Re: [mailop] Invaluement ivmURI contact/hints

2017-04-28 Thread John Stephenson 
>
> Turned out the customer you identified offlist is one of the few customers
> sending B2B email outside of italy and this is the field where we have more
> difficulties in doing antispam because we don't have feedbacks (no FBL
> because there are no hotmail/yahoo/gmail) and most time we don't even
> receive manual complaints. So we only have some
> openrate/clickrate/bouncerate/unsubrate to look at and they sometimes are
> not so bad (sometimes spammers are good at choosing their recipients).
> That's why I always try to get some indicators on who is the sender of the
> email when I found this kind of blocks.
>

I've had some success in looking at just click actions to evaluate sender
quality.  This helps level the playing field (somewhat) when comparing
senders against each other.  I look the sum of complaints and unsubscribes
divided by the sum of complaints, unsubscribes and clicks through on
content--this gives you a ratio of people that are specifically
disinterested in the content.  Looking just at clicks avoids a number of
skews as this just measures people taking direct action on the message.  An
open is sometimes a passive aciton and is skewed when mail is delivered to
spam folder.
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Invaluement ivmURI contact/hints

2017-04-28 Thread Stefano Bagnara 
On 28 April 2017 at 11:32, Rob McEwen  wrote:

> On 4/28/2017 4:47 AM, Stefano Bagnara wrote:
>
>> Our main domain "mailvox.it" is listed on ivmURI
>>
>
> Stefano,
>
> In the past few days, I'm seeing advertisements from your ESP - that seem
> to be hitting spam traps.. because they are coming my way via a normally
> very reliable 3rd party spam feed. Additionally, the messages themselves
> are very suspicious because they read like "cold sales calls".
>
> Regardless, to prevent further potential collateral damage, I've delisted
> your domain, and I've put something in place to make it harder for you to
> relist. (but stopping well short of whitelisting your domain). The listing
> was already "on the way out" due to your delist request. I just sped that
> up.
>
> Also, I have very good telemetry and it concerns me that I didn't get ANY
> feedback from effected *recipients* (your presumably good customers'
> recipients, and/or THEIR networks) - as would normal happen if invaluement
> really were to blacklist an ESP as prestigious as MailChimp, as you claim
> to be. On the other hand, it might be that such feedback didn't have enough
> time to materialize? I just have to be careful here because MANY blackhat
> and dark-grayhat ESPs claim innocence all of the time - and a common thread
> is that the SENDERS are ALWAYS... the ONLY ones complaining about the
> listing. (but, again, this may not be you? And maybe we were too aggressive
> for this particular listing.. and such feedback from recipients would have
> materialized eventually?)
>

We are 1/1000th of Mailchimp size, both as company and as volume, and we
have an "italian only" service, so most of our users/customers are italian
and most of their recipients are italian, too. That's why most of our
non-italian email are to global providers like hotmail/gmail/yahoo and we
have very low volume to other domains outside from italy.
You can check senderbase/senderscore to try confirming my "claims". Google
Postmaster Tools tell all of our IPs/domains are "good reputation" (i can
share access to GPT with you if you want, or I can share SNDS access for my
IPs to show the "greens").

I understand that everybody lies, so if there is anything to prove i'm
"innocent" just tell me and I'll do (I agree you should never trust your
party just because of self-made claims and I'm used to my customer/prospect
lies). We try to do it right and to fight spammers ourself as soon as we
detect them.

We have a very good reputation in Italy because we have a very good
deliverability, expecially to Gmail (where many of our competitors fails,
at least for italian contents), so this make us target for spammers that
want to take advantage from this. This is not a justification but an
explanation. We try to do always better and I'm here to learn how to do it
better.


> Anyways, this is delisted now and I'll send you more information about the
> offending messages offlist.


Turned out the customer you identified offlist is one of the few customers
sending B2B email outside of italy and this is the field where we have more
difficulties in doing antispam because we don't have feedbacks (no FBL
because there are no hotmail/yahoo/gmail) and most time we don't even
receive manual complaints. So we only have some
openrate/clickrate/bouncerate/unsubrate to look at and they sometimes are
not so bad (sometimes spammers are good at choosing their recipients).
That's why I always try to get some indicators on who is the sender of the
email when I found this kind of blocks.


> I also see some servers quitting the smtp conversation from my IPs
>> because of ivmURI matching the reverse of the domain or the EHLO, or the
>> rfc821 from address: is this an "expected" usage of the ivmURI or is
>> this a "misuse" of that list (meant to match uris in email content) by
>> their customers? (of course Invaluement is not resposible for that, I'm
>> just trying to understand).
>>
>
> That is an incorrect method of using ivmURI. ivmURI should ONLY be used to
> check the against the domains and IPs found at the base of clickable links
> found inside the body of the message. ivmURI should not be checked against
> things like the PTR record. However, if those messages DID in fact contain
> this domain inside the body of the message (and you in fact already said
> you do use this domain in the body of your message) - then that would
> explain it - and the representative you talked with could have merely been
> mistaken about the process? Having said that, a new invaluement list is
> under development, which will be a subset of imvURI - which WILL be
> prescribed for usage in these other ways.


Iin my case the domain was also in the body as a source url of an image,
BUT here are sample smtp refusal I got before sending the DATA:

550 Sender host (app.mailvox.it) blacklisted at ivmURI
554 5.7.1 Service unavailable; Sender address [redac...@app.mailvox.it]
blocked using

[mailop] Invaluement ivmURI contact/hints

2017-04-28 Thread Rob McEwen 

On 4/28/2017 4:47 AM, Stefano Bagnara wrote:

Our main domain "mailvox.it" is listed on ivmURI


Stefano,

In the past few days, I'm seeing advertisements from your ESP - that 
seem to be hitting spam traps.. because they are coming my way via a 
normally very reliable 3rd party spam feed. Additionally, the messages 
themselves are very suspicious because they read like "cold sales calls".


Regardless, to prevent further potential collateral damage, I've 
delisted your domain, and I've put something in place to make it harder 
for you to relist. (but stopping well short of whitelisting your 
domain). The listing was already "on the way out" due to your delist 
request. I just sped that up.


Also, I have very good telemetry and it concerns me that I didn't get 
ANY feedback from effected *recipients* (your presumably good customers' 
recipients, and/or THEIR networks) - as would normal happen if 
invaluement really were to blacklist an ESP as prestigious as MailChimp, 
as you claim to be. On the other hand, it might be that such feedback 
didn't have enough time to materialize? I just have to be careful here 
because MANY blackhat and dark-grayhat ESPs claim innocence all of the 
time - and a common thread is that the SENDERS are ALWAYS... the ONLY 
ones complaining about the listing. (but, again, this may not be you? 
And maybe we were too aggressive for this particular listing.. and such 
feedback from recipients would have materialized eventually?)


Anyways, this is delisted now and I'll send you more information about 
the offending messages offlist.



I also see some servers quitting the smtp conversation from my IPs
because of ivmURI matching the reverse of the domain or the EHLO, or the
rfc821 from address: is this an "expected" usage of the ivmURI or is
this a "misuse" of that list (meant to match uris in email content) by
their customers? (of course Invaluement is not resposible for that, I'm
just trying to understand).


That is an incorrect method of using ivmURI. ivmURI should ONLY be used 
to check the against the domains and IPs found at the base of clickable 
links found inside the body of the message. ivmURI should not be checked 
against things like the PTR record. However, if those messages DID in 
fact contain this domain inside the body of the message (and you in fact 
already said you do use this domain in the body of your message) - then 
that would explain it - and the representative you talked with could 
have merely been mistaken about the process? Having said that, a new 
invaluement list is under development, which will be a subset of imvURI 
- which WILL be prescribed for usage in these other ways.


--
Rob McEwen
http://www.invaluement.com
+1 (478) 475-9032



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] Invaluement ivmURI contact/hints

2017-04-28 Thread Stefano Bagnara 
Our main domain "mailvox.it" is listed on ivmURI since 4 days (we are an
ESP, a very small "Mailchimp" of the italian market, we share the same
Freemium plans and the same opt-in required in our ToS).

That domain is the reverse of all of our IPs and it also used in the return
path and in the "tracking pixel" of all of our emails, or to say it better,
all of the emails (1-5 millions per day) of our users/customers (10K).

We don't use "multiple domains" (that domain is there since 2008 in all of
our emails) and the IPs are shared. All of our emails have List-Id
identifying the real account (user/customer) responsible for sending the
email.

I sent the delist request as explained in the invaluement website
(#7850A471D5#) a couple of days ago but I had no answers. Last time I tried
that was more than 1 year ago, with no answer, but the block disappeared
weeks later.

Does anyone know how ivmURI is "fed" with spam and how they deal with false
positives?

The ivmURI description say "These domains are generally not seen in
legitimate e-emails" but while some spam may pass our customer vetting and
internal antispam measure (we try hard to do our best in this), I really
think most of the emails sent by our users are legitimate and opt-in.

Rob (i'm not sure if I could CC you by the etiquette of this list), can you
help identify the source for this block? Anyone else have similar
experience with shared ESP domain blocked by ivmURI?

I also see some servers quitting the smtp conversation from my IPs because
of ivmURI matching the reverse of the domain or the EHLO, or the rfc821
from address: is this an "expected" usage of the ivmURI or is this a
"misuse" of that list (meant to match uris in email content) by their
customers? (of course Invaluement is not resposible for that, I'm just
trying to understand).

Thank you,
Stefano

--
Stefano Bagnara
CTO VOXmail.it
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop