Re: [mailop] Automatic abuse reports from Simply.com

[Alessandro Vesely via mailop]

On Sat 16/Jan/2021 21:43:58 +0100 Ángel via mailop wrote:

On 2021-01-16 at 19:05 +0100, Jaroslaw Rafa via mailop wrote:

Dnia 16.01.2021 o godz. 11:48:56 Tom Sommer via mailop pisze:
> The user IS informed that "The message has been reported
> as Junk" as they click the button.

If they have no idea what "Junk" means, they won't understand this
message as well.


I completely agree. "The message has been reported as Junk" could
simply mean "We have sent it to our antispam for training"

I would prefer something like:
"We have asked them to unsubscribe you and sent a complaint to the
sender for sending such message. Additionally, we will automatically
classify as spam any further email your receive from this sender"



I'd also mention that "doing so entails potentially exposing the content of the 
message to a larger audience of anti-spam professionals", in the hope to avoid 
reporting family squabbles.


jm2c
Ale
--




















___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Al Iverson via mailop]

On Sun, Jan 17, 2021 at 2:15 AM Tom Sommer via mailop  wrote:
> On 2021-01-16 20:38, Al Iverson via mailop wrote:
>
> > In my opinion, if it's mail that is automated and bulk it should be
> > opt-in, so that people can direct the mail to an inbound address that
> > can know how to handle the automation and log and process the data and
> > generate reporting. Like most do with feedback loops already. It's a
> > shame they don't want to play nice with the rest of the world.
>
> I agree it would be awesome if there was an official "IP-2-FBL-email"
> database, so one did not have to build and maintain an FBL-system.

Many ISPs have outsourced FBLs to this service - https://fbl.returnpath.net/

> RIPE
> abuse contacts are commonly used instead, though. That's how we receive
> abuse reports ourselves. The system does also use the Abuse-Reports-To,
> X-Report-Abuse, X-Report-Abuse-To and X-Complaints-To headers.

Which is a bit of an iffy stick itself as spammers can abuse those
header mechanisms to try to distract reports away from a responsible
party.

> There is also the simple option of filtering based on headers/sender and
> forwarding the mail to an automated system on the receiving end.

"Filter it on the receiving end if you don't like what we're sending." :(

> > Feel free to gently complain to them about this. Maybe if enough
> > people complain, they will change their mind. They can be reached at
> > supp...@simply.com.
>
> That email address does not exist.

I assume that means you've shut it down since October 30th? As I wrote
to it on October 30th and received a response...from you.

Cheers,
Al Iverson
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Tom Sommer via mailop]

On 2021-01-16 20:38, Al Iverson via mailop wrote:


In my opinion, if it's mail that is automated and bulk it should be
opt-in, so that people can direct the mail to an inbound address that
can know how to handle the automation and log and process the data and
generate reporting. Like most do with feedback loops already. It's a
shame they don't want to play nice with the rest of the world.


I agree it would be awesome if there was an official "IP-2-FBL-email" 
database, so one did not have to build and maintain an FBL-system. RIPE 
abuse contacts are commonly used instead, though. That's how we receive 
abuse reports ourselves. The system does also use the Abuse-Reports-To, 
X-Report-Abuse, X-Report-Abuse-To and X-Complaints-To headers.


There is also the simple option of filtering based on headers/sender and 
forwarding the mail to an automated system on the receiving end.



Feel free to gently complain to them about this. Maybe if enough
people complain, they will change their mind. They can be reached at
supp...@simply.com.


That email address does not exist.

--
Tom
Simply.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Tom Sommer via mailop]

On 2021-01-16 17:55, Andy Smith via mailop wrote:


On Sat, Jan 16, 2021 at 11:48:56AM +0100, Tom Sommer via mailop wrote:
I don't disagree with the fact that the "Junk" button is made of evil, 
which
is also why we do not permanently ban or block anything based on it 
(like

some other e-mail providers do).


Back in November 2020 Simply.com sent us an abuse report like this
for a newsletter sent by one of our customers to one of your
customers.

Based on content and their low abuse report level over their long
time as our customer I could see this was very likely genuine but your
email indicated that on the basis of this single click by your
customer you had "temporarily blocked the IP for 24 hours."


It was never a block, it was an IP reputation decrease. It was written 
as a block so receivers of the abuse report would take it seriously. A 
fine line, once again.


We have since changed the wording to be more precise, and the logic 
behind the reputation decrease has also been tweaked.


--
Tom
Simply.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Ángel via mailop]

On 2021-01-16 at 19:05 +0100, Jaroslaw Rafa via mailop wrote:
> Dnia 16.01.2021 o godz. 11:48:56 Tom Sommer via mailop pisze:
> > The user IS informed that "The message has been reported
> > as Junk" as they click the button.
> 
> If they have no idea what "Junk" means, they won't understand this
> message as well.

I completely agree. "The message has been reported as Junk" could
simply mean "We have sent it to our antispam for training"

I would prefer something like:
"We have asked them to unsubscribe you and sent a complaint to the
sender for sending such message. Additionally, we will automatically
classify as spam any further email your receive from this sender"


And they better include a log in their account of adding such rules,
since, just as they "never subscribed to the email", they would
probably claim that they "never marked one of them as junk".

Think what will happen when they mark one of email from their bank as
junk meaning "I will read them later", and next time they miss a
notification that they will be increasing the commission for their
services.

If taking such stance, I would also want to make it very clear to the
customers on the spam folder:
> We marked this email as spam since you asked us to treat as spam all
> emails from "yourb...@example.com" on 2020.01.16.

and still, 8 notifications for a "dumb" end-user marking one mail as
junk seem too much (if this was a spamtrap, the assurance would be much
higher, though).

In your case, I might end up phoning the user "to ask about the 8
complaints received from Simply on their behalf, since according to our
logs, they registered on 5 August 2017 from IP 1.2.3.4", indirectly
teaching them about what they are doing each time they hit the junk
button (plus, encourage them to their support "if they have any
concerns about how their system works").


Best regards

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Al Iverson via mailop]

I asked Simply.com to consider changing this to an opt-in FBL-style
feed instead of them shot-gunning reports like this. They declined. I
am not entirely sure they know what an ISP feedback loop is, so I
tried to explain it to them, but nothing came of it.

In my opinion, if it's mail that is automated and bulk it should be
opt-in, so that people can direct the mail to an inbound address that
can know how to handle the automation and log and process the data and
generate reporting. Like most do with feedback loops already. It's a
shame they don't want to play nice with the rest of the world.

Feel free to gently complain to them about this. Maybe if enough
people complain, they will change their mind. They can be reached at
supp...@simply.com.




--
Al Iverson // Wombatmail // Chicago
Deliverability: https://spamresource.com
DNS Tools: https://xnnd.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Jaroslaw Rafa via mailop]

Dnia 16.01.2021 o godz. 11:48:56 Tom Sommer via mailop pisze:
> 
> The user IS informed that "The message has been reported
> as Junk" as they click the button.

If they have no idea what "Junk" means, they won't understand this message
as well.

It should be a much more extensive explanation, and written as if it were
for an idiot ;). Something like this:

"By clicking this button, you declare that you did not want to receive this
message and do not want to receive any similar messages in the future.

We will try to unsubscribe you from these messages, and also we will send a
complaint to the sender's provider.

Are you sure you want to proceed?"
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Andy Smith via mailop]

Hi Tom,

On Sat, Jan 16, 2021 at 11:48:56AM +0100, Tom Sommer via mailop wrote:
> I don't disagree with the fact that the "Junk" button is made of evil, which
> is also why we do not permanently ban or block anything based on it (like
> some other e-mail providers do).

Back in November 2020 Simply.com sent us an abuse report like this
for a newsletter sent by one of our customers to one of your
customers.

Based on content and their low abuse report level over their long
time as our customer I could see this was very likely genuine but your
email indicated that on the basis of this single click by your
customer you had "temporarily blocked the IP for 24 hours."

I replied and suggested it was very likely opted in to and asked if
your customer was sure. You replied with the single line:

"The receiver marked it as spam, so yes."

So, our customer sent you the details of how exactly your customer
had opted in to that newsletter.

That's fine - we know recipients are often going to click "spam" on
stuff they opted in to. But I question whether YOU know that,
because you appear to be happy to add (temporary) IP blocks and not
check with your customer, just on the basis of one report.

Again as Stefano said, your server your rules, but I wouldn't
necessarily consider it wise to wire a blocklist directly to a
user-facing button marked "junk", even if it's temporary, and I
wouldn't act like it was infallible when participating in the abuse
reports either.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Tom Sommer via mailop]

On 2021-01-15 11:21, Stefano Bagnara via mailop wrote:


we received few automated abuse reports from Simply.com.


I checked the logs and sounds like they automatically did a GET request 
to the List-Unsubscribe url and the a POST request to the 
List-Unsubscribe url via the "List-Unsubscribe-Post" protocol we 
support. I understand the ratio of a similar behaviour but I was not 
expecting the list-unsubscribe or the list-unsubscribe-post could be 
triggered without the recipient asking explicitly from unsubscription.


Of course their server their rules, but I'd like to know if other abuse 
desks started receiving this kind of automated simply.com reports and 
what's your opinion about this practice.


In the end for (still under investigation) 2 emails sent to their users 
we received like 8 abuse reports, some directly, some through the 
abusedesks of our datacenter, some for the original email and some more 
for the unsubscription confirmation email, so I'm guessing if your 
abuse desks are flooded by this or there's something so bad about those 
2 emails (again, under investigation, I can't tell by looking at the 
content and I'm waiting for answers from the sender).


Well, our abuse system serves multiple purposes:

1) To report to the owner of the IP, that a complaint was received 
regarding mail sent from an IP they ultimately are responsible for.


Generally, abuse desks are happy to receive this information and we have 
indeed seen multiple spam-outlets being closed quickly because of this. 
Some feedback, that we have received, is that we should maintain a 
dedicated FBL, but honestly, this is not really something we wish to do. 
A counter-argument to this would be that it would be nice if there was a 
way to get the FBL-address for a given IP, but I have yet to find such a 
resource.


2) To reduce further spam from a sending IP (which often is so fresh 
that it's not in any RBLs yet).


3) The user has marked the mail as unwanted and is unhappy that our 
antispam didn't pick it up, so in order for them to never receive the 
mail again, we trigger the List-Unsubscribe header.


Sadly, we get complaints from customers about legitimate newsletters 
(with opt-out etc.), but the receiver claim they never subscribed to 
(even though they most likely did and just forgot) and refuse to click 
any links in the mail and just want our antispam to know what they are 
thinking. If the logic is that the customer click the "Junk" button but 
still wants to receive further emails from that sender, then there is a 
potential problem, but ultimately we have yet to have a single complaint 
regarding this from our customers/the receiver. The user IS informed 
that "The message has been reported as Junk" as they click the button.


I don't disagree with the fact that the "Junk" button is made of evil, 
which is also why we do not permanently ban or block anything based on 
it (like some other e-mail providers do).


It's hard to gauge the upside vs. the downside in all of this. Our goal 
was to reduce spam received (See 1 and 2) and let IP-owners know of 
potential spamming from their network, and in this aspect, we do believe 
we have succeeded.


Hope that makes sense.

--
Tom Sommer
Simply.com
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [mailop] Automatic abuse reports from Simply.com

[Jesper via mailop]

On 1/15/21 11:21 AM, Stefano Bagnara via mailop wrote:

Of course their server their rules, but I'd like to know if other 
abuse desks started receiving this kind of automated simply.com 
 reports and what's your opinion about this practice.


Hundreds... maybe about a thousand by now. I'm also a simply.com 
customer (because my previous host/employer was bought up by them).


The problem (with the the often very silly reports for various 
transactional confirmation mails, receipts etc) is that an abuse-report 
is sent any time a webmail user clicks the "junk"-button. And 
unfortunately many of their webmail users thinks that Junk = "mails I 
don't want to read right now".  There is nothing in the webmail 
interface that explains what the junk button does.


I have raised the issue with them, but the only thing that might help is 
if their customers complain to simply.com about no longer receiving 
mails they actually want, but reported and unsubscribed from without 
realizing it.


/ Jesper

___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Automatic abuse reports from Simply.com

[Stefano Bagnara via mailop]

Hi all,

we received few automated abuse reports from Simply.com.

The abuse report is an email from "Simply.com abuse team <
abuse-rep...@robot.simply.com>"
with subject "Abuse report for #IPredacted# (#Providername# / #ASNUMBER#)"

> Hi
>
> This is a complaint regarding spam received from #IPredacted# /
#hostredacted#.
> Mail originating from this IP, has actively been marked as spam/junk by
the receiver.
>
> We ask that you take immediate action against the offending IP-address.
>
> For forensic purposes, the offending email is attached to this mail
(along with other
> report > formats). Below are some key headers from the mail:
>
> Date: #redacted#
> Message-Id: <#redacted#>
> From: <#redacted#>
> Return-path: <#redacted#>
>
> #IPredacted# has received degraded delivery-reputation as a result of the
report.

In one case the message terminated with a

> For good meassure, the List-Unsubscribe URL in the mail has already been
triggered by us.

The "weird" things are 2:

1) at least 2 abuses have been sent also to the abuse desk of a different
datacenter from the one from which the email have been sent. I'm not sure
but it seems they got in touch with the abuse desk of the datacenter
hosting the website connected to the return-path of the email (not even
it's MX, but the IN A, but maybe something else, I only have a couple of
sample to make my guess).
2) one of the abuses was reporting the transactional email confirming to
the recipient his unsubscription was completed, but the unsubscription have
been triggered programmatically by them: I guess that their user that
didn't unsubscribe from the email is surprised by the "unsubscription
confirmation" and report it as abusive.

I checked the logs and sounds like they automatically did a GET request to
the List-Unsubscribe url and the a POST request to the List-Unsubscribe url
via the "List-Unsubscribe-Post" protocol we support. I understand the ratio
of a similar behaviour but I was not expecting the list-unsubscribe or the
list-unsubscribe-post could be triggered without the recipient asking
explicitly from unsubscription.

Of course their server their rules, but I'd like to know if other abuse
desks started receiving this kind of automated simply.com reports and
what's your opinion about this practice.

In the end for (still under investigation) 2 emails sent to their users we
received like 8 abuse reports, some directly, some through the abusedesks
of our datacenter, some for the original email and some more for the
unsubscription confirmation email, so I'm guessing if your abuse desks are
flooded by this or there's something so bad about those 2 emails (again,
under investigation, I can't tell by looking at the content and I'm waiting
for answers from the sender).

Sounds like this kind of automation belongs to FBL streams, but I'm here to
hear your opinions!

Stefano

-- 
Stefano Bagnara
Apache James/jDKIM/jSPF
VOXmail/Mosaico.io/VoidLabs
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop