Re: [mailop] Anyone on this list from SpamCop?

[Richard W]

If you wanna hit me up at deputies at spamcop.net I can look at exactly 
what you're seeing and I can have a look at what we can do to get around it.


To SpamCop, a URL is a URL.  Unless told otherwise, it can't tell the 
difference between a URL for wiener pills from the one you put to your 
boss's personal page in your sig.  It will offer to report all URLs it 
can find/identify unless it has been told to ignore a particular string.


As for header, technically it shouldn't grab a URL from a header, but 
the big guys are filling headers with so much crap these days it's hard 
to tell the header from the body.  SpamCop looks for a blank line and 
treats everything after that as body.


See lots of blank lines in headers now where they shouldn't be which 
only serves to trip up scripts trying to follows the lowly old RFCs.


Richard

On 2018-02-06 10:28 AM, Michael Peddemors wrote:
Want to hit me offline, notice that SpamCop considers URL's in 550 
errors as 'spamvertizing'


  
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us athttp://www.linuxmagic.com  @linuxmagic

A Wizard IT Company - For More Infohttp://www.wizard.ca  
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.


604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Andy Smith]

Hello,

On Tue, Feb 06, 2018 at 03:34:34PM -0800, Laura Atkins wrote:
> > On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> > Putting a URL in a List-Unsubscribe header is an entirely reasonable
> > thing to do, and lots of ESPs do it.  
> 
> Lots of non-ESPs do it, too. 
> 
> List-Unsubscribe: 

When it comes to SpamCop it is never offering to report URLs found
in a List-Unsubscribe header so it must have been taught to ignore
those.

It is also ignoring URLs in the header X-Spam-Report, the default
SpamAssassin report header. The problem comes when a custom report
header is used, e.g.:

X-Zen-Spam-Report: * -0.5 FIRST_RELAY_GB No description available.
 * -0.0 ZEN_PTR_PASS Passed Mail Relay Reverse DNS Test
 * -0.0 ZEN_HELO_PASS Passed HELO Reverse DNS Test
 *  1.0 RCVD_IN_SENDERSCORE_25_49 RBL: Senderscore 25-49
 *  [37.61.232.130 listed in score.senderscore.com]
 *  3.0 RCVD_IN_S5HBL RBL: Listed at all.s5h.net
 *  [See ]
 *  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 *  domains are different
 *  1.6 SUBJ_ALL_CAPS Subject is all capitals
 *  0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
 *  address
 *  0.0 HTML_MESSAGE BODY: HTML included in message
 *  1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
 * -0.1 KAM_RPTR_PASSED No description available.
 *  2.0 KAM_BADIPHTTP Due to the Storm Bot Network, IPs in emails is bad
 *  0.0 RCVD_NOT_IN_IPREPDNS Sender not listed at
 *  http://www.chaosreigns.com/iprep/
 *  0.5 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
 *  anti-forgery methods
 * -0.5 ZEN_PTR_PASS_GOOD Passed Mail Relay Reverse DNS Test - Good Rep

(Zen being a fairly large UK broadband provider)

Now the SpamCop user is allowed to report s5h.net and
chaosreigns.com, and some inevitably do because there is just one
"report" button that sends all reports at once.

Obviously whitelisting by header isn't going to work since the
report header can be anything, and there's going to be lots of other
headers where URLs can be useful.

I question the value in SpamCop looking at anything in an X- header.
The end user is not normally going to be seeing them, so the concept
of them being "spamvertized" doesn't really follow for me. That's
not to say the headers shouldn't be considered by a Bayes technique
or whatever.

Anyway, if anyone on list knows the SpamCop people maybe you could
mention it, other than that I'll shut up about it. :)

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Dave Warren via mailop]

On 2018-02-06 16:34, Laura Atkins wrote:

Putting a URL in a List-Unsubscribe header is an entirely reasonable
thing to do, and lots of ESPs do it. 


Lots of non-ESPs do it, too.


Heck, I do it for virtually all automated messages, even on some 
internal stuff, basically anything that is automated results in the 
header being added at the MTA level.


Sometimes someone wanted notifications at one point and now they don't 
care, why not make it easy? If it's a true list, it'll get unsubscribed 
automatically but if it's not (e.g. "WordPress was just updated", you 
received a fax, etc), I'll see the unsubscribe request and talk to the 
user to figure out what they actually wanted to change and assist.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Laura Atkins]

> On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> 
> In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:
 Also URLs in mail headers, which is perhaps reasonable, except that
>>> 
>>> ...many ESPs now put unsub URLs in the headers.
>> 
>> Are the results any more harmful than the same unsub URL in the foot (or 
>> otherwise in the visible body of the message)?
> 
> Putting a URL in a List-Unsubscribe header is an entirely reasonable
> thing to do, and lots of ESPs do it.  

Lots of non-ESPs do it, too. 

List-Unsubscribe: 
List-Unsubscribe: 
List-Subscribe: ,  


> Mail programs as creaky as alpine
> and as zoomy as gmail recognize them and do reasonable things with them
> that they can't do with URLs embedded in the message body.

https://wordtothewise.com/2018/01/microsoft-using-list-unsubscribe-header/
https://wordtothewise.com/2018/02/list-unsub-header/ 

https://wordtothewise.com/2015/01/deliverability-return-path-list-unsubscribe-header/

> Treating them as a spam sign is absurd unless you're stuck in the
> 1990s and consider everything from an ESP to be spam no matter what it
> is.

Or, y’know, a mailing list.

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Brandon Long via mailop]

On Tue, Feb 6, 2018 at 3:00 PM John Levine  wrote:

> In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:
> >>> Also URLs in mail headers, which is perhaps reasonable, except that
> >>
> >> ...many ESPs now put unsub URLs in the headers.
> >
> >Are the results any more harmful than the same unsub URL in the foot (or
> >otherwise in the visible body of the message)?
>
> Putting a URL in a List-Unsubscribe header is an entirely reasonable
> thing to do, and lots of ESPs do it.  Mail programs as creaky as alpine
> and as zoomy as gmail recognize them and do reasonable things with them
> that they can't do with URLs embedded in the message body.
>
> Treating them as a spam sign is absurd unless you're stuck in the
> 1990s and consider everything from an ESP to be spam no matter what it
> is.
>

I think this is for spamvertising, which is to say that if a message is
spam, anything in that message is somewhat suspect,
and one would expect trickle down effects on the reputation of what's
included.

I don't know if we apply that to the list-unsubscribe URL, but it would
certainly apply to the url -> fqdn -> domain in the body of the
message, and I would imagine it may be marginally useful to apply to the
list-unsubscribe url.  If the url is hosted at an ESP, then it may give you
an overall
reputation for that ESP, for example.

Yes, this can have weird affects, and you need to sometimes whitelist
widely shared entities, or entities can get abused by being included,
so usage of the signals in stopping messages has to be done carefully.

That said, when it comes to RBLs, they tend to be very black and white and
used by anti-spam stuff as rather black and white, so what level of
reputation
a bad domain in a url takes to make an RBL entry, and whether or not the
anti-spam program using that RBL entry requires other signs of badness
before rejecting, well, that's what divides the hackery from the not and
keeps spam analysts employeed.

Which isn't to say I have any idea how spamcop implements such things or
their utility.

Brandon
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[John Levine]

In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:
>>> Also URLs in mail headers, which is perhaps reasonable, except that
>> 
>> ...many ESPs now put unsub URLs in the headers.
>
>Are the results any more harmful than the same unsub URL in the foot (or 
>otherwise in the visible body of the message)?

Putting a URL in a List-Unsubscribe header is an entirely reasonable
thing to do, and lots of ESPs do it.  Mail programs as creaky as alpine
and as zoomy as gmail recognize them and do reasonable things with them
that they can't do with URLs embedded in the message body.

Treating them as a spam sign is absurd unless you're stuck in the
1990s and consider everything from an ESP to be spam no matter what it
is.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mail Transfer Agent Alternatives

[Dave Warren via mailop]

On 2018-02-05 10:27, Marc Goldman via mailop wrote:
I received an email telling me I would need to pay RETROACTIVELY for the 
years I did NOT receive support in order to upgrade.


Has anyone ever heard of a policy like that?


What is cheaper, paying retroactively or buying a new license?

At $DAYJOB we charge about 30% (of a new license) to renew if you renew 
on time, or about 70% to buy an upgrade if you let your support lapse. 
We want customers to always get a better deal than jumping ship but it 
encourages ongoing revenue which is what allows us to have a new version 
to buy at all.


(This is an example/anecdote and not an offer, we're in the SMB email 
space, but not an MTA vendor).



On 2018-02-05 11:03, Steve Atkins wrote:

Yes, it's pretty much normal. It dissuades people from only paying for support 
every few years when they need support or want an updated version, while not 
paying the ongoing fees that pay for development of that updated version.


While this is true, the vendor is also not paying for staff to support 
the customer while the license is expired. I'd argue that some 
percentage other than 100% retroactive costs would be appropriate since 
the customer is only benefiting from the development but not from having 
support staff available.


At the end of the day though, as long as the cost doesn't exceed that of 
simply buying a new license, I can't get super excited about the details.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Spam originating from Office 365

[Carl Byington]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, 2018-02-05 at 03:00 +, Shane Clay via mailop wrote:
> For our customers, the bulk majority of spam they actually receive
> (over 90% of whats delivered and more than 40% of whats blocked) now
> days comes from Office 365. Do others see these same trends?

The percentage is not that high here, but are you using something to
reject mail containing SFV:SPM ?  For example, spamassassin:

header OPOC X-Forefront-Antispam-Report =~ /SFV\:SPM/
score  OPOC 10


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEAREKAAYFAlp6EtIACgkQL6j7milTFsHanQCdGcolXjZX8k7spvScKIhmWjxE
JL0An2iAyx4Qtw40XymR5FsEZACLN6g0
=XYJn
-END PGP SIGNATURE-



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Heads Up

[Dave Warren via mailop]

On 2018-02-02 15:18, Michelle Sullivan wrote:

Charles McKean wrote:

On Sat, Jan 20, 2018 at 9:41 AM, Ken O'Driscoll via mailop
 wrote:

On Sat, 2018-01-20 at 11:14 +1100, Michelle Sullivan wrote:

One can only conclude, they either have a leak in their API, or they
altered the permissions to give out emails when specifically denied, or
they got hacked and didn't disclose it.

They had bug for over a year between ~2012-2013 where contact details
(including email) were unintentionally exposed.

Can't your friends see your email address on Facebook? Wouldn't that
mean that literally anybody could be responsible for leaking this
address?



No certain details (like email address) are 'Only Me' permission on my 
Facebook - because it (the email) is only used for Facebook login.


It also occurs to me that your Facebook login can be accessed by nearly 
anything that has permission to access your account, regardless of 
permissions on the email address itself, and in the past friends' apps 
might have been able to access your data.


While I don't recall the specifics, some years ago I had at least one 
app I used was able to show me some contact details of my contacts that 
weren't visible in Facebook's web interface. Who knows where that data 
has ended up.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invalid address ratio?

[Dave Warren via mailop]

On 2018-02-02 10:47, Chris wrote:

On Fri, 02 Feb 2018 16:52:16 +
Ken O'Driscoll via mailop wrote:


On Fri, 2018-02-02 at 17:26 +0100, Chris wrote:

I'm a bit surprised, that on a small mail server, 77 % of the
rejected mails are rejected because of invalid recipient adresses.
22 % because of DNSBL.

Is this ratio normal?


Assuming you're talking about inbound emails and wondering why more
mails aren't being caught by RBLs.


Yes, inbound. I'm wondering why there are so many mails to
not-existing recipients.


Are they real messages or bounces? I'm currently seeing a few domains 
receiving massive floods of bounces, some spammer seems to be using 
$firstname$randomnumber@$variousdomain forged addresses to send tons and 
tons of spam. Nothing of the outbound message touches anything I 
control, it seems to be bot originated.


I own a couple domains that are being hit, one I can guarantee that I've 
never used addresses in that format and the other was used by various 
throwaway email addresses generated by multiple people. Both are domains 
I have owned for 10-15+ years, and I'm moderately comfortable saying 
that I am the first registrant in both cases.


It's been on and off for a few months but it seems to hit the same 
domains when it happens.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Dave Warren via mailop]

On 2018-02-06 10:12, Anne P. Mitchell Esq. wrote:


  


Also URLs in mail headers, which is perhaps reasonable, except that


...many ESPs now put unsub URLs in the headers.


Are the results any more harmful than the same unsub URL in the foot (or 
otherwise in the visible body of the message)?




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Michael Wise via mailop]

SpamCop usually redacts all these with an internal SpamCop address.

But still, full headers with redaction is better than no evidence at all.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool ?



-Original Message-
From: mailop  On Behalf Of Anne P. Mitchell Esq.
Sent: Tuesday, February 6, 2018 9:12 AM
To: Michael Wise via mailop 
Subject: Re: [mailop] Anyone on this list from SpamCop?





>

> Also URLs in mail headers, which is perhaps reasonable, except that



...many ESPs now put unsub URLs in the headers.



Anne



Anne P. Mitchell,

Attorney at Law

Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) 
Legislative Consultant CEO/President, Institute for Social Internet Public 
Policy Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law 
Center Member, Cal. Bar Cyberspace Law Committee Member, Colorado Cyber 
Committee Member, Elevations Credit Union Member Council Member, Board of 
Directors, Asilomar Microcomputer Workshop Ret. Professor of Law, Lincoln Law 
School of San Jose Ret. Chair, Asilomar Microcomputer Workshop





___

mailop mailing list

mailop@mailop.org

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop=02%7C01%7Cmichael.wise%40microsoft.com%7Cf4037fc1785345396ffa08d56d8598ad%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C0%7C636535342918556717=lsrvvFIW9dJZgrd1VI9gFR97fobzmVsMu9QLww3wa1s%3D=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Anne P. Mitchell Esq.]

 
> 
> Also URLs in mail headers, which is perhaps reasonable, except that

...many ESPs now put unsub URLs in the headers.

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Andy Smith]

Hello,

On Tue, Feb 06, 2018 at 08:28:11AM -0800, Michael Peddemors wrote:
> Want to hit me offline, notice that SpamCop considers URL's in 550 errors as
> 'spamvertizing'

Also URLs in mail headers, which is perhaps reasonable, except that
we host a DNSBL that is occasionally used by SpamAssassin users.
When that inserts a header report note about a DNSBL hit, some
SpamCop users report that as a spamvertized URL… even though it was
their own email infrastructure that added it.

You can appeal the URL for whitelisting which prevents further
reports but I am unsure if that operates on the exact URL or on the
whole domain; neither of these options are suitable in my case but
perhaps they could be in yours.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone on this list from SpamCop?

[Michael Peddemors]

Want to hit me offline, notice that SpamCop considers URL's in 550 
errors as 'spamvertizing'


 
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop