subject:"\[mailop\] YahooMailProxy User Agent"

Re: [mailop] YahooMailProxy User Agent

2018-10-17 Thread Brandon Long via mailop

Yeah, we've had a few false positives recently with two (Google Forms
default to using goo.gl with a non-pretty url, so folks use other
redirectors like bit.ly to make it pretty), but those fp's were still
pretty rare comparatively.

Brandon

On Tue, Oct 16, 2018 at 6:16 PM Michael Wise via mailop 
wrote:

>
> More than one redirector in a row is ... let's just say, Suspicious.
>
> Aloha,
> Michael.
> --
> Michael J Wise
> Microsoft Corporation| Spam Analysis
> "Your Spam Specimen Has Been Processed."
> Got the Junk Mail Reporting Tool ?
>
> -Original Message-
> From: mailop  On Behalf Of John Levine
> Sent: Tuesday, October 16, 2018 5:58 PM
> To: mailop@mailop.org
> Cc: bl...@google.com
> Subject: Re: [mailop] YahooMailProxy User Agent
>
> In article  wvf...@mail.gmail.com> you write:
> >It is pretty common these days for spam systems to sometimes visit
> >links in the email message to help determine the spamminess or
> >phishiness or just plain badness of messages.  It's one of the reasons
> >for the newer list-unsubscribe-post header in rfc 8058 (as mentioned in
> the abstract).
>
> Quite right.  Malicious links often go through a long chain of redirects
> so you have to follow the chain and see where it ends up.
>
> For confirmations, be a mensch and put a pair of buttons on the
> confirmation page, one for "yes, yes, send me an endless stream of valuable
> offers from your Treasured Marketing Partners", and another "uh oh, that
> wasn't me, don't let the bozo who did this try again".
>
> I think I may have mentioned a few times how many people with names
> similar to mine think that my gmail account is their gmail account.
> Fake subscribes happen all the time, and they're often just dumb, not
> malicious.  The dumb ones are the most persistent.
>
> R's,
> John
>
> ___
> mailop mailing list
> mailop@mailop.org
>
> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cdb78fb519a3144cde7a508d633ccaed6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636753351572266419sdata=%2Bk4N0tAIyrdcA2%2B0EVmVQM%2B9jam8qJh6kPjGEkxc4F8%3Dreserved=0
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-17 Thread John Levine

In article ,
Vytis MarÄ iulionis via mailop  wrote:
>-=-=-=-=-=-
>-=-=-=-=-=-
>
>What about the idea on implementing subscription confirmation header in the
>confirmation messages?
>https://tools.ietf.org/id/draft-levine-mailbomb-header-00.html
>
>Has anyone heard about what is happening with that idea? I remember that at
>M3AAWG in Lisbon (June 2017) the idea was well accepted by senders and
>mailbox providers as well.

I gather a lot of senders are using it, but as someone else mentioned,
it is not even a little bit like a confirmation link.

All it does is to say this is a confirmation message.  If a mail
system sees an unusual number of them arriving, it can recognize a
subscription bomb and do something about it.

R's,
John
-- 
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-17 Thread Mathieu Bourdin

Hi
>What about the idea on implementing subscription confirmation header in the 
>confirmation messages?
>https://tools.ietf.org/id/draft-levine-mailbomb-header-00.html

The issue is that anything could be "hidden" behind the purported link, that's 
why AV must check the end destination and so click on the link. It would be 
like giving a joker card to any phisher/malware distributor.
The goal of the proposed header is not to say "confirmation link coming 
through, please look elsewhere and don't click on that thank you", it's 
designed to give information about the context of the subscription (ie: IP 
range/time etc...) for the receiving system to do some matching and warn the 
data collector about possible abuse.

Mathieu Bourdin.
NP6 delivery team.

De : mailop [mailto:mailop-boun...@mailop.org] De la part de Vytis Marciulionis 
via mailop
Envoyé : mercredi 17 octobre 2018 14:47
À : dario.antu...@intercom.io
Cc : mailop@mailop.org
Objet : Re: [mailop] YahooMailProxy User Agent

What about the idea on implementing subscription confirmation header in the 
confirmation messages?
https://tools.ietf.org/id/draft-levine-mailbomb-header-00.html

Has anyone heard about what is happening with that idea? I remember that at 
M3AAWG in Lisbon (June 2017) the idea was well accepted by senders and mailbox 
providers as well.

On Wed, Oct 17, 2018 at 12:41 PM Dario Tavares Antunes via mailop 
<mailto:mailop@mailop.org> wrote:
I was just drafting an email to a similar effect of Laura's last paragraph. See 
also the apocryphal story of googlebot deleting entire sites 
https://thedailywtf.com/articles/The_Spider_of_Doom

I'd hope even the most rudimental crawler would know not to perform POST 
actions, and I'd hope everyone else knows enough not to produce side-effecting 
GET APIs (I know I've been guilty of the same, and fortunately the smart 
crawlers will usually strip or mangle querystrings before following links).

On Wed, Oct 17, 2018 at 10:36 AM Laura Atkins <mailto:la...@wordtothewise.com> 
wrote:

On 16 Oct 2018, at 23:06, Luis E. Muñoz via mailop <mailto:mailop@mailop.org> 
wrote:

On 16 Oct 2018, at 12:42, Brandon Long wrote:

It is pretty common these days for spam systems to sometimes visit links in
the email message to help determine the spamminess or phishiness or just
plain badness of messages.

I can see the value of the datapoint. That said, if the automated filter visits 
a confirmation link then it would be breaking COI. How are ESPs discerning 
between those visits and the ones originated by the recipient actually clicking 
on the confirmation link?

Lots of different ways. Proximity to delivery, user agent, IP address are all 
things successfully used to distinguish automated from non-automated clicks. 

It's one of the reasons for the newer
list-unsubscribe-post header in rfc 8058 (as mentioned in the abstract).

Yes, I'm aware. However, the context of the conversations on this topic that I 
remember were centered around making the link "machine actionable", in the 
sense that automatic unsubscribe would not need to jump through hoops but 
rather, straight unsubscribe. This could keep the traditional unsubscribe 
behavior of presenting a form to collect feedback on the unsubscribe reason.

That wasn’t the whole issue, as I remember the discussions. 

To me this is very different from plainly GETting a link in an email.

Hopefully this behavior is restricted to images and collateral, not actual 
links... but once the line is broken, it's only a matter of time I guess.

It hasn’t been for a very long time. This is not new behavior at all. 
https://wordtothewise.com/2013/07/barracuda-filters-clicking-all-links/ was not 
the first time the behavior was seen, just the first time I publicly documented 
it. (Note: others may have documented it before me, but that link was easy for 
me to find)

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
mailto:la...@wordtothewise.com
(650) 437-0741 

Email Delivery Blog: https://wordtothewise.com/blog 

___
mailop mailing list
mailto:mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
___
mailop mailing list
mailto:mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

-- 
Best regards,

Vytis Marčiulionis
Email Deliverability Manager
Mailerlite.com
+37064734475
mailto:vy...@mailerlite.com
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-17 Thread Vytis Marčiulionis via mailop

What about the idea on implementing subscription confirmation header in the
confirmation messages?
https://tools.ietf.org/id/draft-levine-mailbomb-header-00.html

Has anyone heard about what is happening with that idea? I remember that at
M3AAWG in Lisbon (June 2017) the idea was well accepted by senders and
mailbox providers as well.

On Wed, Oct 17, 2018 at 12:41 PM Dario Tavares Antunes via mailop <
mailop@mailop.org> wrote:

> I was just drafting an email to a similar effect of Laura's last
> paragraph. See also the apocryphal story of googlebot deleting entire sites
> https://thedailywtf.com/articles/The_Spider_of_Doom
>
> I'd hope even the most rudimental crawler would know not to perform POST
> actions, and I'd hope everyone else knows enough not to produce
> side-effecting GET APIs (I know I've been guilty of the same, and
> fortunately the smart crawlers will usually strip or mangle querystrings
> before following links).
>
> On Wed, Oct 17, 2018 at 10:36 AM Laura Atkins 
> wrote:
>
>>
>> On 16 Oct 2018, at 23:06, Luis E. Muñoz via mailop 
>> wrote:
>>
>>
>>
>> On 16 Oct 2018, at 12:42, Brandon Long wrote:
>>
>> It is pretty common these days for spam systems to sometimes visit links
>> in
>> the email message to help determine the spamminess or phishiness or just
>> plain badness of messages.
>>
>>
>> I can see the value of the datapoint. That said, if the automated filter
>> visits a confirmation link then it would be breaking COI. How are ESPs
>> discerning between those visits and the ones originated by the recipient
>> actually clicking on the confirmation link?
>>
>>
>> Lots of different ways. Proximity to delivery, user agent, IP address are
>> all things successfully used to distinguish automated from non-automated
>> clicks.
>>
>> It's one of the reasons for the newer
>> list-unsubscribe-post header in rfc 8058 (as mentioned in the abstract).
>>
>>
>> Yes, I'm aware. However, the context of the conversations on this topic
>> that I remember were centered around making the link "machine actionable",
>> in the sense that automatic unsubscribe would not need to jump through
>> hoops but rather, straight unsubscribe. This could keep the traditional
>> unsubscribe behavior of presenting a form to collect feedback on the
>> unsubscribe reason.
>>
>>
>> That wasn’t the whole issue, as I remember the discussions.
>>
>> To me this is very different from plainly GETting a link in an email.
>>
>> Hopefully this behavior is restricted to images and collateral, not
>> actual links... but once the line is broken, it's only a matter of time I
>> guess.
>>
>>
>> It hasn’t been for a very long time. This is not new behavior at all.
>> https://wordtothewise.com/2013/07/barracuda-filters-clicking-all-links/ was
>> not the first time the behavior was seen, just the first time I publicly
>> documented it. (Note: others may have documented it before me, but that
>> link was easy for me to find)
>>
>> laura
>>
>> --
>> Having an Email Crisis?  We can help! 800 823-9674
>>
>> Laura Atkins
>> Word to the Wise
>> la...@wordtothewise.com
>> (650) 437-0741
>>
>> Email Delivery Blog: https://wordtothewise.com/blog
>>
>>
>>
>>
>>
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


-- 
Best regards,

Vytis Marčiulionis
Email Deliverability Manager
Mailerlite.com
+37064734475
vy...@mailerlite.com
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-17 Thread Dario Tavares Antunes via mailop

I was just drafting an email to a similar effect of Laura's last paragraph.
See also the apocryphal story of googlebot deleting entire sites
https://thedailywtf.com/articles/The_Spider_of_Doom

I'd hope even the most rudimental crawler would know not to perform POST
actions, and I'd hope everyone else knows enough not to produce
side-effecting GET APIs (I know I've been guilty of the same, and
fortunately the smart crawlers will usually strip or mangle querystrings
before following links).

On Wed, Oct 17, 2018 at 10:36 AM Laura Atkins 
wrote:

>
> On 16 Oct 2018, at 23:06, Luis E. Muñoz via mailop 
> wrote:
>
>
>
> On 16 Oct 2018, at 12:42, Brandon Long wrote:
>
> It is pretty common these days for spam systems to sometimes visit links in
> the email message to help determine the spamminess or phishiness or just
> plain badness of messages.
>
>
> I can see the value of the datapoint. That said, if the automated filter
> visits a confirmation link then it would be breaking COI. How are ESPs
> discerning between those visits and the ones originated by the recipient
> actually clicking on the confirmation link?
>
>
> Lots of different ways. Proximity to delivery, user agent, IP address are
> all things successfully used to distinguish automated from non-automated
> clicks.
>
> It's one of the reasons for the newer
> list-unsubscribe-post header in rfc 8058 (as mentioned in the abstract).
>
>
> Yes, I'm aware. However, the context of the conversations on this topic
> that I remember were centered around making the link "machine actionable",
> in the sense that automatic unsubscribe would not need to jump through
> hoops but rather, straight unsubscribe. This could keep the traditional
> unsubscribe behavior of presenting a form to collect feedback on the
> unsubscribe reason.
>
>
> That wasn’t the whole issue, as I remember the discussions.
>
> To me this is very different from plainly GETting a link in an email.
>
> Hopefully this behavior is restricted to images and collateral, not actual
> links... but once the line is broken, it's only a matter of time I guess.
>
>
> It hasn’t been for a very long time. This is not new behavior at all.
> https://wordtothewise.com/2013/07/barracuda-filters-clicking-all-links/ was
> not the first time the behavior was seen, just the first time I publicly
> documented it. (Note: others may have documented it before me, but that
> link was easy for me to find)
>
> laura
>
> --
> Having an Email Crisis?  We can help! 800 823-9674
>
> Laura Atkins
> Word to the Wise
> la...@wordtothewise.com
> (650) 437-0741
>
> Email Delivery Blog: https://wordtothewise.com/blog
>
>
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-17 Thread Laura Atkins


> On 16 Oct 2018, at 23:06, Luis E. Muñoz via mailop  wrote:
> 
> 
> 
> On 16 Oct 2018, at 12:42, Brandon Long wrote:
> 
>> It is pretty common these days for spam systems to sometimes visit links in
>> the email message to help determine the spamminess or phishiness or just
>> plain badness of messages.
> 
> I can see the value of the datapoint. That said, if the automated filter 
> visits a confirmation link then it would be breaking COI. How are ESPs 
> discerning between those visits and the ones originated by the recipient 
> actually clicking on the confirmation link?

Lots of different ways. Proximity to delivery, user agent, IP address are all 
things successfully used to distinguish automated from non-automated clicks. 

>> It's one of the reasons for the newer
>> list-unsubscribe-post header in rfc 8058 (as mentioned in the abstract).
> 
> Yes, I'm aware. However, the context of the conversations on this topic that 
> I remember were centered around making the link "machine actionable", in the 
> sense that automatic unsubscribe would not need to jump through hoops but 
> rather, straight unsubscribe. This could keep the traditional unsubscribe 
> behavior of presenting a form to collect feedback on the unsubscribe reason.

That wasn’t the whole issue, as I remember the discussions. 

> To me this is very different from plainly GETting a link in an email.
> 
> Hopefully this behavior is restricted to images and collateral, not actual 
> links... but once the line is broken, it's only a matter of time I guess.

It hasn’t been for a very long time. This is not new behavior at all. 
https://wordtothewise.com/2013/07/barracuda-filters-clicking-all-links/ 
 was 
not the first time the behavior was seen, just the first time I publicly 
documented it. (Note: others may have documented it before me, but that link 
was easy for me to find)

laura 

-- 
Having an Email Crisis?  We can help! 800 823-9674 

Laura Atkins
Word to the Wise
la...@wordtothewise.com
(650) 437-0741  

Email Delivery Blog: https://wordtothewise.com/blog 







___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread John Levine

In article 

 you write:
>
>More than one redirector in a row is ... let's just say, Suspicious.

Indeed, but you won't notice it unless you rattle the URLs.

>Quite right.  Malicious links often go through a long chain of redirects so 
>you have to follow the chain and see where it ends up.
>
>For confirmations, be a mensch and put a pair of buttons on the confirmation 
>page, one for "yes, yes, send me an endless stream of
>valuable offers from your Treasured Marketing Partners", and another "uh oh, 
>that wasn't me, don't let the bozo who did this try
>again".
>
>I think I may have mentioned a few times how many people with names similar to 
>mine think that my gmail account is their gmail account.
>Fake subscribes happen all the time, and they're often just dumb, not 
>malicious.  The dumb ones are the most persistent.


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Michael Wise via mailop


More than one redirector in a row is ... let's just say, Suspicious.

Aloha,
Michael.
-- 
Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting Tool ?

-Original Message-
From: mailop  On Behalf Of John Levine
Sent: Tuesday, October 16, 2018 5:58 PM
To: mailop@mailop.org
Cc: bl...@google.com
Subject: Re: [mailop] YahooMailProxy User Agent

In article  
you write:
>It is pretty common these days for spam systems to sometimes visit 
>links in the email message to help determine the spamminess or 
>phishiness or just plain badness of messages.  It's one of the reasons 
>for the newer list-unsubscribe-post header in rfc 8058 (as mentioned in the 
>abstract).

Quite right.  Malicious links often go through a long chain of redirects so you 
have to follow the chain and see where it ends up.

For confirmations, be a mensch and put a pair of buttons on the confirmation 
page, one for "yes, yes, send me an endless stream of valuable offers from your 
Treasured Marketing Partners", and another "uh oh, that wasn't me, don't let 
the bozo who did this try again".

I think I may have mentioned a few times how many people with names similar to 
mine think that my gmail account is their gmail account.
Fake subscribes happen all the time, and they're often just dumb, not 
malicious.  The dumb ones are the most persistent.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailopdata=02%7C01%7Cmichael.wise%40microsoft.com%7Cdb78fb519a3144cde7a508d633ccaed6%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636753351572266419sdata=%2Bk4N0tAIyrdcA2%2B0EVmVQM%2B9jam8qJh6kPjGEkxc4F8%3Dreserved=0
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread John Levine

In article  
you write:
>It is pretty common these days for spam systems to sometimes visit links in
>the email message to help determine the spamminess or phishiness or just
>plain badness of messages.  It's one of the reasons for the newer
>list-unsubscribe-post header in rfc 8058 (as mentioned in the abstract).

Quite right.  Malicious links often go through a long chain of redirects
so you have to follow the chain and see where it ends up.

For confirmations, be a mensch and put a pair of buttons on the
confirmation page, one for "yes, yes, send me an endless stream of
valuable offers from your Treasured Marketing Partners", and another
"uh oh, that wasn't me, don't let the bozo who did this try again".

I think I may have mentioned a few times how many people with names
similar to mine think that my gmail account is their gmail account.
Fake subscribes happen all the time, and they're often just dumb, not
malicious.  The dumb ones are the most persistent.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Luis E. Muñoz via mailop




On 16 Oct 2018, at 16:12, Brandon Long wrote:

A phishing email with a bad link was partially responsible for the 
outcome

of the 2016 US presidential election.


History should remember that one as "the Email presidential election".


Such messages are responsible for a large amount of damage at various
companies, measured in stolen trade secrets or actual money from 
accounts,

of even company wide shutdowns with destructive malware.

Opt-in confirmation or open rates on marketing mail just isn't going 
to
make that cut.  The benefits to the individuals or receiving companies 
of
the marketing mail is pretty small compared to the benefits to the 
senders.


Yes, I get it. And I agree. Still it's a suboptimal outcome. Thanks 
spammers :-/


I think some enterprises would be happy if we blocked all marketing 
mail to

their companies, especially consumer marketing mail.  We've had spam
escalations related to that from enterprises when we've made changes 
that

went easier on some better reputation marketing mail.


Interesting. Thank you for sharing that. My experience with companies 
paying for their employees' email matches this.


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Brandon Long via mailop

A phishing email with a bad link was partially responsible for the outcome
of the 2016 US presidential election.

Such messages are responsible for a large amount of damage at various
companies, measured in stolen trade secrets or actual money from accounts,
of even company wide shutdowns with destructive malware.

Opt-in confirmation or open rates on marketing mail just isn't going to
make that cut.  The benefits to the individuals or receiving companies of
the marketing mail is pretty small compared to the benefits to the senders.

Receivers are selling security to their customers, and the customers are
receptive.  They're spending millions per year on various protections.

I think some enterprises would be happy if we blocked all marketing mail to
their companies, especially consumer marketing mail.  We've had spam
escalations related to that from enterprises when we've made changes that
went easier on some better reputation marketing mail.

Brandon

On Tue, Oct 16, 2018, 3:37 PM Luis E. Muñoz 
>
> On 16 Oct 2018, at 15:12, Brandon Long wrote:
>
> > On Tue, Oct 16, 2018 at 3:06 PM Luis E. Muñoz 
> > wrote:
> >> I can see the value of the datapoint. That said, if the automated
> >> filter
> >> visits a confirmation link then it would be breaking COI. How are
> >> ESPs
> >> discerning between those visits and the ones originated by the
> >> recipient
> >> actually clicking on the confirmation link?
> >
> > Force the user to click something on the confirmation page?
>
> Yes. It's not like there are that many options after all.
>
> > I'm sure that reduces the opt-in rate, but that's the price for
> > everything
> > being terrible.
>
> Well, the silver lining is that this will tend to inflate open rate
> metrics, specially for questionable ESPs/content which will have more
> clicks recorded because their email needs more scrutiny :-)
>
> >> Hopefully this behavior is restricted to images and collateral, not
> >> actual links... but once the line is broken, it's only a matter of
> >> time
> >> I guess.
> >
> > I doubt it's restricted in that way, I don't think that would make
> > much
> > sense.
>
> Heh. "A request to  was received. If you did not
> request this, you can ignore this message. If you want to proceed, click
> here". This is a very common formula. Even Google's security
> notifications about suspicious account activity seem to work this way.
>
> It's not too farfetched that someone could use this to get accounts
> suspended.
>
> Just to clarify, I understand the mechanism and its rationale. I just
> disagree on the weighting used to drive the implementation decision.
> This is clearly a case of "my system, my rules", with the impact
> associated with the big boys doing it.
>
> Best regards
>
> -lem
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Luis E. Muñoz via mailop




On 16 Oct 2018, at 15:12, Brandon Long wrote:

On Tue, Oct 16, 2018 at 3:06 PM Luis E. Muñoz  
wrote:
I can see the value of the datapoint. That said, if the automated 
filter
visits a confirmation link then it would be breaking COI. How are 
ESPs
discerning between those visits and the ones originated by the 
recipient

actually clicking on the confirmation link?


Force the user to click something on the confirmation page?


Yes. It's not like there are that many options after all.

I'm sure that reduces the opt-in rate, but that's the price for 
everything

being terrible.


Well, the silver lining is that this will tend to inflate open rate 
metrics, specially for questionable ESPs/content which will have more 
clicks recorded because their email needs more scrutiny :-)



Hopefully this behavior is restricted to images and collateral, not
actual links... but once the line is broken, it's only a matter of 
time

I guess.


I doubt it's restricted in that way, I don't think that would make 
much

sense.


Heh. "A request to  was received. If you did not 
request this, you can ignore this message. If you want to proceed, click 
here". This is a very common formula. Even Google's security 
notifications about suspicious account activity seem to work this way.


It's not too farfetched that someone could use this to get accounts 
suspended.


Just to clarify, I understand the mechanism and its rationale. I just 
disagree on the weighting used to drive the implementation decision. 
This is clearly a case of "my system, my rules", with the impact 
associated with the big boys doing it.


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Brandon Long via mailop

On Tue, Oct 16, 2018 at 3:06 PM Luis E. Muñoz  wrote:

>
>
> On 16 Oct 2018, at 12:42, Brandon Long wrote:
>
> > It is pretty common these days for spam systems to sometimes visit
> > links in
> > the email message to help determine the spamminess or phishiness or
> > just
> > plain badness of messages.
>
> I can see the value of the datapoint. That said, if the automated filter
> visits a confirmation link then it would be breaking COI. How are ESPs
> discerning between those visits and the ones originated by the recipient
> actually clicking on the confirmation link?
>

Force the user to click something on the confirmation page?

I'm sure that reduces the opt-in rate, but that's the price for everything
being terrible.

> It's one of the reasons for the newer
> > list-unsubscribe-post header in rfc 8058 (as mentioned in the
> > abstract).
>
> Yes, I'm aware. However, the context of the conversations on this topic
> that I remember were centered around making the link "machine
> actionable", in the sense that automatic unsubscribe would not need to
> jump through hoops but rather, straight unsubscribe. This could keep the
> traditional unsubscribe behavior of presenting a form to collect
> feedback on the unsubscribe reason.
>
> To me this is very different from plainly GETting a link in an email.
>
> Hopefully this behavior is restricted to images and collateral, not
> actual links... but once the line is broken, it's only a matter of time
> I guess.
>

I doubt it's restricted in that way, I don't think that would make much
sense.

Brandon
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Luis E. Muñoz via mailop




On 16 Oct 2018, at 12:42, Brandon Long wrote:

It is pretty common these days for spam systems to sometimes visit 
links in
the email message to help determine the spamminess or phishiness or 
just

plain badness of messages.


I can see the value of the datapoint. That said, if the automated filter 
visits a confirmation link then it would be breaking COI. How are ESPs 
discerning between those visits and the ones originated by the recipient 
actually clicking on the confirmation link?



It's one of the reasons for the newer
list-unsubscribe-post header in rfc 8058 (as mentioned in the 
abstract).


Yes, I'm aware. However, the context of the conversations on this topic 
that I remember were centered around making the link "machine 
actionable", in the sense that automatic unsubscribe would not need to 
jump through hoops but rather, straight unsubscribe. This could keep the 
traditional unsubscribe behavior of presenting a form to collect 
feedback on the unsubscribe reason.


To me this is very different from plainly GETting a link in an email.

Hopefully this behavior is restricted to images and collateral, not 
actual links... but once the line is broken, it's only a matter of time 
I guess.


Best regards

-lem





___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Brandon Long via mailop

It is pretty common these days for spam systems to sometimes visit links in
the email message to help determine the spamminess or phishiness or just
plain badness of messages.  It's one of the reasons for the newer
list-unsubscribe-post header in rfc 8058 (as mentioned in the abstract).

A first step is something like the above user-agent, but sometimes the goal
is to hide the fact that the load was from an automated system in order to
prevent cloaking by abusive users Welcome to the next stage of the race.

Brandon

On Tue, Oct 16, 2018 at 12:21 PM Luis E. Muñoz via mailop 
wrote:

>
>
> On 16 Oct 2018, at 11:45, Marc Goldman via mailop wrote:
>
> > Is it normal to see the YahooMailProxy;User Agent in open tracking?
> >
> > | open  | someem...@ymail.com | 209.73.183.19 | YahooMailProxy;
> > https://help.yahoo.com/kb/yahoo-mail-proxy-SLN28749.html
> >
> > I assume that its Yahoo unfurling redirect/click tracking URLS to
> > determine folder placement. Am I correct?
>
> I find the thought of they actually visiting the links in email that
> hasn't been opening very troubling. Could it be actual activity from
> users via the web UI (or perhaps mobile clients)?
>
> Best regards
>
> -lem
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

2018-10-16 Thread Luis E. Muñoz via mailop




On 16 Oct 2018, at 11:45, Marc Goldman via mailop wrote:


Is it normal to see the YahooMailProxy;User Agent in open tracking?

| open      | someem...@ymail.com | 209.73.183.19 | YahooMailProxy; 
https://help.yahoo.com/kb/yahoo-mail-proxy-SLN28749.html  


I assume that its Yahoo unfurling redirect/click tracking URLS to 
determine folder placement. Am I correct?


I find the thought of they actually visiting the links in email that 
hasn't been opening very troubling. Could it be actual activity from 
users via the web UI (or perhaps mobile clients)?


Best regards

-lem

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

[mailop] YahooMailProxy User Agent

2018-10-16 Thread Marc Goldman via mailop

Is it normal to see the YahooMailProxy;User Agent in open tracking?

| open      | someem...@ymail.com | 209.73.183.19 | YahooMailProxy; 
https://help.yahoo.com/kb/yahoo-mail-proxy-SLN28749.html  

I assume that its Yahoo unfurling redirect/click tracking URLS to determine 
folder placement. Am I correct?
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

Re: [mailop] YahooMailProxy User Agent

[mailop] YahooMailProxy User Agent

17 matches

Site Navigation

Mail list logo

Footer information