Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[M. Omer GOLGELI via mailop]

Guess that is exactly why I don't add a whitelist rule to Facebook mails and 
let them rot in Quarantine boxes.
If they send to unverified, non-existing users without content, no matter where 
it is from, they are spam.
Especially when all those mails belong to Bot accounts.

To me, double opt-in and following bounce messages must be the way as it has 
been said before.

If I had spare time to list them all, considering ~50% of the spam hitting our 
spam gateway is commercial grade spam, I would block these verification 
services to get more spam, train SA and report these unsolicited mails to 
blacklists. 

I also do have some unused gmail accounts. One of them constantly receives 
Indonesian spam. Even legit mail from time to time. I presume along with a 
person mistyping their email address, it is also common for people mistyping it 
when they are sending the email.
M. Omer GOLGELI
---
AS202365

 https://as202365.peeringdb.com (https://as202365.peeringdb.com)
 https://bgp.he.net/AS202365 (https://bgp.he.net/AS202365)
January 17, 2020 9:48 AM, "Mark Foster via mailop" mailto:mailop@mailop.org?to=%22Mark%20Foster%20via%20mailop%22%20)>
 wrote:
Yes, I assume that’s the root of how I got on those mailing lists – 
someone deciding my email address was theirs. 

But what’s the difference between that, and spam? 

In my eyes it’s all unwanted email in my inbox. And it’s not once or 
twice. It’s hundreds of times. Far from isolated cases. 

I’ve had to delink my email address from random accounts at services 
like MySpace (yes, really), Club Penguin (I’m not the target market) and at 
some point it’s gotta be malicious. Where does one draw the line? 

I’ve always subscribed to the maxim that if I didn’t opt-in, I’m not 
gonna opt-out. If you run a service that doesn’t have effective double-opt-in, 
(or even a ‘click this if it wasn’t you!’ early in the process), this is the 
risk you run, right? 

Mark. 

From: Brandon Long mailto:bl...@google.com)>
Sent: Friday, 17 January 2020 5:28 pm
To: Mark Foster mailto:blak...@blakjak.net)>
Cc: Jay Hennigan mailto:mailop-l...@keycodes.com)>; 
mailop mailto:mailop@mailop.org)>
Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing 
services, industry feedback.. 
Honestly, that sounds like someone else thinks that's their account... 
unless I'm misinterpreting what you're saying. I have a couple friends with 
common name accounts, and they get a lot of mail obviously meant for other 
people. 
Anyhoo, that's its own major issue that's complicated by sites with 
lack of coi, of course. 
In any case, I fail to see how not using unsubscribe in that case is 
useful, but to each their own. 
Brandon  
On Thu, Jan 16, 2020, 6:49 PM Mark Foster mailto:blak...@blakjak.net)> wrote: 

I couldn't help but respond to this one...

> I'd say if it's even remotely gray mail, and not pure spam, go for the
> unsubscribe. On Gmail, we only provide a ui unsub link if the sender
> reputation is ok, for example, but arguably anything from a mainstream esp
> or company is fine to unsub from. I see a lot of local companies and
> non-profits who have bad sending practices and often go to spam that are
> completely fine to unsub from, for example, and helps clear out the spam
> label to make it easier to find the false positives.
>
> This is also informed both by the prevalence of spam (something like 90%
> of
> active users get a spam a week) and the effectiveness of our spam filters.
> When I see other folks saying they don't get much spam, only 5 or more
> messages a day past their filters... I can understand why they don't want
> to get anymore.
>

I have a gmail account. It's used for 'some' email but not the vast
majority - I have my own domains and MTA for that.
But the gmail account is used for some mailing lists I use relatively
infrequently, and I also use it for other Google services, particular the
Calendar.
Sure.

The amount of spam I receive to gmail is not insignificant.
I'm in New Zealand, yet i've somehow managed to book travel, accomodation
and rental vehicles all across the USA. I've somehow managed to opt-in to
various news services in India.
And i'm on alumni distribution lists for several education providers
(again mostly in the USA).

Every single one of these emails is spam to my mind, because I did not
opt-in. I did not publically disclose my email address. I never emailed
these organisations.
Each one probably has a vaguely legitimate or perhaps even positive sender
reputation (in all cases I click 'report as spam' and I get the dialogue
that asks whether I want to unsubscribe, which I never do).

So it's not about being grey, it really does come down to, did I opt-in in
any way, shape or form, or not?
That opt-in may include legitimately doing business with that
organisation. And if it were my commercial email address, i'd have to
view that question in a 

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Mark Foster via mailop]

Yes, I assume that’s the root of how I got on those mailing lists – someone 
deciding my email address was theirs.

But what’s the difference between that, and spam?

In my eyes it’s all unwanted email in my inbox. And it’s not once or twice. 
It’s hundreds of times. Far from isolated cases.

 

I’ve had to delink my email address from random accounts at services like 
MySpace (yes, really), Club Penguin (I’m not the target market) and at some 
point it’s gotta be malicious. Where does one draw the line?

 

I’ve always subscribed to the maxim that if I didn’t opt-in, I’m not gonna 
opt-out.  If you run a service that doesn’t have effective double-opt-in, (or 
even a ‘click this if it wasn’t you!’ early in the process), this is the risk 
you run, right?

 

Mark.

 

From: Brandon Long  
Sent: Friday, 17 January 2020 5:28 pm
To: Mark Foster 
Cc: Jay Hennigan ; mailop 
Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing 
services, industry feedback..

 

Honestly, that sounds like someone else thinks that's their account... unless 
I'm misinterpreting what you're saying.  I have a couple friends with common 
name accounts, and they get a lot of mail obviously meant for other people.

 

Anyhoo, that's its own major issue that's complicated by sites with lack of 
coi, of course.

 

In any case, I fail to see how not using unsubscribe in that case is useful, 
but to each their own.

 

Brandon

 

On Thu, Jan 16, 2020, 6:49 PM Mark Foster mailto:blak...@blakjak.net> > wrote:

I couldn't help but respond to this one...

> I'd say if it's even remotely gray mail, and not pure spam, go for the
> unsubscribe.  On Gmail, we only provide a ui unsub link if the sender
> reputation is ok, for example, but arguably anything from a mainstream esp
> or company is fine to unsub from.  I see a lot of local companies and
> non-profits who have bad sending practices and often go to spam that are
> completely fine to unsub from, for example, and helps clear out the spam
> label to make it easier to find the false positives.
>
> This is also informed both by the prevalence of spam (something like 90%
> of
> active users get a spam a week) and the effectiveness of our spam filters.
> When I see other folks saying they don't get much spam, only 5 or more
> messages a day past their filters... I can understand why they don't want
> to get anymore.
>

I have a gmail account. It's used for 'some' email but not the vast
majority - I have my own domains and MTA for that.
But the gmail account is used for some mailing lists I use relatively
infrequently, and I also use it for other Google services, particular the
Calendar.
Sure.

The amount of spam I receive to gmail is not insignificant.
I'm in New Zealand, yet i've somehow managed to book travel, accomodation
and rental vehicles all across the USA.  I've somehow managed to opt-in to
various news services in India.
And i'm on alumni distribution lists for several education providers
(again mostly in the USA).

Every single one of these emails is spam to my mind, because I did not
opt-in. I did not publically disclose my email address. I never emailed
these organisations.
Each one probably has a vaguely legitimate or perhaps even positive sender
reputation (in all cases I click 'report as spam' and I get the dialogue
that asks whether I want to unsubscribe, which I never do).

So it's not about being grey, it really does come down to, did I opt-in in
any way, shape or form, or not?
That opt-in may include legitimately doing business with that
organisation.  And if it were my commercial email address, i'd have to
view that question in a commercial context

At work, unsolicited emails from vendors where _others_ in my organisation
hold the relationship, and i've never corresponded with them - are still
spam in my eyes.  Usually overzealous  marketing types, and usually
corrected via our account management, along with an apology.
But to my personal gmail account? Which I use in a very small number of
places?  As much as a lot of spam _is_ filtered successfully, plenty more
isn't, event legit senders frequently don't have effective double-opt-in
and from half way around the world, finding an out-of-band way to
report/complain/resolve the issue is almost impossible. So the
report-as-spam button gets a bit of use.

I still like the New Zealand legal definitions of consent, quite a bit of
work was done to define the various types of consent and what that means.
https://www.dia.govt.nz/Spam-Frequently-Asked-Questions#con

Cheers
Mark.


> I don't believe spammers are really selling clean lists, our experience is
> they email everyone they possibly can.  Maybe there are some dark gray
> spammers who try to use various legitimate delivery techniques to curate
> their lists and expand their inboxing, but they seem to mostly want to
> work
> around spam filter weaknesses instead of trying to be more legit.
>
> Brandon
>
>>
> ___

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Brandon Long via mailop]

Honestly, that sounds like someone else thinks that's their account...
unless I'm misinterpreting what you're saying.  I have a couple friends
with common name accounts, and they get a lot of mail obviously meant for
other people.

Anyhoo, that's its own major issue that's complicated by sites with lack of
coi, of course.

In any case, I fail to see how not using unsubscribe in that case is
useful, but to each their own.

Brandon

On Thu, Jan 16, 2020, 6:49 PM Mark Foster  wrote:

> I couldn't help but respond to this one...
>
> > I'd say if it's even remotely gray mail, and not pure spam, go for the
> > unsubscribe.  On Gmail, we only provide a ui unsub link if the sender
> > reputation is ok, for example, but arguably anything from a mainstream
> esp
> > or company is fine to unsub from.  I see a lot of local companies and
> > non-profits who have bad sending practices and often go to spam that are
> > completely fine to unsub from, for example, and helps clear out the spam
> > label to make it easier to find the false positives.
> >
> > This is also informed both by the prevalence of spam (something like 90%
> > of
> > active users get a spam a week) and the effectiveness of our spam
> filters.
> > When I see other folks saying they don't get much spam, only 5 or more
> > messages a day past their filters... I can understand why they don't want
> > to get anymore.
> >
>
> I have a gmail account. It's used for 'some' email but not the vast
> majority - I have my own domains and MTA for that.
> But the gmail account is used for some mailing lists I use relatively
> infrequently, and I also use it for other Google services, particular the
> Calendar.
> Sure.
>
> The amount of spam I receive to gmail is not insignificant.
> I'm in New Zealand, yet i've somehow managed to book travel, accomodation
> and rental vehicles all across the USA.  I've somehow managed to opt-in to
> various news services in India.
> And i'm on alumni distribution lists for several education providers
> (again mostly in the USA).
>
> Every single one of these emails is spam to my mind, because I did not
> opt-in. I did not publically disclose my email address. I never emailed
> these organisations.
> Each one probably has a vaguely legitimate or perhaps even positive sender
> reputation (in all cases I click 'report as spam' and I get the dialogue
> that asks whether I want to unsubscribe, which I never do).
>
> So it's not about being grey, it really does come down to, did I opt-in in
> any way, shape or form, or not?
> That opt-in may include legitimately doing business with that
> organisation.  And if it were my commercial email address, i'd have to
> view that question in a commercial context
>
> At work, unsolicited emails from vendors where _others_ in my organisation
> hold the relationship, and i've never corresponded with them - are still
> spam in my eyes.  Usually overzealous  marketing types, and usually
> corrected via our account management, along with an apology.
> But to my personal gmail account? Which I use in a very small number of
> places?  As much as a lot of spam _is_ filtered successfully, plenty more
> isn't, event legit senders frequently don't have effective double-opt-in
> and from half way around the world, finding an out-of-band way to
> report/complain/resolve the issue is almost impossible. So the
> report-as-spam button gets a bit of use.
>
> I still like the New Zealand legal definitions of consent, quite a bit of
> work was done to define the various types of consent and what that means.
> https://www.dia.govt.nz/Spam-Frequently-Asked-Questions#con
>
> Cheers
> Mark.
>
>
> > I don't believe spammers are really selling clean lists, our experience
> is
> > they email everyone they possibly can.  Maybe there are some dark gray
> > spammers who try to use various legitimate delivery techniques to curate
> > their lists and expand their inboxing, but they seem to mostly want to
> > work
> > around spam filter weaknesses instead of trying to be more legit.
> >
> > Brandon
> >
> >>
> > ___
> > mailop mailing list
> > mailop@mailop.org
> > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> >
>
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Mark Foster via mailop]

I couldn't help but respond to this one...

> I'd say if it's even remotely gray mail, and not pure spam, go for the
> unsubscribe.  On Gmail, we only provide a ui unsub link if the sender
> reputation is ok, for example, but arguably anything from a mainstream esp
> or company is fine to unsub from.  I see a lot of local companies and
> non-profits who have bad sending practices and often go to spam that are
> completely fine to unsub from, for example, and helps clear out the spam
> label to make it easier to find the false positives.
>
> This is also informed both by the prevalence of spam (something like 90%
> of
> active users get a spam a week) and the effectiveness of our spam filters.
> When I see other folks saying they don't get much spam, only 5 or more
> messages a day past their filters... I can understand why they don't want
> to get anymore.
>

I have a gmail account. It's used for 'some' email but not the vast
majority - I have my own domains and MTA for that.
But the gmail account is used for some mailing lists I use relatively
infrequently, and I also use it for other Google services, particular the
Calendar.
Sure.

The amount of spam I receive to gmail is not insignificant.
I'm in New Zealand, yet i've somehow managed to book travel, accomodation
and rental vehicles all across the USA.  I've somehow managed to opt-in to
various news services in India.
And i'm on alumni distribution lists for several education providers
(again mostly in the USA).

Every single one of these emails is spam to my mind, because I did not
opt-in. I did not publically disclose my email address. I never emailed
these organisations.
Each one probably has a vaguely legitimate or perhaps even positive sender
reputation (in all cases I click 'report as spam' and I get the dialogue
that asks whether I want to unsubscribe, which I never do).

So it's not about being grey, it really does come down to, did I opt-in in
any way, shape or form, or not?
That opt-in may include legitimately doing business with that
organisation.  And if it were my commercial email address, i'd have to
view that question in a commercial context

At work, unsolicited emails from vendors where _others_ in my organisation
hold the relationship, and i've never corresponded with them - are still
spam in my eyes.  Usually overzealous  marketing types, and usually
corrected via our account management, along with an apology.
But to my personal gmail account? Which I use in a very small number of
places?  As much as a lot of spam _is_ filtered successfully, plenty more
isn't, event legit senders frequently don't have effective double-opt-in
and from half way around the world, finding an out-of-band way to
report/complain/resolve the issue is almost impossible. So the
report-as-spam button gets a bit of use.

I still like the New Zealand legal definitions of consent, quite a bit of
work was done to define the various types of consent and what that means.
https://www.dia.govt.nz/Spam-Frequently-Asked-Questions#con

Cheers
Mark.


> I don't believe spammers are really selling clean lists, our experience is
> they email everyone they possibly can.  Maybe there are some dark gray
> spammers who try to use various legitimate delivery techniques to curate
> their lists and expand their inboxing, but they seem to mostly want to
> work
> around spam filter weaknesses instead of trying to be more legit.
>
> Brandon
>
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] bell.ca?

[Matt Vernhout via mailop]

Just in case I passed this along to one of my contacts at Bell... not sure if 
they are represented here or not. 

Cheers,

~
Matt

> On Jan 16, 2020, at 18:21, Steven Champeon via mailop  
> wrote:
> 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] bell.ca?

[rps462 via mailop]

An accident, I'm sure. I forwarded this to them, thanks!
-Ryan

On Thu, Jan 16, 2020 at 4:22 PM Steven Champeon via mailop <
mailop@mailop.org> wrote:

>
> Is anyone from bell.ca here who has any way to fix their DNS? They seem
> to have several blocks that have spaces (\032) in their PTRs, which is
> sort of weird.
>
> eg:
>
> 74.15.212.103:bras-base-sjerpq0524w-grc-12  -74-15-212-103.dsl.bell.ca
>
> I mean, your network your rules, but this just seems like an accident.
>
> --
> hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w:
> http://hesketh.com/
> Internet security and antispam hostname intelligence:
> http://enemieslist.com/
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] bell.ca?

[Steven Champeon via mailop]

Is anyone from bell.ca here who has any way to fix their DNS? They seem
to have several blocks that have spaces (\032) in their PTRs, which is
sort of weird.

eg:

74.15.212.103:bras-base-sjerpq0524w-grc-12  -74-15-212-103.dsl.bell.ca

I mean, your network your rules, but this just seems like an accident.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2553 w: http://hesketh.com/
Internet security and antispam hostname intelligence: http://enemieslist.com/

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Contact at networksolutions.com

[Frank Bulk via mailop]

We and our customers occasionally get email from netoworksolutions.com as it
pertains to their services.  I noticed that their domain name has two
different kinds of SPF errors -- anyone know anyone in their mail or DNS
operations that can effect a change?

https://tools.wordtothewise.com/spf/check/networksolutions.com
https://dmarcian.com/spf-survey/?domain=networksolutions.com

Frank 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] mta-sts.outlook.com Internal server error

[Michael Wise via mailop]

We care!



And it appears to still be happening. Hmm.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Open a ticket for Hotmail ?



-Original Message-
From: mailop  On Behalf Of Andreas Schamanek via 
mailop
Sent: Thursday, January 16, 2020 1:17 PM
To: mailop 
Subject: [EXTERNAL] [mailop] mta-sts.outlook.com Internal server error





In case someone cares:



$ curl -sD- -o/dev/null 
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmta-sts.hotmail.com%2F.well-known%2Fmta-sts.txt&data=02%7C01%7Cmichael.wise%40microsoft.com%7C3808f274e5a2447acaa308d79aca1ca6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148065163372902&sdata=LJDO5VpnEx7FDxbUeDpdP%2BTIGfiaeoBOp0HqmPe9Mmg%3D&reserved=0
 | grep ^HTTP

HTTP/1.1 500 Internal Server Error



Same for hotmail.com. Started seeing this in the night between January

6 and 7.



--

-- Andreas



  :-)





___

mailop mailing list

mailop@mailop.org

https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7C3808f274e5a2447acaa308d79aca1ca6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637148065163372902&sdata=wHbeOolOLmvVYttDqWtmUSqsfr1BoA36IkCPfpWIkKE%3D&reserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] mta-sts.outlook.com Internal server error

[Andreas Schamanek via mailop]

In case someone cares:

$ curl -sD- -o/dev/null https://mta-sts.hotmail.com/.well-known/mta-sts.txt | 
grep ^HTTP
HTTP/1.1 500 Internal Server Error

Same for hotmail.com. Started seeing this in the night between January 
6 and 7.


--
-- Andreas

 :-)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Frank Bulk via mailop]

We have a professional services customer that collects email addresses at home 
and garden shows. As you can imagine, there’s lots of messy handwriting and 
some people are likely writing down a fake email address so they can get a free 
something-or-other.  We’ve told our customer the same thing – don’t wait until 
having visited all 10+ home and garden shows, send them a “welcome” email right 
away, and if comes back bad, remove their email address from your lists.

 

Frank

 

From: mailop  On Behalf Of Luke via mailop
Sent: Thursday, January 16, 2020 11:36 AM
To: Jaroslaw Rafa 
Cc: mailop@mailop.org; Jesse Thompson 
Subject: Re: [mailop] [FEEDBACK] Approach to dealing with List Washing 
services, industry feedback..

 

I actually work for a company that sells a validation tool as a part of our 
platform and I'm still pretty confused by the appeal of such a thing. As Mr. 
Wise said before, "bounce processing!"

 

I want to believe a legitimate use case for validation exists but if you 
collect addresses in an appropriate manner, monitor engagement, pay attention 
to bounces and suppress addresses accordingly, there is no need to 
programmatically validate/invalidate address. Ever. 

 

Sometimes I hear about this scenario where someone collected the addresses 
appropriately, but it has been years since they've sent to them and they need 
to ensure they are valid before they try to re-engage them. So people think it 
makes sense to run the list through a validation service to eliminate the 
obviously bad addresses before sending to the rest. Or, you could just send to 
this list slowly over some period of time and let the bad ones bounce and let 
the good ones deliver. SMTP has build in address validation. And its free :)

 

Luke

 

On Thu, Jan 16, 2020 at 9:54 AM Jaroslaw Rafa via mailop mailto:mailop@mailop.org> > wrote:

Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze:
> 
> Another factor that complicates things is that users are afraid to 
> unsubscribe (to send the signal directly to the marketer)
> 1) when the message was obviously unsolicited
> 2) because they're constantly told not to click on links within spam 
> messages

Myself, I never unsubscribe from any mass mailings if I didn't previously
knowingly and willingly subscribe to them (and I very rarely subscribe to
any). I guess that's pretty reasonable approach.

If I didn't subscribe and someone is sending me mass mailings nevertheless,
these people do not qualify to send them any "direct signals", because they
will most likely ignore it (or even treat the "unsubscribe" operation as a
confirmation that I actually read their messages, so they will put me on
more mailing lists). I didn't subscribe to their mailings, why should I ask
them to unsubscribe me? The only thing to be done about such messages is to
delete them or block the senders if they send too much.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org  
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org  
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Brandon Long via mailop]

On Thu, Jan 16, 2020, 9:29 AM Jay Hennigan via mailop 
wrote:

> On 1/16/20 07:44, Jesse Thompson via mailop wrote:
>
> > On the other side of the coin, recipients within the same institution
> > are constantly baffled why they keep getting unsolicited marketing from
> > companies who, by all appearances, are playing by the rules (except for
> > the unsolicited part, of course) and can't realistically be classified
> > as spam by anyone who assumes that marketers aren't all skirting the
> rules.
>
> ...(except for the unsolicited part, of course)...
>
> ...can't realistically be classified as spam...
>
> Isn't that the very definition of spam? It's unsolicited, it's bulk, and
> it's email.
>

Going by spam is what the receiver thinks, many business customers tend to
view most marketing from consumer stuff as spam, even if opt-in (ie,
Target), but are typically more welcoming to things that are closer to
their business use cases, including conferences and even some more direct
sales like messages.  Many of those aren't quite as bulk as the more
consumer oriented spam.  There's also often multiple people involved in
receiving, so the admins having some control, or corporate policies,
overriding the specific employees.

Which is just a way of saying that different receivers have different ideas
about spam, and one size fits all doesn't.  There's a lot more gray then
one would like.

> Another factor that complicates things is that users are afraid to
> > unsubscribe (to send the signal directly to the marketer)
> > 1) when the message was obviously unsolicited
> > 2) because they're constantly told not to click on links within spam
> > messages
>
> IMHO, they shouldn't unsubscribe. This validates their address and the
> fact that they open and read spam. Unsubscribing to spam gets your
> address sold to other spammers as "One who has responded to similar
> messages." They should report the spam as abuse. And, as you suggest,
> the unsubscribe link could very well be malware.
>

I'd say if it's even remotely gray mail, and not pure spam, go for the
unsubscribe.  On Gmail, we only provide a ui unsub link if the sender
reputation is ok, for example, but arguably anything from a mainstream esp
or company is fine to unsub from.  I see a lot of local companies and
non-profits who have bad sending practices and often go to spam that are
completely fine to unsub from, for example, and helps clear out the spam
label to make it easier to find the false positives.

This is also informed both by the prevalence of spam (something like 90% of
active users get a spam a week) and the effectiveness of our spam filters.
When I see other folks saying they don't get much spam, only 5 or more
messages a day past their filters... I can understand why they don't want
to get anymore.

I don't believe spammers are really selling clean lists, our experience is
they email everyone they possibly can.  Maybe there are some dark gray
spammers who try to use various legitimate delivery techniques to curate
their lists and expand their inboxing, but they seem to mostly want to work
around spam filter weaknesses instead of trying to be more legit.

Brandon

>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Brandon Long via mailop]

There are probably some legitimate use cases, such as pre-email validation
attempts before even emailing for opt-in (ie, validating form
subscriptions), and I imagine most esps have their own validation they use
when a customer gives them a new address or list, though that's mostly
trying to determine whether the list/customer is legitimate or not.  You
can probably even expand that list checking to see if it has a high
equivalence to other bad lists you've seen in the past.

Ie, even a single message to a spamtrap can be bad for their delivery, so
it behooves them to try to prevent even one.  I doubt most honeypots are
distinguishing between seemingly legitimate coi requests.

Not quite washing in the same sense, of course.

Brandon

On Thu, Jan 16, 2020, 9:38 AM Luke via mailop  wrote:

> I actually work for a company that sells a validation tool as a part of
> our platform and I'm still pretty confused by the appeal of such a thing.
> As Mr. Wise said before, "bounce processing!"
>
> I want to believe a legitimate use case for validation exists but if you
> collect addresses in an appropriate manner, monitor engagement, pay
> attention to bounces and suppress addresses accordingly, there is no need
> to programmatically validate/invalidate address. Ever.
>
> Sometimes I hear about this scenario where someone collected the addresses
> appropriately, but it has been years since they've sent to them and they
> need to ensure they are valid before they try to re-engage them. So
> people think it makes sense to run the list through a validation service to
> eliminate the obviously bad addresses before sending to the rest. Or, you
> could just send to this list slowly over some period of time and let the
> bad ones bounce and let the good ones deliver. SMTP has build in address
> validation. And its free :)
>
> Luke
>
> On Thu, Jan 16, 2020 at 9:54 AM Jaroslaw Rafa via mailop <
> mailop@mailop.org> wrote:
>
>> Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze:
>> >
>> > Another factor that complicates things is that users are afraid to
>> > unsubscribe (to send the signal directly to the marketer)
>> > 1) when the message was obviously unsolicited
>> > 2) because they're constantly told not to click on links within spam
>> > messages
>>
>> Myself, I never unsubscribe from any mass mailings if I didn't previously
>> knowingly and willingly subscribe to them (and I very rarely subscribe to
>> any). I guess that's pretty reasonable approach.
>>
>> If I didn't subscribe and someone is sending me mass mailings
>> nevertheless,
>> these people do not qualify to send them any "direct signals", because
>> they
>> will most likely ignore it (or even treat the "unsubscribe" operation as a
>> confirmation that I actually read their messages, so they will put me on
>> more mailing lists). I didn't subscribe to their mailings, why should I
>> ask
>> them to unsubscribe me? The only thing to be done about such messages is
>> to
>> delete them or block the senders if they send too much.
>> --
>> Regards,
>>Jaroslaw Rafa
>>r...@rafa.eu.org
>> --
>> "In a million years, when kids go to school, they're gonna know: once
>> there
>> was a Hushpuppy, and she lived with her daddy in the Bathtub."
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GoDaddy Here?

[Allen Kitchen via mailop]

Just a quick note .. my $DayJob staff has found Matthew to be very helpful in 
the past. (I waited to say this until ascertaining he’s still here!) 

Thanks, Matthew..

..Allen

> On Jan 16, 2020, at 12:52, Matthew T Heffelfinger via mailop 
>  wrote:
> 
> For future reference, I am on here. 
> 
> I sorted Todd out via the M3AAWG slack earlier today, however. 
> 
> Matt Heffelfinger
> GoDaddy | Email Systems Engineer
> m...@godaddy.com
> 
> Date: Thu, 16 Jan 2020 09:15:22 -0500
> From: Todd Herr 
> To: mailop@mailop.org
> Subject: [mailop] GoDaddy Here?
> Message-ID:
>
> Content-Type: text/plain; charset="utf-8"
> 
> Hi.
> 
> Archives seem to indicate that GoDaddy's not represented here, but figured
> I'd ask again in case that had changed.
> 
> If they are here, or if anyone has a contact there, please reach out to me;
> I'm looking for clues on how best to deal with throttling issues on mail
> inbound to GoDaddy-hosted domains.
> 
> Thanks.
> 
> --
> 
> *todd herr*
> 
> *postmaster www.sparkpost.com <http://www.sparkpost.com>*
> *twitter* @toddherr @sparkpost
> 
> *mobile* 703-220-4153
> *email* todd.h...@sparkpost.com 
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> <https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20200116/4198b6aa/attachment-0001.html>
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
> 
> -- 
> This email was Virus checked by DSSC Solutions Company Security Gateway. 

-- 
This email was Virus checked by DSSC Solutions Company Security Gateway. 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] GoDaddy Here?

[Matthew T Heffelfinger via mailop]

For future reference, I am on here. 

I sorted Todd out via the M3AAWG slack earlier today, however. 

Matt Heffelfinger
GoDaddy | Email Systems Engineer
m...@godaddy.com

Date: Thu, 16 Jan 2020 09:15:22 -0500
From: Todd Herr 
To: mailop@mailop.org
Subject: [mailop] GoDaddy Here?
Message-ID:

Content-Type: text/plain; charset="utf-8"

Hi.

Archives seem to indicate that GoDaddy's not represented here, but figured
I'd ask again in case that had changed.

If they are here, or if anyone has a contact there, please reach out to me;
I'm looking for clues on how best to deal with throttling issues on mail
inbound to GoDaddy-hosted domains.

Thanks.

--

*todd herr*

*postmaster www.sparkpost.com <http://www.sparkpost.com>*
*twitter* @toddherr @sparkpost

*mobile* 703-220-4153
*email* todd.h...@sparkpost.com 
-- next part --
An HTML attachment was scrubbed...
URL: 
<https://chilli.nosignal.org/cgi-bin/mailman/private/mailop/attachments/20200116/4198b6aa/attachment-0001.html>

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Luke via mailop]

I actually work for a company that sells a validation tool as a part of our
platform and I'm still pretty confused by the appeal of such a thing. As
Mr. Wise said before, "bounce processing!"

I want to believe a legitimate use case for validation exists but if you
collect addresses in an appropriate manner, monitor engagement, pay
attention to bounces and suppress addresses accordingly, there is no need
to programmatically validate/invalidate address. Ever.

Sometimes I hear about this scenario where someone collected the addresses
appropriately, but it has been years since they've sent to them and they
need to ensure they are valid before they try to re-engage them. So
people think it makes sense to run the list through a validation service to
eliminate the obviously bad addresses before sending to the rest. Or, you
could just send to this list slowly over some period of time and let the
bad ones bounce and let the good ones deliver. SMTP has build in address
validation. And its free :)

Luke

On Thu, Jan 16, 2020 at 9:54 AM Jaroslaw Rafa via mailop 
wrote:

> Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze:
> >
> > Another factor that complicates things is that users are afraid to
> > unsubscribe (to send the signal directly to the marketer)
> > 1) when the message was obviously unsolicited
> > 2) because they're constantly told not to click on links within spam
> > messages
>
> Myself, I never unsubscribe from any mass mailings if I didn't previously
> knowingly and willingly subscribe to them (and I very rarely subscribe to
> any). I guess that's pretty reasonable approach.
>
> If I didn't subscribe and someone is sending me mass mailings nevertheless,
> these people do not qualify to send them any "direct signals", because they
> will most likely ignore it (or even treat the "unsubscribe" operation as a
> confirmation that I actually read their messages, so they will put me on
> more mailing lists). I didn't subscribe to their mailings, why should I ask
> them to unsubscribe me? The only thing to be done about such messages is to
> delete them or block the senders if they send too much.
> --
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Jay Hennigan via mailop]

On 1/16/20 07:44, Jesse Thompson via mailop wrote:


On the other side of the coin, recipients within the same institution
are constantly baffled why they keep getting unsolicited marketing from
companies who, by all appearances, are playing by the rules (except for
the unsolicited part, of course) and can't realistically be classified
as spam by anyone who assumes that marketers aren't all skirting the rules.


...(except for the unsolicited part, of course)...

...can't realistically be classified as spam...

Isn't that the very definition of spam? It's unsolicited, it's bulk, and 
it's email.



Another factor that complicates things is that users are afraid to
unsubscribe (to send the signal directly to the marketer)
1) when the message was obviously unsolicited
2) because they're constantly told not to click on links within spam
messages


IMHO, they shouldn't unsubscribe. This validates their address and the 
fact that they open and read spam. Unsubscribing to spam gets your 
address sold to other spammers as "One who has responded to similar 
messages." They should report the spam as abuse. And, as you suggest, 
the unsubscribe link could very well be malware.


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Jaroslaw Rafa via mailop]

Dnia 16.01.2020 o godz. 15:44:46 Jesse Thompson via mailop pisze:
> 
> Another factor that complicates things is that users are afraid to 
> unsubscribe (to send the signal directly to the marketer)
> 1) when the message was obviously unsolicited
> 2) because they're constantly told not to click on links within spam 
> messages

Myself, I never unsubscribe from any mass mailings if I didn't previously
knowingly and willingly subscribe to them (and I very rarely subscribe to
any). I guess that's pretty reasonable approach.

If I didn't subscribe and someone is sending me mass mailings nevertheless,
these people do not qualify to send them any "direct signals", because they
will most likely ignore it (or even treat the "unsubscribe" operation as a
confirmation that I actually read their messages, so they will put me on
more mailing lists). I didn't subscribe to their mailings, why should I ask
them to unsubscribe me? The only thing to be done about such messages is to
delete them or block the senders if they send too much.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Might want to check if any of these are your domains.. Digital Ocean Forgeries?

[Michael Peddemors via mailop]

Oh, and forgot to mention the payload..

https://storage.googleapis.com/rr-m/insta%20oth%20o.html";>

On 2020-01-16 8:32 a.m., Michael Peddemors via mailop wrote:

A new round of Digital Ocean badness appears to be starting up...

Thought it worth the heads up.. (Eg, SendGrid)

Of course, these are probably phishing attempts.. Fake Bounce mails..
Fake Pill Spammer, really spammy format..
Malformed headers etc..

But might affect your reputations.. ongoing as of right now..



  167.172.145.32   19   mail.theguardian.com
    167.172.145.50    91   mail.bankersadda.com
    167.172.145.107   90   mail.umassonline.net
    167.172.145.108   85   mail.aeaweb.org
167.172.150.182   8   mail.affinitas.de
    167.172.150.219   80   mail.hobbylinc.com
    167.172.150.227   23   mail.sendgrid.net
167.172.247.8    57   mail.zimbio.com
    167.172.247.14    43   mail.trivago.com
    167.172.247.65    60   mail.myonlinechart.org
    167.172.247.66    69   mail.enotes.com
167.172.251.168  21   mail.ca.gov
    167.172.251.185   35   mail.panerabread.com
    167.172.251.194   15   mail.newpetowners.com
    167.172.251.195   34 mail.bibliotecapleyades.net





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Might want to check if any of these are your domains.. Digital Ocean Forgeries?

[Michael Peddemors via mailop]

A new round of Digital Ocean badness appears to be starting up...

Thought it worth the heads up.. (Eg, SendGrid)

Of course, these are probably phishing attempts.. Fake Bounce mails..
Fake Pill Spammer, really spammy format..
Malformed headers etc..

But might affect your reputations.. ongoing as of right now..



 167.172.145.32   19   mail.theguardian.com
   167.172.145.5091   mail.bankersadda.com
   167.172.145.107   90   mail.umassonline.net
   167.172.145.108   85   mail.aeaweb.org
167.172.150.182   8   mail.affinitas.de
   167.172.150.219   80   mail.hobbylinc.com
   167.172.150.227   23   mail.sendgrid.net
167.172.247.857   mail.zimbio.com
   167.172.247.1443   mail.trivago.com
   167.172.247.6560   mail.myonlinechart.org
   167.172.247.6669   mail.enotes.com
167.172.251.168  21   mail.ca.gov
   167.172.251.185   35   mail.panerabread.com
   167.172.251.194   15   mail.newpetowners.com
   167.172.251.195   34 mail.bibliotecapleyades.net

--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] Approach to dealing with List Washing services, industry feedback..

[Jesse Thompson via mailop]

On 1/6/20 2:04 PM, John Johnstone via mailop wrote:
> It is interesting how quiet it is on this topic.

IMO, that's because it falls into the "I know it when I see it, but I 
can't realistically prevent it" category.

Legitimate marketers (for example, some people within my own 
institution) have a real interest in keeping their old, yet legitimately 
obtained, lists clean of addresses that are obviously no longer valid, 
and they have a real apprehension to completely throw away their lists 
and start over.  Some of the savvy marketers will contract with an email 
validation service to solve this challenge.  Sometimes it leaves them 
with a foul taste in their mouth once they realize the privacy conundrum 
(at least, that's the story I tell myself).

On the other side of the coin, recipients within the same institution 
are constantly baffled why they keep getting unsolicited marketing from 
companies who, by all appearances, are playing by the rules (except for 
the unsolicited part, of course) and can't realistically be classified 
as spam by anyone who assumes that marketers aren't all skirting the rules.

Another factor that complicates things is that users are afraid to 
unsubscribe (to send the signal directly to the marketer)
1) when the message was obviously unsolicited
2) because they're constantly told not to click on links within spam 
messages

Maybe more ISPs and MUAs should leverage the List-Unsubscribe-Post 
process server-side when users click their Report Spam buttons.  Maybe 
I'm grasping at straws here...

Jesse
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] GoDaddy Here?

[Todd Herr via mailop]

Hi.

Archives seem to indicate that GoDaddy's not represented here, but figured
I'd ask again in case that had changed.

If they are here, or if anyone has a contact there, please reach out to me;
I'm looking for clues on how best to deal with throttling issues on mail
inbound to GoDaddy-hosted domains.

Thanks.

-- 

*todd herr*

*postmaster www.sparkpost.com *
*twitter* @toddherr @sparkpost

*mobile* 703-220-4153
*email* todd.h...@sparkpost.com 
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Trendmicro Emails: "An email sent to you has been placed in quarantine by Hosted Email Security (HES)."

[Benoit Panizzon via mailop]

Hi Gang

I wonder if others have also started seing such emails:

Source:

Received: from routemea20.hes.trendmicro.eu (routemea20.hes.trendmicro.eu 
[3.125.147.66])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by idefix.imp.ch (Postfix) with ESMTPS id A7510C008C
for <*HIDDEN*@imp.ch>; Wed, 15 Jan 2020 02:15:38 +0100 (CET)

Hosted on Amazon AWS. Of course they never react to inquiries.

But the PTR looks legit. So I assume they are indeed sent by Trendmicro.

Content:
-
From: 
To: 
Subject: Email quarantined
Date: Wed, 15 Jan 2020 00:51:57 + (UTC)

An email sent to you has been placed in quarantine by Hosted Email Security 
(HES).
-

Yes, this is all, not Link no hint what email we possibly could have
sent which could have caused this message. It's just 'out of the blue'.

Or do they 'backscattter' such a message to every single email them
receive?

Opened a Case with Trendmicro NOC about one week ago when this first
occurred. No reaction yet.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop