Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Klaus Ethgen]

Am Fr den  9. Nov 2018 um 23:34 schrieb Matthias Leisi:
> According to dnswl.org  magnitude data*, Mailchimp is one 
> of the large sources of email, just behind Microsoft/Google, and ahead of 
> Amazon, Sendgrid, Facebook, ExactTarget, Yahoo, LinkedIn and Twitter. 

Well, in the end, you might call it like you want, but Mailchimp earn
theri money to send spam. (And yes, most marketing mails _are_ spam.)
There explicitly sell to companies to get their "marketing" spam out.

I (with a small sample) never seen mail from Mailchimp that is not
qualifying for being spam.

And as Spam-Provider, it makes sense that their mail volume is much
bigger than that of mail providers that send mostly non-spam mails.

And about Google/Microsoft, many mail is not leaving there platform, so
you will not see it on dnswl.org. More over, many MTA implementations I
seen have a hardcoded whitelist where the big players are in and not
checking them further with DNS WL/BL. On the other hand, no one with a
clear mind would put such Spamer like Mailchimp (or Emarsys) into any
whitelist. (At least no one I use to get in touch with.) So, that makes
sense, that you see many requests for them.

Gruß
   Klaus
-- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C


signature.asc
Description: PGP signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Matthias Leisi]

>> My question is, "What Mailchimp spam problem?" Where's data? All I see
>> is useless bombastic complaining that belongs on NANAE or SPAM-L, not
>> here.
> 
> Ok, there is a point here which I did not consider enough.
> 
> I did not collect any numbers about emails send by mailchimp to our
> email platform.

According to dnswl.org  magnitude data*, Mailchimp is one of 
the large sources of email, just behind Microsoft/Google, and ahead of Amazon, 
Sendgrid, Facebook, ExactTarget, Yahoo, LinkedIn and Twitter. 

Of those, ExactTarget and Facebook have the highest „spamminess“ score (an 
internal number considering volume of email and volume of complaints/RBL hits 
etc); Mailchimp is relatively „clean“. On the other hand, we see *many* 
spamtrap hits from all email marketing senders. 

And I mean *many*. Spamtraps that returned 5xx for years. Spamtraps that never 
„engaged“ or „opened“ or „inboxed“. Spamtraps that never „subscribed“ (ey, some 
are even Message-Ids scraped from Usenet!).

And *a lot* of what email marketers send is silently disposed of in spamfilters 
(dropped, quarantined, whatever). 

I looked deeper into our data at dnswl.org  over the past 
few weeks. More and more I get the impression that hardly any "email marketers" 
have a "clean list", or even care about it. 

I believe there are some dirty facts around the whole „email marketing“ thing 
which people with better data than me should uncover.

— Matthias

* We do not directly observe SMTP traffic, but only the DNS traffic. Due to 
caching etc our data is slightly distorted and over-estimates small senders. 
However the magnitude data still shows the relative size of senders.



smime.p7s
Description: S/MIME cryptographic signature
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Benoit Panizzon]

Hi Al

> My question is, "What Mailchimp spam problem?" Where's data? All I see
> is useless bombastic complaining that belongs on NANAE or SPAM-L, not
> here.

Ok, there is a point here which I did not consider enough.

I did not collect any numbers about emails send by mailchimp to our
email platform.

I just noticed, we have 'more than usual' customer spam reports about
emails from mailchimp, and we receive the 'more than occasional' spam
via mailchimp to spamtraps or even to our support email addresses.

If we then try to get the mailchimp abuse desk to disclose the identity
of their customer, just to be able to tell the spamer off and prove to
him he is not operating completely anonymously and he could face legal
problems if he keeps sending spam, we run into the described and
frustrating clash between GDPR and US privacy laws.

Well if mailchimp is sending 'a lot more emails' than any other ESP,
the ratio of spam to legitimate email still could be very small.

Sorry, my bad, I did not consider this. Will try to get some figures in
the next weeks.

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Matthew Grove via mailop]

Hi, this has been a great discussion from all sides. I’m probably too
biased to weigh in on the original question, but we do listen to all the
input and feedback here. Without getting too into the weeds, a few details
and information gaps have surfaced that I hope to be able to clarify.

You can find our complete IP space at https://mailchimp.com/about/ips/, and
you can find our active IP space in the TXT records for servers.mcsv.net
and spf.mandrillapp.com. Our goal is to be so good that it's not valuable
to block us, but if you think blocking is the way to go, we don’t want to
make it technically difficult. We're not perfect, and I understand that
admins get fed up.

>Most likely there is some way to tell different customers on mailchimp

In fact, there are several ways. Any of these headers will help you narrow
down specific users and/or campaigns. Worth noting that campaign
identifiers include user info as well.

User-level identifiers:
X-MC-User (Mailchimp)
X-Mandrill-User (Mandrill)

Campaign-level identifiers in Mailchimp:
Feedback-ID
X-Campaign
X-campaignid

>And I'm smart enough not to report abuse to all the spamtraps so they're
(probably) not merely listwashing.

We make every attempt to avoid listwashing. From my perspective, people
reporting abuse are a valuable source of feedback. If we blind the vocal
reporters, then we’re making it more difficult to find spam being sent to
the rest who aren’t calling out issues. When you report abuse on a list
collection issue, our most common response will be to quarantine the list
pending a double opt-in re-confirmation. If the user has pristine stats and
a history of sending with us, we’ll also likely have a conversation about
any recent changes to their list.

I’d also like to note that there is a side-discussion going on about a
Chinese ESP. It might help to pull that into its own thread. It might be
causing confusion. Also, others might be avoiding this thread and missing
some cool info :)


Cool,
Matthew
delivery.mailchimp.com


On Wed, Nov 7, 2018 at 6:33 AM Vladimir Dubrovin via mailop <
mailop@mailop.org> wrote:

> 06.11.2018 21:15, Michael Peddemors пишет:
> > Like any organization, when the volume of unwanted exceeds the volume
> > of wanted, you flag them... and let customers 'This is not junk' the
> > ones they want.
>
> It means having the rule with up to 50% of false negatives. If we use
> rules like this we have all mail send from abroad in the SPAM folder.
>
> Cross-boundary and cross-lingual mail are really special cases, you
> always have higher SPAM ratio for mail originating from different
> country, especially if it has different language. It's  not because
> different countries are more used by spammers, it's because of low HAM
> volume you have from abroad. Believe me, this situation is even worse in
> opposite direction, because your antispam filters are not good with
> outgoing spam in Russian or Chinese.
>
> --
> Vladimir Dubrovin
> @Mail.Ru
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Vladimir Dubrovin via mailop]

06.11.2018 21:15, Michael Peddemors пишет:
> Like any organization, when the volume of unwanted exceeds the volume
> of wanted, you flag them... and let customers 'This is not junk' the
> ones they want.

It means having the rule with up to 50% of false negatives. If we use
rules like this we have all mail send from abroad in the SPAM folder.

Cross-boundary and cross-lingual mail are really special cases, you
always have higher SPAM ratio for mail originating from different
country, especially if it has different language. It's  not because
different countries are more used by spammers, it's because of low HAM
volume you have from abroad. Believe me, this situation is even worse in
opposite direction, because your antispam filters are not good with
outgoing spam in Russian or Chinese.

-- 
Vladimir Dubrovin
@Mail.Ru


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Klaus Ethgen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Am Mi den  7. Nov 2018 um  9:53 schrieb Benjamin BILLON:
> > how big the IP space is
> I can't say; they used other ranges back in 2009, but that can legitimately 
> evolve over the years

Values I have from 3 years ago:
#198.2.128.0/24
#198.2.132.0/22
#198.2.136.0/23
#198.2.186.0/23
#205.201.131.128/25
#205.201.134.128/25
#205.201.136.0/23
#205.201.139.0/24

But currently I block them by dns via regex ^mail\d*-\d*\..*\.mandrillapp\.com$

Gruß
   Klaus
- -- 
Klaus Ethgen   http://www.ethgen.ch/
pub  4096R/4E20AF1C 2011-05-16Klaus Ethgen 
Fingerprint: 85D4 CA42 952C 949B 1753  62B3 79D0 B06F 4E20 AF1C
-BEGIN PGP SIGNATURE-
Comment: Charset: ISO-8859-1

iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlvir0YACgkQpnwKsYAZ
9qyeQgwAlFGN6RRHzJkydGc0THoSAOE+glNljwAy4e4zQ0YGFORoBDC7DbBGDFcx
QRXvwbTHGpSJ6aM8ot8LXjxjquLqPGVLr7vismdRdrsNCwkEJUqqmXEDIT4l3Riw
nCvK7kHt5nXWATOxYhxa8BZY3b4fSJe+aj9PsOkVgLPWygbhxaUsMZP1VmpibwZF
bJOb+dT12QsX595800uDZ4coSdqwImxGwcieO7PWF+Rj83sWHUVe553TbxXGRBfz
X5MY8qn/xYZ4RMSLm+uW0c0nIUqdJjfBz5UlfCvvrrGpGGQeEn7gnh1prANjBNyZ
tPIc3sOiBB0ZxH97oZCO6h7QXORFgxjooNE1Z+VxJtiuMn3T2gWiaCLqU28Xu3BK
6WmEeUviHAo6sCj6yTTbZA66Ku+I1CUdIxbzeMJCPILUfwPUdVju22eIrIn9Ffki
iX5av+OpoABbuvqRZYH1BFkPtiGOMKRHEvd+e+H2fO/5rTnxr5+1x/xWeAIHlEl+
3MUDVOJ8
=XOHb
-END PGP SIGNATURE-

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Benjamin BILLON]

Hi Michael, 

> how long they have been in business
I've seen emails from them since 2009

> how big the IP space is
I can't say; they used other ranges back in 2009, but that can legitimately 
evolve over the years

> and their relationship to the parent in the SWIP, etc..
You won't get any reliable WHOIS information from China. They have a limited 
number of operators (and ASNs) and a NIR (CNNIC) that doesn't require to 
declare who the IP space is used by.

> And whether the ESP is actually from china, or a North American operator 
> operating off shore..
Chinese from China. They might have a few Chinese clients sending emails in 
other countries, OR could be starting to expand in North America (although I 
didn't witness that), but it's very unlikely they are operating off shore. One 
of the main reason is that they send emails from Chinese IPs, and you just 
can't do that if you're not from there.


Cheers, 
--
Benjamin

-Original Message-
From: Michael Peddemors  
Sent: mardi 6 novembre 2018 20:22
To: Benjamin BILLON ; mailop@mailop.org
Subject: Re: [mailop] What do other ISP / ESP do about the MailChimp spam 
problem?

On 2018-11-06 11:10 a.m., Benjamin BILLON wrote:
> Could be discussed on Spam-L rather than here, but I believe you're talking 
> about EasEye (no "y" in the middle); it's an ESP from Shanghai, noticeable in 
> China.
> Do you need to know something about them, or are you just stating they don't 
> respect best practices --or laws?
> 
> --
> Benjamin

More curiosity, how long they have been in business, how big the IP space is, 
and their relationship to the parent in the SWIP, etc..

Received: from mx216.sx64.email-deliver.com (HELO
mx216.sx64.email-deliver.com) (118.192.64.216)

No URL related to email-deliver.com, (or many of the other domains in use), and 
not much to go by in headers..

X-EASEYEUID: 7889443-272549-542-6580
Precedence: bulk
X-Easeye-ExpirationDate:  2018-11-13 19:24:43
List-Unsubscribe: 
<mailto:unsub-7889443-272549-542-6...@unsub.email-deliver.com?subject=unsubscribe>
X-PRECENDENCE: 0
X-Easeye-MailSeq: 4
X-DELAYHEADER: 0-0-5-0

And whether the ESP is actually from china, or a North American operator 
operating off shore..




> 
> -Original Message-
> From: mailop  On Behalf Of Michael Peddemors
> Sent: mardi 6 novembre 2018 19:15
> To: mailop@mailop.org
> Subject: Re: [mailop] What do other ISP / ESP do about the MailChimp spam 
> problem?
> 
> Like any organization, when the volume of unwanted exceeds the volume of 
> wanted, you flag them... and let customers 'This is not junk' the ones they 
> want.
> 
> Only way around this conundrum is to empower your users.
> 
> And while we also see they abuse problem, as pointed out they aren't the 
> worst..
> 
> Speaking of, has anyone heard of a player using Chinese IP space called 
> EasyEye, using 118.192.64.0/21 IP Space?
> 
> So far, only seen them in spam reports, but they might be a new player..
> 
> 
> 
> On 2018-11-06 3:53 a.m., Benoit Panizzon wrote:
>> Hi List
>>
>> We again face problems with services by MailChimp.
>>
>> Their platform is equally fashioned by serious companies sending
>> permission based newsletters and by very persistent repetitive spamer.
>>
>> They repeatedly get blacklisted on our platform, because of recipient
>> complaints.
>>
>> Then repeatedly customers having subscribed to newsletters from
>> serious companies complain to us, because mailchimp is blocked by our
>> anti-spam services.
>>
>> The customer reporting spam are not those who subscribed to
>> newsletters, forget about it and them report opt-in emails as spam.
>>
>> No, the problem is that MailChimp operates under 'US' marketing laws
>> where the sender is only obliged to provide an 'opt-out' link in spam
>> he sends and does not have to require the recipient to have a
>> validated opt-in to get advertisement emails.
>>
>> So often, the spamers use harvested email addresses (even spamtraps we
>> have hidden of websites) or lists they bought online.
>>
>> The other problem is about GDPR, where laws in most European countries
>> require the sender of advertisement to disclose the source of data of
>> a recipient to this recipient.
>>
>> Spamers sending email over mailchimp are clever. The links in the
>> email point to some anonymous redirection services to mailchimp
>> themselves or to domains registered via anonymizing proxies. Payment
>> work over paypal and if you have been trying to get at the identity of
>> a fraudster who took money via paypal, you know this is not possible.
>>

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Brandon Long via mailop]

If they have both bad and good mail, perhaps your system needs better
discrimination between the two over something like "blacklist the entire
ESP"?

I mean, we all want spam and spammers to go away, but at the end of the
day, what you care about is making sure your users get the mail they want
and not the mail
they don't.

It's not uncommon as senders scale that you need to adapt.  I know there
are plenty of specific senders where we can't bucket the entire batch, so
we need to look more carefully.  The larger mailing list providers come to
mind, where we often do per maliing list reputations, instead of trying to
bucket them all.  Most likely there is some way to tell different customers
on mailchimp, and then you can do reputation/volume limiting/etc on a
per-customer basis.

It also helps to remember that fighting abuse is a war, it doesn't benefit
you to spend too much effort on individual skirmishes or battles, there
will always be another battle.  If you let everything goad you, you'll burn
out.

Brandon

On Tue, Nov 6, 2018 at 4:07 AM Benoit Panizzon 
wrote:

> Hi List
>
> We again face problems with services by MailChimp.
>
> Their platform is equally fashioned by serious companies sending
> permission based newsletters and by very persistent repetitive spamer.
>
> They repeatedly get blacklisted on our platform, because of recipient
> complaints.
>
> Then repeatedly customers having subscribed to newsletters from serious
> companies complain to us, because mailchimp is blocked by our anti-spam
> services.
>
> The customer reporting spam are not those who subscribed to
> newsletters, forget about it and them report opt-in emails as spam.
>
> No, the problem is that MailChimp operates under 'US' marketing laws
> where the sender is only obliged to provide an 'opt-out' link in spam he
> sends and does not have to require the recipient to have a validated
> opt-in to get advertisement emails.
>
> So often, the spamers use harvested email addresses (even spamtraps we
> have hidden of websites) or lists they bought online.
>
> The other problem is about GDPR, where laws in most European countries
> require the sender of advertisement to disclose the source of data of a
> recipient to this recipient.
>
> Spamers sending email over mailchimp are clever. The links in the email
> point to some anonymous redirection services to mailchimp themselves or
> to domains registered via anonymizing proxies. Payment work over
> paypal and if you have been trying to get at the identity of a fraudster
> who took money via paypal, you know this is not possible. So the
> recipient of spam needs to contact the 'sender' aka MailChimp and
> requires MailChimp to disclose the identity of the sender, which
> MailChimp then again rejects pointing to US privacy laws which require
> them not to disclose the identity of their customers. Safe Heaven for
> Spamer!
>
> MailChimp does close accounts for which they get a certain number of
> complaints, but they fail to recognize and block the same spamer who
> repeatedly opens news accounts.
>
> So what do you think should ISP and Email Plattform operators do about
> MailChimp?
>
> * Tell the customers complaining about spam they have to live with it?
> * Block MailChimp and tell serious companies who get blocked as
>   collateral damage, to look for another, not so spamer firendly ESP?
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Philip Paeps]

On 2018-11-06 03:53:47 (-0800), Benoit Panizzon wrote:

We again face problems with services by MailChimp.

Their platform is equally fashioned by serious companies sending 
permission based newsletters and by very persistent repetitive spamer.


In my experience, MailChimp is quite good about responding to abuse.  I 
get quite a fair number of spamtrap hits from them (mostly to 
info@/sales@/etc addresses, not as much to addresses harvested from 
webpages) and it's very rare to see the same spammer hit the spamtraps 
twice after I've reported them to MailChimp.  And I'm smart enough not 
to report abuse to all the spamtraps so they're (probably) not merely 
listwashing.


So what do you think should ISP and Email Plattform operators do about 
MailChimp?


* Tell the customers complaining about spam they have to live with it?
* Block MailChimp and tell serious companies who get blocked as 
collateral damage, to look for another, not so spamer firendly ESP?


As others have pointed out, blocking them outright is likely going to 
upset your users.


Passing email from MailChimp through per-user trained Bayesian content 
filtering seems to be reasonably effective for me.  Some unwanted email 
still ends up in the inbox but most ends up in Junk where it belongs.


Philip

--
Philip Paeps
Senior Reality Engineer
Ministry of Information

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Michael Peddemors]

On 2018-11-06 11:10 a.m., Benjamin BILLON wrote:

Could be discussed on Spam-L rather than here, but I believe you're talking about EasEye 
(no "y" in the middle); it's an ESP from Shanghai, noticeable in China.
Do you need to know something about them, or are you just stating they don't 
respect best practices --or laws?

--
Benjamin


More curiosity, how long they have been in business, how big the IP 
space is, and their relationship to the parent in the SWIP, etc..


Received: from mx216.sx64.email-deliver.com (HELO 
mx216.sx64.email-deliver.com) (118.192.64.216)


No URL related to email-deliver.com, (or many of the other domains in 
use), and not much to go by in headers..


X-EASEYEUID: 7889443-272549-542-6580
Precedence: bulk
X-Easeye-ExpirationDate:  2018-11-13 19:24:43
List-Unsubscribe: 
<mailto:unsub-7889443-272549-542-6...@unsub.email-deliver.com?subject=unsubscribe>

X-PRECENDENCE: 0
X-Easeye-MailSeq: 4
X-DELAYHEADER: 0-0-5-0

And whether the ESP is actually from china, or a North American operator 
operating off shore..







-Original Message-
From: mailop  On Behalf Of Michael Peddemors
Sent: mardi 6 novembre 2018 19:15
To: mailop@mailop.org
Subject: Re: [mailop] What do other ISP / ESP do about the MailChimp spam 
problem?

Like any organization, when the volume of unwanted exceeds the volume of 
wanted, you flag them... and let customers 'This is not junk' the ones they 
want.

Only way around this conundrum is to empower your users.

And while we also see they abuse problem, as pointed out they aren't the worst..

Speaking of, has anyone heard of a player using Chinese IP space called 
EasyEye, using 118.192.64.0/21 IP Space?

So far, only seen them in spam reports, but they might be a new player..



On 2018-11-06 3:53 a.m., Benoit Panizzon wrote:

Hi List

We again face problems with services by MailChimp.

Their platform is equally fashioned by serious companies sending
permission based newsletters and by very persistent repetitive spamer.

They repeatedly get blacklisted on our platform, because of recipient
complaints.

Then repeatedly customers having subscribed to newsletters from
serious companies complain to us, because mailchimp is blocked by our
anti-spam services.

The customer reporting spam are not those who subscribed to
newsletters, forget about it and them report opt-in emails as spam.

No, the problem is that MailChimp operates under 'US' marketing laws
where the sender is only obliged to provide an 'opt-out' link in spam
he sends and does not have to require the recipient to have a
validated opt-in to get advertisement emails.

So often, the spamers use harvested email addresses (even spamtraps we
have hidden of websites) or lists they bought online.

The other problem is about GDPR, where laws in most European countries
require the sender of advertisement to disclose the source of data of
a recipient to this recipient.

Spamers sending email over mailchimp are clever. The links in the
email point to some anonymous redirection services to mailchimp
themselves or to domains registered via anonymizing proxies. Payment
work over paypal and if you have been trying to get at the identity of
a fraudster who took money via paypal, you know this is not possible.
So the recipient of spam needs to contact the 'sender' aka MailChimp
and requires MailChimp to disclose the identity of the sender, which
MailChimp then again rejects pointing to US privacy laws which require
them not to disclose the identity of their customers. Safe Heaven for
Spamer!

MailChimp does close accounts for which they get a certain number of
complaints, but they fail to recognize and block the same spamer who
repeatedly opens news accounts.

So what do you think should ISP and Email Plattform operators do about
MailChimp?

* Tell the customers complaining about spam they have to live with it?
* Block MailChimp and tell serious companies who get blocked as
collateral damage, to look for another, not so spamer firendly ESP?

Mit freundlichen Grüssen

-Benoît Panizzon-





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info 
http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower 
TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended 
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely those 
of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@ma

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Benjamin BILLON]

Could be discussed on Spam-L rather than here, but I believe you're talking 
about EasEye (no "y" in the middle); it's an ESP from Shanghai, noticeable in 
China.
Do you need to know something about them, or are you just stating they don't 
respect best practices --or laws?

--
Benjamin

-Original Message-
From: mailop  On Behalf Of Michael Peddemors
Sent: mardi 6 novembre 2018 19:15
To: mailop@mailop.org
Subject: Re: [mailop] What do other ISP / ESP do about the MailChimp spam 
problem?

Like any organization, when the volume of unwanted exceeds the volume of 
wanted, you flag them... and let customers 'This is not junk' the ones they 
want.

Only way around this conundrum is to empower your users.

And while we also see they abuse problem, as pointed out they aren't the worst..

Speaking of, has anyone heard of a player using Chinese IP space called 
EasyEye, using 118.192.64.0/21 IP Space?

So far, only seen them in spam reports, but they might be a new player..



On 2018-11-06 3:53 a.m., Benoit Panizzon wrote:
> Hi List
> 
> We again face problems with services by MailChimp.
> 
> Their platform is equally fashioned by serious companies sending 
> permission based newsletters and by very persistent repetitive spamer.
> 
> They repeatedly get blacklisted on our platform, because of recipient 
> complaints.
> 
> Then repeatedly customers having subscribed to newsletters from 
> serious companies complain to us, because mailchimp is blocked by our 
> anti-spam services.
> 
> The customer reporting spam are not those who subscribed to 
> newsletters, forget about it and them report opt-in emails as spam.
> 
> No, the problem is that MailChimp operates under 'US' marketing laws 
> where the sender is only obliged to provide an 'opt-out' link in spam 
> he sends and does not have to require the recipient to have a 
> validated opt-in to get advertisement emails.
> 
> So often, the spamers use harvested email addresses (even spamtraps we 
> have hidden of websites) or lists they bought online.
> 
> The other problem is about GDPR, where laws in most European countries 
> require the sender of advertisement to disclose the source of data of 
> a recipient to this recipient.
> 
> Spamers sending email over mailchimp are clever. The links in the 
> email point to some anonymous redirection services to mailchimp 
> themselves or to domains registered via anonymizing proxies. Payment 
> work over paypal and if you have been trying to get at the identity of 
> a fraudster who took money via paypal, you know this is not possible. 
> So the recipient of spam needs to contact the 'sender' aka MailChimp 
> and requires MailChimp to disclose the identity of the sender, which 
> MailChimp then again rejects pointing to US privacy laws which require 
> them not to disclose the identity of their customers. Safe Heaven for 
> Spamer!
> 
> MailChimp does close accounts for which they get a certain number of 
> complaints, but they fail to recognize and block the same spamer who 
> repeatedly opens news accounts.
> 
> So what do you think should ISP and Email Plattform operators do about 
> MailChimp?
> 
> * Tell the customers complaining about spam they have to live with it?
> * Block MailChimp and tell serious companies who get blocked as
>collateral damage, to look for another, not so spamer firendly ESP?
> 
> Mit freundlichen Grüssen
> 
> -Benoît Panizzon-
> 



--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For 
More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard 
Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended 
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely those 
of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Michael Peddemors]

Like any organization, when the volume of unwanted exceeds the volume of 
wanted, you flag them... and let customers 'This is not junk' the ones 
they want.


Only way around this conundrum is to empower your users.

And while we also see they abuse problem, as pointed out they aren't the 
worst..


Speaking of, has anyone heard of a player using Chinese IP space called 
EasyEye, using 118.192.64.0/21 IP Space?


So far, only seen them in spam reports, but they might be a new player..



On 2018-11-06 3:53 a.m., Benoit Panizzon wrote:

Hi List

We again face problems with services by MailChimp.

Their platform is equally fashioned by serious companies sending
permission based newsletters and by very persistent repetitive spamer.

They repeatedly get blacklisted on our platform, because of recipient
complaints.

Then repeatedly customers having subscribed to newsletters from serious
companies complain to us, because mailchimp is blocked by our anti-spam
services.

The customer reporting spam are not those who subscribed to
newsletters, forget about it and them report opt-in emails as spam.

No, the problem is that MailChimp operates under 'US' marketing laws
where the sender is only obliged to provide an 'opt-out' link in spam he
sends and does not have to require the recipient to have a validated
opt-in to get advertisement emails.

So often, the spamers use harvested email addresses (even spamtraps we
have hidden of websites) or lists they bought online.

The other problem is about GDPR, where laws in most European countries
require the sender of advertisement to disclose the source of data of a
recipient to this recipient.

Spamers sending email over mailchimp are clever. The links in the email
point to some anonymous redirection services to mailchimp themselves or
to domains registered via anonymizing proxies. Payment work over
paypal and if you have been trying to get at the identity of a fraudster
who took money via paypal, you know this is not possible. So the
recipient of spam needs to contact the 'sender' aka MailChimp and
requires MailChimp to disclose the identity of the sender, which
MailChimp then again rejects pointing to US privacy laws which require
them not to disclose the identity of their customers. Safe Heaven for
Spamer!

MailChimp does close accounts for which they get a certain number of
complaints, but they fail to recognize and block the same spamer who
repeatedly opens news accounts.

So what do you think should ISP and Email Plattform operators do about
MailChimp?

* Tell the customers complaining about spam they have to live with it?
* Block MailChimp and tell serious companies who get blocked as
   collateral damage, to look for another, not so spamer firendly ESP?

Mit freundlichen Grüssen

-Benoît Panizzon-





--
"Catch the Magic of Linux..."

Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.

604-682-0300 Beautiful British Columbia, Canada

This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Al Iverson]

My question is, "What Mailchimp spam problem?" Where's data? All I see
is useless bombastic complaining that belongs on NANAE or SPAM-L, not
here.

On Tue, Nov 6, 2018 at 10:30 AM David Carriger
 wrote:
>
> MailChimp is more successful than most of their competitors - they have more 
> customers and send more emails. The volume of spam you receive from MailChimp 
> may be higher than, say, Constant Contact, but MailChimp also sends more 
> email than Constant Contact. I'd be surprised if the percentage of spam that 
> MailChimp sends is much, if any, higher than the percentage of spam that any 
> other ESP sends.
>
>
> MailChimp built Omnivore to help prevent abuse on their platform. MailChimp 
> uses E-HAWK and other tools to prevent fraudulent signups on their own 
> service by spammers. MailChimp has implemented experimental headers such as 
> "Form-Sub" to try to prevent spam. MailChimp is a member of M3AAWG.
>
>
> This is not a company that says they're against spam and abuse, while winking 
> at spammers and pocketing their money. MailChimp doesn't want to send spam 
> any more than you want to receive spam.
>
>
> If you're getting a lot of spam from MailChimp - great, what can be done 
> about it? Do you have a feedback loop so that MailChimp is aware? Have you 
> started up a dialogue with their abuse team? If you've seen patterns in the 
> abuse, have you let them know so they can build detection for that into 
> Omnivore?
>
>
> If you block MailChimp, you're going to get a lot of false positives and 
> complaints because they aren't a spam outfit. They want to do the right 
> thing. If you feel they're falling short, it's far more productive to 
> brainstorm how you could mutually help each fix the problem.
>
>
> ____________________
> From: mailop  on behalf of Steve Atkins 
> 
> Sent: Tuesday, November 6, 2018 8:04 AM
> To: mailop
> Subject: Re: [mailop] What do other ISP / ESP do about the MailChimp spam 
> problem?
>
>
>
> > On Nov 6, 2018, at 2:42 PM, Renaud Allard via mailop  
> > wrote:
> >
> >
> >
> > On 11/6/18 3:02 PM, Charles McKean wrote:
> >> If you had any honest question here, you got it wrong by laying on the
> >> insult and making leading statements. Since you are acting like a
> >> troll, I think we should treat you like a troll and tell you to go
> >> away.
> >> I get so many spams, but I have not gotten a spam from a Mailchimp
> >> customer for as long as I can remember. There are many other email
> >> services providers that are much worse. Mailchimp is not the problem
> >> for most of us, so perhaps the question to ask is, are you the
> >> outlier? And if so, why? Are your filters broken?
> >
> > I am not sure who is trolling here. I get very few spam that pass my 
> > filters, however most of the spam that pass the filters are from mailchimp.
> > That said, mailchimp is generally fast and efficient at stopping the spam 
> > spree when you complain to them. Though, you will still receive others from 
> > other customers at mailchimp.
>
> I see significantly more spam from, and far less action in response to 
> complaints, from OVH, Digital Ocean, Microsoft (Azure, in particular) and to 
> a slightly lesser extent Google. MailChimp - and other traditional (non-API) 
> ESPs - are there, but mostly lost in the noise.
>
> I have found that complaining about spam from ESPs in preference to the much 
> higher volumes of spam from other sources, does correlate with a certain sort 
> of recipient.
>
> Cheers,
>   Steve
>

-- 
al iverson // 312-725-0130 // miami
http://www.aliverson.com
http://www.spamresource.com

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[David Carriger]

MailChimp is more successful than most of their competitors - they have more 
customers and send more emails. The volume of spam you receive from MailChimp 
may be higher than, say, Constant Contact, but MailChimp also sends more email 
than Constant Contact. I'd be surprised if the percentage of spam that 
MailChimp sends is much, if any, higher than the percentage of spam that any 
other ESP sends.


MailChimp built Omnivore to help prevent abuse on their platform. MailChimp 
uses E-HAWK and other tools to prevent fraudulent signups on their own service 
by spammers. MailChimp has implemented experimental headers such as "Form-Sub" 
to try to prevent spam. MailChimp is a member of M3AAWG.


This is not a company that says they're against spam and abuse, while winking 
at spammers and pocketing their money. MailChimp doesn't want to send spam any 
more than you want to receive spam.


If you're getting a lot of spam from MailChimp - great, what can be done about 
it? Do you have a feedback loop so that MailChimp is aware? Have you started up 
a dialogue with their abuse team? If you've seen patterns in the abuse, have 
you let them know so they can build detection for that into Omnivore?


If you block MailChimp, you're going to get a lot of false positives and 
complaints because they aren't a spam outfit. They want to do the right thing. 
If you feel they're falling short, it's far more productive to brainstorm how 
you could mutually help each fix the problem.


From: mailop  on behalf of Steve Atkins 

Sent: Tuesday, November 6, 2018 8:04 AM
To: mailop
Subject: Re: [mailop] What do other ISP / ESP do about the MailChimp spam 
problem?



> On Nov 6, 2018, at 2:42 PM, Renaud Allard via mailop  
> wrote:
>
>
>
> On 11/6/18 3:02 PM, Charles McKean wrote:
>> If you had any honest question here, you got it wrong by laying on the
>> insult and making leading statements. Since you are acting like a
>> troll, I think we should treat you like a troll and tell you to go
>> away.
>> I get so many spams, but I have not gotten a spam from a Mailchimp
>> customer for as long as I can remember. There are many other email
>> services providers that are much worse. Mailchimp is not the problem
>> for most of us, so perhaps the question to ask is, are you the
>> outlier? And if so, why? Are your filters broken?
>
> I am not sure who is trolling here. I get very few spam that pass my filters, 
> however most of the spam that pass the filters are from mailchimp.
> That said, mailchimp is generally fast and efficient at stopping the spam 
> spree when you complain to them. Though, you will still receive others from 
> other customers at mailchimp.

I see significantly more spam from, and far less action in response to 
complaints, from OVH, Digital Ocean, Microsoft (Azure, in particular) and to a 
slightly lesser extent Google. MailChimp - and other traditional (non-API) ESPs 
- are there, but mostly lost in the noise.

I have found that complaining about spam from ESPs in preference to the much 
higher volumes of spam from other sources, does correlate with a certain sort 
of recipient.

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Steve Atkins]

> On Nov 6, 2018, at 2:42 PM, Renaud Allard via mailop  
> wrote:
> 
> 
> 
> On 11/6/18 3:02 PM, Charles McKean wrote:
>> If you had any honest question here, you got it wrong by laying on the
>> insult and making leading statements. Since you are acting like a
>> troll, I think we should treat you like a troll and tell you to go
>> away.
>> I get so many spams, but I have not gotten a spam from a Mailchimp
>> customer for as long as I can remember. There are many other email
>> services providers that are much worse. Mailchimp is not the problem
>> for most of us, so perhaps the question to ask is, are you the
>> outlier? And if so, why? Are your filters broken?
> 
> I am not sure who is trolling here. I get very few spam that pass my filters, 
> however most of the spam that pass the filters are from mailchimp.
> That said, mailchimp is generally fast and efficient at stopping the spam 
> spree when you complain to them. Though, you will still receive others from 
> other customers at mailchimp.

I see significantly more spam from, and far less action in response to 
complaints, from OVH, Digital Ocean, Microsoft (Azure, in particular) and to a 
slightly lesser extent Google. MailChimp - and other traditional (non-API) ESPs 
- are there, but mostly lost in the noise.

I have found that complaining about spam from ESPs in preference to the much 
higher volumes of spam from other sources, does correlate with a certain sort 
of recipient.

Cheers,
  Steve



___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Renaud Allard via mailop]

On 11/6/18 3:02 PM, Charles McKean wrote:

If you had any honest question here, you got it wrong by laying on the
insult and making leading statements. Since you are acting like a
troll, I think we should treat you like a troll and tell you to go
away.

I get so many spams, but I have not gotten a spam from a Mailchimp
customer for as long as I can remember. There are many other email
services providers that are much worse. Mailchimp is not the problem
for most of us, so perhaps the question to ask is, are you the
outlier? And if so, why? Are your filters broken?


I am not sure who is trolling here. I get very few spam that pass my 
filters, however most of the spam that pass the filters are from mailchimp.
That said, mailchimp is generally fast and efficient at stopping the 
spam spree when you complain to them. Though, you will still receive 
others from other customers at mailchimp.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Charles McKean]

If you had any honest question here, you got it wrong by laying on the
insult and making leading statements. Since you are acting like a
troll, I think we should treat you like a troll and tell you to go
away.

I get so many spams, but I have not gotten a spam from a Mailchimp
customer for as long as I can remember. There are many other email
services providers that are much worse. Mailchimp is not the problem
for most of us, so perhaps the question to ask is, are you the
outlier? And if so, why? Are your filters broken?
On Tue, Nov 6, 2018 at 7:07 AM Benoit Panizzon  wrote:
>
> Hi List
>
> We again face problems with services by MailChimp.
>
> Their platform is equally fashioned by serious companies sending
> permission based newsletters and by very persistent repetitive spamer.
>
> They repeatedly get blacklisted on our platform, because of recipient
> complaints.
>
> Then repeatedly customers having subscribed to newsletters from serious
> companies complain to us, because mailchimp is blocked by our anti-spam
> services.
>
> The customer reporting spam are not those who subscribed to
> newsletters, forget about it and them report opt-in emails as spam.
>
> No, the problem is that MailChimp operates under 'US' marketing laws
> where the sender is only obliged to provide an 'opt-out' link in spam he
> sends and does not have to require the recipient to have a validated
> opt-in to get advertisement emails.
>
> So often, the spamers use harvested email addresses (even spamtraps we
> have hidden of websites) or lists they bought online.
>
> The other problem is about GDPR, where laws in most European countries
> require the sender of advertisement to disclose the source of data of a
> recipient to this recipient.
>
> Spamers sending email over mailchimp are clever. The links in the email
> point to some anonymous redirection services to mailchimp themselves or
> to domains registered via anonymizing proxies. Payment work over
> paypal and if you have been trying to get at the identity of a fraudster
> who took money via paypal, you know this is not possible. So the
> recipient of spam needs to contact the 'sender' aka MailChimp and
> requires MailChimp to disclose the identity of the sender, which
> MailChimp then again rejects pointing to US privacy laws which require
> them not to disclose the identity of their customers. Safe Heaven for
> Spamer!
>
> MailChimp does close accounts for which they get a certain number of
> complaints, but they fail to recognize and block the same spamer who
> repeatedly opens news accounts.
>
> So what do you think should ISP and Email Plattform operators do about
> MailChimp?
>
> * Tell the customers complaining about spam they have to live with it?
> * Block MailChimp and tell serious companies who get blocked as
>   collateral damage, to look for another, not so spamer firendly ESP?
>
> Mit freundlichen Grüssen
>
> -Benoît Panizzon-
> --
> I m p r o W a r e   A G-Leiter Commerce Kunden
> __
>
> Zurlindenstrasse 29 Tel  +41 61 826 93 00
> CH-4133 PrattelnFax  +41 61 826 93 01
> Schweiz Web  http://www.imp.ch
> __
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] What do other ISP / ESP do about the MailChimp spam problem?

[Benoit Panizzon]

Hi List

We again face problems with services by MailChimp.

Their platform is equally fashioned by serious companies sending
permission based newsletters and by very persistent repetitive spamer.

They repeatedly get blacklisted on our platform, because of recipient
complaints.

Then repeatedly customers having subscribed to newsletters from serious
companies complain to us, because mailchimp is blocked by our anti-spam
services.

The customer reporting spam are not those who subscribed to
newsletters, forget about it and them report opt-in emails as spam.

No, the problem is that MailChimp operates under 'US' marketing laws
where the sender is only obliged to provide an 'opt-out' link in spam he
sends and does not have to require the recipient to have a validated
opt-in to get advertisement emails.

So often, the spamers use harvested email addresses (even spamtraps we
have hidden of websites) or lists they bought online.

The other problem is about GDPR, where laws in most European countries
require the sender of advertisement to disclose the source of data of a
recipient to this recipient.

Spamers sending email over mailchimp are clever. The links in the email
point to some anonymous redirection services to mailchimp themselves or
to domains registered via anonymizing proxies. Payment work over
paypal and if you have been trying to get at the identity of a fraudster
who took money via paypal, you know this is not possible. So the
recipient of spam needs to contact the 'sender' aka MailChimp and
requires MailChimp to disclose the identity of the sender, which
MailChimp then again rejects pointing to US privacy laws which require
them not to disclose the identity of their customers. Safe Heaven for
Spamer!

MailChimp does close accounts for which they get a certain number of
complaints, but they fail to recognize and block the same spamer who
repeatedly opens news accounts.

So what do you think should ISP and Email Plattform operators do about
MailChimp?

* Tell the customers complaining about spam they have to live with it?
* Block MailChimp and tell serious companies who get blocked as
  collateral damage, to look for another, not so spamer firendly ESP?

Mit freundlichen Grüssen

-Benoît Panizzon-
-- 
I m p r o W a r e   A G-Leiter Commerce Kunden
__

Zurlindenstrasse 29 Tel  +41 61 826 93 00
CH-4133 PrattelnFax  +41 61 826 93 01
Schweiz Web  http://www.imp.ch
__

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop