Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming? - the MEME

[Andrew C Aitchison via mailop]

On Thu, 5 Aug 2021, G. Miliotis via mailop wrote:


On 2021-08-05 21:51, Brielle via mailop wrote:



Looks like some of the topics of the spam is starting to gravitate towards 
current events...


ESP to spamming customer: "improve the quality of your mailings, stop sending 
people mail they don't want or we will have to ask you again to stop, 
repeatedly - btw your invoice is due"


Would it help if the ESPs charged extra for messages that
were not accepted ?
Or would that
   a) encourage list-washing
   b) give ESPs perverse incentives that increased spam ?

I assume that automation and competition means that margins for ESPs
are too tight for them to have a competent person in (some branches of) 
the loop ?

One thought would be that after a certain number of failed deliveries
the message is frozen until cleared by a human.

--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Slavko via mailop]

Hi,

Dňa Sat, 07 Aug 2021 19:15:57 +1000 Noel Butler via mailop
 napísal:

> So you think it's better to have the potential to inconvenience
> 
> over the likelihood of a dozen or so people who may have loss of a
> legit mail?
> 
> I'm not one to bow to the tiny minorities, also, T's are most clear.
> 

Your server, your rules, no doubts.

I only hope, that your users are aware of this and you have it in this
clean (not lawyer, which not many understand) form in your policy...

regards

-- 
Slavko
http://slavino.sk


pgpEUQuaPBDWU.pgp
Description: Digitálny podpis OpenPGP
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Hans-Martin Mosner via mailop]

Am 07.08.21 um 11:15 schrieb Noel Butler via mailop:
>
>
> So you think it's better to have the potential to inconvenience
>
> MariaDB [vmail]> select count(*) from virtual_users where active='1';
> +--+
> | count(*) |
> +--+
> |  836019 |
> +--+
>
> over the likelihood of a dozen or so people who may have loss of a legit mail?
>
> I'm not one to bow to the tiny minorities, also, T's are most clear.
>
Of course, your server, your rules (especially if your users understand and 
agree with them).

In my case, the spam inconvenience per affected user was vastly smaller than 
the possible inconvenience and financial
loss of the handful users who would have missed mail that they explicitly 
requested.

I'm taking pretty extensive measures to keep the spam amount coming from 
SendGrid and other similar service to a
minimum, so the spam inconvenience should already be very low. One effective 
measure is to put every SendGrid mail with
an as yet unknown sender id on hold, check whether it looks like a spam run 
(multiple users addressed from someone they
never before had a contact with) and either releasing mail from hold (and 
adding the id into the list of acceptable
senders) or reporting to SendGrid and blocking the sender id for good.

Of course I would love to see more proactive spam prevention and more swift 
action on the part of SendGrid to curb the
number of spam mails sent, there's plenty room for improvement. On the servers 
that I control, an account caught sending
unrequested mail (whether intentionally or through an exploit) will be 
suspended until the problem is resolved with the
account owner.

I'd expect similar policies to be established wherever the owner of the mail 
infrastructure isn't the one deciding what
gets sent, be it ESPs or freemail providers. Some reasonable amount of 
fraudulent registration detection would be nice
(and being a software developer, I would certainly see to implement something 
that has a noticeable effect) but I
understand that there are no off-the-shelf solutions for that and it might be 
difficult to create one, especially as the
freemail business doesn't yield revenue.

Cheers,
Hans-Martin

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Noel Butler via mailop]

On 06/08/2021 01:38, Jaroslaw Rafa via mailop wrote:


problem from
Google from time to time; especially when I post a lot to mailing lists 
like

this one, my mails start suddenly going to spam at Gmail).


I'm starting to like google again buwahahaha

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Noel Butler via mailop]

On 06/08/2021 00:08, Hans-Martin Mosner via mailop wrote:

5. August 2021 14:52, "Noel Butler via mailop"  
schrieb:



pt NEWSFLASH the blocking is to the advantage of end users


(sorry for inital empty response, mail program malfunction)

If you block only spammers you'd be right. But SendGrid is one of the 
sorry cases where you have spam and legit, sometimes important e-mails 
coming from the same network. Your users won't be happy if you reject 
their order confirmations or online tickets.


Cheers,
Hans-Martin


So you think it's better to have the potential to inconvenience

MariaDB [vmail]> select count(*) from virtual_users where active='1';
+--+
| count(*) |
+--+
|  836019 |
+--+

over the likelihood of a dozen or so people who may have loss of a legit 
mail?


I'm not one to bow to the tiny minorities, also, T's are most clear.

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Andre van Eyssen via mailop]

On Thu, 5 Aug 2021, Hans-Martin Mosner via mailop wrote:

If you block only spammers you'd be right. But SendGrid is one of the 
sorry cases where you have spam and legit, sometimes important e-mails 
coming from the same network. Your users won't be happy if you reject 
their order confirmations or online tickets.


Blocking sendgrid would also lop off a large number of small self-hosted 
mail instances that use sendgrid for reasonable deliverability. Which 
boils down to actively punishing de-centralised mail.


--
Andre van Eyssen.  Phone: +61 417 211 788
mail: an...@purplecow.org  http://andre.purplecow.org
About & Contact:  http://www.purplecow.org/andre.html
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brett Schenker via mailop]

Coming from the political/non-profit side of things, when the revenue drops
is when they pay attention. If open rates are 0 or blocks are through the
roof, they take notice and will change their habits. The people that click
spend don't want to explain to their bosses why things have tanked.

On Thu, Aug 5, 2021 at 7:24 PM Anne P. Mitchell, Esq. via mailop <
mailop@mailop.org> wrote:

>
> Brielle wrote:
>
> > Litigation is WAY overused to resolve issues.
>
> I generally agree.  However, on the other hand it's a pretty good way to
> get the attention of people who *know* they are doing wrong, and continue
> to do it unrepentingly all the way to the bank.
>
> Anne "Cartoony at Large" Mitchell
>
> --
> Anne P. Mitchell,  Esq.
> Dean of Cyberlaw and Cyber Security, Lincoln Law School
> Author: Section 6* of the Federal Email Marketing Law (CAN-SPAM)
>  *Why yes, I *did* have a certain unrepentant coffee entity in mind
>when I wrote the vendor liability section of CAN-SPAM
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: MAPS Anti-Spam Blacklist
> Location: Boulder, Colorado
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>


-- 
Brett Schenker
Man of Many Things, Including
5B Consulting - http://www.5bconsulting.com
Graphic Policy - http://www.graphicpolicy.com

Twitter - http://twitter.com/bhschenker
LinkedIn - http://www.linkedin.com/in/brettschenker
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:41 AM, John Levine wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?


Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.



So, just an update...

I can confirm, for sure, that there's no actual Zoom / Sendgrid 
unsubscribe link in the spams based on the most recent spams that I 
allowed in to analyze.  Only 'unsubscribe' link (notice the quotes) is a 
highly questionable Google Forms 'unsubscribe' run by the spammer 
themselves.


In fact, and you are going to LOVE this, the spams, being sent through 
IPs with zoom RNDS, owned by Sendgrid, _don't even have any content that 
links to anything on zoom_.


All the content directs you to go to Google Forms (forms.gle) which then 
take down personal information which purports to be for the supposed 
zoom webinar.


I'm not kidding.  Zoom (by way of Sendgrid) are essentially allowing 
people to use their platform to send spam with no content linking 
directly back to Zoom - only to Google Forms (in this case).


What is going on over there, Zoom?  That's insane that you are allowing 
customers to basically use your Sendgrid account to pretty much send 
anything they want with no forced Zoom/Sendgrid unsubscribe link that 
the spammers have no control over.


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Chris via mailop]

There's also the notion of Canspam Act.  Where *both* the notion of 
spamming, and no unsubscribe options are illegal.


A few years ago, I constructed a complaint that resulted in a fairly 
large company receiving a fine.


I've got lots of samples in domains defunct for 20+ years, and others 
where users have never existed, maybe I should do it again.  I'm not 
sure if I'm seeing the vietnamese stuff, but there certainly is a lot of 
"loan shit".


Do note that Canspam makes little distinction between ESPs, customers 
and 3rd parties.


I'll have to talk to my contacts and see if this is on the menu at this 
time.


On 2021-08-05 11:41 a.m., John Levine via mailop wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?


Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Anne P. Mitchell, Esq. via mailop]

Brielle wrote:

> Litigation is WAY overused to resolve issues.

I generally agree.  However, on the other hand it's a pretty good way to get 
the attention of people who *know* they are doing wrong, and continue to do it 
unrepentingly all the way to the bank.

Anne "Cartoony at Large" Mitchell

--
Anne P. Mitchell,  Esq.
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6* of the Federal Email Marketing Law (CAN-SPAM)   
 *Why yes, I *did* have a certain unrepentant coffee entity in mind 
   when I wrote the vendor liability section of CAN-SPAM
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:41 AM, John Levine via mailop wrote:

It appears that Brielle via mailop  said:

There's also the matter of the lack of unsubscribe...  Has zoom
explained why they are allowing their customers to send unconfirmed
opt-out mail with no unsubscribe option?

Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.


As much as part of me would get a kick out of that...  I also don't know 
how much of a positive outcome it would have.


Admittedly, I come from this as a very rabid spam fighter...  But also 
these days as someone who maintains and consults e-commerce stuff 
(including marketing, somewhat to my own disappointment).


I want to work with people to solve these issues much in the way I hope 
someone would work with me if I was in a similar situation.


Litigation is WAY overused to resolve issues.

Unfortunately, as long as the promise of dump trucks of cash prove to be 
more of an influencing factor than being part of a properly functioning 
global internet...


Sigh.

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming? - the MEME

[G. Miliotis via mailop]

On 2021-08-05 21:51, Brielle via mailop wrote:



Looks like some of the topics of the spam is starting to gravitate 
towards current events...


ESP to spamming customer: "improve the quality of your mailings, stop 
sending people mail they don't want or we will have to ask you again to 
stop, repeatedly - btw your invoice is due"


spamming customer: goes through queue, deletes old spam mailings. Sends 
new spam dealing with current events, considers it "relevant" and 
therefore desirable. Sees nothing wrong with this.


The Internet: still doesn't block ESP

Users: Maybe I should buy one of those Vietnamese coronavirus masks - 
some die of coronavirus


Mail admins: FML

E-mail as a whole: In the ICU


Enjoy your summer everyone!
--GM



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 8:53 AM, Brielle via mailop wrote:

On 8/4/21 5:40 PM, Luke via mailop wrote:
The account in question was told they need to clean up their act about 
4 weeks ago.


Thank you for following up with this information.  Its much appreciated.



Just another followup, having looked through my logs, new subject lines 
from the Zoom/Sendgrid spams for those keeping score...


Khẩu Trang Diệt Virus Corona 99% - Luôn Đồng Hành Cùng Việt Nam Vượt Qua 
Đại Dịch - "Masks Kill Corona Virus 99% - Always Accompanying Vietnam to 
Overcome the Pandemic"


✅ [Tin buổi sáng] NHỮNG BẤT ĐỘNG SẢN NÀO CÓ NGUY CƠ GIẢM GIÁ? - "✅ 
[Morning News] WHAT REAL ESTATE RISK OF DISCOUNT?"



Looks like some of the topics of the spam is starting to gravitate 
towards current events...


--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/5/21 9:38 AM, Jaroslaw Rafa via mailop wrote:

Definitely your memory fails, or your understanding fails;). First, I was
not talking about "everyone who runs junk / spam filters", but specifically
about Google.


Bringing against one just opens the door for more.  The minute you 
create that opening, it's over.


This is why the mere mention of a lawsuit will make you the target of 
very unpleasant words and disgust.



Second, it was a part of a longer thread where somebody came
up earlier with an idea of a lawsuit, I only was discussing it further...

> 

Actually, to quote you from that thread (now that I have my laptop in 
front of me)...



Of course, nobody can succeed individually in a lawsuit against Google. But
maybe *all* senders who are facing this issue should unite and sue Google
together. Even if the lawsuit itself fails, it would probably get big media
coverage (especially if it will be presented as "discrimination" of small
senders by a big company, etc.), and that media coverage itself could cause
Google to rethink their policy... 


So yeah, you actually did kinda endorse this idea of a lawsuit.

But, I guess its all up to a matter of interpretation.




Specifically against google knowing it would fail… but you just wanted the
publicity.

And it was exactly explained in that email you are referring to why the
publicity. Because it's the only thing that can cause big companies running
over-aggressive and uncontrollable spam filters to change their behavior.



See, I have problems with deliiverability to Google and Hotmail all the 
time - both personal, and ecommerce order shipment notifications and the 
likes.


The only difference is, that I wouldn't ever dream of floating the idea 
of trying to force them legally to allow me to deliver mail, even if it 
was just for publicity reasons.


I can berate and criticize them here, on other mailing lists, on Reddit, 
on twitter, and elsewhere and have just as much of an effect without the 
whole cart00ney aspect.


Everyone knows I'm an extremely aggressive spam fighter.  Hell, I 
berated a guy who was dying from something that was trying to push his 
FUSSP a few years ago.


Yep, I'm that huge of an asshole.

But...  I respect Google's and Microsoft's right to handle their 
filtering their own way - even if I feel that as a much bigger 
gatekeeper they need to be much much more careful.



--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[John Levine via mailop]

It appears that Brielle via mailop  said:
>There's also the matter of the lack of unsubscribe...  Has zoom 
>explained why they are allowing their customers to send unconfirmed 
>opt-out mail with no unsubscribe option?

Good point.  That's one of the few things that is specifically illegal under 
CAN SPAM.

Perhaps we can collect them all and then sue both Sendgrid and Zoom.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 08:30:17 Brielle via mailop pisze:
> *squints her eyes as she recognizes the name Jaroslaw Rafa*
> 
> I may not have the best memory these days, but I seem to remember you are
> the one who wanted to bring lawsuits against everyone who runs junk / spam
> filters.
> 
> Message-ID: <20191007155046.gb21...@rafa.eu.org>

Definitely your memory fails, or your understanding fails ;). First, I was
not talking about "everyone who runs junk / spam filters", but specifically
about Google. Second, it was a part of a longer thread where somebody came
up earlier with an idea of a lawsuit, I only was discussing it further. Third, 
the
hypothetical lawsuit should be not because of running junk/spam filters, but
because of - which I specifically mentioned - discriminating small
senders, by not trusting those senders by default just because they are too
small, which results in classifying mail from these senders as spam,
regardless if it is actually spam or not. (I still suffer this problem from
Google from time to time; especially when I post a lot to mailing lists like
this one, my mails start suddenly going to spam at Gmail).

This is exactly the bad practice I was talking about in this very thread -
running over-aggressive spam filters, knowing that there will be many false
positives and not caring about them. For me, a false positive is a worst
thing in spam filtering. In my opinion, one should avoid false positives *at
all cost*, even if it should mean slightly less effective spam filtering.
Because false positives break communications - that's what I just wrote
about.

> Specifically against google knowing it would fail… but you just wanted the
> publicity.

And it was exactly explained in that email you are referring to why the
publicity. Because it's the only thing that can cause big companies running
over-aggressive and uncontrollable spam filters to change their behavior.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

On 8/4/21 5:40 PM, Luke via mailop wrote:
The account in question was told they need to clean up their act about 4 
weeks ago. A week later we saw their overall sending volume drop by more 
than 66%. Bounces and spam report percentages dropped. That data, along 
with some unscientific subject line analysis, it is clear that they have 
made significant positive changes to their sending. Clearly they still 
have work to do. We appreciate the continued communication, and we will 
continue to push them to close this abuse vector on their service.


Thank you for following up with this information.  Its much appreciated.

How does their bounce handling work in cases like this?

My system is sending hard rejects as soon as the primary system filter 
sees a certain pattern in the body of the webinar spams, so the sendgrid 
side should be seeing this as a perm failure.


There's also the matter of the lack of unsubscribe...  Has zoom 
explained why they are allowing their customers to send unconfirmed 
opt-out mail with no unsubscribe option?



--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[yuv via mailop]

On Thu, 2021-08-05 at 22:52 +1000, Noel Butler via mailop wrote:
> On 05/08/2021 19:07, Jaroslaw Rafa via mailop wrote:
> 
> > I would never block an entire server/provider, no matter big or
> > small, unless the server/provider sends spam *only* and not any
> > legitimate emails.
> > 
> pt  NEWSFLASH  the blocking is to the advantage of end users
> 

One mailop's spammer is another mailop's end user.  Hold off your
fire...


> you run your spam infested network the way you want, and i'll run
> mine the way I want.

THIS is the main reason why internet email is doomed for failure and
why I second the following, earlier statement in another thread:

On Fri, 2021-07-30 at 19:19 +0800, Philip Paeps via mailop wrote:
> On 2021-07-30 18:10:23 (+0800), G. Miliotis via mailop wrote:
> > We're just managing our misery here.
> 
> That's a great tag line for mailop@. :-)


Truth is: internet email sits on a fault line that is more poisonous
than the magma fumes emanating from geophysical fault lines.  Email
works fairly well as an internal service because one mailop rules all
users.  Email fails utterly when mailops serve interests on opposite
sides of the fault line.

Trying to deliver internet email today is more complex and difficult
than trying to effect legal service on an absconding defendant.  "The
dog ate the envelope" is no excuse, even if the dog is some fancy
experimental M$ AI trying to second guess recipient's interest and
punish bad actors according to its own rules, arguably arbitrary.

When an end user cannot rely on internet email to deliver messages,
they will look for alternatives.  Internet email is being bypassed left
and right by messaging platforms with tighter controls.  Spammers are
trying to infiltrate those platforms too, but with much less success
than internet email.

If anyone can suggest an email relay system that is compliant with US
HIPAA , I would love to connect
my internal email system to it and outsource email deliverability
problems.

Regards,
Yuv
--
Yuval Levy, JD, MBA, CFA
Ontario-licensed lawyer


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Hans-Martin Mosner via mailop]

5. August 2021 14:52, "Noel Butler via mailop" mailto:mailop@mailop.org?to=%22Noel%20Butler%20via%20mailop%22%20)>
 schrieb:
pt NEWSFLASH the blocking is to the advantage of end users
(sorry for inital empty response, mail program malfunction)

If you block only spammers you'd be right. But SendGrid is one of the sorry 
cases where you have spam and legit, sometimes important e-mails coming from 
the same network. Your users won't be happy if you reject their order 
confirmations or online tickets.

Cheers,
Hans-Martin
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Hans-Martin Mosner via mailop]

5. August 2021 14:52, "Noel Butler via mailop" mailto:mailop@mailop.org?to=%22Noel%20Butler%20via%20mailop%22%20)>
 schrieb:
pt NEWSFLASH the blocking is to the advantage of end users
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Noel Butler via mailop]

On 05/08/2021 19:07, Jaroslaw Rafa via mailop wrote:


Dnia  5.08.2021 o godz. 11:18:55 Noel Butler via mailop pisze:


This only happens because as demonstrated here many are too scared
to block the bigger mail senders/providers - and since these gutless
so and so's publicly admit it, the big boys know it, so have little
reason to be motivated to "clean up their act".


I would never block an entire server/provider, no matter big or small,
unless the server/provider sends spam *only* and not any legitimate 
emails.


If there are even few legitimate emails from this IP address, I would 
never
block it. Because email is all about communications, and I don't want 
to

sacrifice actual communications in order to fight spam aggresively.

I don't care about providers, I do care about end users. Someone who 
wants
to send an email and someone who wants to receive it. Their ability to 
send
and receive emails should NOT be harmed in any way because I want to 
fight

spam. Yes, obviously I do want to fight spam, but NEVER at the cost of
someone losing actual email.


pt  NEWSFLASH  the blocking is to the advantage of end users

nobody wakes up one morning and says who are we gonna blacklist today 
for no reason, if you are not doing your best to stop the trash getting 
to your users, you are not doing your job, or, you just DGAF about them


We've done this since the 90's and nobodys said " oh how dare you" well, 
nobody but the spammers - yes I've had 2 in my lifetime who had the 
nerve  to call us, admit they were spamming and demand we unblock 
them... I dunno, must have had a bad batch of drugs I guess.


and in case you still aint grasped it,  I block these f'wits for the 
benefit of and to protect users, many of whom are not geeks and in their 
80s and wouldnt know how to tell a phishing email.


you run your spam infested network the way you want, and i'll run mine 
the way I want.


--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Jaroslaw Rafa via mailop]

Dnia  5.08.2021 o godz. 11:18:55 Noel Butler via mailop pisze:
> 
> This only happens because as demonstrated here many are too scared
> to block the bigger mail senders/providers - and since these gutless
> so and so's publicly admit it, the big boys know it, so have little
> reason to be motivated to "clean up their act".

I would never block an entire server/provider, no matter big or small,
unless the server/provider sends spam *only* and not any legitimate emails.

If there are even few legitimate emails from this IP address, I would never
block it. Because email is all about communications, and I don't want to
sacrifice actual communications in order to fight spam aggresively.

I don't care about providers, I do care about end users. Someone who wants
to send an email and someone who wants to receive it. Their ability to send
and receive emails should NOT be harmed in any way because I want to fight
spam. Yes, obviously I do want to fight spam, but NEVER at the cost of
someone losing actual email.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Luke via mailop]

Hey Carl,

Not quite. In SendGrid-speak the term bounce is reserved for invalid
address responses. I know it isn't normal. I often forget to change my
register when I write out in the real world. The example you provided is
what we'd call a Block. So, when I said bounce percentages dropped I meant
strictly invalid address responses, which is usually (but not always)
related to a positive change in sending behavior or in the case of
multi-tenant users, kicking bad actors off their system.

On Wed, Aug 4, 2021 at 6:02 PM Carl Byington via mailop 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On Wed, 2021-08-04 at 16:40 -0700, Luke via mailop wrote:
> > Bounces and spam report percentages dropped.
>
> I am probably not the only one that has SA blocking all mail from some
> of those senders.
>
> header SENDGRID4 X-Entity-ID =~ /7mxhBNMkQ9yfwz0A5\+NG7Q==/
>
> So are you tracking rejects where the recipient mail server replies with
> something like
>
> 550 5.7.1 Mail rejected - spam assassin score 19
>
> as a response to the smtp DATA command?
>
>
> -BEGIN PGP SIGNATURE-
>
> iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYQsx7hUcY2FybEBmaXZl
> LXRlbi1zZy5jb20ACgkQL6j7milTFsEB7QCeIwIThGL0IEt08IIYGqRNY94P55oA
> n3MM3JYt8yimMmYMcoLNslCKBRVI
> =qfGU
> -END PGP SIGNATURE-
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Luke via mailop]

I'm not sure what you mean by "this kind of response." I'm just keeping
the group updated on what we are doing. Trying to be the best little
netizen I can be :)

I also can't figure out why more people at ESPs aren't willing to respond
to these threads. Truly a mystery, isn't it?

As always, I appreciate the candor, Michael.

Luke

On Wed, Aug 4, 2021 at 6:10 PM Michael Peddemors via mailop <
mailop@mailop.org> wrote:

> You do realize that kind of response probably won't make any friends..
>
> Should SendGrid not simply block obvious malware, no matter who the
> client? And 4 weeks is far to long to allow malware to travel around the
> internet.. this is getting to be a standard approach that won't endear
> you, or help your companies reputation in the community, as you probably
> guess.
>
> You probably can't change Twilio/Sendgrid policy, and I am sure no-one
> above you can be convinced to shut down a paying client, even temporarily..
>
> We also see this at other big cloud providers.. oh, that is a reseller,
> we have notified them to clean up their act..
>
> Month's later, the activity continues, virus's propogate, phishing and
> other criminal activity continue
>
> When the government decides to weigh in, and make large companies with
> enough money to pay big penalties, you only have yourselves to blame.
>
> At some point, we have to become better netizens..
>
> -- Michael --
>
> PS, Luke at least you responded, which everyone on this list do
> appreciate.. honesty is still better than hiding.. And of course, the
> CEO doesnt' see the risk.. hey, Digital Ocean went public based on how
> many customers they have, didnt matter what they used the droplets for ;)
>
> On 2021-08-04 4:40 p.m., Luke via mailop wrote:
> > The account in question was told they need to clean up their act about 4
> > weeks ago. A week later we saw their overall sending volume drop by more
> > than 66%. Bounces and spam report percentages dropped. That data, along
> > with some unscientific subject line analysis, it is clear that they have
> > made significant positive changes to their sending. Clearly they still
> > have work to do. We appreciate the continued communication, and we will
> > continue to push them to close this abuse vector on their service.
> >
> > Cheers,
> > Luke
> >
> > On Wed, Aug 4, 2021 at 1:43 PM Atro Tossavainen via mailop
> > mailto:mailop@mailop.org>> wrote:
> >
> > On Wed, Aug 04, 2021 at 11:16:15AM -0600, Brielle via mailop wrote:
> >  > Like the title asks?
> >  >
> >  > Still seeing it daily in my logs hitting the system filters...
> Same
> >  > source accounts, same general bodies with no unsubscribes, sent
> >  > through Zoom's accounts at Sendgrid...
> >
> > Confirmed, vehemently.
> >
> >  > I don't mean to be impatient and all, but it has been a while...
> >
> > I am not holding my breath. If I wasn't in the business of
> deliberately
> > collecting spam... AS11377, you know what I mean...
> >
> > --
> > Atro Tossavainen, Chairman of the Board
> > Infinite Mho Oy, Helsinki, Finland
> > tel. +358-44-5000 600, http://www.infinitemho.fi/
> > 
> > ___
> > mailop mailing list
> > mailop@mailop.org 
> > https://list.mailop.org/listinfo/mailop
> > 
> >
> >
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://list.mailop.org/listinfo/mailop
> >
>
>
>
> --
> "Catch the Magic of Linux..."
> 
> Michael Peddemors, President/CEO LinuxMagic Inc.
> Visit us at http://www.linuxmagic.com @linuxmagic
> A Wizard IT Company - For More Info http://www.wizard.ca
> "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
> 
> 604-682-0300 Beautiful British Columbia, Canada
>
> This email and any electronic data contained are confidential and intended
> solely for the use of the individual or entity to which they are addressed.
> Please note that any views or opinions presented in this email are solely
> those of the author and are not intended to represent those of the company.
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Noel Butler via mailop]

On 05/08/2021 10:59, Michael Peddemors via mailop wrote:


You do realize that kind of response probably won't make any friends..

Should SendGrid not simply block obvious malware, no matter who the 
client? And 4 weeks is far to long to allow malware to


We helped them out last week to reduce their end user reach, we blocked 
sendgrid completely for 96 hours, next time, its 7 days, then 28 days, 
then permanently.


Month's later, the activity continues, virus's propogate, phishing and 
other criminal activity continue


This only happens because as demonstrated here many are too scared to 
block the bigger mail senders/providers - and since these gutless so and 
so's publicly admit it, the big boys know it, so have little reason to 
be motivated to "clean up their act".


I know for without a doubt sendgrid (and gmail et al) would never notice 
us blocking them, but if we all did, they'd sure as hell notice that.



Digital Ocean went public based on how many customers they


Ahhh another mob who have a fair chunck of their IP space blacklisted

--
Regards,
Noel Butler

This Email, including attachments, may contain legally privileged 
information, therefore at all times remains confidential and subject to 
copyright protected under international law. You may not disseminate 
this message without the authors express written authority to do so.   
If you are not the intended recipient, please notify the sender then 
delete all copies of this message including attachments immediately. 
Confidentiality, copyright, and legal privilege are not waived or lost 
by reason of the mistaken delivery of this message.___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Michael Peddemors via mailop]

You do realize that kind of response probably won't make any friends..

Should SendGrid not simply block obvious malware, no matter who the 
client? And 4 weeks is far to long to allow malware to travel around the 
internet.. this is getting to be a standard approach that won't endear 
you, or help your companies reputation in the community, as you probably 
guess.


You probably can't change Twilio/Sendgrid policy, and I am sure no-one 
above you can be convinced to shut down a paying client, even temporarily..


We also see this at other big cloud providers.. oh, that is a reseller, 
we have notified them to clean up their act..


Month's later, the activity continues, virus's propogate, phishing and 
other criminal activity continue


When the government decides to weigh in, and make large companies with 
enough money to pay big penalties, you only have yourselves to blame.


At some point, we have to become better netizens..

-- Michael --

PS, Luke at least you responded, which everyone on this list do 
appreciate.. honesty is still better than hiding.. And of course, the 
CEO doesnt' see the risk.. hey, Digital Ocean went public based on how 
many customers they have, didnt matter what they used the droplets for ;)


On 2021-08-04 4:40 p.m., Luke via mailop wrote:
The account in question was told they need to clean up their act about 4 
weeks ago. A week later we saw their overall sending volume drop by more 
than 66%. Bounces and spam report percentages dropped. That data, along 
with some unscientific subject line analysis, it is clear that they have 
made significant positive changes to their sending. Clearly they still 
have work to do. We appreciate the continued communication, and we will 
continue to push them to close this abuse vector on their service.


Cheers,
Luke

On Wed, Aug 4, 2021 at 1:43 PM Atro Tossavainen via mailop 
mailto:mailop@mailop.org>> wrote:


On Wed, Aug 04, 2021 at 11:16:15AM -0600, Brielle via mailop wrote:
 > Like the title asks?
 >
 > Still seeing it daily in my logs hitting the system filters...  Same
 > source accounts, same general bodies with no unsubscribes, sent
 > through Zoom's accounts at Sendgrid...

Confirmed, vehemently.

 > I don't mean to be impatient and all, but it has been a while...

I am not holding my breath. If I wasn't in the business of deliberately
collecting spam... AS11377, you know what I mean...

-- 
Atro Tossavainen, Chairman of the Board

Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/

___
mailop mailing list
mailop@mailop.org 
https://list.mailop.org/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Carl Byington via mailop]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, 2021-08-04 at 16:40 -0700, Luke via mailop wrote:
> Bounces and spam report percentages dropped.

I am probably not the only one that has SA blocking all mail from some
of those senders.

header SENDGRID4 X-Entity-ID =~ /7mxhBNMkQ9yfwz0A5\+NG7Q==/

So are you tracking rejects where the recipient mail server replies with
something like

550 5.7.1 Mail rejected - spam assassin score 19

as a response to the smtp DATA command?


-BEGIN PGP SIGNATURE-

iHMEAREKADMWIQSuFMepaSkjWnTxQ5QvqPuaKVMWwQUCYQsx7hUcY2FybEBmaXZl
LXRlbi1zZy5jb20ACgkQL6j7milTFsEB7QCeIwIThGL0IEt08IIYGqRNY94P55oA
n3MM3JYt8yimMmYMcoLNslCKBRVI
=qfGU
-END PGP SIGNATURE-


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Luke via mailop]

The account in question was told they need to clean up their act about 4
weeks ago. A week later we saw their overall sending volume drop by more
than 66%. Bounces and spam report percentages dropped. That data, along
with some unscientific subject line analysis, it is clear that they have
made significant positive changes to their sending. Clearly they still have
work to do. We appreciate the continued communication, and we will continue
to push them to close this abuse vector on their service.

Cheers,
Luke

On Wed, Aug 4, 2021 at 1:43 PM Atro Tossavainen via mailop <
mailop@mailop.org> wrote:

> On Wed, Aug 04, 2021 at 11:16:15AM -0600, Brielle via mailop wrote:
> > Like the title asks?
> >
> > Still seeing it daily in my logs hitting the system filters...  Same
> > source accounts, same general bodies with no unsubscribes, sent
> > through Zoom's accounts at Sendgrid...
>
> Confirmed, vehemently.
>
> > I don't mean to be impatient and all, but it has been a while...
>
> I am not holding my breath. If I wasn't in the business of deliberately
> collecting spam... AS11377, you know what I mean...
>
> --
> Atro Tossavainen, Chairman of the Board
> Infinite Mho Oy, Helsinki, Finland
> tel. +358-44-5000 600, http://www.infinitemho.fi/
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Atro Tossavainen via mailop]

On Wed, Aug 04, 2021 at 11:16:15AM -0600, Brielle via mailop wrote:
> Like the title asks?
> 
> Still seeing it daily in my logs hitting the system filters...  Same
> source accounts, same general bodies with no unsubscribes, sent
> through Zoom's accounts at Sendgrid...

Confirmed, vehemently.

> I don't mean to be impatient and all, but it has been a while...

I am not holding my breath. If I wasn't in the business of deliberately
collecting spam... AS11377, you know what I mean...

-- 
Atro Tossavainen, Chairman of the Board
Infinite Mho Oy, Helsinki, Finland
tel. +358-44-5000 600, http://www.infinitemho.fi/
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Brielle via mailop]

Like the title asks?

Still seeing it daily in my logs hitting the system filters...  Same 
source accounts, same general bodies with no unsubscribes, sent through 
Zoom's accounts at Sendgrid...


I don't mean to be impatient and all, but it has been a while...

--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop