RE: [Declude.JunkMail] Spool and Overflow Folders...
Thanks.. I tested it.. im.decludekey.us showed up 3 times. I configured the dnsoverride and the the ‘using’ text was displayed only once. No more im.decludekey.us texts. Is that OK? Besides one more setting I have to keep in mind when changing DNSs or when switching servers (in case de DNS changes), could you please tell us how often Declude phones home? Or what is all this about? It would be great to further understand the whole issue. For the record. 2 weeks ago we were bombarded with thousands of emails with viruses. Our overflow folder increased tremendously (over 2K to 3K in the overflow). Delays of 2 to 4 hours to deliver emails to the mailboxes. Declude seemed very slowed analyzing messages. Perhaps the DNS resolve time was taking too much time and this override solved the problem. Great news, I hope this new dnsoverride setting solves it all PD: it is just me that doesn’t find it or there is no indication of the dnsoverride setting in the declude site? Luis Arango From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ralph Krausse Sent: Miércoles, 18 de Mayo de 2005 03:42 p.m. To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Spool and Overflow Folders... We have had reports from some customers that their spool and overflow folders have been slowly backing up using Declude 2.0.6 If you are experiencing this kind of problem, type Declude -diag at the command prompt. SmarterMail If you see 'Using [sm.decludekey.us]' more than once, follow steps 1-5 Imail If you see 'Using [im.decludekey.us]' more than once, follow steps 1-5 1. Create a new txt file in your Declude folder and rename it to declude.cfg. If you already have a declude.cfg skip to step 2 2. Open the declude.cfg in notepad 3. Add DNSOVERRIDE xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your DNS server IP address (use the IP defined in your Smartermail or IMail administrator DNS field) 4. Save the declude.cfg file 5. Return to the command prompt and type Declude -diag you should see the 'Using' text being displayed only once. 6. Monitor the spool and the overflow to see if the situation has improved. Declude Engineering
Re: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
FYI, with all of the offshoring that is going on, don't be surprised to see E-mail from otherwise American companies coming from servers (connecting to your server) from places like China and India. For instance, mssupport.microsoft.com has come to my server from 210.22.110.0/24, and even lacked a reverse DNS entry. This address is in China: http://www.senderbase.org/search?searchString=210.22.110.0 I do much the same as you do for the Chinese, Korean, Pakistani and Russian IP's except that I only weight then high if they don't have a reverse DNS entry and the IP is not in the MX record or A record of the Mail From domain, and certain customers are excluded from this. It's mostly effective except for the stray support E-mail from Chinese people working for Microsoft at 50 cents per hour. We of course monitor, take reports, and whitelist problematic sources where we can't reasonably fix the issue otherwise. Verizon seems to have been just simply very short sighted, and others like AOL are just simply lazy with their methods (their issue could be fairly easily fixed for most all of their issues with a system of qualifying suspect IP's). I've suggested before that people sue AOL for blacklisting their servers and I actually meant it. It's an unfair burden to us, and they are obviously aware of the problem. Not only that, they advertise heavily how effective their spam blocking is. On the other hand, I'm also very alarmed at how the courts have been so accepting of SLAPP suits brought by spammers against the blacklists. The net outcome is that the spammer always wins regardless of the outcome unless the courts hold them liable for the defense's costs, and those are rarely enough to cover actual expenses and time, nor have I heard of it happening. Matt Don Brown wrote: I think you're reading more into it than is there. Verizon didn't deliver what it promised or, to say it differently, Verizon didn't deliver what their customers had a reasonable expectation of receiving. That's the issue. The allegation, and I think it is probably true, is that Verizon indiscriminately decided to block the IP space of certain countries. We also block the IP space of Korea, China - you know the list, but the difference is that all of our customers know we do it and don't have a problem with it. We only have a couple of customers who want mail from certain of the bad venues and we don't block those venues WRT their mail delivery. As long as your customers buy into what you are doing or at least know up front, there is no issue with blocking countries or doing just about anything else. No damage has been done to anyone. OTOH, when some refugee from McDonalds tech tells the customer that's what we're doing and tough luck, well, that's where the rubber meets the road. A class action makes sense because the individual damages are probably small, but there are a lot of customers who were affected. Yeah, the lawyers will make a lot of money, but if it wasn't for them, all of us Mickey Rooney sized peons wouldn't have a snow ball's chance to make the Jolly Green Giant stop stepping on all our rose bushes. All of our customers want us to do whatever we can to kill the flow of Spam. They know there will be some false positives, but we deal with them on a case by case basis. My $0.02 FWIW. Thanks, Wednesday, May 18, 2005, 1:56:02 PM, Darrell ([EMAIL PROTECTED]) <[EMAIL PROTECTED]> wrote: Dsic> This kinda scares me. Could this potentially set a precedence that Dsic> companies can be sued for blocking mail? i.e. You get sued for blocking Dsic> mail. We all block some legitimate mail at some point.. Thats the nature Dsic> of the game. Dsic> Darrell Dsic> -- Dsic> invURIBL - Intelligent URI filtering plug-in for Declude. Stops 85%+ of Dsic> SPAM with the default configuration. Download it today - Dsic> http://www.invariantsystems.com Dsic> Marc Catuogno writes: That is f-ed up right there... The damned lawyers are gonna get rich and every VZ customer will get a coupon for a free day of service. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail >From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers. http://
Re: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
I think you're reading more into it than is there. Verizon didn't deliver what it promised or, to say it differently, Verizon didn't deliver what their customers had a reasonable expectation of receiving. That's the issue. The allegation, and I think it is probably true, is that Verizon indiscriminately decided to block the IP space of certain countries. We also block the IP space of Korea, China - you know the list, but the difference is that all of our customers know we do it and don't have a problem with it. We only have a couple of customers who want mail from certain of the bad venues and we don't block those venues WRT their mail delivery. As long as your customers buy into what you are doing or at least know up front, there is no issue with blocking countries or doing just about anything else. No damage has been done to anyone. OTOH, when some refugee from McDonalds tech tells the customer that's what we're doing and tough luck, well, that's where the rubber meets the road. A class action makes sense because the individual damages are probably small, but there are a lot of customers who were affected. Yeah, the lawyers will make a lot of money, but if it wasn't for them, all of us Mickey Rooney sized peons wouldn't have a snow ball's chance to make the Jolly Green Giant stop stepping on all our rose bushes. All of our customers want us to do whatever we can to kill the flow of Spam. They know there will be some false positives, but we deal with them on a case by case basis. My $0.02 FWIW. Thanks, Wednesday, May 18, 2005, 1:56:02 PM, Darrell ([EMAIL PROTECTED]) <[EMAIL PROTECTED]> wrote: Dsic> This kinda scares me. Could this potentially set a precedence that Dsic> companies can be sued for blocking mail? i.e. You get sued for blocking Dsic> mail. We all block some legitimate mail at some point.. Thats the nature Dsic> of the game. Dsic> Darrell Dsic> -- Dsic> invURIBL - Intelligent URI filtering plug-in for Declude. Stops 85%+ of Dsic> SPAM with the default configuration. Download it today - Dsic> http://www.invariantsystems.com Dsic> Marc Catuogno writes: >> >> That is f-ed up right there... >> >> The damned lawyers are gonna get rich and every VZ customer will get a >> coupon for a free day of service. >> >> Marc >> >> -Original Message- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Darrell >> ([EMAIL PROTECTED]) >> Sent: Wednesday, May 18, 2005 2:02 PM >> To: Declude.JunkMail@declude.com >> Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail >>>From Foreign IP Addresses >> >> Verizon Communications has been hit with several lawsuits as a result of the >> >> company's policy of blocking email from IP addresses in foreign countries in >> >> an effort to reduce spam. The complaint asks that Verizon cease blocking >> email and that it compensate customers for losses on behalf of business >> customers. A second class action lawsuit was filed on behalf of residential >> >> customers. In addition, a New Jersey businessman has filed a lawsuit >> against Verizon because he says his email has been blocked from getting to >> his customers. >> >> http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524 >> >> >> >> DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. >> Download a copy today - http://www.invariantsystems.com >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.JunkMail". The archives can be found >> at http://www.mail-archive.com. >> --- >> [This E-mail scanned for viruses by Declude Virus] >> >> >> >> --- >> [This E-mail scanned for viruses by Declude Virus] >> >> --- >> This E-mail came from the Declude.JunkMail mailing list. To >> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >> type "unsubscribe Declude.JunkMail". The archives can be found >> at http://www.mail-archive.com. Dsic> Dsic> Dsic> Check out http://www.invariantsystems.com for utilities for Declude And Dsic> Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Dsic> Integration, and Log Parsers. Dsic> --- Dsic> This E-mail came from the Declude.JunkMail mailing list. To Dsic> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and Dsic> type "unsubscribe Declude.JunkMail". The archives can be found Dsic> at http://www.mail-archive.com. Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net (972) 788-2364Fax: (972) 788-5049 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "uns
Re: [Declude.JunkMail] Spool and Overflow Folders...
I see three instances of "Using [im.decludekey.us]" every time I run the "declude -diag" command on my two IMail/Declude servers. I use the following setting in my declude.cfg files: DNS xxx.xxx.xxx.xxx because I don't use the same DNS setting for Declude as I have configure in IMail. I have added: DNSOVERRIDE xxx.xxx.xxx.xxx as well, and now the response to "declude -diag" is much quicker, and only one instance of "Using [im.decludekey.us]" shows up. Bill - Original Message - From: Ralph Krausse To: Declude.JunkMail@declude.com Sent: Wednesday, May 18, 2005 1:42 PM Subject: [Declude.JunkMail] Spool and Overflow Folders... We have had reports from some customers that their spool and overflow folders have been slowly backing up using Declude 2.0.6 If you are experiencing this kind of problem, type Declude -diag at the command prompt. SmarterMail If you see 'Using [sm.decludekey.us]' more than once, follow steps 1-5 Imail If you see 'Using [im.decludekey.us]' more than once, follow steps 1-5 1. Create a new txt file in your Declude folder and rename it to declude.cfg. If you already have a declude.cfg skip to step 2 2. Open the declude.cfg in notepad 3. Add DNSOVERRIDE xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your DNS server IP address (use the IP defined in your Smartermail or IMail administrator DNS field) 4. Save the declude.cfg file 5. Return to the command prompt and type Declude -diag you should see the 'Using' text being displayed only once. 6. Monitor the spool and the overflow to see if the situation has improved. Declude Engineering
RE: [Declude.JunkMail] Should have been whitelisted
aha, I thought smtp auth trumped all. Makes sense. Is there a way to add negative weight to smtp auth ? Thanks!! From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy SchmidtSent: Wednesday, May 18, 2005 3:32 PMTo: Declude.JunkMail@declude.comSubject: RE: [Declude.JunkMail] Should have been whitelisted Hi: You have WHITELIST AUTH defined - but also defined that white lists should be BYPASSED, if a mail has a weight >= 12 and 4 recipients. Your message has a weight of 20 and 4 recipients, thus is bypassed the white list. (Now - personally - I feel that "SMTP AUTH" should not be treated like a regular white list. Indeed, I feel that SMTP AUTH should not be overwritten.) Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206
Re: [Declude.JunkMail] Spool and Overflow Folders...
Ralph, I ran declude -diag three times in a row and on the second run it showed "Using [im.decludekey.us]" multiple times, but not for the first and the third attempts. Could it be that this is just simply sporadic and affects everyone on 2.0.6? One other thing...how often does this phone home? Is it possible that there is some latency introduced when we can't reach this DNS server? Thanks, Matt Ralph Krausse wrote: We have had reports from some customers that their spool and overflow folders have been slowly backing up using Declude 2.0.6 If you are experiencing this kind of problem, type Declude -diag at the command prompt. SmarterMail If you see 'Using [sm.decludekey.us]' more than once, follow steps 1-5 Imail If you see 'Using [im.decludekey.us]' more than once, follow steps 1-5 1. Create a new txt file in your Declude folder and rename it to declude.cfg. If you already have a declude.cfg skip to step 2 2. Open the declude.cfg in notepad 3. Add DNSOVERRIDE xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your DNS server IP address (use the IP defined in your Smartermail or IMail administrator DNS field) 4. Save the declude.cfg file 5. Return to the command prompt and type Declude -diag you should see the 'Using' text being displayed only once. 6. Monitor the spool and the overflow to see if the situation has improved. Declude Engineering -- = MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =
[Declude.JunkMail] Spool and Overflow Folders...
We have had reports from some customers that their spool and overflow folders have been slowly backing up using Declude 2.0.6 If you are experiencing this kind of problem, type Declude -diag at the command prompt. SmarterMail If you see 'Using [sm.decludekey.us]' more than once, follow steps 1-5 Imail If you see 'Using [im.decludekey.us]' more than once, follow steps 1-5 1. Create a new txt file in your Declude folder and rename it to declude.cfg. If you already have a declude.cfg skip to step 2 2. Open the declude.cfg in notepad 3. Add DNSOVERRIDE xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is your DNS server IP address (use the IP defined in your Smartermail or IMail administrator DNS field) 4. Save the declude.cfg file 5. Return to the command prompt and type Declude -diag you should see the 'Using' text being displayed only once. 6. Monitor the spool and the overflow to see if the situation has improved. Declude Engineering
RE: [Declude.JunkMail] Should have been whitelisted
Hi: You have WHITELIST AUTH defined - but also defined that white lists should be BYPASSED, if a mail has a weight >= 12 and 4 recipients. Your message has a weight of 20 and 4 recipients, thus is bypassed the white list. (Now - personally - I feel that "SMTP AUTH" should not be treated like a regular white list. Indeed, I feel that SMTP AUTH should not be overwritten.) Best RegardsAndy SchmidtPhone: +1 201 934-3414 x20 (Business)Fax: +1 201 934-9206 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert GrosshandlerSent: Wednesday, May 18, 2005 04:19 PMTo: Declude.JunkMail@declude.comSubject: [Declude.JunkMail] Should have been whitelisted The following e-mail got tagged as spam, even though it was from an authenticated send. First, the imail log: 20050518 115243 127.0.0.1 SMTPD (72db5d54010e1dde) [64.4.213.172] connect 184.122.4.102 port 2528 (this is a remote user)20050518 115243 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] EHLO betazoid20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) Authenticated [EMAIL PROTECTED], session treated as local.20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] MAIL FROM: <[EMAIL PROTECTED]>20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <[EMAIL PROTECTED]>20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <[EMAIL PROTECTED]>20050518 115246 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: @igive.com>20050518 115246 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: @iGive.com>20050518 115247 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] f:\imaillogs\D72db5d54010e1dde.SMD 16506 Now, the declude log: 05/18/2005 11:52:55 Q72DB5D54010E1DDE NOT bypassing whitelisting of E-mail with weight >=25 (20) and at least 4 recipients (4).05/18/2005 11:52:55 Q72DB5D54010E1DDE Bypassing whitelisting of E-mail with weight >=12 (20) and at least 4 recipients (=
[Declude.JunkMail] Should have been whitelisted
The following e-mail got tagged as spam, even though it was from an authenticated send. First, the imail log: 20050518 115243 127.0.0.1 SMTPD (72db5d54010e1dde) [64.4.213.172] connect 184.122.4.102 port 2528 (this is a remote user)20050518 115243 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] EHLO betazoid20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) Authenticated [EMAIL PROTECTED], session treated as local.20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] MAIL FROM: <[EMAIL PROTECTED]>20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <[EMAIL PROTECTED]>20050518 115245 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: <[EMAIL PROTECTED]>20050518 115246 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: @igive.com>20050518 115246 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] RCPT TO: @iGive.com>20050518 115247 127.0.0.1 SMTPD (72db5d54010e1dde) [184.122.4.102] f:\imaillogs\D72db5d54010e1dde.SMD 16506 Now, the declude log: 05/18/2005 11:52:55 Q72DB5D54010E1DDE NOT bypassing whitelisting of E-mail with weight >=25 (20) and at least 4 recipients (4).05/18/2005 11:52:55 Q72DB5D54010E1DDE Bypassing whitelisting of E-mail with weight >=12 (20) and at least 4 recipients (4).05/18/2005 11:52:55 Q72DB5D54010E1DDE R1 Message OK05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=IGNORE IPNOTINMX=IGNORE REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=WARN WEIGHT15=IGNORE WEIGHT20=WARN SPAM-HIGH=IGNORE CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE R2 Message OK05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=IGNORE IPNOTINMX=IGNORE REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=WARN WEIGHT15=IGNORE WEIGHT20=WARN SPAM-HIGH=IGNORE CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE L3 Message OK05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=WARN IPNOTINMX=WARN REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=IGNORE WEIGHT15=SUBJECT WEIGHT20=IGNORE SPAM-HIGH=ROUTETO CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE L4 Message OK05/18/2005 11:52:55 Q72DB5D54010E1DDE Tests failed [weight=20]: CMDSPACE=WARN IPNOTINMX=WARN REVDNS=WARN SPAMHEADERS=WARN GIBBERISH=IGNORE TLD-TRUSTED-MAILFROM=IGNORE TLD-TRUSTED-REVDNS=IGNORE BYPASSMULTIRECP=IGNORE WEIGHT10=IGNORE WEIGHT15=SUBJECT WEIGHT20=IGNORE SPAM-HIGH=ROUTETO CATCHALLMAILS=IGNORE 05/18/2005 11:52:55 Q72DB5D54010E1DDE Action(s) taken for [EMAIL PROTECTED] = IGNORE WARN SUBJECT ROUTETO [LAST ACTION="">05/18/2005 11:52:55 Q72DB5D54010E1DDE Cumulative action(s) taken on this email = IGNORE WARN SUBJECT ROUTETO [LAST ACTION=""> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MattSent: Wednesday, May 18, 2005 2:33 PMTo: Declude.JunkMail@declude.comSubject: Re: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses I think this is good. Just think about the issues that you would have if Verizon indiscriminately blocked you. We have heard a bunch of stories about AOL and their spam reporting mechanism blacklisting servers that are just merely forwarding to them. If these companies blacklist providers like myself, I would probably lose business.The practice of blocking spammers or otherwise aggressive hosts from sending E-mail has never resulted in a successful lawsuit. However this is not the first time that a blacklisting entity has been sued or threatened for indiscriminate behavior. Here's a link to an archive of documents concerning Pavenet.net threatening to sue DSBL http://dsbl.org/legal/pavenet/DSBL takes pride in the fact that they have reached 5 million IP's listed, but they have done this by never expiring a listing, creating a system that is virtually impossible to delist a clean IP with a reverse DNS entry that doesn't belong to the user, and aggressive scanning techniques. In this case it appears that pavenet.net was being improperly listed, and it had been so multiple times. If you are an ISP and allow your own IP's to relay through your server without authentication, then any user can list your server
Re: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
I think this is good. Just think about the issues that you would have if Verizon indiscriminately blocked you. We have heard a bunch of stories about AOL and their spam reporting mechanism blacklisting servers that are just merely forwarding to them. If these companies blacklist providers like myself, I would probably lose business. The practice of blocking spammers or otherwise aggressive hosts from sending E-mail has never resulted in a successful lawsuit. However this is not the first time that a blacklisting entity has been sued or threatened for indiscriminate behavior. Here's a link to an archive of documents concerning Pavenet.net threatening to sue DSBL  http://dsbl.org/legal/pavenet/ DSBL takes pride in the fact that they have reached 5 million IP's listed, but they have done this by never expiring a listing, creating a system that is virtually impossible to delist a clean IP with a reverse DNS entry that doesn't belong to the user, and aggressive scanning techniques. In this case it appears that pavenet.net was being improperly listed, and it had been so multiple times. If you are an ISP and allow your own IP's to relay through your server without authentication, then any user can list your server on DSBL without any special knowledge. I've also sent no less than 6 requests to SBL in the last year asking them to stop indiscriminately blocking Chinese and Korean blocks of IP's, one even as large as a /14 (that's 4 class B's), because of zombie traffic, or limited Web site hosting by spammers, and no response to requests to clean this stuff up. The net result is that SBL becomes very prone to false positives on Asian traffic if you scan on all hops for that test. They have even taken to "collateral damage" by expanding their blacklisting to cover an ISP's own mail server when there is extremely limited abuse happening on their networks. This tactic seems to be increasing the practice. Some of this IP space has been listed for a couple of years now, and it presents a lot of challenges for my clients that do manufacturing, and one even has offices in China. I like both SBL and DSBL for what they do right, but I could do without the zealotry. SBL tells me to complain to the Chinese and Korean ISP's so that they will fix their problems, but I think that this guy that is suing Verizon got it right by taking the fight to the blacklist owner that is doing so indiscriminately, or in some cases to actually damage a business for only indirect involvement with the abuse. SBL seems to think that I am going to spend my time getting someone that doesn't even speak my language to fix their issue as if I have anything to do with it. I didn't volunteer to be an enforcer of their loose standards for listings. Here's a sample of what appears to be mostly residential IP space listed in SBL that have caused issues for me, most of it for a single customer. SBL19306 - 222.64.0.0/16 SBL19307 - 222.65.0.0/16 SBL9888 61.171.0.0/19 SBL8753 - 218.79.64.0/22 SBL17566 and SBL19903 - 61.199.40.0/21 SBL20053 - 211.48.62.0/24 SBL9189 - 218.79.224.0/20 SBL24861 - 200.138.96.0/20 SBL23720 - 61.51.146.0/24 SBL26216 - 221.208.0.0/14 China and Korea definitely have issues, and clearly don't mind the spamming (which is leagal to do in China their country as long as it goes outside of the country, and there is no law against hosting the spam sites there), but they are punishing businesses with no association to the activity and little or no other choice for connectivity. Matt Darrell ([EMAIL PROTECTED]) wrote: This kinda scares me. Could this potentially set a precedence that companies can be sued for blocking mail? i.e. You get sued for blocking mail. We all block some legitimate mail at some point.. Thats the nature of the game. Darrell -- invURIBL - Intelligent URI filtering plug-in for Declude. Stops 85%+ of SPAM with the default configuration. Download it today - http://www.invariantsystems.com Marc Catuogno writes: That is f-ed up right there... The damned lawyers are gonna get rich and every VZ customer will get a coupon for a free day of service. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a
Re: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
This kinda scares me. Could this potentially set a precedence that companies can be sued for blocking mail? i.e. You get sued for blocking mail. We all block some legitimate mail at some point.. Thats the nature of the game. Darrell -- invURIBL - Intelligent URI filtering plug-in for Declude. Stops 85%+ of SPAM with the default configuration. Download it today - http://www.invariantsystems.com Marc Catuogno writes: That is f-ed up right there... The damned lawyers are gonna get rich and every VZ customer will get a coupon for a free day of service. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers. http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524 DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Download a copy today - http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
> Lets sign him up for a lot of spam from Korea, Japan, etc and see how he > feels about blocking foreign IPs then... > > Sorry to go off on a rant here The point is a company such as Verizon providing service to a wide and far reaching ranged of customers can not arbitrarily make such a decision for all of its customers. Example, I have a client that deals in electronics. Gee, where do a lot of electronics get made and come from, the Orient. Therefore, I can not arbitrarily block IPs from the Orient as I would then be blocking my client's legitimate e-mails. However, a public school system in Texas would probably have very little use for e-mail communication with the Orient and therefore they could safely block those IP ranges. John T eServices For You --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
[EMAIL PROTECTED] http://www.kohnswift.com/bio_boni.htm Lets sign him up for a lot of spam from Korea, Japan, etc and see how he feels about blocking foreign IPs then... Sorry to go off on a rant here -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail >From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers. http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524 DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Download a copy today - http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
That is f-ed up right there... The damned lawyers are gonna get rich and every VZ customer will get a coupon for a free day of service. Marc -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 2:02 PM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail >From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers. http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524 DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Download a copy today - http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
Well, this snippet clearly shows that Verizon is on top of this spam problem. "Carmel said Verizon told him to e-mail the company to get his name put on a whitelist, which frustrated him even further since the company is blocking all of his e-mails." Andrew 8) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Wednesday, May 18, 2005 11:02 AM To: Declude.JunkMail@declude.com Subject: [Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers. http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524 DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Download a copy today - http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Verizon Faced With Lawsuits Over Blocking eMail From Foreign IP Addresses
Verizon Communications has been hit with several lawsuits as a result of the company's policy of blocking email from IP addresses in foreign countries in an effort to reduce spam. The complaint asks that Verizon cease blocking email and that it compensate customers for losses on behalf of business customers. A second class action lawsuit was filed on behalf of residential customers. In addition, a New Jersey businessman has filed a lawsuit against Verizon because he says his email has been blocked from getting to his customers. http://www.securitypipeline.com/showArticle.jhtml?articleID=163101524 DLAnalyzer - Comprehensive reporting for Declude Junkmail and Virus. Download a copy today - http://www.invariantsystems.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: Re::Re: [Declude.JunkMail] example
ï Hi Doug, On the Declude isn't cutting it thread... Declude plus Message Sniffer catches well over 99.9% of spam for us, with spam being about 68% of traffic during the week and 90% over the weekend. So, this combo can certainly be configured to catch almost everything coming in. You might consider signing up for the MDLP beta from SortMonster. If nothing else, it will give you some great statistics on the effectiveness of the tests you run. Couple that will publishing an email address for users to forward any received spam to and you should get a fairly accurate picture of your capture rate, as well as have a mechanism for tuning your filters/weights. Darin. - Original Message - From: Doug Anderson To: Declude.JunkMail@declude.com Sent: Tuesday, May 17, 2005 11:02 PM Subject: Re::Re: [Declude.JunkMail] example Matt, Per your question on what I'm trying to do. New management feels that they want "more" and declude isn't cutting it. The idea was to insert an x-header in, that way frontbridge gets some numbers on spam/not spam without blocking and allow declude to do it's thing which I get numbers from. We then compare them. Management feels we're missing 50% of the spam with declude. I disagree with them and was hoping this would show them that we're within only a few percent difference at a substantial price reduction (frontbridge+sprint=$$$) Any declude people comment on Matt's email?.. - Original Message - From: Matt To: Declude.JunkMail@declude.com Sent: Tuesday, May 17, 2005 7:23 PM Subject: Spam-Junk-Ad:Re: [Declude.JunkMail] example Doug,Sprint resells FrontBridge, and bigfish.com is one of FrontBridge's servers. The problem is that there are two hops within their network, and while you are IPBYPASSing the connecting server, they have another hop in there with an address of 127.0.0.1 and that needs to be bypassed as well. Even though this is the loopback address, Declude is currently seeing this as the source IP because it is in the first non IPBYPASSed header.I'm not sure if Declude will handle this the way that you want it to despite the above modification because FrontBridge is also inserting their own headers before the original received header that contains the IP that you are after. I'm not sure if Declude will stop looking for IP's after finding non-Received headers or if it will continue. That all depends on how they handle the parsing and it may or may not be compatible. The following header is the connecting header when it reaches FrontBridge (note that Postfix splits it into a "by" and "from" part: Received: by mail39-res.bigfish.com (MessageSwitch) id 1116369083564041_21303; Tue, 17 May 2005 22:31:23 + (UCT) Received: from OUTGOING58.postalmailhostings.com (unknown [69.1.199.58]) by mail39-res.bigfish.com (Postfix) with SMTP id 30BB45A86B1 for <[EMAIL PROTECTED]>; Tue, 17 May 2005 22:31:23 + (UTC)Regardless of the above, I'm curious why you aren't filtering for their headers. This message contained a header that seems to indicate that they detected it as spam. x-sprint-detected-spam: This message appears to be spam. X-SpamScore: 45 X-CustomSpam: This message was filtered by custom spam filter option - Image links to remote sitesYou would need Declude Pro to set up a filter for the HEADERS, or also an external test could be created for this purpose, but it doesn't seem to make much sense to not block it. Maybe you can clarify what you are trying to do here and why you aren't tagging these headers as spam.MattDoug Anderson wrote: Anything's possible with sprint. Below is a header. It seems to be the common theme. BADHEADERS, MAILFROM: SPAMHEADERS, and HELOBOGUS. Nothing more, nothing less. I've scaned my declude logs for the last 2 days. no IP4r or rhsbl test have run. I put a at the mark where sprint's headers end and what I want checked. Shouldn't IPBYPASS look at the 63.161.60.61 and say ignore this part? My understanding is IPBYPASS should say that's one of mine - don't check it, check the next hop. Received: from mail39-res-R.bigfish.com [63.161.60.61] by mail.ameripride.org with ESMTP (SMTPD32-8.15) id A16C43E01AE; Tue, 17 May 2005 17:34:20 -0500 Received: from mail39-res.bigfish.com (localhost.localdomain [127.0.0.1]) by mail39-res-R.bigfish.com (Postfix) with ESMTP id 1DDC75A8670 for <[EMAIL PROTECTED]>; Tue, 17 May 2005 22:31:24 + (UTC) X-BigFish: vpcs45(z7b5iqca0ilzz2dh) x-sprint-detected-spam: This message appears to be spam. X-SpamScore: 45 X-CustomSpam: This message was filtered by custom spam filter option - Image links to remote sites Received: by mail39-res.bigfish.com (MessageSwitch) id 1116369083564041_21303; Tue, 17 May 2005 22:31:23 + (UCT) Received: from OUTGOING58.postalmailhostings.com (unknown [69.1.199.58]) by mail39-res.bigfish.com (Postfix) with SMTP id 30BB45A86B
Re[8]: [Declude.JunkMail] Test Order
SF> Flip your log into debug mode for a couple of emails. You'll see exactly SF> what order everything runs. Great idea. I'll let you know what we find. -- Best regards, Davidmailto:[EMAIL PROTECTED] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
