[mailop] Does anyone have a real human contact at unifiedlayer/hostgator/bluehost?

[Anne P. Mitchell, Esq. via mailop]

Does anyone have a real human contact at unifiedlayer/hostgator/bluehost? Or 
should we just blackhole them? Massive ongoing spam, we've given them the 
(constant!) IP address, they just do the shell game of which subsidiary is 
responsible.

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability'; Co-Founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Akamai / Akamai Edge contact?

[Anne P. Mitchell, Esq. via mailop]

Is there anyone from Akamai here, or does anyone have an Akamai contact?

Thank you in advance!

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Amusing and Convoluted Request

[Anne P. Mitchell, Esq. via mailop]

> I check the logs to find the user it was sent to based on the message ID 
> since the ISP helpfully removes it, and forward that to the bulk team so they 
> can remove the user from the database. 

Surely, instead of "so they can remove the user from the database" you meant to 
say "so we can challenge our sending customer to explain how the email address 
ended up on their bulk list", right?

(One of the reasons that the ISP removes that address is precisely so you don't 
just rely on listwashing and shutting up the squeaky wheel, and so you instead 
hold your sending customer to account.)

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] How should we respond in this situation

[Anne P. Mitchell, Esq. via mailop]

> On Aug 22, 2024, at 2:12 PM, horizon--- via mailop  wrote:
> 
> As a postmaster, I often receive assistance investigation emails from 
> official organizations in certain countries (which I have not confirmed) such 
> as intelligence agencies and counter-terrorism organizations, requesting 
> personal information of a certain user. How should we respond in this 
> situation?

You need to speak with your organization's legal counsel, but *generally* 
speaking the requestor must present you with an official order-type of document 
(the equivalent of a court order or subpoena here in the U.S.) or if, for 
example, it is a request under the Cloud act, then there are very specific 
steps that need to be taken for the request to be such that *you* won't be 
legally liable, because otherwise if you disclose anything that is protected by 
privacy law you will be in a world of hurt.  Most orgs won't produce without an 
official request from a LE agency or LEO, or a court order or subpoena.  In 
some cases you must also then notify the subject of the request that the 
request has been received and that you have produced the documents that satisfy 
the request.

Definitely talk with legal counsel.

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: AT&T Block

[Anne P. Mitchell, Esq. via mailop]

> On Jul 9, 2024, at 2:11 PM, Bill Cole via mailop  wrote:
> 
> On 2024-07-09 at 13:53:47 UTC-0400 (Tue, 9 Jul 2024 11:53:47 -0600) 
> Anne P. Mitchell, Esq. via mailop  
> is rumored to have said:
> 
>> Receivers don't block email from new IPs by default; they block them when 
>> they notice something amiss with the email (be it improper authentication, 
>> spam complaints, or something else).
> 
> That's not 100% true. Most receivers don't, some clearly do.

Yes, I should have said "Generally receivers don't block email from new IPs by 
default" and for sake of clarity should have also added "for the sole reason 
that they are new IPs".  

Mea culpa.

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: AT&T Block

[Anne P. Mitchell, Esq. via mailop]

> blocking our IP address for no reason

In my 20+ years experience, there is never "no reason".  The reason may not be 
clearly revealed, the rejection message may be lacking in useful information, 
and the reason may be wrong, but blocks are there for a reason, even if not 
discernible by the sender.

> it should be more commonly understood that it's impossible to work with said 
> too-big-to-fail mail service provider, they just simply don't care.

I think that Hanlon's razor can be applied here.  Never ascribe to malice (or 
in this case, perhaps, apathy) that which can be explained by stupidity (or, in 
this case, ignorance or unawareness).

I've never, again, in my years of experience, run into a receiver who simply 
didn't care that their users were not receiving email that their users wanted.

> I do suspect that John Von Essen's opinion has some merit.  I wish this 
> information was posted on a trusted third party website.  Something to point 
> customers to when they complain about being unable to send mail to @att.net 
> email addresses.  There's no telling what email those same @att.net users are 
> not getting.

People who are trusted do have that information.  It's never going to be posted 
publicly on a website because a) spammers, b) malicious actors, c) people who 
just want to harass the people working for such entities, and d) people who are 
disgruntled or generally have a bone to pick, an ax to grind, or whom otherwise 
want to rant at them.

Is it a perfect system?  No, not by any means.

But it's not quite as broken as you think (and trust me I feel your pain).

You mentioned in your initial email that the issue is with these IP addresses:

23.239.97.150
5.101.141.35

AND that you "suspect that this is being blocked because these are new IPs that 
AT&T has never received mail from, so they block them by default."

Receivers don't block email from new IPs by default; they block them when they 
notice something amiss with the email (be it improper authentication, spam 
complaints, or something else).

What is the nature of the email which was being sent through those IP addresses?

Instead of grumbling, if you can give us information, perhaps someone here can 
help you.

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)





___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: AT&T Block

[Anne P. Mitchell, Esq. via mailop]

> On Jul 8, 2024, at 11:46 AM, Michael Rathbun via mailop  
> wrote:
> 
> (One of life's lovely moments came when I discovered that one of my
> deliverability support clients at my new employer was Nielsen, who had
> acquired Harris Polls a while back (the spammers who sued MAPS).

A thing to remember is that after Harris filed the lawsuit they had a change of 
management, and Harris approached us and actually asked for help in reforming 
their mailing practices (and then did so), and so they dropped the lawsuit.  
For a while they were the poster child for doing it right as a result of that.  
So, in fact, they were the only lawsuit that didn't go to trial. 

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: AT&T Block

[Anne P. Mitchell, Esq. via mailop]

Just a point of order (that's not quite the right term but you get the gist):

> As you say there is nothing to stop a large operator from blocking a small 
> operator simply because they can. 

I'm not sure where the OP is from, but this has actually been litigated and is 
settled law in the U.S. and has been for more than 20 years. In fact "my 
server, my rules" is enshrined in our Federal law (of course not so succinctly 
or in nearly as straightforward a manner).

Anne

--
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
Legislative Advisor
CEO Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] salesforce phishing emails

[Anne P. Mitchell, Esq. via mailop]

> On Jun 12, 2024, at 11:40 PM, Hans-Martin Mosner via mailop 
>  wrote:
> 
> Am 12.06.24 um 18:04 schrieb Anne P. Mitchell, Esq. via mailop:
>> 
>>  
>> I've also always found abuse@ to be responsive there, and it's peopled by a 
>> real person, who gives real responses (at least that was the case as 
>> recently as 12/21/23.
>> 
> That's interesting, I've been sending lots of abuse reports to that address 
> before and never received a response (or noticed a change in the pattern). 
> But then I'm not a lawyer ;-þ

That's interesting - it _could_ be in part that I'm a lawyer (and perhaps more 
relevantly a known anti-spam lawyer), however I also wonder if it has to do 
with volume - I report to SF quite sparingly (simply because the amount of spam 
we get here, while copious, is rarely from SF).  If you are sending a lot of 
complaints, I wonder if that's a factor (granted it *shouldn't* be a factor, 
but I wonder if...).

Anne

--- 
Anne P. Mitchell, Esq.
Internet Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and co-founder of the deliverability 
industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] salesforce phishing emails

[Anne P. Mitchell, Esq. via mailop]

> On Jun 12, 2024, at 9:27 AM, Hans-Martin Mosner via mailop 
>  wrote:
> 
> Am 28.11.23 um 11:54 schrieb Mary via mailop:
>> Dear salesforce,
>> 
>> Please stop your clients from sending Facebook phishing emails.
>> 
> Sorry for digging up this old thread... I seem to have found a contact at 
> salesforce which reads, responds and apparently reacts to reports: security 
> -at- salesforce.com.
> 
> Whether this will lead to improved customer vetting is not yet clear, but at 
> least they state that they shut down the customers involved, which I'm 
> inclined to believe.

I've also always found abuse@ to be responsive there, and it's peopled by a 
real person, who gives real responses (at least that was the case as recently 
as 12/21/23.

Anne

--- 
Anne P. Mitchell, Esq.
Internet Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Information About the Issue with Delivering to Gmail from Microsoft

[Anne P. Mitchell, Esq. via mailop]

I have been waiting to post this until I could get permission, which I just 
have.  We have been working with a sender having the issue of Google (Gmail) 
rejecting all email coming from their Microsoft account, giving a "domain 
reputation issue" response.   We knew it was an issue specific to Microsoft 
sending to Gmail, as in fact the same domain had no issue at all delivering to 
Gmail from other platforms, we had gone over their authentication with a 
fine-toothed comb, etc., and posited that the "domain" referenced in the 
rejection notice was actually the *Microsoft* domain, and not this sender's.

A few days ago we received confirmation of that from the Google side:  "I can 
see that you are sending the emails from the Outlook server. Previously Outlook 
was using IPV6 to send the emails then all of the emails were marked as spam 
just because of the reputation. And due to that past interaction, whatever 
emails coming from Outlook IPV6, Gmail has detected them as spam and just to 
protect our end user, they are rejecting the emails."

And now, just a few minutes ago, from Microsoft:

"Our teams have been in contact with the Google team over these issues, 
apparently it was affecting some other users as well."

This of course doesn't mean that the issue is resolved, but it does mean that 
both sides are acknowledging the issue, and we have noted that the sender with 
whom we were working (which is what led to these dialogues with Google and 
Microsoft) is now able to deliver to Gmail.

Simon Branch, you posted about having this issue, has it resolved for you?

Anne

__
Get the Good Sender Seal of Approval!  Our Good Senders List™ email 
certification and deliverability assistance is respected around the world so 
that the email you send goes to the inbox, not the junk folder.  Learn more at 
gettotheinbox.com

Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Get to the Inbox by ISIPP SuretyMail
Creator of the term 'deliverability' and co-founder of the deliverability 
industry
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Board of Directors, Denver Internet Exchange

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ongoing issue with sending emails to Gmail / Google hosted domains from our MS 365 Tenant

[Anne P. Mitchell, Esq. via mailop]

Just to validate Simon's issue, we are working with a sender having the exact 
same issue.  What's more, the domain clearly is *not*  "likely suspicious due 
to the very low reputation of the sending domain", as the exact same sending 
domain has zero issue sending to Gmail from Mailchimp and Netsuite.  It is 
*only* an issue when sending from Microsoft to Gmail.  This sender is doing 
everything right, and their PMT generally looks great, but the outright 
rejection of email from Microsoft persists.

Our theory is that as they are being delivered from Mailchimp and Netsuite, 
which are bulk sends, the sender has been classified as "bulk sender" somewhere 
in the Gmail system, and so they are looking for unsub headers in the 
Microsoft-sent email (all of which are transactional, such as receipts, 
correspondence, etc.).  It's the only thing that makes sense (for some value of 
'sense'); either that or Gmail is complaining about the *Microsoft* domain from 
which these are being sent.  (Again, all authentication is correct.)

There is no dedicated IP address here because these are transactional emails, 
and Microsoft requires sending volumes of above 1million at least 3x a week.  
(So yeah, it could be the Microsoft domain about which Gmail is complaining but 
that somehow seems even less likely than the other theory.)

Anne

--- 
Anne P. Mitchell, Esq.
Internet Law & Policy Attorney
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and co-founder of the deliverability 
industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)



> On May 20, 2024, at 8:55 AM, Michael Irvine via mailop  
> wrote:
> 
> Hi, 
>  
> Please share the Domain name and IP address that is having the issues so that 
> we can better assist. If possible, can you also share the email header of an 
> email that is failing.
>  
> As for the error,  Gmail is clearly seeing an issue with the domain in the 
> SPF and DKIM records. It is very possible that the SPF while correct, has too 
> much calls and does not complete the check.
>  
> They have posted in their guide that in April 2024, they will start to BLOCK 
> emails that do not have the following 
> (https://support.google.com/a/answer/14229414?hl=en#bulk-sender-def&expiration&bulk-sender-comply&email-to-ws&ws-senders&timeline&timeline-new&from-header&reqs-not-met&alerts&error-codes&spam-rate&spam-exceeds&one-click-all-msgs&unsub-noshow&promotional&why-one-click&one-click-rfc8058&no-one-click&unsub-msg-body&no-unsub-spam&more-unsubscribe-links&howlong-unsubscribe&prevent-unsubscribe-all&unsub-unavailable&mailto&landing-page&dmarc-align&dmarc-fail&mitigation&mitigation-eligible&:~:text=Sender%20guidelines%20enforcement):
>  
> The table below describes the enforcement timeline and will be updated as 
> needed:
> Sender requirement
> Enforcement
> SPF and DKIM authentication
> Gmail From: header impersonation
> From: header alignment
> Valid forward and reverse DNS records
> Messages formatted according RFC 5322
> Messages sent using TLS
> Temporary failures with error codes
>  
>  
> Starting in April 2024, we’ll begin rejecting non-compliant traffic. 
> Rejection will be gradual and will impact non-compliant traffic only. We 
> strongly recommend senders use the temporary failure enforcement period to 
> make any changes required to become compliant.
> Enforcement for these requirements will begin no earlier than June 2024:
>   • DMARC record with a minimum policy of none (p=none). Learn more about 
> DMARC record values.
>   • One-click unsubscribe in marketing messages
>   • Mitigations unavailable when user-reported spam rates exceed 0.3% or 
> if the sender has not met the authentication or one-click unsubscribe 
> requirements.
>  
> Gmail is blocking you based on the information above and your error.
>  
>  
> Michael Irvine
>  
> From: mailop  On Behalf Of Simon Branch via mailop
> Sent: Monday, May 20, 2024 01:26
> To: mailop@mailop.org
> Subject: [mailop] Ongoing issue with sending emails to Gmail / Google hosted 
> domains from our MS 365 Tenant
>  
> CAUTION: This email originated from outside of the organization. Do not click 
> any links or open attachments unless you recognize the sender and know the 
> content is safe.
>  
> 
> Hello,
>  
> This is my second time of posting about this issue, which involves messages 
> sent from our MS 365 Tenant being rejected by Google’s mail servers.
>  
> Around the beginning of April, several of our users started to get messages 
> bouncing back, when sending messages to Google-hosted domains.
>  
> The error received each time was as follows:
>  
> Error:
> 550 5.7.350 Remote server retur

Re: [mailop] Anyone from Microsoft?

[Anne P. Mitchell, Esq. via mailop]

> On Mar 5, 2024, at 11:36 PM, Michael Rathbun via mailop  
> wrote:
> 
> You might wish to consider omphaloskepsis.  The chances of a useful outcome
> will be closely similar.

I think that's a bit unfair.  Omphaloskepsis can lead to, lint detection, which 
can be quite useful.

Anne

--- 
Anne P. Mitchell, Esq.
Internet Law & Policy Attorney
CEO ISIPP SuretyMail Sender Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Anne P. Mitchell, Esq. via mailop]

> On Feb 24, 2024, at 12:41 PM, Andrew C Aitchison  
> wrote:
> 
> Do you read "visiting a single Internet Web page"
> as excluding interaction with that page ?
> 
> If so, how do I provide my opt-out preferences by ...
> "visiting a single Internet Web page" ?

A strict construction of that language would suggest to me that yes, that's 
what it says - *however*, I also don't think that's what was intended, and it 
is on these ambiguous (regardless of how slightly) turns of phrase that entire 
cases are decided.  

If I were brought in on a case that turned on deciding what this language 
meant, I could argue either side, and convincingly so, I believe.

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Anne P. Mitchell, Esq. via mailop]

> 
> You're confusing unrelated things. The one-click unsubscribe is
> literally one click, no intermediate web page or anything returned to
> the user. It's intended for mail systems that do the unsub on the
> user's behalf. The most familiar is Gmail, where you can click the
> junk button, and it sometimes gives you the option to unsubscribe
> instead.

No I'm not, I'm simply adding to the general conversation, as somewhere in the 
thread there was talk about removing the link altogether, and I'm pointing out 
that Federal law mandates a one-step method; completely removing an unsub link 
(and, for example, relying on the one-step in the header) could open one up to 
risk.

> I'd be interested to see case law saying that the usual
> two-click unsub is illegal. I'm pretty sure there isn't any.

I would too, but of course that part of the law has never been litigated, and I 
think it's unlikely to. When we are asked whether it's ok to have a two-step 
method, even though a one-step is implicit in the law's "visiting a single 
Internet Web page" (i.e. having to click 'submit' on that page takes you to a 
second page, making it not 'visiting a single Internet Web page") we answer 
based on experience and pragmatism:  no Federal agency is likely to come after 
you for having that second step, so long as you are doing everything else that 
you are supposed to.

Where I think that it's going to get interesting is when senders start removing 
the visible, in the body, unsub link that people are used to looking for, and 
relying _only_ on the header-embedded unsub.  And that is more likely from 
where the litigation will come.

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] One click unsubscribe in mailing list messages

[Anne P. Mitchell, Esq. via mailop]

> On Feb 23, 2024, at 4:59 PM, John Levine via mailop  wrote:
> 
> 'd leave the links in the bodies for now. A lot of mail programs give
> you a way to use the ones in the header, but some major ones like
> Outlook still don't.

Not to mention that Federal law requires a one-step unsubscribe method.

As I often seem to get challenged on this, here is the text of the law:

"§ 316.5 Prohibition on charging a fee or imposing other requirements on 
recipients who wish to opt out.
Neither a sender nor any person acting on behalf of a sender may require that 
any recipient pay any fee, provide any information other than the recipient’s 
electronic mail address and opt-out preferences, or take any other steps except 
sending a reply electronic mail message or visiting a single Internet Web page, 
in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, 
required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future 
commercial electronic mail messages from a sender; or

(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and 
(a)(4)."

You can read more about it, in plain English, here:

https://www.isipp.com/a-one-step-unsubscribe-is-required-by-federal-law/

Anne

--- 
Anne P. Mitchell, Esq.
Email Law & Policy Attorney
CEO Institute for Social Internet Public Policy (ISIPP)
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal email marketing law)
Creator of the term 'deliverability' and founder of the deliverability industry
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Counsel Emeritus, eMail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] What am I supposed to do with abuse complaints on legit mail?

[Anne P. Mitchell, Esq. via mailop]

> On Jan 12, 2022, at 11:30 PM, Jay Hennigan via mailop  
> wrote:
> 
> A single acknowledgement of a successful unsubscribe is fine, but don't make 
> them jump through another flaming hoop. 

It's also a violation of Federal law, which requires a "one-step unsubscribe 
method".

Anne

--
Anne P. Mitchell, Attorney at Law
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cybersecurity, Lincoln Law School
Prof. Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
In-house Counsel: Mail Abuse Prevention System (MAPS) (Closed in 2004)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Bizarre GDPR/CCPA scam spam from Princeton researchers)

[Anne P. Mitchell, Esq. via mailop]

P.S.  These two notes from Jonathan Mayer are appended to the 
https://privacystudy.cs.princeton.edu/ site;  the newest is from yesterday.

Note from Jonathan Mayer, the Principal Investigator (Saturday, December 18 @ 
11:30pm)

Hi, my name is Jonathan Mayer. I’m the Principal Investigator for this academic 
research study. I have carefully read every single message sent to our research 
team, and I am dismayed that the emails in our study came across as security 
risks or legal threats. The intent of our study was to understand privacy 
practices, not to create a burden on website operators, email system operators, 
or privacy professionals. I sincerely apologize. I am the senior researcher, 
and the responsibility is mine.

The touchstone of my academic and government career, for over a decade, has 
been respecting and empowering users. That’s why I study topics like web 
tracking, dark patterns, and broadband availability, and that’s why I launched 
this study on privacy rights. I aim to be beyond reproach in my research 
methods, both out of principle and because my work often involves critiquing 
powerful companies and government agencies. In this instance, I fell short of 
that standard. I take your feedback to heart, and here is what I am doing about 
it.

First, our team will not send any new automated inquiries for this study. We 
suspended sending on December 15, and that is permanent.

Second, our team is prioritizing a possible one-time follow-up email to 
recipients, identifying the academic study and recommending that they disregard 
the prior email. If that is feasible, and if experts in the email operator 
community agree with the proposal, we will send the follow-up emails as 
expeditiously as possible.

Third, I will use the lessons learned from this experience to write and post a 
formal research ethics case study, explaining in detail what we did, why we did 
it, what we learned, and how researchers should approach similar studies in the 
future. I will teach that case study in coursework, and I will encourage 
academic colleagues to do the same. While I cannot turn back the clock on this 
study, I can help ensure that the next generation of technology policy 
researchers learns from it.

Fourth, I will engage with the communities that have contacted me about this 
study, which have already offered valuable suggestions for future directions to 
simplify, standardize, and enhance transparency for GDPR and CCPA data rights 
processes. I very much appreciate the earnest outreach so far, and I will be 
reciprocating.

If you have questions or concerns about the study, please do not hesitate to 
reach out. I gratefully acknowledge the feedback that we have received.

Thank you for reading, and again, my sincere apologies.

Update from Jonathan Mayer, the Principal Investigator (Tuesday, December 21 @ 
7:40pm)

Thank you to the website operators, email system operators, privacy 
professionals, academic colleagues, and all others who have reached out about 
our privacy rights study. I am writing to provide an update about how we are 
acting on the feedback that we have received.

Our top priority has been issuing a one-time follow-up message that identifies 
our study and that recommends disregarding prior email. We are sending those 
messages.

We have also received consistent feedback encouraging us to promptly discard 
responses to study email. We agree, and we will delete all response data on 
December 31, 2021.

Please do not hesitate to reach out with further questions or concerns, and I 
again offer my heartfelt apologies for the burdens caused by this study.
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Bizarre GDPR/CCPA scam spam from Princeton researchers)

[Anne P. Mitchell, Esq. via mailop]

> 
> Yes they do communicate but they are now sugesting to spam everybody once 
> more with some explanation. ...

And here is that follow-up spam (below), note that the novatormail.ru is the 
domain from which our client originally received the email, obviously the 
domain will change depending on from where the first spam originated.  It's 
interesting to note they have started using .ru and such domains, the two that 
I personally received were from yosemitemail.com and potomacmail.com.  When I 
first received those if you went to the sending domain there was almost nothing 
there (it certainly didn't point to any useful information about the sender). 
*Now* these domains, including novatormail.ru, point to 
https://privacystudy.cs.princeton.edu/, which has been substantially updated.

Here's the follow-up spam:

Hello,

You may have recently received an email from novatormail.ru regarding your 
process for responding to General Data Protection Regulation (GDPR) or 
California Consumer Privacy Act (CCPA) data requests for the following 
domain(s): cybergreen.net. Please disregard that email.

The email was sent as part of an academic research study on GDPR and CCPA, 
which we have concluded. We will delete all responses received on December 31, 
2021. We sincerely apologize for any burdens caused by our study.

If you would like more information about the study or to contact our research 
team, please see: https://privacystudy.cs.princeton.edu.

Sincerely,

Princeton-Radboud Study on Privacy Law Implementation

---

Anne

---
Anne P. Mitchell,  
Attorney at Law
CEO Get to the Inbox by SuretyMail,
Your outsourced email deliverability team

Author: Section 6 of the Federal Email Marketing Anti-Spam Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Dean Emeritus, Cyberlaw & Cyber Security, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

[Anne P. Mitchell, Esq. via mailop]

Yuval this is awesome, and an awesome result!

FWIW, this is what I told Jonathan (after two previous replies/re-replies), 
yesterday morning, in part - cc:ed to the chair of the compsci department, and 
the Princeton legal department:

He wrote:

> Thank you for reaching out about our research on the European Union General 
> Data Protection Regulation (GDPR) and the California Consumer Privacy Act 
> (CCPA). A component of the study involves requesting information from 
> websites about how they have implemented the consumer data access provisions 
> of the GDPR and the CCPA. Both the GDPR and CCPA provide for these types of 
> information requests. We would be glad to answer any questions you have about 
> the study goals, methods, and safeguards, and we welcome any additional 
> feedback you would like to provide.

I responded:

That GDPR and CCPA provide for such requests is immaterial (not the least of 
which because neither is controlling law here).  You are in violation of U.S. 
Federal law, namely CAN-SPAM, which states, in relevant part:

‘‘§1037. Fraud and related activity in connection with electronic mail

‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, 
knowingly —

‘‘(2) uses a protected computer to relay or retransmit multiple commercial 
electronic mail messages, with the intent to deceive or mislead recipients, or 
any Internet access service, as to the origin of such messages,
‘‘(3) materially falsifies header information in multiple commercial electronic 
mail messages and intentionally initiates the transmission of such messages,
‘‘(4) registers, using information that materially falsifies the identity of 
the actual registrant, for five or more electronic
mail accounts or online user accounts or two or more domain names, and 
intentionally initiates the transmission of multiple commercial electronic mail 
messages from any combination of such accounts or domain names, or

...shall be punished as provided in subsection (b).

‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, 
if—

‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is 
an offense under subsection (a)(4)
and involved 20 or more falsified electronic mail or online user account 
registrations, or 10 or more falsified domain name registrations;
‘‘(C) the volume of electronic mail messages transmitted in furtherance of the 
offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day 
period, or 250,000 during any 1-year period;
‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more 
in value during any 1-year period;
‘‘(E) as a result of the offense any individual committing the offense obtained 
anything of value aggregating $5,000 or more during any 1-year period; or
‘‘(F) the offense was undertaken by the defendant in concert with three or more 
other persons with respect to whom the defendant occupied a position of 
organizer or leader;

As you can see, you and your team, and your actions, fit squarely within 
several of the acts detailed above, having registered domains specifically to 
send out falsified headers and false information, claiming to be individuals 
looking for information, when in fact it is not those individuals but members 
of your team, and in fact you are doing a study, not seeking such information 
as an individual, making the entire email false and misleading.

In addition, each response you have received generated a cost to the responder 
both in terms of time and, in some cases, dollar amounts as they had to pay 
their employees, and sometimes pay legal fees, to determine how to respond.

...

I then reiterated my offer that there were many professionals in the email 
receiving and policy communities who would be happy to assist them in designing 
a method to accomplish their goal in a way that does it right and does not run 
afoul of best practices, abuse polices, and the law.

His response to the above was that CAN-SPAM didn't apply as it was academic and 
not commercial email, at which point I pointed out to him that he and I both 
knew that reasonable minds can differ on what is "commercial", and it would be 
a fun court case, but that at this point I was going to bow out and watch from 
the sidelines.  I figured with my two emails going to the department chair, and 
the legal department, and Yuval's email, someone there would hit 'pause' on it.

So, again, Yuval, well done!  We make a good 'good cop bad cop' team! ;-)

Anne

Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Law
Board of Directors, Denver Internet Exchange
Professor Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist


> On Dec 17, 2021, at 7:40 AM, yuv via mailop  wrote:
> 
> UPDATE:
> 
> * I had waited for the answer to my direct note to Jonathan Mayer and
> fell asleep.  It arrived at 01:44 EST.  This morning I rep

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

[Anne P. Mitchell, Esq. via mailop]

Yuval,

A good letter! That said, I would prefer you keep the link to my post (and 
ideally the mention of me) out of it, otherwise it just seems like you are 
writing it because of me.

Anne

> On Dec 16, 2021, at 8:53 AM, yuv via mailop  wrote:
> 
> Direct note just sent to Jonathan Mayer 
> below.  Letter to the Office of the Dean of the Faculty at Princeton
> University will follow later.
> 
> 
> Dear Jonathan:
> 
> I am a lawyer with an interest in online privacy.  You are named as a
> "team member" on ;.
> 
> While writing a polite note trying to understand how your name can be
> associated with an initiative that seems to be so out of character with
> your impressive and adimrable profile, I received notice of your
> generic response to Anne P. Mitchell on the subject, in which you
> characterize this part of the study as "requesting information from
> websites" and generally state your openness to answer questions. [1]
> 
> With all due respect, your characterization omits the most important of
> the many problematic aspects of the research: the fraudulent and
> possibly illegal (I am not licensed to practice in the US but have been
> told that CAN-SPAM applies) information requests ends up on the desk of
> an individual person and that individual person is thus involuntarily
> enrolled as research subject without meaningful consent.  Can you see
> this point of view?
> 
> A letter to the Office of the Dean of the Faculty at Princeton
> University is in preparation and will be sent out later today. [2]
> 
> At this point, the only question that may influence the content of that
> letter is:  are the researchers responsible for the harvesting of email
> addresses and the sending of fraudulent GPRD/CCPA requests willing to
> suspend immediately all harvesting and emailing activity, pending
> ethical review; and engage with the community on a redesign of their
> harmful data collection practice?
> 
> [1] 
> 
> [2] 
> 
> Sincerely,
> -- 
> Yuval Levy, JD, MBA, CFA
> Ontario-licensed lawyer
> 
> ___
> mailop mailing list
> mailop@mailop.org
> https://list.mailop.org/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

[Anne P. Mitchell, Esq. via mailop]

As a follow up, to my letter, I received the following:

> Thank you for reaching out about our research on the European Union General 
> Data Protection Regulation (GDPR) and the California Consumer Privacy Act 
> (CCPA). A component of the study involves requesting information from 
> websites about how they have implemented the consumer data access provisions 
> of the GDPR and the CCPA. Both the GDPR and CCPA provide for these types of 
> information requests. We would be glad to answer any questions you have about 
> the study goals, methods, and safeguards, and we welcome any additional 
> feedback you would like to provide.
> 
> Sincerely,
> Jonathan

That was really the wrong response.  I responded explaining *exactly* how they 
are in violation of U.S. Federal law (CAN-SPAM), and I cc:ed the chair of the 
compsci department, and Princeton's general legal counsel.  If you are going to 
send something, please let it be soon so as to make clear that I'm not a single 
cartoony voice crying in the wilderness.

FWIW, here is the section of CAN-SPAM of which they are in violation:

‘‘§1037. Fraud and related activity in connection with electronic mail

‘‘(a) IN GENERAL.—Whoever, in or affecting interstate or foreign commerce, 
knowingly —

‘‘(2) uses a protected computer to relay or retransmit multiple commercial 
electronic mail messages, with the intent to deceive or mislead recipients, or 
any Internet access service, as to the origin of such messages,
‘‘(3) materially falsifies header information in multiple commercial electronic 
mail messages and intentionally initiates the transmission of such messages,
‘‘(4) registers, using information that materially falsifies the identity of 
the actual registrant, for five or more electronic
mail accounts or online user accounts or two or more domain names, and 
intentionally initiates the transmission of multiple commercial electronic mail 
messages from any combination of such accounts or domain names, or

...shall be punished as provided in subsection (b).

‘‘(2) a fine under this title, imprisonment for not more than 3 years, or both, 
if—

‘‘(A) the offense is an offense under subsection (a)(1); ‘‘(B) the offense is 
an offense under subsection (a)(4)
and involved 20 or more falsified electronic mail or online user account 
registrations, or 10 or more falsified domain name registrations;
‘‘(C) the volume of electronic mail messages transmitted in furtherance of the 
offense exceeded 2,500 during any 24-hour period, 25,000 during any 30-day 
period, or 250,000 during any 1-year period;
‘‘(D) the offense caused loss to one or more persons aggregating $5,000 or more 
in value during any 1-year period;
‘‘(E) as a result of the offense any individual committing the offense obtained 
anything of value aggregating $5,000 or more during any 1-year period; or
‘‘(F) the offense was undertaken by the defendant in concert with three or more 
other persons with respect to whom the defendant occupied a position of 
organizer or leader;

---

Anne

Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal CAN-SPAM Law
Board of Directors, Denver Internet Exchange
Professor Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Ethics Complaint to Princeton (was: Privacy research spam apparently from a grad student at Princeton)

[Anne P. Mitchell, Esq. via mailop]

FYI, I have sent my own letter, with my full signature (same one as below), to 
Princeton, including cc:ing the dept. chair, the abuse department, and the 
legal department.  I do hope you send yours, and soon, as it would be a good 
1-2 punch.

Anne

Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cyber Security, Lincoln Law School
Author: Section 6 of the Federal CAN-SPAM Law
Board of Directors, Denver Internet Exchange
Professor Emeritus, Lincoln Law School
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist



> On Dec 15, 2021, at 5:07 PM, yuv via mailop  wrote:
> 
> On Wed, 2021-12-15 at 08:53 -0700, Grant Taylor via mailop wrote:
>> I feel like the student and the 
>> professor / powers that be which approved this study should be clued 
>> into the costs of the research on the rest of the world.
> 
> +1
> 
> https://dof.princeton.edu/policies-procedure/policies/research-misconduct
> 
> If enough mailops, preferably representing large corporate names that
> donate money to Princeton (hint), are interested to co-operate and
> ultimately co-sign a letter to Princeton's along the following lines, I
> volunteer to circulate and update a draft until there is a reasonable
> mass of signatories / consensus; and to send it on law office
> letterhead to the responsible dean at:
> 
> Office of the Dean of the Faculty
> Princeton University
> 9 Nassau Hall, Princeton, NJ 08544-5264
> Phone: 609-258-3020
> Fax: 609-258-2168
> Email: d...@princeton.edu
> 
> IMHO this is an important issue that transcends this individual
> spamming instance.  The student's dandy attitude did not originate in a
> vacuum and while some universities such as Harvard and Stanford are at
> the forefront of addressing the (lack of) ethics in IT [1], it is
> obvious that others still need some prodding.  The design does not come
> near to the complexity of real IT ethics questions such as who should a
> self driving car sacrifice in case of an inevitable collision with
> predictable casualties.  The ethical questions raised are of the
> traditional kind: how does the researcher interact with the subject of
> their research.  This researcher and his supervisors have failed
> completely, in a way that shines a negative light on Princeton and
> should not go unpunished.
> 
> It is generally uncontroversial that co-opting subjects into academic
> research is unethical.  Where persons capable of consent are the
> intended subject of academic research, it is accepted practice to
> obtain informed consent before enrolling them into the research.  In
> this case, consent was not obtained at all and information was
> intentionally falsified, obfuscated, and withheld.
> * The opt-out is only offered after the involuntary enrollment has
> occured, and on a difficult to find, seemingly unrelated site [2].
> * The researcher has knowingly obfuscated the identity of the sender,
> used false or stolen identities and bogus domains.
> * No meaningful information about the research was provided to the
> unwitting subjects before, during, or after the involuntary enrollment.
> * The information available when trying to investigate, from "official
> source" [2] as well as from the affected community [3] is incomplete at
> best.
> * Apparently the researcher has been made aware and has not done
> anything but further obfuscating between April [3] and December.
> 
> In my view, co-opting websites and email addresses through harvesting
> and spamming is equivalent to co-opting persons capable of consent.
> Behind each and every one of the harvested email addresses there are
> persons and ultimately a responsible individual that had to deal with
> the threatening content of the emails.  Based on annecdotal feedback
> [3], receipt of the email has caused a great deal of uncertainty,
> anxiety and fear in addition to the economic harm of the spam that
> became subject of expert investigation in an attempt to mitigate the
> fallout for our systems and our email recipients[4].  It has a negative
> effect on the operators of email systems signed below; on their user
> communities; and frankly also on Princeton's reputation.  Has the
> Princeton given permission to the use of its name as part of the bogus
> domain names?
> 
> The way this study was designed raises questions about the ethics, but
> also the intellectual integrity of the researcher.  His reaction when
> made aware of the shortcomings was intellectually dishonest.  We trust
> that your investigation in the matter will find whether his supervisors
> were part to this dishonesty, or whether this continued harrassment is
> the result of a single, rogue, element in your university.  In either
> case, in my view those responsible deserve to be disciplined and I do
> not exclude the possibility of a class action if Princeton does not
> take satisfactory corrective and punitive actions.
> 
> Apparently, Princeton's Research Integrity and Assurance (RIA) has been
> rece

[mailop] New "What is your GDPR" or "What is your CCPA" policy email scam?

[Anne P. Mitchell, Esq. via mailop]

On Friday, we received the following email, purporting to be asking about GDPR 
policies for our property The Internet Patrol:

From: tomhar...@yosemitemail.com:
Subject: Questions About GDPR Data Access Process for theinternetpatrol.com

To Whom It May Concern:

My name is Tom Harris, and I am a resident of Sacramento, California. I have a 
few questions about your process for responding to General Data Protection 
Regulation (GDPR) data access requests:

• Would you process a GDPR data access request from me even though I am 
not a resident of the European Union?
• Do you process GDPR data access requests via email, a website, or 
telephone? If via a website, what is the URL I should go to?
• What personal information do I have to submit for you to verify and 
process a GDPR data access request?
• What information do you provide in response to a GDPR data access 
request?
To be clear, I am not submitting a data access request at this time. My 
questions are about your process for when I do submit a request.

Thank you in advance for your answers to these questions. If there is a better 
contact for processing GDPR requests regarding theinternetpatrol.com, I kindly 
ask that you forward my request to them.

I look forward to your reply without undue delay and at most within one month 
of this email, as required by Article 12 of GDPR.

Sincerely,

Tom Harris

---

Now, when I saw it, my spidey sense tingled a bit (referring to the property as 
a URL, a US-based individual asking about GDPR with a US-based outlet, etc.). 
And the from domain seemed..interesting.  (Created in March of 2020.)  Nothing 
seemed *obviously* off, so we responded politely. 

The next day, we got *this* email:

From: kurtmayf...@potomacmail.com
Subject: Questions About CCPA Data Access Process for theinternetpatrol.com

To Whom It May Concern:

My name is Kurt Mayfair, and I am a resident of Norfolk, Virginia. I have a few 
questions about your process for responding to California Consumer Privacy Act 
(CCPA) data access requests:

• Would you process a CCPA data access request from me even though I am 
not a resident of California?
• Do you process CCPA data access requests via email, a website, or 
telephone? If via a website, what is the URL I should go to?
• What personal information do I have to submit for you to verify and 
process a CCPA data access request?
• What information do you provide in response to a CCPA data access 
request?
To be clear, I am not submitting a data access request at this time. My 
questions are about your process for when I do submit a request.

Thank you in advance for your answers to these questions. If there is a better 
contact for processing CCPA requests regarding theinternetpatrol.com, I kindly 
ask that you forward my request to them.

I look forward to your reply without undue delay and at most within 45 days of 
this email, as required by Section 1798.130 of the California Civil Code.

Sincerely,

Kurt Mayfair

---

potomocmail.com having identical creation/registration details as 
yosemitemail.com

Both being sent out through Amazon SES, so nothing much useful in the headers 
that I could see. NO links, no anything other than what's in the above email.

We're trying to figure out just what exactly the scam is...anybody have any 
thoughts? Anybody else seeing this?

Anne

--
Anne P. Mitchell, Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] WhatCounts/Costco silliness

[Anne P. Mitchell, Esq. via mailop]

Here is what CAN-SPAM requires, following the updated rules issued by the FTC 
in May of 2008; this is the "single step" requirement:

§ 316.5 Prohibition on charging a fee or imposing other requirements on 
recipients who wish to opt out.

Neither a sender nor any person acting on behalf of a sender may require that 
any recipient pay any fee, provide any information other than the recipient's 
electronic mail address and opt-out preferences, or take any other steps except 
sending a reply electronic mail message or visiting a single Internet Web page, 
in order to:

(a) Use a return electronic mail address or other Internet-based mechanism, 
required by 15 U.S.C. 7704(a)(3), to submit a request not to receive future 
commercial electronic mail messages from a sender; or

(b) Have such a request honored as required by 15 U.S.C. 7704(a)(3)(B) and 
(a)(4).

From: https://www.ecfr.gov/current/title-16/part-316

Anne
---

Anne P. Mitchell, 
Attorney at Law
CEO Get to the Inbox by SuretyMail
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] SendX?

[Anne P. Mitchell, Esq. via mailop]

We have someone asking us for info on SendX, their reputation, etc., and 
honestly we have never heard of them; while ordinarily we would consider that 
in and of itself as a data point, I'm wondering if anybody has any experience 
with them?

Anne

---
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Got any users in Texas? Better turn off your spam filters by Dec 2

[Anne P. Mitchell, Esq. via mailop]

> On Sep 23, 2021, at 9:08 PM, John Levine via mailop  wrote:
> 
> It appears that Jarland Donnell via mailop  said:
>>> * “the provider has a good faith, reasonable belief that the message
>>> contains malicious computer code, obscene material, material depicting
>>> sexual conduct, or material that violates other law”
>> 
>> And guess what I have on all of my spam filters? Good faith, reasonable 
>> evidence and belief that it contains material which violates the law: 
>> https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003
> 
> CAN SPAM *allows* you to filter but it does not *require* you to filter.  
> Under CAN SPAM,
> unsolicited ads are entirely legal if they have an opt-out link and are not 
> deceptive.

However, CAN-SPAM is Federal law, which trumps state law - even, yes, Texas law 
(editorial comment about Texas and their view of their laws withheld).

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO Get to the Inbox - We get you into the inbox!
Author: The Email Deliverability Handbook
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Email Marketing Deliverability and Best Practices Expert
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Xfinity / Comcast / rsys5.com

[Anne P. Mitchell, Esq. via mailop]

> On Sep 15, 2021, at 12:55 AM, Daniele Nicolodi via mailop  
> wrote:
> 
> I understand that industry back practice recommends to have
> "unsubscribe" links in promotional bulk messages. Shouldn't these links
> direct to some form that effectively allows to remove the recipient
> address from the distribution list?
> 
> Xfinity spamms (apparently through rsys5.com) with messages with
> "unsubscribe" links that bring to a web form whose settings have no
> effect on the reception of these promotional emails.

To be clear, these are requirements of *Federal law* (CAN-SPAM), not just 
industry practice.

Anne
--
Anne P. Mitchell,  Attorney at Law
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Email Marketing Deliverability and Best Practices Expert
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] MailChimp to be Acquired by Intuit

[Anne P. Mitchell, Esq. via mailop]

So this is apparently happening:

> Begin forwarded message:
> 
> From: Ben Chestnut, Mailchimp  >
> Subject: Big News from Mailchimp: We're Planning to be Acquired by Intuit
> Date: September 13, 2021 at 1:56:01 PM PDT
> Reply-To: Ben Chestnut, Mailchimp  >
> 
> 
> To our Mailchimp customers,
> 
> My partner Dan Kurzius and I founded Mailchimp nearly 20 years ago. We’ll 
> never forget the early days in a tiny office we rented on the west side of 
> Atlanta. I sketched logo after logo before finally deciding that the monkey 
> with a mail carrier hat struck just the right tone, while Dan sat next to me 
> writing code and talking with customers. 
> 
> We both come from entrepreneurial families. Dan’s dad owned a bakery, and my 
> mom was a small business owner who ran a hair salon out of our family 
> kitchen. From the very beginning, we always wanted to empower small 
> businesses to grow. It’s in our DNA, and it became our mission with 
> Mailchimp. For a long time, we focused on doing one thing extremely well: 
> email marketing. Customers started asking us to sprinkle the Mailchimp magic 
> on other channels, and we did. Along the way, we built an amazing team and 
> innovated fast to meet your needs, eventually building an all-in-one 
> marketing platform for small businesses. 
> 
> Today, I’m excited to share that we’re accelerating this evolution by joining 
> forces with Intuit. Read the press release here 
> .
> 
> Since day one, setting our customers up for success has been our top 
> priority, and we’re confident that our acquisition by Intuit will advance 
> that mission and secure the legacy of support for small businesses that we’ve 
> built over the last 20 years. 
> 
> Like Mailchimp, understanding small businesses is embedded in Intuit’s DNA, 
> which affirms my belief that this is the right next step for Mailchimp, our 
> employees, and importantly, our customers. Intuit is a mission-driven global 
> financial technology platform, and you might already use some of their 
> products – like TurboTax and QuickBooks – that enable small and mid-sized 
> businesses to prosper. Combining our marketing platform with Intuit’s 
> AI-driven expert platform will allow us to create products and services that 
> solve our customers’ biggest challenges, so you can thrive. 
> 
> Together with Intuit, we’ll deliver an innovative small business growth 
> engine powered by marketing automation, customer relationship management, 
> accounting and compliance, payments and expense, and e-commerce solutions, 
> creating a single source of truth for your business. We’ll also be able to 
> offer more personalized support and onboarding, expand our international 
> footprint, and scale our teams to innovate faster and deliver the solutions 
> you want and need. 
> 
> While our ownership will change once the transaction closes, which we expect 
> to happen prior to the end of Intuit’s second quarter fiscal 2022, our 
> platform will stay Mailchimp through and through: the same user-friendly 
> products and tools, the same resources and support, and the same brand you 
> know and love. In fact, our goal is for all of these things to get even 
> better as part of Intuit. And, in the meantime, you’ll have the customer 
> experience you’ve come to expect from Mailchimp – including your monthly plan 
> and 24/7 access to our award-winning support team. We know that our customers 
> and partners expect consistency and continuity as much as they expect new 
> features and functionality, and we’re committed to meeting your needs as we 
> move forward together with Intuit. We’ll keep you updated as things progress.
> 
> Thanks for trusting us to help you grow your business. At our core, Mailchimp 
> will always be the humble little monkey 
> 
>  that I sketched in those early days, and our mission to empower the underdog 
> will always be our north star. 
> 
> Onward! 
> 
> Ben Chestnut
> Co-founder and CEO
> @benchestnut 
> 
>  
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Recommendation for inbox provider?

[Anne P. Mitchell, Esq. via mailop]

All,

I know someone who is setting up a business domain, and needs an inbox host.  
Her registrar/webhost is GoDaddy and they are discontinuing their free hosted 
email, and referring people to paid Office365. It seems that all of the general 
info out there points to either 365 or Gmail.   Surely there must be others out 
there?  Anybody have one they recommend?  Bonus if they help with 
authentication setup because she is ..um...tech challenged.

Thanks!

Anne

--
Anne P. Mitchell,  Esq.
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anyone seen this "email warmup" pattern?

[Anne P. Mitchell, Esq. via mailop]

>> I've been catching my customers left and right lately signing up for 
>> some email warmup service.
> 
> OK, I see I've been completely out of touch with that segment of the industry.

Michael, another, somewhat related and somewhat new service model is the one 
like "MailShake", which gives the user an ESP-like interface, but then sends 
out the bulk email through the *user's* Gmail account, one at a time (and with 
no unsubscribe link, to boot).  It's disgusting.

Anne

--
Anne P. Mitchell,  Esq.
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] So uh... Zoom/Sendgrid... How's that webinar spam investigation coming?

[Anne P. Mitchell, Esq. via mailop]

Brielle wrote:

> Litigation is WAY overused to resolve issues.

I generally agree.  However, on the other hand it's a pretty good way to get 
the attention of people who *know* they are doing wrong, and continue to do it 
unrepentingly all the way to the bank.

Anne "Cartoony at Large" Mitchell

--
Anne P. Mitchell,  Esq.
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6* of the Federal Email Marketing Law (CAN-SPAM)   
 *Why yes, I *did* have a certain unrepentant coffee entity in mind 
   when I wrote the vendor liability section of CAN-SPAM
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Anybody know Anthony Mitchell or Inboxsys?

[Anne P. Mitchell, Esq. via mailop]

> On May 20, 2021, at 1:32 PM, Florian Vierke via mailop  
> wrote:
> 
> I‘ve been working with Anthony a few Years back at Teradata/eCircle. He 
> joined Adobe and later Inboxsys. I can confirm, that he‘s 10y+ in the 
> industry and has been to M3aawg, csa summit, was speaker at emailing 2020 
> (https://youtu.be/Snue0SHOG3g) and so on. So yes, he does have some contacts 
> ;)
> 
> We’re still running our Youtube channel deliverability.tv together, as much 
> as time allows. :)
> 
> Regarding inboxsys - it‘s a rebranding of ‚mailmike‘ and exists for a few 
> Years now as well. Mailmike was developed by Sebastiaan de Vos, formerly 
> managing Deliverability at Emarsys.
> 
> Deliverability is a small, but nice family ;)

Florian, thank you so much!  That makes us feel much better!  Happy to share 
with a colleague, but so often it's people looking for intel to use for 
nefarious purposes.  I've also been provided with an intro through LinkedIn 
from another mutual contact.  

Thank you again!

Anne

--
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Anybody know Anthony Mitchell or Inboxsys?

[Anne P. Mitchell, Esq. via mailop]

All,

We've been contacted by Anthony Mitchell, representing Inboxsys.com - they are 
brand new in the deliverability space, and yet they claim to have relationships 
with all of the ISPs and ESPs; however I can find *nothing* about them, 
anywhere, other than on archive.org, which shows that they only spun up the 
service within the past 6 months.

Does anybody have any insight into Mr. Mitchell (obviously no relation) and/or 
his inboxsys.com?

Anne

--
Anne P. Mitchell,  Esq.
CEO ISIPP SuretyMail
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Author: The Email Deliverability Handbook
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: Registered @ Microsoft JMRP - blacklisted without feedback received

[Anne P. Mitchell, Esq. via mailop]

> On May 11, 2021, at 11:45 AM, André Peters via mailop  
> wrote:
> 
> because you MS guys are so clever,

I'd like to suggest that personal attacks, *especially* on such a trusted, 
respected member of the community - not to mention one who is one of the good 
guys, is not only unwarranted, but gouche.  Michael puts up with a *lot* to be 
here and to be helpful, he doesn't need personal attacks on top of it all.

Anne  (Who has known Michael for nearly 20 years)
--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw and Cyber Security, Lincoln Law School
Author: Section 6 of the Federal Email Marketing Law (CAN-SPAM)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] EmailDeliverablityReport.com?

[Anne P. Mitchell, Esq. via mailop]

Does anybody know who is behind EmailDeliverabilityReport.com?  I note it's 
only about a year old, and I want to know about the trustworthiness/reliability 
of what they are putting out - for example they are ranking ESPs based on 
deliverability... their data and info may be completely accurate based on their 
methods, but I'm always a bit suspicious of sites that purport to put out 
expert data but don't reveal who is actually behind the organization.

Anne

--
Anne P. Mitchell,  Attorney at Law
Founder/CEO, SuretyMail Email Reputation Certification & Deliverability Services
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: MAPS Anti-Spam Blacklist
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [E] Re: Some Days I think that Gmail isn't even trying to stop outbound spam..

[Anne P. Mitchell, Esq. via mailop]

> On Fri, Feb 5, 2021 at 9:18 AM Thomas Walter via mailop  
> wrote:
> 
> You can not trust users to identify spam. 

Sure you can.  You can trust them to identify what *they* consider to be spam.  
It just doesn't jive with what we consider to be spam. 

That is, always has been, and always will be part of the problem.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] scam prevention

[Anne P. Mitchell, Esq. via mailop]

> Background:
> 
> Some people at work fell for a scam email  where the From line was
> 
> From: =?UTF-8?Q?Darren_Smith=C2=A0?= 

We have been beating this drum for ages, most recently here:

https://www.theinternetpatrol.com/warning-having-email-display-senders-contact-image-and-info-helps-scammers-get-in-through-the-cracks/

..which implores businesses to get rid of the so-called 'friendly' name (the 
same thing you are talking about) and includes an example where a company was 
scammed out of $4million dollars with exactly this method - hopefully your 
company's losses were much less. :-(

Anne
--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Suddenlink Contact

[Anne P. Mitchell, Esq. via mailop]

> Is there anyone with Suddenlink on this list, or does anyone have any 
> contacts with them, if so please contact me off list.  It seems that emails 
> sent to their postmaster account bounce.

Having *just* gone 'round with them on this for a client, and (after many 
emails and phone calls) getting a response, what we have learned is that you 
actually need to speak with Synchronoss - Synchronoss is their inbound border 
patrol, so to speak, and it is Synchronoss who is blocking any email access to 
Suddenlink accounts.

Unfortunately I don't have a Synchronoss contact for you - in fact if anybody 
here does, please let me know!

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative and Legal Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] [External] sendgrid.net

[Anne P. Mitchell, Esq. via mailop]

> I've been very saddened.  Sendgrid was a reputable ESP that has fallen
> from grace.  About 6-7 months ago, we started seeing pretty large
> amounts of spam from them.

Exactly - this tracks with the timeline when a) they ceased being certified by 
us, b)  certain key people who *had* been involved with making sure that 
SendGrid did the right thing left, and then c) they were acquired by Twilio.  
Acquisitions of reputable players in the email space generally lead to a 
decline in how white hat they are, because of course the acquirers are almost 
always only (or at least primarily) interested in a return on their $ 
investment (witness Habeas).

>  I've personally tried reaching out to Twilio / Sendgrid leadership to alert 
> them to the issue.

I did as well, and was assured that they have a unit whose task it is to ensure 
all Sendgrid/Twilio communications are "wanted, secure and legal."  

Sigh.

Anne

--
Anne P. Mitchell,  Attorney at Law
CEO, SuretyMail Email Reputation Certification
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

>> 
>> It was Mr. Charles Benn who, according to the service of process affidavit, 
>> was authorized to receive process on their behalf. 
> 
> It won't surprise you to learn that we have absolutely no clue who "Charles 
> Benn" is, literally never heard of the guy.

Steve, my working theory is that Charlie Benn is a receptionist at the W1 
communications office building which you used to list as an address;  I've seen 
this sort of scenario happen on several occasions, and the proof of service 
filed by the process server bears that out.  Of course, if he could not accept 
service for Spamhaus he should have told the process server so, instead of 
accepting service.  Given that the location is a virtual office type place, in 
which, I imagine, nobody from Spamhaus has set foot in some years (if ever), it 
makes perfect sense that nobody in our communities knows who Charlie Benn is, 
if he is the receptionist at such a place.  

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

> Another relevant piece of data. The organization that was named in the suit 
> and has received a permanent injunction against it has been voluntarily 
> dissolved and struck off the UK registry of companies. 
> 
> https://beta.companieshouse.gov.uk/company/05303831
> 
> There is no one covered under this injunction as the entity does not exist. 

They still technically (at least nominally) seemed to have an agent for service 
in London, who was served in October, 2019;  Spamhaus didn't dissolve  that 
particular UK entity until March of 2020 (see 
https://beta.companieshouse.gov.uk/company/05303831), five months after they 
were (ostensibly) served in London.  Also, SpamhausTech still lists its address 
as being in London - so under the doctrine of piercing the corporate veil (i.e. 
a court may find that they can't claim they don't exist in the UK if they have 
an affiliated entity that does) they can/could have/may be able to enforce 
against them:  https://www.spamhaustech.com/privacy-policy/

Of course, this is all basically mooted by the fact that the final judgement 
was only for $1 as DBUSA never submitted a damages accounting, and they are in 
Chapter 11, so it seems highly unlikely that they are going to spend money to 
pursue this on the off chance that they might pervail.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

>> From the judgement:
>> "The plaintiff has shown that it has complied with the Hague Convention and 
>> personally served a representative authorized to accept service of process 
>> in London."
> 
> Rule #1 of spam: Spammers lie.

Absolutely.

However, a court isn't going to take a party's word that they served someone, 
you are required to file a proof of service, which is served by someone *other* 
than the party (a process server).  Parties to a lawsuit are not allowed to 
serve process on the other party, for that very reason.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

>> Did you not read what I quoted from the Spamhaus website? They are based
>> in Switzerland and Andorra, not the UK. My assumption is that there is
>> basically no chance of any U.S. ruling being enforced in either of these
>> two countries, unless it is related to a serious crime.

I should elaborate:  Spamhaus has (had?) always had offices in London.  Perhaps 
they have moved primary operations to Switzerland an Andorra, however that 
doesn't mean that they don't still have a presence in the UK, and given that 
they were served *in* the UK, that suggests that they do, in fact, still 
maintain a presence in the UK.  Now, I don't know that for certain, but I *do* 
know for certain that they were served in the UK (according to the judgement).
> 


> From the judgement:
> 
> "The plaintiff has shown that it has complied with the Hague Convention and 
> personally served a representative authorized to accept service of process in 
> London."
> 
> Anne
> 
> --
> Anne P. Mitchell,  Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> CEO, SuretyMail Email Reputation Certification
> Advisor, Governor's Innovation Response Team Task Force
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado
> 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

> Did you not read what I quoted from the Spamhaus website? They are based
> in Switzerland and Andorra, not the UK. My assumption is that there is
> basically no chance of any U.S. ruling being enforced in either of these
> two countries, unless it is related to a serious crime.

From the judgement:

"he plaintiff has shown that it has complied with the Hague Convention and 
personally served a representative authorized to accept service of process in 
London."

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

> default judgment, Spamhaus is not a US organization or wasn't properly served 
> or whatever.


Right...the thing is that a default judgement is still a judgement.  And 
because they are in the UK doesn't mean that it can't be enforced against 
them.. in the UK.  Here are two good articles about enforcing U.S. judgements 
in the UK, in case anyone wants to read them or, you know, has insomnia:

https://www.penningtonslaw.com/news-publications/latest-news/2019/transatlantic-litigation-enforcing-us-judgments-in-england-and-wales

https://www.bclplaw.com/images/content/2/2/v2/2220/Bulletin-Enforcing-US-Judgments-American-version-August-2014.pdf

Note that the court has given DBUSA 30 days to come up with an accounting of 
how the Spamhaus listing impacted DBUSA monetarily.  Also note that DBUSA is 
now in Chapter 11 bankruptcy;  it will be interesting to see whether they 
attempt to attribute that to the SH listing.

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

Following up on my own post, it was a default judgement (we just posted the 
memorandum here:

https://www.theinternetpatrol.com/databaseusa-wins-case-against-spamhaus-in-matter-of-databaseusa-v-spamhaus-in-federal-court/

..and will be adding our own commentary shortly).

DatabaseUSA has been given 30 days to determine and account for monetary 
damages and file that with the court.

Anne

> On Aug 3, 2020, at 4:46 PM, Anne P. Mitchell, Esq.  
> wrote:
> 
> This is disturbing, although I don't know any of the back story.  Is there 
> anything of which anybody is aware that would somehow change how concerning 
> this is?
> 
> --
> 
> DatabaseUSA Wins Case Against The Spamhaus Project
> 
> DatabaseUSA, a provider of data and email marketing services, has won a 
> victory over The Spamhaus Project.
> 
> A federal court found that Spamhaus defamed the company and interfered with 
> its business relations by “wrongfully listing DatabaseUSA.com on Spamhaus’s 
> domain block list from 2017 to the present.” 
> 
> DatabaseUSA suffered “damage to its reputation, a loss of customers, and loss 
> of potential revenue as a result of Spamhaus’s defamation and tortious 
> interference,” wrote Senior U.S. District Judge Joseph F. Bataillon in an 
> opinion on file with the U.S. District Court for the District of Nebraska. 
> 
> https://www.mediapost.com/publications/article/354343/databaseusa-wins-case-against-the-spamhaus-project.html
> 
> --
> 
> Anne
> 


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] This is..Concerning: DatabaseUSA Wins Case Against The Spamhaus Project

[Anne P. Mitchell, Esq. via mailop]

This is disturbing, although I don't know any of the back story.  Is there 
anything of which anybody is aware that would somehow change how concerning 
this is?

--

DatabaseUSA Wins Case Against The Spamhaus Project

DatabaseUSA, a provider of data and email marketing services, has won a victory 
over The Spamhaus Project.

A federal court found that Spamhaus defamed the company and interfered with its 
business relations by “wrongfully listing DatabaseUSA.com on Spamhaus’s domain 
block list from 2017 to the present.” 

DatabaseUSA suffered “damage to its reputation, a loss of customers, and loss 
of potential revenue as a result of Spamhaus’s defamation and tortious 
interference,” wrote Senior U.S. District Judge Joseph F. Bataillon in an 
opinion on file with the U.S. District Court for the District of Nebraska. 

https://www.mediapost.com/publications/article/354343/databaseusa-wins-case-against-the-spamhaus-project.html

--

Anne


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Google and Spam detection

[Anne P. Mitchell, Esq. via mailop]

Also, starting in this past week, Google (must have) changed their 
spam-detecting algorithm, as we are seeing that suddenly fully 50% of any day's 
load in the spam folder are false positives (i.e. has actually been legitimate 
email, even email that has a months - or even years - long history of being 
delivered to the inbox previously), and where prior to this week (and again, 
for months and years) there was typically maybe a 3%-5% false positive in the 
spam folder - it jumped to 50% overnight, several days ago.  Maybe not for 
everyone, but we've heard this from several others.

All of this to say that all of the advice in this thread (especially DKIM, SPF, 
and ipv4) is good advice, but you still may see problems until Google does a 
correction (assuming they do).

Anne

--
Anne P. Mitchell,  Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] SendInBlue Contact?

[Anne P. Mitchell, Esq. via mailop]

Does anyone have a contact at Send in Blue?

Anne

--
Anne P. Mitchell, Attorney at Law.
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO, SuretyMail Email Reputation Certification
Advisor, Governor's Innovation Response Team Task Force
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Urgently need contact at Facebook of Instagram and also Omegle

[Anne P. Mitchell, Esq. via mailop]

Hi Simon,

Those forms aren't very useful for things occuring RightNow, on a weekend.

However, we have gotten through to the right people now.

Thank you!

Anne

> On May 3, 2020, at 4:10 AM, Bressier Simon  wrote:
> 
> Hi Anne,
> 
> Not sure you are at the right place here, all the platforms you mentioned 
> have abuse forms for that kind of reports, and it will be much more efficient 
> than passing thru a mailing list related to email industry.
> 
> Le dim. 3 mai 2020 à 00:23, Anne P. Mitchell, Esq. via mailop 
>  a écrit :
> There is a woman torturing animals on Omegle, she is advertising it on her 
> Instagram account.  Need to get this in front of the right people to have her 
> traced and shut down.
> 
> Please let me know if you can provide a contact for either org.
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> Advisor, Colorado Innovation Response Team Task Force
> CEO/President, SuretyMail Email Reputation Certification
> Policy Drafting and Review for Businesses
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Also going on on TikTok (Re: Urgently need contact at Facebook of Instagram and also Omegle)

[Anne P. Mitchell, Esq. via mailop]

> On May 2, 2020, at 4:11 PM, Anne P. Mitchell, Esq.  
> wrote:
> 
> There is a woman torturing animals on Omegle, she is advertising it on her 
> Instagram account.  Need to get this in front of the right people to have her 
> traced and shut down.
> 
> Please let me know if you can provide a contact for either org.
> 
> Anne
> 
> ---
> Anne P. Mitchell, Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> Advisor, Colorado Innovation Response Team Task Force
> CEO/President, SuretyMail Email Reputation Certification
> Policy Drafting and Review for Businesses
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Location: Boulder, Colorado


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Urgently need contact at Facebook of Instagram and also Omegle

[Anne P. Mitchell, Esq. via mailop]

There is a woman torturing animals on Omegle, she is advertising it on her 
Instagram account.  Need to get this in front of the right people to have her 
traced and shut down.

Please let me know if you can provide a contact for either org.

Anne

---
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
Advisor, Colorado Innovation Response Team Task Force
CEO/President, SuretyMail Email Reputation Certification
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Offer for Mailop *Only*: Waiving Application Fee for Email Reputation Certification

[Anne P. Mitchell, Esq. via mailop]

All,

As more and more businesses are having to shut down their offices, and rely 
nearly completely on doing business online, making sure that business email 
gets to the inbox is becoming more important than ever to these businesses.

While we of course are also a business, we don't want to profit from the 
current situation.  We want to help.  So I have made the decision to waive the 
application fee for SuretyMail email reputation certification for my 
colleagues.  I want to be clear:  our application fee (which is $500) doesn't 
actually even fully cover our processing of an application, and we still need 
to pay our folks who process these applications, so this is coming out of our 
pocket.  But it's something that we can do, and I've made the decision that we 
should do it.

Please don't share this outside of this group (I am making the same offer to my 
colleagues in a couple of other groups I am in, but it is for me to decide to 
whom we extend this offer).

Also to that end, if you would like to take advantage of this, contact me 
directly, and offlist, and I will make the introduction to our customer service 
manager, Shannon, so that she knows to process your application without payment.

Be safe out there.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyberlaw & Cybersecurity, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Policy Drafting and Review for Businesses
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Anne P. Mitchell, Esq. via mailop]

Thank you, everyone, for helping solve this mystery!   The document actually 
does have attribution in the Slideshare version (what I had found was a plain 
PDF file, with no attribution).

Thank you again!

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cyber Law & Cyber Security, Lincoln Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Any idea who wrote 'Spam Lawsuits: What's the Worst that Can Happen?' ?

[Anne P. Mitchell, Esq. via mailop]

I came across a pdf titled Spam Lawsuits: What's the Worst that Can Happen? 
...no author, no sponsoring org (although I suspect a connection with MailChimp 
owing to a line say saying "If you're a MailChimp customer" and another saying 
"As you're a MailChimp customer")

You can see it here:

https://www.isipp.com/wp-content/uploads/spam-lawsuits-rules-regulations.pdf

I'd like to give proper attribution...anybody recognize it?

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyber Law & Cyber Security, Lincoln 
Law School
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [EXTERNAL] Re: [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

[Anne P. Mitchell, Esq. via mailop]

> On Jan 23, 2020, at 3:38 PM, Jaroslaw Rafa via mailop  
> wrote:
> 
> Ah... I always forget that people use mobiles nowadays for sending mail,
> where you have separate contacts list at system level... By the way, isn't
> mobile usage the root cause of most issues with sending messages to the
> wrong address?
> On a mobile client you often don't see the e-mail address of the recipient
> at all... you only see the name (well similarly is for Gmail's web
> interface) - I always wondered why is this, because I see this as primarily
> stupid - hiding from the user to whom he/she is actually sending mail to...

Those mail clients also help scammers spoofing inbound mail, because they 
display the contact image and friendly name associated with the spoofed email 
address (which is how one company was scammed out of over $4million USD), as we 
write here in our caution to *not* have your email client display contact 
images or so-called 'friendly' names:

https://www.theinternetpatrol.com/warning-having-email-display-senders-contact-image-and-info-helps-scammers-get-in-through-the-cracks/

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

[Anne P. Mitchell, Esq. via mailop]

> I can't recall the exact quote but a key rule is basically this;
> 
> "Spam is whatever my users say it is."

And, delightfully, even CAN-SPAM says (essentially) that spam is whatever ISPs 
say it is.

Anne

---
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [FEEDBACK] whose address, was Approach to dealing with List Washing services, industry feedback..

[Anne P. Mitchell, Esq. via mailop]

While most of the misdirected email I get is just a nuisance, just last week a 
lawyer at a law firm in California, with whom I have no connection, emailed 
documents in a case, with which I have no connection, to opposing counsel, with 
whom I have no connection (are you a detecting a theme here?) - only somehow 
they sent them to me instead of opposing counsel.  I say "somehow" because 
there is literally no connection at all - the fact that I am a lawyer was a 
coincidence, but a fun one, because I got to reply-all pointing out the error 
of their ways (and an egregious one at that). ;~)

Anne

Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] A Facebook curiosity: lots of people suddenly have accounts at honet.com?

[Anne P. Mitchell, Esq. via mailop]

> Nadine, is that you?

Please to provide a C&C warning next time (yes, I audibly snorted, loudly 
enough for my other half to hear it and ask what I was laughing at).

Anne

--
Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Reasons to add plain text alternative to email?

[Anne P. Mitchell, Esq. via mailop]

> On Dec 9, 2019, at 4:32 AM, Andreas Schamanek via mailop  
> wrote:
> 
>> we were wondering if there's still a good reason for adding plain text to a 
>> html message. Is there a significant audience reading in plain text? Is 
>> plain text important for accessibility?
> 

Let me turn this question around:

Is there a good reason to *stop* including plain text?

(I fully agree with all of the various reasons put forward for continuing to do 
it, but am wondering why one, once already doing it, would stop?)

FWIW, we *require* all of our certification customers to email us *only* in 
plain text (and there has never been any pushback, again, FWIW).

Anne

Anne P. Mitchell, Esq., Dean of Cyberlaw, Lincoln Law School 
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Mailop made Hacker News

[Anne P. Mitchell, Esq. via mailop]

> 
> And the comments on Brandon about him being helpful and respectful are well 
> deserved.

Indeed they are!

This is also a reminder, however, that nothing said here is confidential, and 
that something you say here may end up repeated (and attributed) where you 
don't want it to be repeated.

There are some mail operations group mailing lists that have a strict 
confidentiality rule, however even that is only a thin protection, at best.  
Such is the nature of email lists.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School
Author: Section 6 of the CAN-SPAM Act
GDPR, CCPA  & CCDPA Compliance Consultant
Boards of Directors: Denver Internet Exchange | Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Gmail marking email from me as spam

[Anne P. Mitchell, Esq. via mailop]

> On Oct 7, 2019, at 7:34 AM, Jaroslaw Rafa via mailop  
> wrote:
> 
> I asked on different forums and tried to follow the advices I got.
> Previously I didn't have SPF nor DKIM (as I wrote, for long time it was
> absolutely no obstacle in getting my messages received by Gmail users), so I
> configured them, I also published a DMARC record. DMARC reports I get from
> Google indicate everything as passed, the same says Gmail in details of the
> messages I sent to test accounts. I defined a MX record for my domain,
> which I didn't have previously, because rafa.eu.org has an A record, so it
> looked stupid (and superfluous) to me to define MX for rafa.eu.org that
> points simply to rafa.eu.org :), and everything works perfectly with A
> record only. But someone told me that Google may be suspicious about
> domains that don't have a MX record, so I defined it.

How recently did you do all this?  Unfortunately, as with many things, it takes 
only a moment to destroy your sending reputation, and months to rebuild it.

We've also started seeing (especially since GDPR went into effect) that for EU 
domains, even if you have an MX record, or other records properly set up, the 
typical types of lookups don't *reveal* them (try looking up the info for your 
domain, then look up just about any U.S. based domain, and you will see that 
the EU domain shows only the barest info (so for example, just the CNAME IP, 
and to where it points - that's *it*), while the U.S. based domains actually 
reveal the MX, the A, etc..).

I do NOT want this to descend into a "which is the better way", I'm only 
pointing out that *if* a given recipient host is relying on something in their 
algorithm that takes that data into effect, and they only draw a blank when 
trying to find that data, it can also affect your overall 'reputation', and 
hence delivery.  If the recipient's algo determines that the email is coming 
from an unknown (and unknowable) sender, it's much more likely to go into the 
spam folder.

Anne

Anne P. Mitchell, Attorney at Law, Dean of Cyberlaw, Lincoln Law School of San 
Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant, GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Certified Senders Alliance

[Anne P. Mitchell, Esq. via mailop]

> In article <3827efcb-337f-4456-9fb8-6eff4a5d9...@isipp.com> you write:
>> The CSA has, to the best of my knowledge, never been about best practices
> 
> You're mistaken.  Their criteria are here:
> 
> https://certified-senders.org/wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf
> 
> I've sent complaints which have been taken seriously.  I'm surprised
> to hear they botched this one.

I'm actually really glad to hear that!  Thank you!

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose 
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) 
Legislative Consultant 
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant 
Board of Directors, Denver Internet Exchange 
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Certified Senders Alliance

[Anne P. Mitchell, Esq. via mailop]

> We were certified by ISIPP (as an ESP) many years ago, and I don't remember 
> going through an extensive check process for that.

You did. :-)  However it was all in the background, based on your responses to 
your application. 

> As we didn't see any improvement in the deliverability, we stopped not long 
> after.

That was back in 2009, so I don't have immediate access to your info, however I 
do hope that you told our staff that, and also brought any deliverability 
problems you were having to our attention - we can't help with issues that we 
don't know about.  If you'd like to try again, we'd be happy to waive the 
reapplication fee (tell them I said so :-) )

Anne

--

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Location: Boulder, Colorado



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Certified Senders Alliance

[Anne P. Mitchell, Esq. via mailop]

The CSA has, to the best of my knowledge, never been about best practices, let 
alone about enforcing them.  The only two organizations anywhere that are truly 
about certifying email senders because they are following best practices are 
(again, to the best of my knowledge), Return Path and us.

Anne

--
Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [ext] Re: Return Path / Sender Score

[Anne P. Mitchell, Esq. via mailop]

> On Sep 6, 2019, at 8:01 AM, Ewald Kessler | Webpower via mailop 
>  wrote:
> 
> Not short, but certainly sweet:
> 
> I don't care what method people devise to make sure that people don't get 
> added to a mailing list without their consent, so long as it actually works. 
> I don't care if they call it "sucking chest wound" so long as the process 
> they adopt effectively prevents abuse. Dogma and jargon should never be more 
> important than stopping spam.

I think that 'sucking chest wound' is what usually happens after someone spams 
someone here. ;-)

Anne




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] mailop Digest, Vol 142, Issue 35

[Anne P. Mitchell, Esq. via mailop]

> On Aug 24, 2019, at 7:03 PM, Al Iverson via mailop  wrote:
> 
> Wait. There was spam before Anne Mitchell defined it for the rest of us?
> 

Actually it was Paul Vixie who defined it - then we worked together to refine 
the wording and put it up on the MAPS website. 

Anne

---

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] [ext] Re: Return Path / Sender Score

[Anne P. Mitchell, Esq. via mailop]

> Spam being unsolicited broadcast email, I would say that if you agree to
> receive it, it cannot be spam.  This definition has held up well over the
> twenty-five years I've been involved in the industry.

Indeed, and it was formalized in item (2) in the Vixie/Mitchell defintion of 
spam, which was promulgated ~20 years ago:

“An electronic message is “spam” IF: (1) the recipient’s personal identity and 
context are
irrelevant because the message is equally applicable to many other potential 
recipients;
AND (2) the recipient has not verifiably granted deliberate, explicit, and 
still-revocable
permission for it to be sent; AND (3) the transmission and reception of the 
message
appears to the recipient to give a disproportionate benefit to the sender.”

Interesting sidenote: While this definition was originally posted on the  MAPS 
website, lo those ~20 years ago, I note that it is now posted on thousands of 
sites. 

Anne

---

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Happy Resident: Boulder, Colorado
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Issue with Mailop 'From' header

[Anne P. Mitchell, Esq. via mailop]

Something has changed in the past several weeks so that email from Mailop now 
comes:

From: 
To: mailop@mailop.org

Whereas before the change the email would come:

From: Anne Mitchell 
To: mailop@mailop.org

..making triage, etc., of reading Mailop mail more onerous now, as one has to 
actually open each email, and scan for a signature - and if there is no 
signature then one has to actually read the reply-to headers, to figure out who 
something is from.

Is anybody else seeing this?  My OS (OS 10.13.6) hasn't been updated in that 
time period so I don't think that it's on my end.

Anne

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
SuretyMail Email Reputation Certification
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Lawsuit to watch: Tulsi v. Google

[Anne P. Mitchell, Esq. via mailop]

> Also, doesn't CAN-SPAM only apply to senders?

No, there is a little-known (apparently) clause in CAN-SPAM that specifically 
states that ISPs can make any delivery decision that they want to, for any 
reason or no reason whatsoever. It’s nearly (but not quite) the codification of 
“their server, their rules“.  Apparently her attorneys haven't bothered to ... 
you know ...read the actual law.

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Lawsuit to watch: Tulsi v. Google

[Anne P. Mitchell, Esq. via mailop]

While at first blush the big news about this lawsuit is that Google is being 
sued for suppressing presidential candidate Tulsi Gabbard's campaign's ads, 
there is also a piece of the lawsuit where they are suing Google because (they 
claim) a disproportionate number of her campaign's email was being put in the 
Gmail spam folder.  They talk about the opacity of how the spam filter works, 
etc...

Now, of course, years ago, when I was at MAPS, we dealt with several lawsuits 
from spammers about how unfair it was that they were being filtered because of 
the RBL, etc., etc., and they fairly roundly lost.

This however is different, because we have a political candidate claiming that 
Google is suppressing *political* speech, the free pass for which is baked 
right into CAN-SPAM, as we all know only too well.

Here is our plain English write up of it, which I doubt anyone here needs (the 
plain English part), but we also are hosting a full copy of the lawsuit, which 
is linked here as well:

https://www.theinternetpatrol.com/presidential-candidate-tulsi-gabbard-sues-google-over-disabling-ads-and-going-to-the-spam-folder-full-text-of-lawsuit-included/

Anne

Anne P. Mitchell, Attorney at Law
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
CEO/President, Institute for Social Internet Public Policy
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] More Visitors & More Sales

[Anne P. Mitchell, Esq. via mailop]

Oh..my..god...I am so sorry! I had deleted that entry, and how the heck it got 
in there again to default to mailop...I have no idea..going to strangle my Mac 
now...

Anne..with a very red face. :-(

> On Jul 23, 2019, at 8:07 AM, Anne P. Mitchell, Esq.  
> wrote:
> 
> Here ya go ;-)
> 
>> Sujata Sain  
>> RE: More Visitors & More Sales
>> 
>> X-Incomingheadercount: ⁨39⁩
>> X-Ms-Exchange-Crosstenant-Originalarrivaltime: ⁨23 Jul 2019 05:28:27.5595 
>> (UTC)⁩
>> X-Originatororg: ⁨outlook.com⁩
>> X-Ms-Exchange-Transport-Crosstenantheadersstamped: ⁨PU1APC01HT241⁩
>> X-Virus-Scanned: ⁨Content scanner at isipp.com⁩
>> Authentication-Results: ⁨mx.google.com; dkim=pass header.i=@outlook.com 
>> header.s=selector1 header.b=l6Aod5qx; spf=fail (google.com: domain of 
>> srs0=bmi+=vu=outlook.com=bonddesign56e...@bounce.secureserver.net does not 
>> designate 69.12.213.130 as permitted sender) 
>> smtp.mailfrom="SRS0=BmI+=VU=outlook.com=bonddesign56e...@bounce.secureserver.net";
>>  dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com⁩
>> X-Ms-Exchange-Crosstenant-Rms-Persistedconsumerorg: 
>> ⁨----⁩
>> X-Ms-Exchange-Crosstenant-Rms-Persistedconsumerorg: 
>> ⁨----⁩
>> X-Received: ⁨by 2002:a62:15c3:: with SMTP id 
>> 186mr4073110pfv.141.1563859753543; Mon, 22 Jul 2019 22:29:13 -0700 (PDT)⁩
>> Return-Path: 
>> ⁨⁩
>> X-Ms-Exchange-Crosstenant-Fromentityheader: ⁨Internet⁩
>> X-Ms-Tnef-Correlator: ⁨⁩
>> X-Ms-Exchange-Crosstenant-Id: ⁨84df9e7f-e9f6-40af-b435-⁩
>> X-Ms-Publictraffictype: ⁨Email⁩
>> X-Google-Smtp-Source: 
>> ⁨APXvYqzmPqfE9FfXhdVDxnB26OCfKW7u/BmjWbqOPr9c5VeBz8AZ8Ko/2B8dUabz7yopx7hExskl⁩
>> Arc-Seal: ⁨i=1; a=rsa-sha256; t=1563859753; cv=none; d=google.com; 
>> s=arc-20160816; 
>> b=icxbBR+I2ugBnKgS5kRrHPs4xFOYmEUMz7nzVP1zcr8+XtwJ1mJhquIxhqQ0o2TNdM 
>> TvlJPP9OFXkdWiinRXlnHfTYBToqO9mOHvMSwQW114CzGPcKSSzMvEafOtvyltnnFzAg 
>> BovjRdHO4O5+dL1cAFvyPaaUh7V3Lhzxjae7X6vX63qZh2dVEMp3PTRYJRSY/Y8RwpHm 
>> 1+i4iMtnHJnHRK5bD3I3IoVGjLuRcgBUOFb8lo0rMLLsjsmTdyaPWwECBV+nfBIJzrBi 
>> ss700CXgz5c9WPzTiBwksrtz6p7L40rrvV1D9Ggvn5TbYnOrub6FQlPWwNQJ0yuyFwwq Uocw==⁩
>> X-Microsoft-Antispam: 
>> ⁨BCL:0;PCL:0;RULEID:(2390118)(5050001)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031323274)(2017031324274)(1601125500)(1603101475)(1701031045);SRVR:PU1APC01HT241;⁩
>> Thread-Index: ⁨AQHVQRdW5c0cVyHvgEKf47GIWDMQMg==⁩
>> Accept-Language: ⁨en-US⁩
>> ⁨⁩
>> X-Microsoft-Antispam-Message-Info: 
>> ⁨AO+XO2N4+1MAmH4HHrovcZu/83TaA/VCUPqTs40nlINk2PNPXZPpkcbyQVwiKlajGvnEnw2D0NmSm4D8eYgvBRddu7a5SKubF05NtkmiWJgwfLkkN6pR7wC0IbVEbq5zcgMlQF0Lk25G9IJ935eEJGkIBVNxmQod9AZYli3AzjfB7TZxXuLFR6Iewfw+TGLJ⁩
>> Content-Language: ⁨en-US⁩
>> Arc-Authentication-Results: ⁨i=1; mx.google.com; dkim=pass 
>> header.i=@outlook.com header.s=selector1 header.b=l6Aod5qx; spf=fail 
>> (google.com: domain of 
>> srs0=bmi+=vu=outlook.com=bonddesign56e...@bounce.secureserver.net does not 
>> designate 69.12.213.130 as permitted sender) 
>> smtp.mailfrom="SRS0=BmI+=VU=outlook.com=bonddesign56e...@bounce.secureserver.net";
>>  dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com⁩
>> Mime-Version: ⁨1.0⁩
>> X-Eopattributedmessage: ⁨0⁩
>> Thread-Topic: ⁨More Visitors & More Sales⁩
>> X-Ms-Has-Attach: ⁨⁩
>> Content-Type: ⁨multipart/alternative; 
>> boundary="_000_TY2PR03MB39675C6FD2369D6067AD0F1BD6C70TY2PR03MB3967apcp_"⁩
>> Received: ⁨by 2002:a67:89c7:0:0:0:0:0 with SMTP id l190csp7762811vsd; Mon, 
>> 22 Jul 2019 22:29:13 -0700 (PDT)⁩
>> Received: ⁨from allegro.isipp.com (allegro.isipp.com. [69.12.213.130]) by 
>> mx.google.com with ESMTPS id s14si12766919pgj.347.2019.07.22.22.29.13 
>> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 22 
>> Jul 2019 22:29:13 -0700 (PDT)⁩
>> Received: ⁨from p3plsmtp05-02-25.prod.phx3.secureserver.net 
>> (p3plsmtp05-02.prod.phx3.secureserver.net [97.74.135.22]) by 
>> allegro.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id x6N5T7jg006888 for 
>> ; Tue, 23 Jul 2019 05:29:12 GMT⁩
>> Received: ⁨(qmail 35617 invoked from network); 23 Jul 2019 05:29:06 -⁩
>> Received: ⁨(qmail 35614 invoked by uid 30297); 23 Jul 2019 05:29:06 -⁩
>> Received: ⁨from unknown (HELO p3plibsmtp01-12.prod.phx3.secureserver.net) 
>> ([72.167.238.228]) (envelope-sender ) by 
>> p3plsmtp05-02-25.prod.phx3.secureserver.net (qmail-1.03) with SMTP for 
>> ; 23 Jul 2019 05:29:06 -⁩
>> Received: ⁨from APC01-SG2-obe.outbound.protection.outlook.com 
>> ([40.92.253.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 256/256 
>> bits) (Client did not present a certificate) by CMGW with ESMTP id 
>> pnMGhL9jAloZ1pnMIhhl6K; Mon, 22 Jul 2019 22:29:06 -0700⁩
>> Received: ⁨from PU1APC01FT049.eop-APC01.prod.protection.outlook.com 
>> (10.152.252.52) by PU1APC01HT241.eop-APC01.prod.protection.outlook.com 
>> (10.152.252.184) with Microsoft SMTP Server (version=TLS1_2, 
>> cipher=TLS_ECDHE_RSA_WITH_AES_25

[mailop] Fwd: More Visitors & More Sales

[Anne P. Mitchell, Esq. via mailop]

Here ya go ;-)

> Sujata Sain  
> RE: More Visitors & More Sales
> 
> X-Incomingheadercount: ⁨39⁩
> X-Ms-Exchange-Crosstenant-Originalarrivaltime: ⁨23 Jul 2019 05:28:27.5595 
> (UTC)⁩
> X-Originatororg: ⁨outlook.com⁩
> X-Ms-Exchange-Transport-Crosstenantheadersstamped: ⁨PU1APC01HT241⁩
> X-Virus-Scanned: ⁨Content scanner at isipp.com⁩
> Authentication-Results: ⁨mx.google.com; dkim=pass header.i=@outlook.com 
> header.s=selector1 header.b=l6Aod5qx; spf=fail (google.com: domain of 
> srs0=bmi+=vu=outlook.com=bonddesign56e...@bounce.secureserver.net does not 
> designate 69.12.213.130 as permitted sender) 
> smtp.mailfrom="SRS0=BmI+=VU=outlook.com=bonddesign56e...@bounce.secureserver.net";
>  dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com⁩
> X-Ms-Exchange-Crosstenant-Rms-Persistedconsumerorg: 
> ⁨----⁩
> X-Ms-Exchange-Crosstenant-Rms-Persistedconsumerorg: 
> ⁨----⁩
> X-Received: ⁨by 2002:a62:15c3:: with SMTP id 
> 186mr4073110pfv.141.1563859753543; Mon, 22 Jul 2019 22:29:13 -0700 (PDT)⁩
> Return-Path: 
> ⁨⁩
> X-Ms-Exchange-Crosstenant-Fromentityheader: ⁨Internet⁩
> X-Ms-Tnef-Correlator: ⁨⁩
> X-Ms-Exchange-Crosstenant-Id: ⁨84df9e7f-e9f6-40af-b435-⁩
> X-Ms-Publictraffictype: ⁨Email⁩
> X-Google-Smtp-Source: 
> ⁨APXvYqzmPqfE9FfXhdVDxnB26OCfKW7u/BmjWbqOPr9c5VeBz8AZ8Ko/2B8dUabz7yopx7hExskl⁩
> Arc-Seal: ⁨i=1; a=rsa-sha256; t=1563859753; cv=none; d=google.com; 
> s=arc-20160816; 
> b=icxbBR+I2ugBnKgS5kRrHPs4xFOYmEUMz7nzVP1zcr8+XtwJ1mJhquIxhqQ0o2TNdM 
> TvlJPP9OFXkdWiinRXlnHfTYBToqO9mOHvMSwQW114CzGPcKSSzMvEafOtvyltnnFzAg 
> BovjRdHO4O5+dL1cAFvyPaaUh7V3Lhzxjae7X6vX63qZh2dVEMp3PTRYJRSY/Y8RwpHm 
> 1+i4iMtnHJnHRK5bD3I3IoVGjLuRcgBUOFb8lo0rMLLsjsmTdyaPWwECBV+nfBIJzrBi 
> ss700CXgz5c9WPzTiBwksrtz6p7L40rrvV1D9Ggvn5TbYnOrub6FQlPWwNQJ0yuyFwwq Uocw==⁩
> X-Microsoft-Antispam: 
> ⁨BCL:0;PCL:0;RULEID:(2390118)(5050001)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(2017031322404)(2017031323274)(2017031324274)(1601125500)(1603101475)(1701031045);SRVR:PU1APC01HT241;⁩
> Thread-Index: ⁨AQHVQRdW5c0cVyHvgEKf47GIWDMQMg==⁩
> Accept-Language: ⁨en-US⁩
> ⁨⁩
> X-Microsoft-Antispam-Message-Info: 
> ⁨AO+XO2N4+1MAmH4HHrovcZu/83TaA/VCUPqTs40nlINk2PNPXZPpkcbyQVwiKlajGvnEnw2D0NmSm4D8eYgvBRddu7a5SKubF05NtkmiWJgwfLkkN6pR7wC0IbVEbq5zcgMlQF0Lk25G9IJ935eEJGkIBVNxmQod9AZYli3AzjfB7TZxXuLFR6Iewfw+TGLJ⁩
> Content-Language: ⁨en-US⁩
> Arc-Authentication-Results: ⁨i=1; mx.google.com; dkim=pass 
> header.i=@outlook.com header.s=selector1 header.b=l6Aod5qx; spf=fail 
> (google.com: domain of 
> srs0=bmi+=vu=outlook.com=bonddesign56e...@bounce.secureserver.net does not 
> designate 69.12.213.130 as permitted sender) 
> smtp.mailfrom="SRS0=BmI+=VU=outlook.com=bonddesign56e...@bounce.secureserver.net";
>  dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com⁩
> Mime-Version: ⁨1.0⁩
> X-Eopattributedmessage: ⁨0⁩
> Thread-Topic: ⁨More Visitors & More Sales⁩
> X-Ms-Has-Attach: ⁨⁩
> Content-Type: ⁨multipart/alternative; 
> boundary="_000_TY2PR03MB39675C6FD2369D6067AD0F1BD6C70TY2PR03MB3967apcp_"⁩
> Received: ⁨by 2002:a67:89c7:0:0:0:0:0 with SMTP id l190csp7762811vsd; Mon, 22 
> Jul 2019 22:29:13 -0700 (PDT)⁩
> Received: ⁨from allegro.isipp.com (allegro.isipp.com. [69.12.213.130]) by 
> mx.google.com with ESMTPS id s14si12766919pgj.347.2019.07.22.22.29.13 
> (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 22 Jul 
> 2019 22:29:13 -0700 (PDT)⁩
> Received: ⁨from p3plsmtp05-02-25.prod.phx3.secureserver.net 
> (p3plsmtp05-02.prod.phx3.secureserver.net [97.74.135.22]) by 
> allegro.isipp.com (8.15.2/8.15.2/Debian-8) with ESMTP id x6N5T7jg006888 for 
> ; Tue, 23 Jul 2019 05:29:12 GMT⁩
> Received: ⁨(qmail 35617 invoked from network); 23 Jul 2019 05:29:06 -⁩
> Received: ⁨(qmail 35614 invoked by uid 30297); 23 Jul 2019 05:29:06 -⁩
> Received: ⁨from unknown (HELO p3plibsmtp01-12.prod.phx3.secureserver.net) 
> ([72.167.238.228]) (envelope-sender ) by 
> p3plsmtp05-02-25.prod.phx3.secureserver.net (qmail-1.03) with SMTP for 
> ; 23 Jul 2019 05:29:06 -⁩
> Received: ⁨from APC01-SG2-obe.outbound.protection.outlook.com 
> ([40.92.253.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 256/256 
> bits) (Client did not present a certificate) by CMGW with ESMTP id 
> pnMGhL9jAloZ1pnMIhhl6K; Mon, 22 Jul 2019 22:29:06 -0700⁩
> Received: ⁨from PU1APC01FT049.eop-APC01.prod.protection.outlook.com 
> (10.152.252.52) by PU1APC01HT241.eop-APC01.prod.protection.outlook.com 
> (10.152.252.184) with Microsoft SMTP Server (version=TLS1_2, 
> cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2052.18; Tue, 23 Jul 
> 2019 05:28:27 +⁩
> Received: ⁨from TY2PR03MB3967.apcprd03.prod.outlook.com (10.152.252.51) by 
> PU1APC01FT049.mail.protection.outlook.com (10.152.253.9) with Microsoft SMTP 
> Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 
> 15.20.2052.18 via Frontend Transport; Tue, 23 Jul 

Re: [mailop] How to identify source of email sent via Google?

[Anne P. Mitchell, Esq. via mailop]

> On Jul 19, 2019, at 12:30 AM, Angelo Giuffrida via mailop  
> wrote:
> 
> I find it rich that Michael is in here throwing stones... can't exactly throw 
> stones when you live in a glass house there big Mikey!

I find it rich that you would disparage Michael like this, especially when, to 
the best of my knowledge you have only been around here since about 2016 (my 
archives go back to 2004, and, at least, 2016 is when you first appear in 
them).  

Michael, on the other hand, has been around for as long as have I and many of 
the others here, some of us for 20 years.  Of course, you were only 8 years old 
back then, so you can be forgiven for not knowing that.

More curious, though, is that during that first appearance of you here in 2016, 
you said this:

> Welcome to the fun game of Microsoft & Hotmail blocks. If you do a search
> through the list archives you'll find responses from Michael (and others)
> that will be helpful. That should provide you with some information to get
> started whilst you wait for others to reply.

That, of course, would be the very same Michael against whom you are now 
casting aspersions.

You've done great things with VentraIP;  please try to do great, and not petty, 
things here.

Anne

---

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Crazy Sender-score value of 0 instead of 96-98

[Anne P. Mitchell, Esq. via mailop]

Relatedly, do we have any idea what is going to happen with SenderScore now 
that they have been acquired by Validity, and 200 RP employees have been laid 
off?

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] AT&T Abuse contact - messages being ignored

[Anne P. Mitchell, Esq. via mailop]

> On Jul 10, 2019, at 10:11 AM, Scott Mutter via mailop  
> wrote:
> 
> I mean... seriously... how are we suppose to combat any type of abuse or 
> blacklisting when the methods of disputing those issues are ignored?

It's unclear from the above whether you are trying to *report abuse*, or 
*trying to get IPs in your control delisted*?  These are often handled by two 
different groups (or at least two different individuals).  If the latter, 
contact me offlist with the details (your org, IP addresses, error messages, 
etc.) and we'll see what we can do.

Actually, if it's the former, contact me offlist with those details and, again, 
we'll see what we can do.

amitch...@isipp.com

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] About to blacklist Marketo - has anyone received non-spam from them?

[Anne P. Mitchell, Esq. via mailop]

I'm pretty much giving up on Marketo - and about to BL them and also recommend 
to others that they do so - as I have *never* received anything other than spam 
from them, and while they may still have a few good people there, it doesn't 
seem to make a blind bit of difference overall.

Does anyone have any counter-arguments?

Anne

Anne P. Mitchell, 
Attorney at Law
CEO/President, 
SuretyMail Email Reputation Certification and Inbox Delivery Assistance
Legislative Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consulting
http://www.SuretyMail.com/


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] DigitalOcean responds to DMCA takedown (was re: DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..))

[Anne P. Mitchell, Esq. via mailop]

Just an update on our own issue - which was that DigitalOcean is hosting 
privacy-formula.com, which is doing wholesale rip-off of content from places 
like Sophos, Washington Times, Medium, NY Times, etc... and one of our 
publications (The Internet Patrol).  They are basically grabbing the RSS feeds 
of these places and republishing them as their own.

We filed a DMCA takedown with Digital Ocean over this, and they did clearly 
process it, as all of our stuff is now gone from the site - however, not only 
is the site still up, but privacy-formula.com is still ripping off everybody 
else.  So..one more data point about DO.


Anne

Anne P. Mitchell,
Attorney at Law
CEO/President, Institute for Social Internet Public Policy
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Former Counsel: Mail Abuse Prevention System (MAPS)
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] DigitalOcean calling for social media s* storm? (Re: Why is it so hard to have takedown's performed..)

[Anne P. Mitchell, Esq. via mailop]

> I Twittered to @digitalocean about the lack of responsiveness from their
> abuse desk.
> 
> They promptly replied via Twitter:
> 
> "We apologise for the trouble. Our security & operation team is already
> looking into it."
> 
> As I still had a case open with them, I appended your nice list of
> pgHammer IP Addresses.
> 
> This time, they replied promptly:
> 
> "As we are an unmanaged cloud hosting provider, we do not create,
> administer, or have direct access to our customers' Droplets. This
> means that we cannot make direct changes to any programs or websites
> hosted there."

Sigh, well then I guess there is little hope for the DCMA takedown that I just 
Saturday sent to them for privacy-formula.com, which is wholesalely ripping off 
all sorts of content sites (including ours).  That said, a few of the others 
include Sophos, Bloomberg, and Politico, and I've clued all of their legal 
departments into the situation, so...maybe...

I wonder if we should *all* tweet to them, including the hashtag 
#DigitalOceanHostsBadGuys ? ;-)

Anne

Attorney at Law
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS
California Bar Association
Cal. Bar Cyberspace Law Committee
Colorado Cyber Committee
Ret. Professor of Law, Lincoln Law School of San Jose



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop