Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

2021-12-19 Thread L. Mark Stone via mailop 
Except that, now that they are listed in Spamhaus, those emails won’t be 
delivered to the recipients—unless they are sent from a Princeton.Edu domain. 

___
L. Mark Stone
Sent from my iPhone

> On Dec 19, 2021, at 3:02 PM, yuv via mailop  wrote:
> 
> On Sun, 2021-12-19 at 09:51 -0600, Larry M. Smith via mailop wrote:
> > There has been another update, and appears to be well worth a read.
> 
> Indeed it is. I have complimented Jonathan for his leadership. His
> note is what counts.
> 
> I had used some of my snowy/rainy/slushy weekend to research US law. 
> Obligatory disclaimer: I am not licensed to practise US law, this is
> unfamiliar territory, the following is for information purpose only, is
> possibly wrong, I am not the lawyer of any reader of this information,
> do not rely on this information.
> 
> With the disclaimer out of the way, I have found out the legal ground
> on which the IRBs make the determination if the research is human-
> subject research or not. The rest (thinking of the consequences on the
> humans or not) follows from that determination. 
> 
> Subpart A of 45 CFR Part 46. To my horror I found §46.102 (e)(1)
> extends protections to humans only when the information extracted is
> about them. The moment researchers are not extracting data about the
> human itself, the IRB does not even have to consider the effect that
> the research will have on any human. My understanding of the law as
> written is that it white-washes a researcher who coerce information
> about a third party from a human!
> 
> The flow chart is at [1].
> 
> No-one considered that the mechanisms of the law exercised an abnormal,
> in my view intolerable amount of pressure on the human recipients of
> the emails, in addition to their scammy/spammy character. Even if
> unintentional, the end-effect was morally wrong, a lack of respect for
> persons as envisioned by the Belmont Report [2].
> 
> 
> To me, this was a dead-end. The research was in my view morally wrong,
> but legally right and I had no leverage other than appealing to the
> researchers' morality because the law is flawed. And the IRB has
> simply done its job as expected by the law, so again, no leverage
> whatsoever. Leveraging the spam issue and putting the kids in the same
> class as the phishers and other scammers that infest the internet would
> have been heavy-handed and probably also inconclusive, putting them on
> the defensive and achiving nothing more than the shields of the anti-
> abuse tools were not already achieving.
> 
> Dilemma: how to advance on the issue? Sure, there is that ethical
> middle ground, the Belmont Report [3], but it required goodwill on the
> other side. Jonathan has shown goodwill.
> 
> This is no longer on-topic for nitty gritty email system operators, so
> I will stop annoying mailop with this.
> 
> I want to thank everyone who has contributed little bits of evidence to
> the case, whether it is point out to anti-spam resources clearly
> showing that the emails were spam; or describing their experience. You
> have all helped the researchers understand that what they did was
> morally wrong.
> 
> [1] <
> https://www.hhs.gov/ohrp/regulations-and-policy/decision-charts-2018/index.html#c1
> >
> 
> [2] <
> https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html#xrespect
> >
> 
> [3] <
> https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html
> >
> 
> -- 
> Yuval Levy, JD, MBA, CFA
> Ontario-licensed lawyer
> 
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is outlook.com blocking all Linode IPv4 space?

2021-12-19 Thread John Levine via mailop 
It appears that Daniele Nicolodi via mailop  said:
>I already asked on this list, and I'll ask again: what is a reputable 
>hot where to park a server these days?

I've been happy with tektonic.net who have the usual range of linux,
BSD, and Windows VPS. Their prices and tech support are pretty good.

They do "transparent" filtering of outbound mail, but if you've been a customer
for a while, and ask politely with a plausible reason, they will turn it off.
I have a server that remails lots of spam to people who want it for analysis,
which they thought was reason enough.

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is outlook.com blocking all Linode IPv4 space?

2021-12-19 Thread Daniele Nicolodi via mailop 

On 19/12/2021 21:05, John Levine via mailop wrote:

It appears that Jay Hennigan via mailop  said:

Our investigation has determined that the above IP(s) do not qualify for
mitigation.

Which roughly translates to "we don't care about receiving email from
independent senders".


You misspelled "We deliberately decided not to receive email from
independent senders".


I think it's "If you want to send mail, find a host that does a better
job of managing the mail its customers send."  I'm not thrilled about
accepting the mail from Linode's network, either.

As a simple rule of thumb, the larger and cheaper a hoster is. the
cruddier its mail.


I already asked on this list, and I'll ask again: what is a reputable 
hot where to park a server these days?


Thank you.

Cheers,
Dan
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

2021-12-19 Thread yuv via mailop 
On Sun, 2021-12-19 at 11:53 -0800, Jay Hennigan via mailop wrote:
> The most obvious and frequently asked question isn't answered or
> even acknowledged in their FAQ.

When lawyers or snake-oil sellers are involved, FAQ stands for
fictionally asked question.  And when lawyers of snake-oil sellers are
writing it, it is a lose phonetic contraction of a popular English
language four-letters world that too frequently draw censure and that
the reader of the text is probably going to utter as many times as
there are questions and answers in the text.

--
Yuval Levy, JD, MBA, CFA
Ontario-licensed lawyer


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is outlook.com blocking all Linode IPv4 space?

2021-12-19 Thread John Levine via mailop 
It appears that Jay Hennigan via mailop  said:
>> Our investigation has determined that the above IP(s) do not qualify for 
>> mitigation.
>> 
>> Which roughly translates to "we don't care about receiving email from 
>> independent senders".
>
>You misspelled "We deliberately decided not to receive email from 
>independent senders".

I think it's "If you want to send mail, find a host that does a better
job of managing the mail its customers send."  I'm not thrilled about
accepting the mail from Linode's network, either.

As a simple rule of thumb, the larger and cheaper a hoster is. the
cruddier its mail. 

R's,
John
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

2021-12-19 Thread Jaroslaw Rafa via mailop 
Dnia 19.12.2021 o godz. 14:52:58 yuv via mailop pisze:
> 
> To me, this was a dead-end.  The research was in my view morally wrong,
> but legally right and I had no leverage other than appealing to the
> researchers' morality because the law is flawed.

Again: this may be the right moment to get media involved. Pressure from the
media can often help where law can't.
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

2021-12-19 Thread yuv via mailop 
On Sun, 2021-12-19 at 09:51 -0600, Larry M. Smith via mailop wrote:
> There has been another update, and appears to be well worth a read.

Indeed it is.  I have complimented Jonathan for his leadership.  His
note is what counts.

I had used some of my snowy/rainy/slushy weekend to research US law. 
Obligatory disclaimer:  I am not licensed to practise US law, this is
unfamiliar territory, the following is for information purpose only, is
possibly wrong, I am not the lawyer of any reader of this information,
do not rely on this information.

With the disclaimer out of the way, I have found out the legal ground
on which the IRBs make the determination if the research is human-
subject research or not.  The rest (thinking of the consequences on the
humans or not) follows from that determination.  

Subpart A of 45 CFR Part 46.  To my horror I found §46.102 (e)(1)
extends protections to humans only when the information extracted is
about them.  The moment researchers are not extracting data about the
human itself, the IRB does not even have to consider the effect that
the research will have on any human.  My understanding of the law as
written is that it white-washes a researcher who coerce information
about a third party from a human!

The flow chart is at [1].

No-one considered that the mechanisms of the law exercised an abnormal,
in my view intolerable amount of pressure on the human recipients of
the emails, in addition to their scammy/spammy character.  Even if
unintentional, the end-effect was morally wrong, a lack of respect for
persons as envisioned by the Belmont Report [2].


To me, this was a dead-end.  The research was in my view morally wrong,
but legally right and I had no leverage other than appealing to the
researchers' morality because the law is flawed.  And the IRB has
simply done its job as expected by the law, so again, no leverage
whatsoever.  Leveraging the spam issue and putting the kids in the same
class as the phishers and other scammers that infest the internet would
have been heavy-handed and probably also inconclusive, putting them on
the defensive and achiving nothing more than the shields of the anti-
abuse tools were not already achieving.

Dilemma: how to advance on the issue?  Sure, there is that ethical
middle ground, the Belmont Report [3], but it required goodwill on the
other side.  Jonathan has shown goodwill.

This is no longer on-topic for nitty gritty email system operators, so
I will stop annoying mailop with this.

I want to thank everyone who has contributed little bits of evidence to
the case, whether it is point out to anti-spam resources clearly
showing that the emails were spam; or describing their experience.  You
have all helped the researchers understand that what they did was
morally wrong.

[1] <
https://www.hhs.gov/ohrp/regulations-and-policy/decision-charts-2018/index.html#c1
>

[2] <
https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/read-the-belmont-report/index.html#xrespect
>

[3] <
https://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/index.html
>

-- 
Yuval Levy, JD, MBA, CFA
Ontario-licensed lawyer


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is outlook.com blocking all Linode IPv4 space?

2021-12-19 Thread Jay Hennigan via mailop 

On 12/19/21 06:23, Daniele Nicolodi via mailop wrote:


Not qualified for mitigation
109.74.203.128
Our investigation has determined that the above IP(s) do not qualify for 
mitigation.


Which roughly translates to "we don't care about receiving email from 
independent senders".


You misspelled "We deliberately decided not to receive email from 
independent senders".


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

2021-12-19 Thread Larry M. Smith via mailop 

On 12/18/2021, yuv via mailop wrote:
(snip)

Their FAQ is up at  and it all
looks like a lawyers-approved shield to try to justify what they have
done.  They know they have pushed too far.  The question is whether
they will learn from this and whether the learning will flow into a
fairer IRB.  I will follow up with Jonathan.


There has been another update, and appears to be well worth a read.  The 
part that is of interest to me is;



Second, our team is prioritizing a possible one-time follow-up email to 
recipients, identifying the academic study and recommending that they 
disregard the prior email. If that is feasible, and if experts in the 
email operator community agree with the proposal, we will send the 
follow-up emails as expeditiously as possible.



While I'm not really a fan of more spam; I do not have the experience to 
comment on what damage may have been done, nor what their best path 
forward should be -- as such this plan seems acceptable to me.


--
SgtChains

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Experience with SMTP2GO?

2021-12-19 Thread Daniele Nicolodi via mailop 

Hello,

does anyone have experience in using SMTP2GO Free tier service for 
sending tiny volume of emails from personal domains?


Being grumpy about the failure of SMTP as a federated protocol does not 
help have email delivered, thus I am looking for options that do not 
entail going around begging every free email provider to pretty please 
accept email from my little server.


Thank you.

Cheers,
Dan
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is outlook.com blocking all Linode IPv4 space?

2021-12-19 Thread Christof Meerwald via mailop 
On Sun, Dec 19, 2021 at 03:23:03PM +0100, Daniele Nicolodi via mailop wrote:
> The Linode support team contacted the Microsoft but their intervention did
> not have any effect. I contacted them myself through
> 
> https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75
> 
> and this is the response I received:
> 
> Not qualified for mitigation
> 109.74.203.128
> Our investigation has determined that the above IP(s) do not qualify for
> mitigation.
> 
> Which roughly translates to "we don't care about receiving email from
> independent senders".
> 
> This sucks, but I don't think there is anything to do about it.

Just don't take this as their final answer - explain that you have
only just recently been allocated this IP address (with evidence that
the IP address is now assigned to your server - they might ask for a
copy of an invoice showing that IP address) and they will likely
remove you from the block list. Also see
https://docs.hetzner.com/robot/dedicated-server/troubleshooting/microsoft-blacklist/


Christof

-- 

https://cmeerw.org sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org   xmpp:cmeerw at cmeerw.org
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Comcast contact - IPv6 routing issue?

2021-12-19 Thread Brotman, Alex via mailop 
I'll reply off-list as well, see if we can get some additional information.


From: mailop  on behalf of Jay Hennigan via mailop 

Sent: Friday, December 17, 2021 7:18 PM
To: mailop
Subject: [EXTERNAL] [mailop] Comcast contact - IPv6 routing issue?

Very small discussion list seeing bounces from Comcast. We are sending
with IPv4 but bounce looks like an IPv6 network problem. Error message
is as follows: (recipient usernames redacted). Can someone look into
this or contact me offlist? Thanks!


Final-Recipient: rfc822; x...@comcast.net
Original-Recipient: rfc822;x...@comcast.net
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; delivery temporarily suspended: connect to
 mx2h1.comcast.net[2001:558:fd02:243f::3]:25: Network is unreachable

Final-Recipient: rfc822; xxx...@comcast.net
Original-Recipient: rfc822;xxx...@comcast.net
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; delivery temporarily suspended: connect to
 mx2h1.comcast.net[2001:558:fd02:243f::3]:25: Network is unreachable

Final-Recipient: rfc822; ...@comcast.net
Original-Recipient: rfc822;...@comcast.net
Action: failed
Status: 4.4.1
Diagnostic-Code: X-Postfix; delivery temporarily suspended: connect to
 mx2h1.comcast.net[2001:558:fd02:243f::3]:25: Network is unreachable


--
Jay Hennigan - j...@west.net
Network Engineering - CCIE #7880
503 897-8550 - WB6RDV
___
mailop mailing list
mailop@mailop.org
https://urldefense.com/v3/__https://list.mailop.org/listinfo/mailop__;!!CQl3mcHX2A!TdYbjnwT169NFpvzA1sqagWhmgm5ZcF_mX9NfpJGS4IiYmwxJVo0wjR8KBxup1Ze6_-I$
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Is outlook.com blocking all Linode IPv4 space?

2021-12-19 Thread Daniele Nicolodi via mailop 

On 06/12/2021 22:13, Daniele Nicolodi via mailop wrote:

On 06/12/2021 21:09, Mary via mailop wrote:


I had the same experience with outlook.com and servers hosted by
many  cloud providers, including Linode.

The solution with Linode is very simple, just open a ticket and
they'll get in touch with M$ and you'll be added into their
whitelist. It usually takes 2 business days.

>

Thank you Mary. I was just opening a ticket with Linode, but I was not
very optimistic about it having any affect.


The Linode support team contacted the Microsoft but their intervention 
did not have any effect. I contacted them myself through


https://support.microsoft.com/en-us/supportrequestform/8ad563e3-288e-2a61-8122-3ba03d6b8d75

and this is the response I received:

Not qualified for mitigation
109.74.203.128
Our investigation has determined that the above IP(s) do not qualify for 
mitigation.


Which roughly translates to "we don't care about receiving email from 
independent senders".


This sucks, but I don't think there is anything to do about it.

Cheers,
Dan
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop