On 2/20/2018 10:57 AM, Reindl Harald wrote:
and how do you imagine that i prevent paying customers to use whatever url-shortener?
Perhaps use the SAME methods that an ESP would use to prevent a customer from sending an egregious phish (or terminate their account for sending a phish). Of course, I also recognize that an egregious phish is much worse. But my point is that such abuse monitoring and prevention is a real thing for ESPs! Yes, some ESPs are more sophisticated than others, where they do a better job at this than others. For example, I've received two egregious phishes to my own email address, from MailGun IP space, within the past several months. I alerted them in both instances and hopefully they are improving their system? In contrast, I don't think I've ever seen such a phish from Exact Target, from example. That isn't by accident! Some do a better job of this than others. And even though no ESP can be perfect - that doesn't mean they can't improve. And we ALL have to constantly shift our tactics to deal with emerging realities like this one - or risk getting left behind by our competitors who do keep up.
Also, getting ESPs to pass this message on to their clients, even if just adding this to their instructions for clients, even if just as a "best practices" warning... might also go a long way.
when you start list to many legit servers because of that you RBL will be no longer useable for responsible admins which primary job is receiove and deliver email and not to reject it
I'm extremely confident that this won't happen. Most likely, a few marginal ESPs and marketers will get blacklisted who were previously just barely avoiding detection. Also, we OFTEN get outliers (such as an occasional VERY bad spam that came from a normally VERY good sender), and "decoys", too! In those cases, if those messages had led to an automatic blacklisting, and we didn't FIRST check those domains and IPs against our very sophisticated "false positive prevention filter" - then what you described - would have happened a long time ago already. But, instead, invaluement's reputation for low False Positives speaks for itself. Given what I know about how invaluement works "under the hood", I can say with confidence that it is practically impossible for this change to put a dent in our hard-earned low-FP reputation. But this COULD cause problems for some already dark-gray-hat ESPs who let this practice run rampant.
-- Rob McEwen https://www.invaluement.com
