Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-08 Thread timrutherford 
Thanks Alex, good to know.

 

Tim

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brotman,
Alexander
Sent: Wednesday, November 8, 2017 9:23 AM
To: timrutherf...@c4.net; mailop@mailop.org
Subject: Re: [mailop] Comcast Feedback Loop emails that look legitimate

 

Tim,

 

Yes-ish.  We do treat the action of moving a message to the spam folder the
same as clicking the "Spam" button.  This is fairly common.  It can make for
mistakes if someone is dragging a message and accidentally drops the message
in the wrong place.  We've seen instances where someone attempts a bulk move
and accidentally files hundreds of messages into Spam, and a few minutes
later refiles them elsewhere.  Another type of incident we've seen is
sometimes a user has switched clients and the new client decides that
messages previously in the Inbox are now spam, and refiles them to the Spam
folder.  This could also generate a spam report in certain scenarios.  

 

And I'm sure we've all seen that users can (and do) treat the "Spam" button
as delete.

 

--

Alex Brotman

Sr. Engineer, Anti-Abuse

Comcast

 

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of
timrutherf...@c4.net <mailto:timrutherf...@c4.net> 
Sent: Tuesday, November 07, 2017 10:28 AM
To: mailop@mailop.org <mailto:mailop@mailop.org> 
Subject: [mailop] Comcast Feedback Loop emails that look legitimate

 

Hello all,

 

We are on the Comcast FBL and occasionally get abuse reports from Comcast
through that service.  It is my understanding that these reports are
generated automatically when the customer reports an email as spam.

 

However, we have seen several occasions where the messages are clearly not
spam.  In some cases they are a reservation confirmations (something the
customer just purchased), invoices from companies they deal with on a
regular basis, or even general email correspondences.

 

I'm wondering if there are any other actions that trigger a spam report and
consequently a FBL report.   IP reputation, message content, 3rd party
antivirus actions, etc. ?

 

The messages come from feedbackl...@comcastfbl.senderscore.net
<mailto:feedbackl...@comcastfbl.senderscore.net> , which makes me wonder if
they have some algorithms in place. 

 

Thanks in advance for any input!

Tim

 

 

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-08 Thread Bryan Vest 
We see these kind of false positives all of the time from the AOL FBL. Our
front line technicians have been trained in spamfu so they generally take
care of these when they come in. But it is annoying that so many users will
mark legitimate mail as spam.


On Wed, Nov 8, 2017 at 9:22 AM, Brotman, Alexander <
alexander_brot...@comcast.com> wrote:

> Tim,
>
>
>
> Yes-ish.  We do treat the action of moving a message to the spam folder
> the same as clicking the “Spam” button.  This is fairly common.  It can
> make for mistakes if someone is dragging a message and accidentally drops
> the message in the wrong place.  We’ve seen instances where someone
> attempts a bulk move and accidentally files hundreds of messages into Spam,
> and a few minutes later refiles them elsewhere.  Another type of incident
> we’ve seen is sometimes a user has switched clients and the new client
> decides that messages previously in the Inbox are now spam, and refiles
> them to the Spam folder.  This could also generate a spam report in certain
> scenarios.
>
>
>
> And I’m sure we’ve all seen that users can (and do) treat the “Spam”
> button as delete.
>
>
>
> --
>
> Alex Brotman
>
> Sr. Engineer, Anti-Abuse
>
> Comcast
>
>
>
> *From:* mailop [mailto:mailop-boun...@mailop.org] *On Behalf Of *
> timrutherf...@c4.net
> *Sent:* Tuesday, November 07, 2017 10:28 AM
> *To:* mailop@mailop.org
> *Subject:* [mailop] Comcast Feedback Loop emails that look legitimate
>
>
>
> Hello all,
>
>
>
> We are on the Comcast FBL and occasionally get abuse reports from Comcast
> through that service.  It is my understanding that these reports are
> generated automatically when the customer reports an email as spam.
>
>
>
> However, we have seen several occasions where the messages are clearly not
> spam.  In some cases they are a reservation confirmations (something the
> customer just purchased), invoices from companies they deal with on a
> regular basis, or even general email correspondences.
>
>
>
> I’m wondering if there are any other actions that trigger a spam report
> and consequently a FBL report.   IP reputation, message content, 3rd
> party antivirus actions, etc. ?
>
>
>
> The messages come from feedbackl...@comcastfbl.senderscore.net, which
> makes me wonder if they have some algorithms in place.
>
>
>
> Thanks in advance for any input!
>
> Tim
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-08 Thread Brotman, Alexander 
Tim,

Yes-ish.  We do treat the action of moving a message to the spam folder the 
same as clicking the "Spam" button.  This is fairly common.  It can make for 
mistakes if someone is dragging a message and accidentally drops the message in 
the wrong place.  We've seen instances where someone attempts a bulk move and 
accidentally files hundreds of messages into Spam, and a few minutes later 
refiles them elsewhere.  Another type of incident we've seen is sometimes a 
user has switched clients and the new client decides that messages previously 
in the Inbox are now spam, and refiles them to the Spam folder.  This could 
also generate a spam report in certain scenarios.

And I'm sure we've all seen that users can (and do) treat the "Spam" button as 
delete.

--
Alex Brotman
Sr. Engineer, Anti-Abuse
Comcast

From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of 
timrutherf...@c4.net
Sent: Tuesday, November 07, 2017 10:28 AM
To: mailop@mailop.org
Subject: [mailop] Comcast Feedback Loop emails that look legitimate

Hello all,

We are on the Comcast FBL and occasionally get abuse reports from Comcast 
through that service.  It is my understanding that these reports are generated 
automatically when the customer reports an email as spam.

However, we have seen several occasions where the messages are clearly not 
spam.  In some cases they are a reservation confirmations (something the 
customer just purchased), invoices from companies they deal with on a regular 
basis, or even general email correspondences.

I'm wondering if there are any other actions that trigger a spam report and 
consequently a FBL report.   IP reputation, message content, 3rd party 
antivirus actions, etc. ?

The messages come from 
feedbackl...@comcastfbl.senderscore.net,
 which makes me wonder if they have some algorithms in place.

Thanks in advance for any input!
Tim


___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-07 Thread Benjamin BILLON via mailop 
> I run a mailing list about eastern european folk dancing
(I'm not even surprised, John, and I don't know if it's normal)

Last month we got 2806 complaints from the same email address in a single
day, on the Libero FBL. Apparently their webmail UI makes it really easy to
select plenty of messages and apply the action "spam complaints".
Although extreme in this case, this kind of things happens from time to
time, roughly once a month around 1000 complaints per day for a single guy,
mostly with Libero, but Yahoo seems to have the same kind of ... "feature".

We don't experience issues when this happens, fortunately. But even if we
did, of course that would be problematic, but I'm glad enough already that
such mechanism exists, and that I'm able to make any people complaining
_not_ receive the emails again.
(yes, I said "any people", and I'm looking at you intensely, Microsoft).

Point is, I don't consider FBL mechanisms flawless, there's always a way to
get unexpected results from it.


-- 

Benjamin

2017-11-08 9:51 GMT+08:00 Tom Bartel :

> Tim and all,
>
> For FBLs run by Return Path, there is support available if you have
> questions or see some odd behavior.
>
> fblsupp...@returnpath.com
>
> Tom
>
> On Tue, Nov 7, 2017 at 8:28 AM,  wrote:
>
>> Hello all,
>>
>>
>>
>> We are on the Comcast FBL and occasionally get abuse reports from Comcast
>> through that service.  It is my understanding that these reports are
>> generated automatically when the customer reports an email as spam.
>>
>>
>>
>> However, we have seen several occasions where the messages are clearly
>> not spam.  In some cases they are a reservation confirmations (something
>> the customer just purchased), invoices from companies they deal with on a
>> regular basis, or even general email correspondences.
>>
>>
>>
>> I’m wondering if there are any other actions that trigger a spam report
>> and consequently a FBL report.   IP reputation, message content, 3rd
>> party antivirus actions, etc. ?
>>
>>
>>
>> The messages come from feedbackl...@comcastfbl.senderscore.net, which
>> makes me wonder if they have some algorithms in place.
>>
>>
>>
>> Thanks in advance for any input!
>>
>> Tim
>>
>>
>>
>>
>>
>> ___
>> mailop mailing list
>> mailop@mailop.org
>> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>>
>>
>
>
> --
> --
> Twitter: @barteltom
> Instagram: https://instagram.com/bartel__tom
> 
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-07 Thread Tom Bartel 
Tim and all,

For FBLs run by Return Path, there is support available if you have
questions or see some odd behavior.

fblsupp...@returnpath.com

Tom

On Tue, Nov 7, 2017 at 8:28 AM,  wrote:

> Hello all,
>
>
>
> We are on the Comcast FBL and occasionally get abuse reports from Comcast
> through that service.  It is my understanding that these reports are
> generated automatically when the customer reports an email as spam.
>
>
>
> However, we have seen several occasions where the messages are clearly not
> spam.  In some cases they are a reservation confirmations (something the
> customer just purchased), invoices from companies they deal with on a
> regular basis, or even general email correspondences.
>
>
>
> I’m wondering if there are any other actions that trigger a spam report
> and consequently a FBL report.   IP reputation, message content, 3rd
> party antivirus actions, etc. ?
>
>
>
> The messages come from feedbackl...@comcastfbl.senderscore.net, which
> makes me wonder if they have some algorithms in place.
>
>
>
> Thanks in advance for any input!
>
> Tim
>
>
>
>
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>
>


-- 
--
Twitter: @barteltom
Instagram: https://instagram.com/bartel__tom

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-07 Thread Miles Fidelman 

On 11/7/17 8:28 AM, timrutherf...@c4.net wrote:


Hello all,

We are on the Comcast FBL and occasionally get abuse reports from 
Comcast through that service.  It is my understanding that these 
reports are generated automatically when the customer reports an email 
as spam.


However, we have seen several occasions where the messages are clearly 
not spam.  In some cases they are a reservation confirmations 
(something the customer just purchased), invoices from companies they 
deal with on a regular basis, or even general email correspondences.


I’m wondering if there are any other actions that trigger a spam 
report and consequently a FBL report.   IP reputation, message 
content, 3^rd party antivirus actions, etc. ?




I run a bunch of lists that are inhabited by "unsophisticated" users 
(notably parents belonging to PTO lists), and a couple of church email 
lists.  It's really amazing how many people read their email via 
webmail, and use the "junk" button instead of "delete" - sometimes 
fatfingering, sometimes out of sheer ignorance, sometimes because they 
forgot they joined the list, or no longer want to be on it, and can't be 
bothered to remove themselves or ask to be removed.


Sometimes, it leads to real headaches, like having the machine 
blacklisted (usually when someone deletes a vacation's worth of traffic 
in one fell swoop) - or sometimes when an errant piece of real spam gets 
through our filters (e.g., when a list member has been infected by a bot).


And, these days, Comcast, AOL, Microsoft, et. al., obfuscate the address 
in what they attach to FBL reports - it's REALLY a pain to have to 
correlate email IDs with specific pieces of mail (and one has to disable 
bulk mail to large hosts - generating lots of exraneous transactions).


What a frigging pain.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-07 Thread Russell Clemings 
I've seen FBL reports from several Comcast users who insisted they never
reported the message. In at least one case, we eventually figured out that
the user had an old, forgotten autofilter that routed the email to spam and
automatically sent me an FBL report every time a message matched the
filter. He removed the autofilter and the reports stopped.



On Tue, Nov 7, 2017 at 7:59 AM, John Levine  wrote:

> In article <004501d357dd$06151430$123f3c90$@c4.net> you write:
> >I'm wondering if there are any other actions that trigger a spam report
> and
> >consequently a FBL report.   IP reputation, message content, 3rd party
> >antivirus actions, etc. ?
>
> I would be pretty surprised if the reason were anything other than the
> recipient hitting the spam button.  People have very hard to
> articulate ideas about what sort of mail they want.
>
> I run a mailing list about eastern european folk dancing and get a
> spam report about once a month for ordinary list mail.  It's just
> that list, none of the others.
>
> R's,
> John
>
> ___
> mailop mailing list
> mailop@mailop.org
> https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
>


===
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Re: [mailop] Comcast Feedback Loop emails that look legitimate

2017-11-07 Thread John Levine 
In article <004501d357dd$06151430$123f3c90$@c4.net> you write:
>I'm wondering if there are any other actions that trigger a spam report and
>consequently a FBL report.   IP reputation, message content, 3rd party
>antivirus actions, etc. ?

I would be pretty surprised if the reason were anything other than the
recipient hitting the spam button.  People have very hard to
articulate ideas about what sort of mail they want.

I run a mailing list about eastern european folk dancing and get a
spam report about once a month for ordinary list mail.  It's just
that list, none of the others.

R's,
John

___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop