On 9 May 2018 at 18:21, Rob McEwen <r...@invaluement.com> wrote: > Stefano, > > (can't speak for spamauditor... but regarding invaluement...) > > (1) To answer the question about "no false positive reports" - The general > [....] > - and while that is just one factor - and other things are considered, too - > when weeks or months go by and the ONLY delist requests are coming from the > SENDER - and ZERO are coming from the recipients - and zero are coming from > their hosters and ISPs who use our data - THAT IS A RED FLAG THAT RARELY > HAPPENS FOR DESIRED MAIL!
I simply asked how you get false positives: I don't think that this question is "black hat" or "gray hat". I do my work, so when someone tells me there are no false positives, given I think I'm in the good, I try to understand why and try to get the recipients to do this false positive reports.... but I don't know how. > (2) On April 28, 2017, I replied to one of your messages, provided you with > much very good information about the cause of your listings, and I delisted > your domain. Yes, that case was fixed in short time from me, once I got a reply (and I got a reply when I CCed you). > (3) last week, you emailed again - and while I didn't take the time to reply > (we were overloaded that day) - I gave you the benefit of the doubt and > immediately delisted your domain (again) Please note I didn't open THIS topic to discuss about an unreplied delisting, but to understand how this services receive false positives. That said, my message was not last week, but 29 march, then 6 april, 12 april and lastly 6 may.. all of them without answers: I'm not here telling you have to answer, but when I see this either I think you dev/null or you ignore me. If you think I'm a spammer then just ignore me, but still my question here to the community to understand how false positive is received by some player is a "good question", I think. > (4) you make it sound like you've been doing dozens and dozens of unanswered > requests over months of time - and you make it sound like none of them have > received a single answer. In fact, fwiw you've used our formal delist > process 4 times in the past 4 months - and we've take action 3 times to > assist you: one automated *immediate* delist of your IP, one manual delist > of your domain with a reply back to you giving you hand-typed detailed > information, and one silent delist of your domain (not perfect, but FAR from > the very negative impression I would have had if I had read your post to > MailOp, and didn't know the rest of the story!) I'm sorry I didn't got this. Between 29 march and 6 may I wrote 4 messages and I got no replies. If there have been replies then they have been lost in the way: I'm here to investigate if you think some message have been lost. I repeat: I'm not here for the delisting issue, I'm here on mailop to understand if the blocklists receives the false positives from my recipients.. If my recipients only have a "mark as spam" and don't have any way to "mark it as non spam" then it is a bug in your false positive collections. I don't think I'm a spammer, and I spend most of my time doing antispam, so I don't blame you or your "non answers" (you get thousands of delisting from spammers, I've been there too), and instead I moved the point to try to understand how to let you get false positives from my recipients. > (5) But why are you not being given an even higher priority? And why do you > keep getting listed?: I'm all ears if you have suggestions, but this is not the point of my post here, but given you wanted to bring this in mailop I'll answer here because I don't want people think I'm greyhat when I work to be as clean and transparent as possible. > (A) you're using garbage domains that have zero good reputation - and they > have home pages that look like a typical snow spammer's domains. EXAMPLES: > "mymailer DOT it" (with and without the "www.", or even with the "app." host > name you use on this domain). This isn't a crime, but it is especially a > good idea for ESPs to NOT use such zero-reputation domains - and even to an > anti-spam researcher manually checking this, such results don't inspire > confidence. Why? Because (as happened in this case) when I'm researching > delist requests and LOOKING for good credibility to justify a delist... and > the domain being requested has home pages like THAT - it immediately informs > me that the requester is less worthy of my attention and respect. In > general, use of "throwaway domains" is not a best practice for ESP. app DOT mymailer DOT it is a domain used since 2010 for the same use and sends a couple of millions email monthly. Traffic is steady since a few years and is shared between thousands of senders in the italian market. It has non hidden whois data and I operate it transparently. I'm not saying 0% spam is sent from that domain, but we do monitor and we do our best to keep it clean. I kick senders every day. I prevent new signup from fraudolent senders every day. I can improve it and I'm here (end everywhere else) to learn how to do it better. I don't know why you don't have reputation for this domain... Google Postmaster Tools is tracking reputation and it is "High". How do you say it has "zero reputation" ? Trying to go back to my question, you're telling me that the block is there because we hit a single spamtrap and a 3rd party feed told you a single email hit a spamtrap so a domain sending 2 millions email monthly is included in the block because of a single spamtrap hit? OK, your blocklist, your rules. But I'd expect if you "easy list" you also "easy delist" when you have false positives.. so when I see one SMTP refusal with the block I get in touch with my customer and ask him to tell me how he collected the consent, then I ask him to get in touch with his recipient (the one that bounced) so that the recipient can tell to his postmaster that he really wanted that email, so to create a "false positive" report... but I got that this report never reach you. I did a lot of antispam in my life (you can google me and see I'm an opensource code contributor and I developed a few antispam related libraries in my life) I understand that when you "defend" you have to "hide" so that spammers don't abuse you by using the knowledge but I didn't thought that asking how you get false positives was such an "inappropriate" question. I prefer recipients to send you false positives than me having to beg you (or anyone else) to unlist me like any spammer would do. I didn't read the 2017 issue now, but at most I may have asked you for the sender email or the "list-id" header: I don't care about the recipient and I trust you if you tell me you have a report (or multiple reports) for the domain.. I just ask for some information to identify the sender (not the recipient) so that I can do my work and kick him or help him understanding where is the problem in their opt-in collections. > (b) Another development that has happened - since I sent you some detailed > information back on April 28, 2017 - since then - we've been getting these > message (that use this domain) sent from us from a 3rd party spam feed - and > the intended recipient is an obvious spamtrap hit. If I were to show you the > intended recipient's email address just by itself - you would immediately > know that this was a spamtrap address. (that is all I'm going to say about > it). You should make sure that your customers are not purchasing lists, they > should put captchas on their signup forms, and they do confirmed opt-in. That is what our TOS requires and what we try to enforce. In 2017 you TOLD me who was the problematic sender and I kicked the SENDER. You never told me a recipient email, IIRC. I never do listwashing for my users/customers and I never share my "spamtrap knowledge" to my customers: I use the spamtrap knowledge to vet them, but if I accept them I don't prevent them from sending to spamtraps. > Still, you're far from the worst, and that is one of the reasons you DID get > some assistance already, and why you did get delisted at times. I've > delisted this again, and I put something in place to make this harder to > relist - with the (hopefully not mistaken assumption!) that you're doing to > improve going forward. Rob, please let me be clear: I don't blame you for the assistance of the issues on the removal forms. I didn't have any answer and maybe you did unlisting without answering and I didn't got it or you answered and your answers got lost.. I'm not here to blame anyone.. I'm sincerely interested in understanding how you (or spamauditor, or other parties) receives false positives and if your "coverage" of "spam reports" and "false positive reports" are good for senders that mainly send to italian speaking recipients, so 95% or our traffic goes to italian ISP or to major global freemail (gmail/hotmail/yahoo). I really don't like to be confused with a spammer, so I fight about this. When you reply to this post by telling that you have a "3rd party report from a spamtrap" (from 2017? or new ones? I didn't got this) and that my domain does have "zero reputation" (do you see the volume of my domain? how what volume do you record? how many "spam reports" compared to the volume brought me to be blocked?) and you don't answer to the "false positive" issue, then you really give me zero tools to prove my innocense and good will. > NOTE: I'm estimating that you have one reply before the MailOp police shut > this thread down! This is probably not the proper use of this forum. Making sure false positives are delivered to the responsible parties sounded "in-topic" to me. I'm sorry if this is not the proper place. If you have suggestions on a good place to discuss about false positives management from spam filters I'll be happy to follow. Thank you for your answer, Stefano PS: let's fight the spammers together and not blame each other. I don't think you are happy if you block emails that recipients wanted, so I guess you would be happy to receive their false positive reports or investigate why you don't get them. _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
