consulting on improving practices where necessary. And, of course, if the whitelist operator is lying or slow or otherwise not living up to expectations, the admin simply stops using that whitelist. Lists that nobody uses don't get much business, so there's a direct incentive for the whitelist operator to keep their list squeaky-clean. -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Barracuda Blacklist
John Hardin wrote: > It might be less confusing if that ad was presented *after* you've > completed the traditional unlisting request... Good point. And I also wonder, how many emailreg payments were made by disparately frantic e-mail admins who normally don't ever send spam, but had a security problem that warranted their initial blacklisting, but where the security problem was already fixed. And I wonder how often those types would have been delisted anyways, but the sysadmin was disparate, rushed, and willing to do anything, including paying $20, under those circumstances? Additionally, I'd like to ask, other than being a superb cash-generating machine, what good is a whitelist built upon pay-to-enter and NOT based on editorial decisions made by non-biased e-mail administrators? At some point, pay-for-whitelisting will likely lead to FNs as well as "free passes" for dark-gray or blackhat ESPs. It may also lead to FNs the next time that same email admin I described has another security hole spewing out millions of spams months/years later. (do they then get a free pass due to the payment to emailreg?) Really, I find this whole conversation quite bizarre. It reminds me of a joke I once made to my wife about how I felt led by the Lord to minister and share the Gospel to strippers at strip clubs. There'd be no lust or adultery involved on my part. Na. Just genuine concern about saving those lost souls. Likewise I'm sure emailreg.org is just a whitelisting service trying to give back to the community and help those poor innocent system admins from getting unfairly blacklisted in the future, right? -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Barracuda Blacklist
On Fri, 29 May 2009, Andy Dorman wrote:
I went to emailreg.org because the bounce I got back directed me to this page
http://www.barracudacentral.org/reputation?r=1 which included this
quarter-page ad:
---
One way to get your email through spam filters even if you are listed on the
BRBL is to register your domain and IPs at EmailReg.org.
{etc.}
It might be less confusing if that ad was presented *after* you've
completed the traditional unlisting request...
--
John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
---
Our government wants to do everything it can "for the children,"
except sparing them crushing tax burdens.
---
8 days until the 65th anniversary of D-Day
Re: Barracuda Blacklist
Neil Schwartzman wrote: Hold up now. Why did you goto emailreg.org?? That is the whitelisting service. I'd go ahead and request a delist at http://www.barracudacentral.org/rbl/removal-request Worked well for me. Good question. I went to emailreg.org because the bounce I got back directed me to this page http://www.barracudacentral.org/reputation?r=1 which included this quarter-page ad: --- One way to get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org. Email administrators can configure their systems to use EmailReg.org to apply policy to inbound email. Emails from domain names and IP addresses that are properly registered on EmailReg.org can be automatically exempted from spam filtering defense layers on Barracuda Spam Firewalls, preventing your email from being accidentally blocked. --- But you have an excellent point. And I am NOT trying to be sarcastic when I say I was trying for a more or less permanent solution and I actually completely missed the point that I could have continued with the more traditional process and request to be de-listed. So I was NOT compelled to send them money and I did have another option that I ignored. That was dumb of me. And in the spirit of full disclosure...the other good news is the IP in our block that was being blocked back in early April is no longer blocked. Not sure why (as I am also not sure why we were blocked in the first place). But happy about it none the less. However, I do still feel it is a little self-serving to block someone and then "offer" to unblock them for money. Thank you Neil for pointing out what I missed. -- Andy Dorman Ironic Design, Inc. AnteSpam.com, HomeFreeMail.com, ComeHome.net
Re: Barracuda Blacklist
On 29/05/09 9:32 AM, "Andy Dorman" wrote: > Neil Schwartzman wrote: >> >> Given the huge amount of bumph I've seen and heard about emailreg.org, I >> figured it would be an interesting experiment to see if what everybody >> feared was happening was true. It isn't. No big extortion plan on the part >> of emailreg and Barracuda that I can see. >> > Neil, I certainly respect what you are saying based on the information you > have. > > However, I have a fact to toss out about emailreg.org. > > I run a small email filtering company with a small cluster of servers for load > balancing and reliability. In early April I found I was unable to send email > to > a new customer. They were currently using the Barracuda Networks Reputation > system and it was blocking my emails. I found this somewhat silly considering > we receive over 500 million emails a month but rarely ever SEND email (we only > filter incoming email so far). ie, our outgoing email is mostly just business > correspondence and filter stats reports to our customers. > > And then I got to emailreg.org and found that: > [...] > Just wanted you to have ALL the facts when considering emailreg.org. Hold up now. Why did you goto emailreg.org?? That is the whitelisting service. I'd go ahead and request a delist at http://www.barracudacentral.org/rbl/removal-request Worked well for me. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
Neil Schwartzman wrote: Given the huge amount of bumph I've seen and heard about emailreg.org, I figured it would be an interesting experiment to see if what everybody feared was happening was true. It isn't. No big extortion plan on the part of emailreg and Barracuda that I can see. Neil, I certainly respect what you are saying based on the information you have. However, I have a fact to toss out about emailreg.org. I run a small email filtering company with a small cluster of servers for load balancing and reliability. In early April I found I was unable to send email to a new customer. They were currently using the Barracuda Networks Reputation system and it was blocking my emails. I found this somewhat silly considering we receive over 500 million emails a month but rarely ever SEND email (we only filter incoming email so far). ie, our outgoing email is mostly just business correspondence and filter stats reports to our customers. And then I got to emailreg.org and found that: 1. I could not find out WHY our IPs (we have a block of 32 for the cluster of servers that my email was being sent from) were being listed 2. I would have to pay a competitor to get off this list and be able to send any correspondence to anyone using the Barracuda Networks Reputation system. 3. Given how our email system is set up (multiple servers on multiple IPs supporting many, many domains) I could not even begin to figure out how to fill out their on-line forms nor how much money it would eventually cost us. In fact, if we add outgoing filtering to our service, our expense to be "allowed" to send our customer's valid emails would probably run into the hundreds of thousands of dollars. So, in order to do legitimate business filtering spam, not sending it, we must pay a competitor to let our email reach a new customer? I would not mind so much if someone would tell us WHY they are blocking our IPs so we could fix whatever it is. But even that has been denied to us. I finally gave up and phoned our new customer to explain why they could not get our emails and we handled setting up their service with us via subsequent phone calls. And I desperately hope emailreg.org either unblocks our IPs or goes out of business by the time we start offering outgoing filtering. If not then our only recourse may be the courts. And NOBODY wins when it gets to that point. Just wanted you to have ALL the facts when considering emailreg.org. -- Andy Dorman Ironic Design, Inc. AnteSpam.com, HomeFreeMail.com, ComeHome.net
Re: Barracuda Blacklist
On 28.05.09 14:12, Neil Schwartzman wrote: > * see the attachment for gross numbers, sorry, I can't show you specifics. [-- Attachment #2: DNSBL Summary.pdf --] [-- Type: video/x-flv, Encoding: base64, Size: 182K --] ... nice joke I'd say. Is there any reason not to put the att. somewhere to the web/ftp(/gopher)? -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 21:16 -0400, Neil Schwartzman wrote:
> On 28/05/09 9:03 PM, "Karsten Bräckelmann" wrote:
>
> > Incentive for you, to get em delisted from BRBL. The funky question is,
> > is BRBL part of your weighted blacklist metric?
>
> BRBL was and is in test mode for possible use against our whitelists.
>
> Given the huge amount of bumph I've seen and heard about emailreg.org, I
> figured it would be an interesting experiment to see if what everybody
> feared was happening was true. It isn't. No big extortion plan on the part
> of emailreg and Barracuda that I can see.
Good to hear.
> Fact is, while I think the reasons behind the initial listings are suspect,
> or misguided, or wrong, there is ZERO evidence I've seen or experienced that
> you need to pay emailreg.org to get delisted or stay delisted which is
> precisely as it should be.
>
> My incentive was that, and some early-morning OCD.
>
> This is the only time I have ever delisted a client IP, and there are a raft
> of DNSBL operators to back me up on that one. Our clients get listed, I want
> to know why, but I never ever ever ask for delistings. Ever. Why would I?
Exactly. :) Sounds good for the ReturnPath accreditation service. As
well as the BRBL delisting policy.
And even more a reason, to understand the state of "suspended" regarding
those IPs you checked that are in suspended state. Maybe limited to
those 20-odd still being listed by BRBL. This question, what suspended
means for those, is what covers the second half of this ping-pong.
BTW, explicitly asking or delisting of good IPs as well as a few known
bad ones (aka "suspended for violation") tells a LOT about the
reputation of a blacklist, if they keep the bad ones listed despite your
delisting request.
It is, however, unclear from your posts, if they managed to do that. Or,
why some senders are suspended in the first place. And how many of the
samples are actually suspended. If I don't know the samples under
evaluation, I can't trust the outcome. I don't even know if they have
been dead-on, or merely got the 50% average coverage.
A crucial point when discussing the reputation of any service.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
On 28/05/09 9:03 PM, "Karsten Bräckelmann" wrote: > Incentive for you, to get em delisted from BRBL. The funky question is, > is BRBL part of your weighted blacklist metric? BRBL was and is in test mode for possible use against our whitelists. Given the huge amount of bumph I've seen and heard about emailreg.org, I figured it would be an interesting experiment to see if what everybody feared was happening was true. It isn't. No big extortion plan on the part of emailreg and Barracuda that I can see. Fact is, while I think the reasons behind the initial listings are suspect, or misguided, or wrong, there is ZERO evidence I've seen or experienced that you need to pay emailreg.org to get delisted or stay delisted which is precisely as it should be. My incentive was that, and some early-morning OCD. This is the only time I have ever delisted a client IP, and there are a raft of DNSBL operators to back me up on that one. Our clients get listed, I want to know why, but I never ever ever ask for delistings. Ever. Why would I? -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 20:32 -0400, Neil Schwartzman wrote:
> On 28/05/09 8:19 PM, "Karsten Bräckelmann" wrote:
>
> >> Could be any of those. Why does it matter? Suspended IPs aren't on the
> >> list.
> >
> > Thus there's little or no incentive to get em delisted from blacklists,
> > no?
(That was the sarcastic, introductory question. The real meat comes in
the part you snipped.)
> \I don't understand your question. Incentive to whom? The client? Of course
Incentive for you, to get em delisted from BRBL. The funky question is,
is BRBL part of your weighted blacklist metric?
Let me get back a couple posts. So you checked a list of active and
suspended IPs against BRBL. Suspended *might* mean, the customer abused
your service and terms of accreditation. That would explain why they
keep being listed black, no? And thus puts the remaining contradicting
listings (and suspensions on your end) into perspective.
That's why it matters what "suspended" regarding the list of IPs you
tried getting delisted from BRBL translates to. Suspended for which of
that wide range of reasons?
> Check the PDF table I sent earlier. You will see very few dnsbl hits for IPs
> on, and even off our lists. Do your own check. Query our lists and
I'm not questioning your service, nor metrics. All I asked for is what
"suspended" in this very context and with the list you where talking
about really means.
After all, we're talking about the reputation of a blacklist. And since
"blacklisted for a valid reason" is part of the term "suspended", we
need to understand the meaning of a suspended state, at least regarding
all those IPs in that list, to judge the rating by the blacklist under
discussion.
Put into perspective.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
On 28/05/09 8:19 PM, "Karsten Bräckelmann" wrote: >> Could be any of those. Why does it matter? Suspended IPs aren't on the >> list. > > Thus there's little or no incentive to get em delisted from blacklists, > no? \I don't understand your question. Incentive to whom? The client? Of course there is. Beyond their normal problems encountered due to such a listing, they can be suspended from the whitelist until the blacklisting is addressed. Which means they are paying us for a service they aren't able to avail themselves of. They thus have plenty of incentive to work out the issues and get things fixed. Check the PDF table I sent earlier. You will see very few dnsbl hits for IPs on, and even off our lists. Do your own check. Query our lists and x-reference them to DNSBLs. Depending upon the dnsbl, we may warn, or suspend, for a single IP hit. (we prioritized our DNSBL use plan by weight, with the input of some senders, the MAAWG technical advisory board, some receivers (large ISPs)). The approach is published at support.senderscorecertified.com (this site might be down at the moment). Chronic DNSBL listings, or those affecting large proportions of a client IP space, or repeated offenses earns a client a trip to the woodshed, and if that doesn't get them to correct their errant ways, we invite them to no longer darken our door. It isn't worth it to them, nor to us. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 18:06 -0600, J.D. Falk wrote:
> Karsten Bräckelmann wrote:
> > > Suspended = removed from the whitelist, live in the client account
> > Suspended on request by the client, suspended due to complaints pending
> > investigation, or forcefully suspended due to abuse and violating the
> > terms of accreditation?
>
> Could be any of those. Why does it matter? Suspended IPs aren't on the list.
Thus there's little or no incentive to get em delisted from blacklists,
no?
It does matter in this context, cause that list (including suspended
IPs) is being checked against a blacklist. If it really could be any of
those reasons, the latter one would explain IPs staying on the blacklist
and / or getting re-listed again.
That's why it matters in the context of the reputation of a blacklist,
and why I asked what that term really means.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
On 28/05/09 8:06 PM, "J.D. Falk" wrote: > Karsten Bräckelmann wrote: > >>> Enabled = on the whitelist >>> Suspended = removed from the whitelist, live in the client account >>> Disabled = removed from the client account >> >> Suspended on request by the client, suspended due to complaints pending >> investigation, or forcefully suspended due to abuse and violating the >> terms of accreditation? > > Could be any of those. Or more. Suspended because of rDNS issues, suspended because the client hasn't used them in the past 30 days ... I realize I owe this group a list of things we check. Stand by. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
Karsten Bräckelmann wrote: Enabled = on the whitelist Suspended = removed from the whitelist, live in the client account Disabled = removed from the client account Suspended on request by the client, suspended due to complaints pending investigation, or forcefully suspended due to abuse and violating the terms of accreditation? Could be any of those. Why does it matter? Suspended IPs aren't on the list. -- J.D. Falk Return Path Inc http://www.returnpath.net/
RE: Barracuda Blacklist
Speaking of red herrings ... No, I do not believe that emailreg is particularly laughing, nor making numerous trips to any bank. Yes, barracuda sponsors emailreg - and NOT the other way around. As an aside, we have a few company "cuda cars" around here (saves on rentals) but they're mostly little Scions. If there was any shred of truth to the wild speculations about thousands of emailreg signups per day, there would probably be expensive "EMAILREG" sportscars filling the lot on meeting days, but the reality is more like they can't even afford their first Scion. I'm a recent sign-up to this list - more to learn than to represent - but this unrestrained wild speculation has gone far beyond the ridiculous. I might be able to address some *reasonable* questions about Barracuda and/or emailreg. The emailreg fee should really be looked upon as a CAPTCHA-like test, and a rate-limit to abuse. As the owner of a now-defunct whitelisting attempt from (>10) years ago, I can state from personal experience that abusers _will_ try. Paying is NOT the only way onto the emailreg list, it's just currently the only way to self-nominate. A portion of my responsibility here at Barracuda is to nominate additional hosts based on observed performance. Even before I joined the effort, hundreds of thousands had been exported in this fashion: http://www.emailreg.org/index.cgi?p=news&id=3 If someone cares to begin a separate thread here about emailreg, I will attend. But can we please redirect this thread back to the original _blacklist_ question? Bob "O`Bob" O'Brien -Original Message- From: Rob McEwen [mailto:r...@invaluement.com] Sent: Thursday, May 28, 2009 8:10 AM To: users@spamassassin.apache.org Subject: Re: Barracuda Blacklist Karsten Bräckelmann wrote: > We're not going down the path of judging blacklists based on whitelists > or certification services, or vice versa, do we? > If the whitelist involves possibly questionable business practices (trying to reserve judgment here), then the information that Neil provided _should_ be factored into any such decision. One thing is for sure, (extortionist or not) Barracuda (or whoever owns emailreg.org) is laughing its way to the bank. The more SA usage of its list, the more $$ that goes to emailreg.org... I'm sure that they will be very happy if/when BRBL gets added to SA by default. And to not factor this into such decisions... and turn a convenient blind eye... is tantamount to the SA community acting like a bunch of sluts... grabbing onto any freebee spam tool, regardless of these other implications. However, if it can be shown, after careful consideration, that everyone (or the SA powers that be) is OK with BRBL/emailreg.org business practices... that is one thing. But to sweep this under the rug is another very very sad and possibly unethical thing. > BTW, Neil, may I remind you... "red herring" -- Check out the Barracuda Spam & Virus Firewall - offering the fastest virus & malware protection in the industry: www.barracudanetworks.com/spam
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 15:52 -0400, Neil Schwartzman wrote:
> On 28/05/09 3:09 PM, "Karsten Bräckelmann" wrote:
>
> > I was merely arguing that not all blacklistings are necessarily bad,
> > just because they happen to be listed in SSC (or any other whitelist for
> > that matter), as I understood your post.
>
> Re-reading what I wrote, I can't see where you got that impression. Please
> educate me as to how I could have written my post better.
I guess it was the fact that you more than once stated the reason for
listing in BRBL *is* foo, although the snippet of evidence you showed
for that clearly claimed it *might* be the reason, one possibility out
of a number of reasons, with a few common ones listed. Of which you
picked two to jump on.
Anyway, later in the thread you clearly said you where actually not
arguing /based/ on being RP Certified. Hence me specifically qualifying
my statements with how I understood yours.
> > Maybe I should have uppercased
> > all words like ONLY or SOLE like you, so you don't skip them.
>
> Yes thanks, since apparently my linguistic skills aren't up to snuff. Damned
> that degree in English Literature from a second-rate university.
See, that might be it. I don't have a degree in English Literature. And
as a matter fact, English isn't my mother tongue, either -- so if you
get too fancy with your language, you might lose your readers. ;)
> > (BTW, the term "suspended" is quite irritating in this context.)
>
> I use the nomenclature we have been using for 3 years, developed without
> public consultation.
No need for public consultation, but without public disclosure of
internal nomenclature, a term's exact definition might not be clear to
everyone, leaving room for interpretation. Hence me implicitly asking.
> Enabled = on the whitelist
> Suspended = removed from the whitelist, live in the client account
> Disabled = removed from the client account
Suspended on request by the client, suspended due to complaints pending
investigation, or forcefully suspended due to abuse and violating the
terms of accreditation?
My irritation might also come from the fact, that "suspended user" was
used in the sense of terminated, "shut down account" in the resolution
note of my ticket with SSSL / SSC.
I don't whine about FNs by accreditation services or disable whitelists.
That would be easy. I report abuse, in an attempt to make the service
better and for everyone to benefit by that. As you might recall from the
dev list, Neil. ;)
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
Neil Schwartzman a écrit : > > > On 28/05/09 9:35 AM, "Matt" wrote: > >> Is there a reason the Barracuda blacklist is not in the official checks by >> Spamassassin yet? I keep thinking sometime "sa-update -D" will add it but >> have yet to see it. > > > I would like to add some perspective to potential use of the BRBL. > > Three weeks ago, I began requesting de-listings of any IP (active or > suspended) on Certified that was listed on the Barracuda BRBL. When I > started on April 29 there were 431 such IPs, as of today there are 22, of > those there are 5 repeat listings. > it seems to me that they do list based on reporting (automated or "any silly user click here to report spam" button). they once listed my old-chool forwarder, which does forward spam because it forwards every mail for those who activate the forwarding (and even if they run a good SA setup, I want to check my messages on my own SA). the IP was delisted after it was added to DNSWL, but the event was enough for me not to use BRBL at smtp time. That said, I use it in SA with a high score (actually more than 5. but I do check my junk folder...). I also use it at smtp time for some sender patterns. In either case, it catches many snowshoe spammers (I also have a local DNSBL, but I prefer to avoid maintenance work as much as possible). to summarize: BRBL is good, but it's still a new list... > [snip]
Re: Barracuda Blacklist
On 28/05/09 3:09 PM, "Karsten Bräckelmann" wrote: > I was merely arguing that not all blacklistings are necessarily bad, > just because they happen to be listed in SSC (or any other whitelist for > that matter), as I understood your post. Re-reading what I wrote, I can't see where you got that impression. Please educate me as to how I could have written my post better. I said they were false positive because - they were unique to the BRBL - the reasoning presented behind the listings (compromised host/CANSPAM non-compliance) was not substantiated by listings on other established DNSBLs - if there were a valid reason behind the listing, the removals would have been overturned, like, for instance, when you self-delist from the Sender Score DNSBL or CBL, and your host is still compromised. > Maybe I should have uppercased > all words like ONLY or SOLE like you, so you don't skip them. Yes thanks, since apparently my linguistic skills aren't up to snuff. Damned that degree in English Literature from a second-rate university. > (BTW, the term "suspended" is quite irritating in this context.) I use the nomenclature we have been using for 3 years, developed without public consultation. Enabled = on the whitelist Suspended = removed from the whitelist, live in the client account Disabled = removed from the client account -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038 The opinions contained herein are my personal stance and may not reflect the viewpoint of Return Path Inc.
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 14:12 -0400, Neil Schwartzman wrote:
> On 28/05/09 11:39 AM, "Karsten Bräckelmann" wrote:
> > Wait, I was /not/ justifying emailreg.org -- actually not even talking
> > about it, but the certification service SSC as a sole base to overrule
> > any other listing.
>
> I am not arguing that RP Certified is the basis here. I am showing you that
> I found a bunch of IPs that happen to be enabled or suspended from the
> Certified programme to be anomalously listed by the BRBL ONLY *, I delisted
> them and they have stayed that way. That is pretty weird. Those were false
> positives. That is of concern to ANYONE using the BRBL, or any other DNSBL.
>
> You are calling my research/experience with the BRBL into question because
> we also happen to run a whitelist? Wow.
I never questioned your research. If you read my posts carefully you'll
realize that I even do agree those to be FPs. They have been removed
from BRBL, which clearly shows this.
Moreover I did NOT argue on the mere fact you happen to run a whitelist.
I was showing that all lists do occasionally have bad listings, be it
BRBL, SSC or ZEN.
I was merely arguing that not all blacklistings are necessarily bad,
just because they happen to be listed in SSC (or any other whitelist for
that matter), as I understood your post. Maybe I should have uppercased
all words like ONLY or SOLE like you, so you don't skip them.
(BTW, the term "suspended" is quite irritating in this context.)
> On 28/05/09 10:42 AM, "Karsten Bräckelmann" wrote:
>
> > BTW, Neil, may I remind you about the spam, unsolicited bulk advertising
> > mail with my address obviously harvested or bought -- whitelisted both
> > by Habeas SafeList and Sender Score Certified? ;) Reported, and the
> > offender got de-listed.
>
> 1 spam.
1 example. To prove the point. But I don't feel like repeating myself.
Sorry I'm not an ISP. But if you insist, and to put this into
perspective, that accounts for a mis-fire rate of roughly 2%.
> OK. I get the fact that you don't like the whitelists, no-one is
> forcing you to use them, so let's drop the red herring (as Rod so aptly put
> it), shall we?
Jumping to conclusions, unsubstantiated.
Not what I said, neither implied. I *am* using whitelists, and yes, I am
using SSC. Voluntarily.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
On 28-May-2009, at 09:26, Sean Leinart wrote: Yes. Barracuda is a scam. Can you elaborate a bit? Thanks :0) Barracuda is run by the same people that run emailreg.org which is a $20/year subscription per domain to not be listed in Barracuda's blacklist. Barracuda's policy seems to be to list random domains in their blacklist without providing any proof of spamming, and then refer you to emailreg.org to pay to have your domain removed. They are scum. -- Quis custodiet opsos custodes
Re: Barracuda Blacklist
I would suggest that pay for play delisting fees, like those at backscatterer.org, blur the line extremely between the spammers who abuse us and the services that try to make money off legitimate servers who follow RFCs. And too, what's to say that the spammers themselves are intimately involved in the pay for play delisting services? Why, spammers can create the need for the delisting payments simply by increasing the spam output and make more money and and at both ends. Ron Smith postmas...@pmbx.net "Having an email problem is painful, but character-building." On May 28, 2009, at 9:47 AM, Neil Schwartzman wrote: On 28/05/09 9:35 AM, "Matt" wrote: Is there a reason the Barracuda blacklist is not in the official checks by Spamassassin yet? I keep thinking sometime "sa-update -D" will add it but have yet to see it. I would like to add some perspective to potential use of the BRBL. Three weeks ago, I began requesting de-listings of any IP (active or suspended) on Certified that was listed on the Barracuda BRBL. When I started on April 29 there were 431 such IPs, as of today there are 22, of those there are 5 repeat listings. Of interest is the verbiage Barracuda sends to listees, stating repeatedly that the IP is on a compromised host. I suspect this is incorrect as these IPs never had listings on other DNSBLs dealing with such issues, like the CBL. They also assert the mail is not CANSPAM compliant. This would imply either using the Lashback DNSBL or similar service if such exists, or manual parsing of the payload. None of the listed IPs showed up on the Lashback list. I dont know what to make of this. One aspect of note is their heavy reference during the delisting process to their pay-for-play whitelist, Emailreg.org (I signed up one of my domains at the service to see how it worked). They suggest that registration therein will help to avoid inadvertent listings, but that does raise the question how a listing due to compromise or lack of CANSPAM compliance could ever be inadvertent. I certainly do not think we should ever suggest or recommend to clients to make use of the Emailreg.org service, it works on a per domain basis and this could become very expensive for large senders at $20/each. Also, it is not clear if domains and sub-domains are treated as equivalents. - Thank you for contacting Barracuda Networks regarding your issue. Your issue is important to us. We have assigned a confirmation number: BBR2124460-MUNGED to this case. We apologize for any inconvenience that this may have caused you. Since this is is your first request for this IP, the reputation of this IP address will be temporarily upgraded from "poor" for 48 hours *or* until we complete our investigation. When our investigation is complete, you will receive a decision via email. It may take up to 1 hour for the changes in the Barracuda Reputation System to propagate to all the Barracuda Spam Firewalls in the world. There are a number of reasons your IP address may have been listed as "poor", including: 1. The email server at this IP address contains a virus and has been sending out spam 2. The email server at this IP address may be configured incorrectly 3. The PC at this IP address may be infected with a virus or botnet software program 4. An individual in the organization at this IP address may have a PC infected with a virus or botnet program 5. This IP address may be a dynamic IP address which was previously utilized by a known spammer 6. The marketing department of a company at this IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act 7. This IP address may have a insecure wireless network attached to it which could allow unknown users to use it's network connection to send out bulk email 8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038 The opinions contained herein are my personal stance and may not reflect the viewpoint of Return Path Inc.
Re: Barracuda Blacklist
On 28/05/09 10:42 AM, "Karsten Bräckelmann" wrote: > Yes, every list does have occasional FPs. So your point about those 22 > listings is what exactly? My point is the 409 false positives. Sorry if I was unclear or obtuse. -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 11:10 -0400, Rob McEwen wrote:
> Karsten Bräckelmann wrote:
> > We're not going down the path of judging blacklists based on whitelists
> > or certification services, or vice versa, do we?
>
> If the whitelist involves possibly questionable business practices
> (trying to reserve judgment here), then the information that Neil
> provided _should_ be factored into any such decision.
Wait, I was /not/ justifying emailreg.org -- actually not even talking
about it, but the certification service SSC as a sole base to overrule
any other listing.
Also, I was not arguing in favor or against BRBL being added to SA by
default. I do agree, that the whole picture should be taken into account
and carefully evaluated. However, I believe this isn't the best place
for that discussion.
> However, if it can be shown, after careful consideration, that everyone
> (or the SA powers that be) is OK with BRBL/emailreg.org business
> practices... that is one thing. But to sweep this under the rug is
> another very very sad and possibly unethical thing.
I did /not/, and I wasn't even touching the topic of possibly adding
BRBL to SA by default.
> > BTW, Neil, may I remind you...
> "red herring"
No. Just proving the point that no list is perfect, and no list may be
used to overrule all other listing techniques. After all Neil was
arguing that the listings are bad just because they are paying customers
to Sender Score Certified.
I might as well have said "grep this lists archive for complaints". Or
ask the SA bugzilla.
Anyway, even though the motivation for Neil to get them off of BRBL is
protecting customers, I am still happy to see this effort. Any listing
actually being removed is proof of the list being cleaned.
That's something we all benefit from.
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
Neil Schwartzman wrote: - Thank you for contacting Barracuda Networks regarding your issue. ... There are a number of reasons your IP address may have been listed as "poor", including: ... 8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured I have seen this in less than 'rare' cases. It's quite easy using the Barracuda web admin to apply PBL or other dynamic range lists to all IPs found in ALL Received headers. You will certainly get "less spam". :-) Ken -- Ken Anderson Pacific Internet - http://www.pacific.net
RE: Barracuda Blacklist
> -Original Message- > From: LuKreme [mailto:krem...@kreme.com] > Sent: Thursday, May 28, 2009 11:19 AM > To: users@spamassassin.apache.org > Subject: Re: Barracuda Blacklist > > > On 28 May 2009, at 07:35, Matt wrote: > > > Is there a reason the Barracuda blacklist is not in the official > > checks by Spamassassin yet? > > Yes. Barracuda is a scam. > > > I keep thinking sometime "sa-update -D" will add it but have yet to > > see it. > > And hopefully you never will. > > > > Yes. Barracuda is a scam. > > Can you elaborate a bit? Thanks :0) > > __ Information from ESET NOD32 Antivirus, version of virus signature database 4109 (20090527) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
Re: Barracuda Blacklist
On 28 May 2009, at 07:35, Matt wrote: Is there a reason the Barracuda blacklist is not in the official checks by Spamassassin yet? Yes. Barracuda is a scam. I keep thinking sometime "sa-update -D" will add it but have yet to see it. And hopefully you never will.
Re: Barracuda Blacklist
Karsten Bräckelmann wrote: > We're not going down the path of judging blacklists based on whitelists > or certification services, or vice versa, do we? > If the whitelist involves possibly questionable business practices (trying to reserve judgment here), then the information that Neil provided _should_ be factored into any such decision. One thing is for sure, (extortionist or not) Barracuda (or whoever owns emailreg.org) is laughing its way to the bank. The more SA usage of its list, the more $$ that goes to emailreg.org... I'm sure that they will be very happy if/when BRBL gets added to SA by default. And to not factor this into such decisions... and turn a convenient blind eye... is tantamount to the SA community acting like a bunch of sluts... grabbing onto any freebee spam tool, regardless of these other implications. However, if it can be shown, after careful consideration, that everyone (or the SA powers that be) is OK with BRBL/emailreg.org business practices... that is one thing. But to sweep this under the rug is another very very sad and possibly unethical thing. > BTW, Neil, may I remind you... "red herring" -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Barracuda Blacklist
> On 28/05/09 9:35 AM, "Matt" wrote: > > > Is there a reason the Barracuda blacklist is not in the official checks by > > Spamassassin yet? I keep thinking sometime "sa-update -D" will add it but > > have yet to see it. On 28.05.09 09:47, Neil Schwartzman wrote: > Of interest is the verbiage Barracuda sends to listees, stating repeatedly > that the IP is on a compromised host. I suspect this is incorrect as these > IPs never had listings on other DNSBLs dealing with such issues, like the > CBL. The fact the IP is not on other lists does NOT mean it's not compromised. Do they show received spam? > They also assert the mail is not CANSPAM compliant¹. Does anyone care about the "You can spam" act from the spamfighter's point of view? > One aspect of note is their heavy reference during the delisting process to > their pay-for-play whitelist, Emailreg.org (I signed up one of my domains > at the service to see how it worked). They suggest that registration therein > will help to avoid inadvertent¹ listings, but that does raise the question > how a listing due to compromise or lack of CANSPAM compliance could ever be > inadvertent. > > I certainly do not think we should ever suggest or recommend to clients to > make use of the Emailreg.org service, it works on a per domain basis and > this could become very expensive for large senders at $20/each. Also, it is > not clear if domains and sub-domains are treated as equivalents. not this is a problem and this should be strongly considered if anyone (including SA) wants to use their blacklist... However the emailreg.org was mentioned here already, iirc. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol.
Re: Barracuda Blacklist
On Thu, 2009-05-28 at 09:47 -0400, Neil Schwartzman wrote:
> I would like to add some perspective to potential use of the BRBL.
>
> Three weeks ago, I began requesting de-listings of any IP (active or
> suspended) on Certified that was listed on the Barracuda BRBL. When I
> started on April 29 there were 431 such IPs, as of today there are 22, of
> those there are 5 repeat listings.
We're not going down the path of judging blacklists based on whitelists
or certification services, or vice versa, do we?
Every such list or service has FPs, at least occasionally. In a scoring
system this is not a problem, since a single mis-fire will not harm the
message.
BTW, Neil, may I remind you about the spam, unsolicited bulk advertising
mail with my address obviously harvested or bought -- whitelisted both
by Habeas SafeList and Sender Score Certified? ;) Reported, and the
offender got de-listed.
Yes, every list does have occasional FPs. So your point about those 22
listings is what exactly?
> Of interest is the verbiage Barracuda sends to listees, stating repeatedly
> that the IP is on a compromised host.
Referring to the response you quoted? They did NOT state it IS. They
stated it MAY be the reason, out of a number of reasons.
> They also assert the mail is "not CANSPAM compliant".
Same. s/is/may/# hint to Neil: substitute "is" by "may" ;-)
Arguing about one error-prone system by considering a single other
error-prone system is a slippery slope.
guenther
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: Barracuda Blacklist
On 28/05/09 9:35 AM, "Matt" wrote: > Is there a reason the Barracuda blacklist is not in the official checks by > Spamassassin yet? I keep thinking sometime "sa-update -D" will add it but > have yet to see it. I would like to add some perspective to potential use of the BRBL. Three weeks ago, I began requesting de-listings of any IP (active or suspended) on Certified that was listed on the Barracuda BRBL. When I started on April 29 there were 431 such IPs, as of today there are 22, of those there are 5 repeat listings. Of interest is the verbiage Barracuda sends to listees, stating repeatedly that the IP is on a compromised host. I suspect this is incorrect as these IPs never had listings on other DNSBLs dealing with such issues, like the CBL. They also assert the mail is not CANSPAM compliant¹. This would imply either using the Lashback DNSBL or similar service if such exists, or manual parsing of the payload. None of the listed IPs showed up on the Lashback list. I don¹t know what to make of this. One aspect of note is their heavy reference during the delisting process to their pay-for-play whitelist, Emailreg.org (I signed up one of my domains at the service to see how it worked). They suggest that registration therein will help to avoid inadvertent¹ listings, but that does raise the question how a listing due to compromise or lack of CANSPAM compliance could ever be inadvertent. I certainly do not think we should ever suggest or recommend to clients to make use of the Emailreg.org service, it works on a per domain basis and this could become very expensive for large senders at $20/each. Also, it is not clear if domains and sub-domains are treated as equivalents. - Thank you for contacting Barracuda Networks regarding your issue. Your issue is important to us. We have assigned a confirmation number: BBR2124460-MUNGED to this case. We apologize for any inconvenience that this may have caused you. Since this is is your first request for this IP, the reputation of this IP address will be temporarily upgraded from "poor" for 48 hours *or* until we complete our investigation. When our investigation is complete, you will receive a decision via email. It may take up to 1 hour for the changes in the Barracuda Reputation System to propagate to all the Barracuda Spam Firewalls in the world. There are a number of reasons your IP address may have been listed as "poor", including: 1. The email server at this IP address contains a virus and has been sending out spam 2. The email server at this IP address may be configured incorrectly 3. The PC at this IP address may be infected with a virus or botnet software program 4. An individual in the organization at this IP address may have a PC infected with a virus or botnet program 5. This IP address may be a dynamic IP address which was previously utilized by a known spammer 6. The marketing department of a company at this IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act 7. This IP address may have a insecure wireless network attached to it which could allow unknown users to use it's network connection to send out bulk email 8. In some rare cases, your recipients' Barracuda Spam Firewall may be misconfigured -- Neil Schwartzman Director, Accreditation Security & Standards Certified | Safelist Return Path Inc. 0142002038 The opinions contained herein are my personal stance and may not reflect the viewpoint of Return Path Inc.
