[mailop] Come on protection.outlook.com, don't send me messages even you think are SPAM
We periodically receive SPAM from outbound.protection.outlook.com hosts. No worry, they can slip through anyone's filters. But some have an X-Forefront-Antispam-Report header with SFV:SPM which has been said is their indicator of a message they consider to be SPAM. How MS handles them is up to them, of course, but delivering them seems inappropriate. Or is SFV insufficient indication (e.g., weak indicator rather than final judgment)? An additional tag seems to indicate SPAM as well though nothing has been said publicly about it, it merely has "spm" in the pair (MLV:spm). /mark ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invaluement ivmURI contact/hints
> > Turned out the customer you identified offlist is one of the few customers > sending B2B email outside of italy and this is the field where we have more > difficulties in doing antispam because we don't have feedbacks (no FBL > because there are no hotmail/yahoo/gmail) and most time we don't even > receive manual complaints. So we only have some > openrate/clickrate/bouncerate/unsubrate to look at and they sometimes are > not so bad (sometimes spammers are good at choosing their recipients). > That's why I always try to get some indicators on who is the sender of the > email when I found this kind of blocks. > I've had some success in looking at just click actions to evaluate sender quality. This helps level the playing field (somewhat) when comparing senders against each other. I look the sum of complaints and unsubscribes divided by the sum of complaints, unsubscribes and clicks through on content--this gives you a ratio of people that are specifically disinterested in the content. Looking just at clicks avoids a number of skews as this just measures people taking direct action on the message. An open is sometimes a passive aciton and is skewed when mail is delivered to spam folder. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] Invaluement ivmURI contact/hints
On 28 April 2017 at 11:32, Rob McEwen wrote: > On 4/28/2017 4:47 AM, Stefano Bagnara wrote: > >> Our main domain "mailvox.it" is listed on ivmURI >> > > Stefano, > > In the past few days, I'm seeing advertisements from your ESP - that seem > to be hitting spam traps.. because they are coming my way via a normally > very reliable 3rd party spam feed. Additionally, the messages themselves > are very suspicious because they read like "cold sales calls". > > Regardless, to prevent further potential collateral damage, I've delisted > your domain, and I've put something in place to make it harder for you to > relist. (but stopping well short of whitelisting your domain). The listing > was already "on the way out" due to your delist request. I just sped that > up. > > Also, I have very good telemetry and it concerns me that I didn't get ANY > feedback from effected *recipients* (your presumably good customers' > recipients, and/or THEIR networks) - as would normal happen if invaluement > really were to blacklist an ESP as prestigious as MailChimp, as you claim > to be. On the other hand, it might be that such feedback didn't have enough > time to materialize? I just have to be careful here because MANY blackhat > and dark-grayhat ESPs claim innocence all of the time - and a common thread > is that the SENDERS are ALWAYS... the ONLY ones complaining about the > listing. (but, again, this may not be you? And maybe we were too aggressive > for this particular listing.. and such feedback from recipients would have > materialized eventually?) > We are 1/1000th of Mailchimp size, both as company and as volume, and we have an "italian only" service, so most of our users/customers are italian and most of their recipients are italian, too. That's why most of our non-italian email are to global providers like hotmail/gmail/yahoo and we have very low volume to other domains outside from italy. You can check senderbase/senderscore to try confirming my "claims". Google Postmaster Tools tell all of our IPs/domains are "good reputation" (i can share access to GPT with you if you want, or I can share SNDS access for my IPs to show the "greens"). I understand that everybody lies, so if there is anything to prove i'm "innocent" just tell me and I'll do (I agree you should never trust your party just because of self-made claims and I'm used to my customer/prospect lies). We try to do it right and to fight spammers ourself as soon as we detect them. We have a very good reputation in Italy because we have a very good deliverability, expecially to Gmail (where many of our competitors fails, at least for italian contents), so this make us target for spammers that want to take advantage from this. This is not a justification but an explanation. We try to do always better and I'm here to learn how to do it better. > Anyways, this is delisted now and I'll send you more information about the > offending messages offlist. Turned out the customer you identified offlist is one of the few customers sending B2B email outside of italy and this is the field where we have more difficulties in doing antispam because we don't have feedbacks (no FBL because there are no hotmail/yahoo/gmail) and most time we don't even receive manual complaints. So we only have some openrate/clickrate/bouncerate/unsubrate to look at and they sometimes are not so bad (sometimes spammers are good at choosing their recipients). That's why I always try to get some indicators on who is the sender of the email when I found this kind of blocks. > I also see some servers quitting the smtp conversation from my IPs >> because of ivmURI matching the reverse of the domain or the EHLO, or the >> rfc821 from address: is this an "expected" usage of the ivmURI or is >> this a "misuse" of that list (meant to match uris in email content) by >> their customers? (of course Invaluement is not resposible for that, I'm >> just trying to understand). >> > > That is an incorrect method of using ivmURI. ivmURI should ONLY be used to > check the against the domains and IPs found at the base of clickable links > found inside the body of the message. ivmURI should not be checked against > things like the PTR record. However, if those messages DID in fact contain > this domain inside the body of the message (and you in fact already said > you do use this domain in the body of your message) - then that would > explain it - and the representative you talked with could have merely been > mistaken about the process? Having said that, a new invaluement list is > under development, which will be a subset of imvURI - which WILL be > prescribed for usage in these other ways. Iin my case the domain was also in the body as a source url of an image, BUT here are sample smtp refusal I got before sending the DATA: 550 Sender host (app.mailvox.it) blacklisted at ivmURI 554 5.7.1 Service unavailable; Sender address [redac...@app.mailvox.it] blocked using uri.helpfulblacklist.xyz; Blocked by ivmURI
[mailop] Invaluement ivmURI contact/hints
On 4/28/2017 4:47 AM, Stefano Bagnara wrote: Our main domain "mailvox.it" is listed on ivmURI Stefano, In the past few days, I'm seeing advertisements from your ESP - that seem to be hitting spam traps.. because they are coming my way via a normally very reliable 3rd party spam feed. Additionally, the messages themselves are very suspicious because they read like "cold sales calls". Regardless, to prevent further potential collateral damage, I've delisted your domain, and I've put something in place to make it harder for you to relist. (but stopping well short of whitelisting your domain). The listing was already "on the way out" due to your delist request. I just sped that up. Also, I have very good telemetry and it concerns me that I didn't get ANY feedback from effected *recipients* (your presumably good customers' recipients, and/or THEIR networks) - as would normal happen if invaluement really were to blacklist an ESP as prestigious as MailChimp, as you claim to be. On the other hand, it might be that such feedback didn't have enough time to materialize? I just have to be careful here because MANY blackhat and dark-grayhat ESPs claim innocence all of the time - and a common thread is that the SENDERS are ALWAYS... the ONLY ones complaining about the listing. (but, again, this may not be you? And maybe we were too aggressive for this particular listing.. and such feedback from recipients would have materialized eventually?) Anyways, this is delisted now and I'll send you more information about the offending messages offlist. I also see some servers quitting the smtp conversation from my IPs because of ivmURI matching the reverse of the domain or the EHLO, or the rfc821 from address: is this an "expected" usage of the ivmURI or is this a "misuse" of that list (meant to match uris in email content) by their customers? (of course Invaluement is not resposible for that, I'm just trying to understand). That is an incorrect method of using ivmURI. ivmURI should ONLY be used to check the against the domains and IPs found at the base of clickable links found inside the body of the message. ivmURI should not be checked against things like the PTR record. However, if those messages DID in fact contain this domain inside the body of the message (and you in fact already said you do use this domain in the body of your message) - then that would explain it - and the representative you talked with could have merely been mistaken about the process? Having said that, a new invaluement list is under development, which will be a subset of imvURI - which WILL be prescribed for usage in these other ways. -- Rob McEwen http://www.invaluement.com +1 (478) 475-9032 ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
[mailop] Invaluement ivmURI contact/hints
Our main domain "mailvox.it" is listed on ivmURI since 4 days (we are an ESP, a very small "Mailchimp" of the italian market, we share the same Freemium plans and the same opt-in required in our ToS). That domain is the reverse of all of our IPs and it also used in the return path and in the "tracking pixel" of all of our emails, or to say it better, all of the emails (1-5 millions per day) of our users/customers (10K). We don't use "multiple domains" (that domain is there since 2008 in all of our emails) and the IPs are shared. All of our emails have List-Id identifying the real account (user/customer) responsible for sending the email. I sent the delist request as explained in the invaluement website (#7850A471D5#) a couple of days ago but I had no answers. Last time I tried that was more than 1 year ago, with no answer, but the block disappeared weeks later. Does anyone know how ivmURI is "fed" with spam and how they deal with false positives? The ivmURI description say "These domains are generally not seen in legitimate e-emails" but while some spam may pass our customer vetting and internal antispam measure (we try hard to do our best in this), I really think most of the emails sent by our users are legitimate and opt-in. Rob (i'm not sure if I could CC you by the etiquette of this list), can you help identify the source for this block? Anyone else have similar experience with shared ESP domain blocked by ivmURI? I also see some servers quitting the smtp conversation from my IPs because of ivmURI matching the reverse of the domain or the EHLO, or the rfc821 from address: is this an "expected" usage of the ivmURI or is this a "misuse" of that list (meant to match uris in email content) by their customers? (of course Invaluement is not resposible for that, I'm just trying to understand). Thank you, Stefano -- Stefano Bagnara CTO VOXmail.it ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop