Re: [mailop] Anyone on this list from SpamCop?

[Olaf Petry - Hornetsecurity]

Hello,

BTW I guess most unsubscribe header belong to the one-click-unsubscribe, see 
rfc 8058
Whitepaper: 
https://certified-senders.org/wp-content/uploads/2017/07/CSA_one-click_list-unsubscribe.pdf


Mit freundlichen Grüßen / Kind Regards
Olaf Petry

-Ursprüngliche Nachricht-
Von: mailop [mailto:mailop-boun...@mailop.org] Im Auftrag von Andy Smith
Gesendet: Mittwoch, 7. Februar 2018 03:17
An: mailop@mailop.org
Betreff: Re: [mailop] Anyone on this list from SpamCop?

Hello,

On Tue, Feb 06, 2018 at 03:34:34PM -0800, Laura Atkins wrote:
> > On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> > Putting a URL in a List-Unsubscribe header is an entirely reasonable
> > thing to do, and lots of ESPs do it.  
> 
> Lots of non-ESPs do it, too. 
> 
> List-Unsubscribe: <https://chilli.nosignal.org/cgi-bin/mailman/options/mailop>

When it comes to SpamCop it is never offering to report URLs found
in a List-Unsubscribe header so it must have been taught to ignore
those.

It is also ignoring URLs in the header X-Spam-Report, the default
SpamAssassin report header. The problem comes when a custom report
header is used, e.g.:
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Richard W]

If you wanna hit me up at deputies at spamcop.net I can look at exactly 
what you're seeing and I can have a look at what we can do to get around it.


To SpamCop, a URL is a URL.  Unless told otherwise, it can't tell the 
difference between a URL for wiener pills from the one you put to your 
boss's personal page in your sig.  It will offer to report all URLs it 
can find/identify unless it has been told to ignore a particular string.


As for header, technically it shouldn't grab a URL from a header, but 
the big guys are filling headers with so much crap these days it's hard 
to tell the header from the body.  SpamCop looks for a blank line and 
treats everything after that as body.


See lots of blank lines in headers now where they shouldn't be which 
only serves to trip up scripts trying to follows the lowly old RFCs.


Richard

On 2018-02-06 10:28 AM, Michael Peddemors wrote:
Want to hit me offline, notice that SpamCop considers URL's in 550 
errors as 'spamvertizing'


  
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us athttp://www.linuxmagic.com  @linuxmagic

A Wizard IT Company - For More Infohttp://www.wizard.ca  
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.


604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Andy Smith]

Hello,

On Tue, Feb 06, 2018 at 03:34:34PM -0800, Laura Atkins wrote:
> > On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> > Putting a URL in a List-Unsubscribe header is an entirely reasonable
> > thing to do, and lots of ESPs do it.  
> 
> Lots of non-ESPs do it, too. 
> 
> List-Unsubscribe: 

When it comes to SpamCop it is never offering to report URLs found
in a List-Unsubscribe header so it must have been taught to ignore
those.

It is also ignoring URLs in the header X-Spam-Report, the default
SpamAssassin report header. The problem comes when a custom report
header is used, e.g.:

X-Zen-Spam-Report: * -0.5 FIRST_RELAY_GB No description available.
 * -0.0 ZEN_PTR_PASS Passed Mail Relay Reverse DNS Test
 * -0.0 ZEN_HELO_PASS Passed HELO Reverse DNS Test
 *  1.0 RCVD_IN_SENDERSCORE_25_49 RBL: Senderscore 25-49
 *  [37.61.232.130 listed in score.senderscore.com]
 *  3.0 RCVD_IN_S5HBL RBL: Listed at all.s5h.net
 *  [See ]
 *  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
 *  domains are different
 *  1.6 SUBJ_ALL_CAPS Subject is all capitals
 *  0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
 *  address
 *  0.0 HTML_MESSAGE BODY: HTML included in message
 *  1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
 * -0.1 KAM_RPTR_PASSED No description available.
 *  2.0 KAM_BADIPHTTP Due to the Storm Bot Network, IPs in emails is bad
 *  0.0 RCVD_NOT_IN_IPREPDNS Sender not listed at
 *  http://www.chaosreigns.com/iprep/
 *  0.5 KAM_LAZY_DOMAIN_SECURITY Sending domain does not have any
 *  anti-forgery methods
 * -0.5 ZEN_PTR_PASS_GOOD Passed Mail Relay Reverse DNS Test - Good Rep

(Zen being a fairly large UK broadband provider)

Now the SpamCop user is allowed to report s5h.net and
chaosreigns.com, and some inevitably do because there is just one
"report" button that sends all reports at once.

Obviously whitelisting by header isn't going to work since the
report header can be anything, and there's going to be lots of other
headers where URLs can be useful.

I question the value in SpamCop looking at anything in an X- header.
The end user is not normally going to be seeing them, so the concept
of them being "spamvertized" doesn't really follow for me. That's
not to say the headers shouldn't be considered by a Bayes technique
or whatever.

Anyway, if anyone on list knows the SpamCop people maybe you could
mention it, other than that I'll shut up about it. :)

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Dave Warren via mailop]

On 2018-02-06 16:34, Laura Atkins wrote:

Putting a URL in a List-Unsubscribe header is an entirely reasonable
thing to do, and lots of ESPs do it. 


Lots of non-ESPs do it, too.


Heck, I do it for virtually all automated messages, even on some 
internal stuff, basically anything that is automated results in the 
header being added at the MTA level.


Sometimes someone wanted notifications at one point and now they don't 
care, why not make it easy? If it's a true list, it'll get unsubscribed 
automatically but if it's not (e.g. "WordPress was just updated", you 
received a fax, etc), I'll see the unsubscribe request and talk to the 
user to figure out what they actually wanted to change and assist.



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Dave Warren via mailop]

On 2018-02-06 15:49, John Levine wrote:

In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:

Also URLs in mail headers, which is perhaps reasonable, except that


...many ESPs now put unsub URLs in the headers.


Are the results any more harmful than the same unsub URL in the foot (or
otherwise in the visible body of the message)?


Putting a URL in a List-Unsubscribe header is an entirely reasonable
thing to do, and lots of ESPs do it.  Mail programs as creaky as alpine
and as zoomy as gmail recognize them and do reasonable things with them
that they can't do with URLs embedded in the message body.

Treating them as a spam sign is absurd unless you're stuck in the
1990s and consider everything from an ESP to be spam no matter what it
is.


I agree that it isn't a blanket spam sign, quite the opposite. But that 
wasn't my point. Rather, my point is that when an unsubscribe URL is 
already in the body, it won't hurt the sender at all to have a second 
copy of a similar URL in the header. SpamCop seeing one URL (unsubscribe 
in body) or two (plus the header) won't hurt the sender.


I am all for List-Unsubscribe headers and have been since the day I saw 
my first one. At this point I'm moderately close to ramping up scoring 
anything that appears to be list mail but lacks the List-Unsubscribe 
header and I'd like to see one of the gorillas take a heavy hand here.


I understand that some senders are scared of making it too easy for 
subscribers to unsubscribe, but those who feel they are entitled to send 
mail to users just because they made unsubscribing harder than a typical 
customer can handle are the exact ones that need to be blacklisted 
indiscriminately and completely.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Laura Atkins]

> On Feb 6, 2018, at 2:49 PM, John Levine  wrote:
> 
> In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:
 Also URLs in mail headers, which is perhaps reasonable, except that
>>> 
>>> ...many ESPs now put unsub URLs in the headers.
>> 
>> Are the results any more harmful than the same unsub URL in the foot (or 
>> otherwise in the visible body of the message)?
> 
> Putting a URL in a List-Unsubscribe header is an entirely reasonable
> thing to do, and lots of ESPs do it.  

Lots of non-ESPs do it, too. 

List-Unsubscribe: 
List-Unsubscribe: 
List-Subscribe: ,  


> Mail programs as creaky as alpine
> and as zoomy as gmail recognize them and do reasonable things with them
> that they can't do with URLs embedded in the message body.

https://wordtothewise.com/2018/01/microsoft-using-list-unsubscribe-header/
https://wordtothewise.com/2018/02/list-unsub-header/ 

https://wordtothewise.com/2015/01/deliverability-return-path-list-unsubscribe-header/

> Treating them as a spam sign is absurd unless you're stuck in the
> 1990s and consider everything from an ESP to be spam no matter what it
> is.

Or, y’know, a mailing list.

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Brandon Long via mailop]

On Tue, Feb 6, 2018 at 3:00 PM John Levine  wrote:

> In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:
> >>> Also URLs in mail headers, which is perhaps reasonable, except that
> >>
> >> ...many ESPs now put unsub URLs in the headers.
> >
> >Are the results any more harmful than the same unsub URL in the foot (or
> >otherwise in the visible body of the message)?
>
> Putting a URL in a List-Unsubscribe header is an entirely reasonable
> thing to do, and lots of ESPs do it.  Mail programs as creaky as alpine
> and as zoomy as gmail recognize them and do reasonable things with them
> that they can't do with URLs embedded in the message body.
>
> Treating them as a spam sign is absurd unless you're stuck in the
> 1990s and consider everything from an ESP to be spam no matter what it
> is.
>

I think this is for spamvertising, which is to say that if a message is
spam, anything in that message is somewhat suspect,
and one would expect trickle down effects on the reputation of what's
included.

I don't know if we apply that to the list-unsubscribe URL, but it would
certainly apply to the url -> fqdn -> domain in the body of the
message, and I would imagine it may be marginally useful to apply to the
list-unsubscribe url.  If the url is hosted at an ESP, then it may give you
an overall
reputation for that ESP, for example.

Yes, this can have weird affects, and you need to sometimes whitelist
widely shared entities, or entities can get abused by being included,
so usage of the signals in stopping messages has to be done carefully.

That said, when it comes to RBLs, they tend to be very black and white and
used by anti-spam stuff as rather black and white, so what level of
reputation
a bad domain in a url takes to make an RBL entry, and whether or not the
anti-spam program using that RBL entry requires other signs of badness
before rejecting, well, that's what divides the hackery from the not and
keeps spam analysts employeed.

Which isn't to say I have any idea how spamcop implements such things or
their utility.

Brandon
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[John Levine]

In article <7e12d5ff-f770-b5db-f913-18dafcd03...@thedave.ca> you write:
>>> Also URLs in mail headers, which is perhaps reasonable, except that
>> 
>> ...many ESPs now put unsub URLs in the headers.
>
>Are the results any more harmful than the same unsub URL in the foot (or 
>otherwise in the visible body of the message)?

Putting a URL in a List-Unsubscribe header is an entirely reasonable
thing to do, and lots of ESPs do it.  Mail programs as creaky as alpine
and as zoomy as gmail recognize them and do reasonable things with them
that they can't do with URLs embedded in the message body.

Treating them as a spam sign is absurd unless you're stuck in the
1990s and consider everything from an ESP to be spam no matter what it
is.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Dave Warren via mailop]

On 2018-02-06 10:12, Anne P. Mitchell Esq. wrote:


  


Also URLs in mail headers, which is perhaps reasonable, except that


...many ESPs now put unsub URLs in the headers.


Are the results any more harmful than the same unsub URL in the foot (or 
otherwise in the visible body of the message)?




___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Michael Wise via mailop]

SpamCop usually redacts all these with an internal SpamCop address.

But still, full headers with redaction is better than no evidence at all.

Aloha,
Michael.
--
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?



-Original Message-
From: mailop  On Behalf Of Anne P. Mitchell Esq.
Sent: Tuesday, February 6, 2018 9:12 AM
To: Michael Wise via mailop 
Subject: Re: [mailop] Anyone on this list from SpamCop?





>

> Also URLs in mail headers, which is perhaps reasonable, except that



...many ESPs now put unsub URLs in the headers.



Anne



Anne P. Mitchell,

Attorney at Law

Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law) 
Legislative Consultant CEO/President, Institute for Social Internet Public 
Policy Legal Counsel: The CyberGreen Institute Legal Counsel: The Earth Law 
Center Member, Cal. Bar Cyberspace Law Committee Member, Colorado Cyber 
Committee Member, Elevations Credit Union Member Council Member, Board of 
Directors, Asilomar Microcomputer Workshop Ret. Professor of Law, Lincoln Law 
School of San Jose Ret. Chair, Asilomar Microcomputer Workshop





___

mailop mailing list

mailop@mailop.org<mailto:mailop@mailop.org>

https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cf4037fc1785345396ffa08d56d8598ad%7Cee3303d7fb734b0c8589bcd847f1c277%7C1%7C0%7C636535342918556717&sdata=lsrvvFIW9dJZgrd1VI9gFR97fobzmVsMu9QLww3wa1s%3D&reserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Anne P. Mitchell Esq.]

 
> 
> Also URLs in mail headers, which is perhaps reasonable, except that

...many ESPs now put unsub URLs in the headers.

Anne

Anne P. Mitchell, 
Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
CEO/President, Institute for Social Internet Public Policy
Legal Counsel: The CyberGreen Institute
Legal Counsel: The Earth Law Center
Member, Cal. Bar Cyberspace Law Committee
Member, Colorado Cyber Committee
Member, Elevations Credit Union Member Council
Member, Board of Directors, Asilomar Microcomputer Workshop
Ret. Professor of Law, Lincoln Law School of San Jose
Ret. Chair, Asilomar Microcomputer Workshop


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Anyone on this list from SpamCop?

[Andy Smith]

Hello,

On Tue, Feb 06, 2018 at 08:28:11AM -0800, Michael Peddemors wrote:
> Want to hit me offline, notice that SpamCop considers URL's in 550 errors as
> 'spamvertizing'

Also URLs in mail headers, which is perhaps reasonable, except that
we host a DNSBL that is occasionally used by SpamAssassin users.
When that inserts a header report note about a DNSBL hit, some
SpamCop users report that as a spamvertized URL… even though it was
their own email infrastructure that added it.

You can appeal the URL for whitelisting which prevents further
reports but I am unsure if that operates on the exact URL or on the
whole domain; neither of these options are suitable in my case but
perhaps they could be in yours.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Anyone on this list from SpamCop?

[Michael Peddemors]

Want to hit me offline, notice that SpamCop considers URL's in 550 
errors as 'spamvertizing'


 
--

"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic

A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop