Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
Still nothing, no feedback at all, from SpamEatingMonkey :-( On 10/07/2023 17:12, Mathieu via mailop wrote: I feel a bit desperate, because my domain has SPF "-all", and all emails are DKIM signed. I don't know what I can do better to stop being listed again and again. On a suggestion from Slavko, I changed the DMARC policy from `p=none` to `p=quarantine`, but I still got listed 4 times in 3 days. I tried `p=reject` yesterday, but without much hope... At least Rspamd is using it by default: https://rspamd.com/doc/modules/rbl.html I opened an issue to discuss about it: https://github.com/rspamd/rspamd/issues/4544 ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
On 7/11/23 4:18 AM, Jaroslaw Rafa via mailop wrote: Sadly, you're probably right. It would take someone as universally trusted (and as trustworthy) as Jon Postel was once, to run such a service. But there are no people like Jon Postel in decisive positions anymore... Yes, I try to find the good in others more so than many. However I don't think that it would require someone like Jon Postel. Though I would implicitly trust him. I think that what I'm describing could be done in the open above board and completely visible to all. Much like how Certificate Transparency logs provide visibility into what Certificate Authorities do. I don't necessarily need to trust the local scribe if what they record is publicly visible and authenticateable (using contemporary technology). Look at how we -- ostensibly -- trust the DNSSEC for the root zone. It's open, it's visible, it's auditable. I think that if we really wanted to we could come up with something like that to assess if a given RBL operator (entity) has provided evidence that they are adhering to a minimum level of acceptable behavior and / or exceeding it. To me, this is largely just data that is publicly available that is run through a definable / publishable algorithm. As such, there is not as much trust in the organization holding the data as the data and public algorithm itself. Yes, I agree there is an opportunity for questionable practices to be done in a closed system. That's expressly why I'm thinking about an open / visible / auditable system. I genuinely believe that we could come up with something that (the vast majority if not everybody) could be trusted. Or at the very least make it easy to detect when someone did something wrong. Grant. . . . ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
Dňa 11. júla 2023 7:24:29 UTC používateľ Mathieu via mailop napísal: >Actually, it adds 3.5 *by scope*. And it has 3 scopes: url, email and dkim. >Which eventually sum up to 10.5... You would reject our messages. Ah, i miss that. But no, i will not reject your messages, as 10 is threshold for deliver it to Junk. To reject, it must reach 16... Anyway, i will guess that your emails will get some good score too, eg. SPF, DKIM, DMARC, bayes, ..., which will decrease that number... If you are interested, be free to send me email directly, i will send you result back and we both will see ;-) I am not sure how high are default thresholds... >If somebody from SEM is reading this, it would be easy for him/her to find out >the domain I'm talking about. And maybe help us to understand what SEM is >doing? Yes, i am curious/interested to know more too. regards -- Slavko https://www.slavino.sk/ ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
Dnia 11.07.2023 o godz. 02:26:02 Rob McEwen via mailop pisze: > First, Grant, you're far too trusting of institutions and > government. They're especially corrupt these days. Many governments > that have had decades or centuries-long track records for bing > mostly trustworthy and fair - are actually very corrupt these days. > Such a governing body would downward devolve into "what benefits our > party" before long. Sadly, you're probably right. It would take someone as universally trusted (and as trustworthy) as Jon Postel was once, to run such a service. But there are no people like Jon Postel in decisive positions anymore... -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
Thankfully, it seems there is a kind of "Whitelisted by policy": https://spameatingmonkey.com/lookup/gmail.com "This is a normal email service, don't you know gmail?" :-D https://spameatingmonkey.com/lookup/gandi.net With an evidence looking exactly like mines. https://spameatingmonkey.com/lookup/outlook.com https://spameatingmonkey.com/lookup/spameatingmonkey.com Now the question is, why these domains, and how to apply? Or, as it looks like, was it possible only in July, 2019? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
On 10/07/2023 20:01, Slavko via mailop wrote: Sources are on github, any one can see that. It adds 3,5 score by default, while relative high, not significant itself and requires other marks. 3,5 is not enough to mark message as SPAM even with default thresholds, on my site 10 is required for that. Actually, it adds 3.5 *by scope*. And it has 3 scopes: url, email and dkim. Which eventually sum up to 10.5... You would reject our messages. SEM_URIBL (7) [example.com:url,example.com:email] SEM_URIBL (10.5) [example.com:url,example.com:email,example.com:dkim] Anyway, if this RBL is really as bad, it is not worth to use it and would be great to get evidence from others too. Sure. I can't believe, like Jarland said, that SEM would tag domains so simply! By the way, as expected, we got listed again :-( Some "evidences": Received: from dltrngr.net ([240e:390:5d03:af1f:215:383:da23:52d]) by spameatingmonkey (spamtrap) with SMTP id 11AEBA66-904E-4BEB-A4AF-C03AF2E0B406.1 envelope-from ; Tue, 11 Jul 2023 05:42:16 + Received: from zqxd.com ([240e:390:5d03:978f:215:329:2a23:52d]) by spameatingmonkey (spamtrap) with SMTP id 22458D54-2F08-4D56-A805-4A5EBF576198.1 envelope-from ; Tue, 11 Jul 2023 03:45:24 + Received: from uveuqmfh.org ([240e:390:5d03:95cc:215:3bb:623:52d]) by spameatingmonkey (spamtrap) with SMTP id AE4E9276-6718-4FDB-8CCB-C578F1F7F76A.1 envelope-from ; Tue, 11 Jul 2023 02:13:54 + If somebody from SEM is reading this, it would be easy for him/her to find out the domain I'm talking about. And maybe help us to understand what SEM is doing? ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
re properly incentivized - STILL aren't particularly good at this. DNSBLs are HARD! Rob McEwen, invaluement -- Original Message -- From "Michael Peddemors via mailop" To mailop@mailop.org Date 7/10/2023 8:29:14 PM Subject Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken? Actually, what I like is those companies that show real time stats on RBL's, you get to see who is the most accurate, not only who would block the most.. If you get 'inaccuracies', then someone has done something wrong. M3AAWG might be exactly the WRONG organization for this, given it's closed membership.. Need a more altruistic partner for vetting.. Anyone have ideas or contacts? (I know, we have even got on SpamEatingMonkey, love to see their listing criteria, there is suspicion that domains in signatures, or forwarded emails might be enough to trigger it) On 2023-07-10 16:30, Grant Taylor via mailop wrote: On 7/10/23 2:40 PM, Jarland Donnell via mailop wrote: The problem is, running any blacklist and wanting to constantly speak to people who are often just confused about how relevant your list even is, are very often two different things. So there's not anyone to talk to, at least not from a public-facing angle. It would certainly be nice if anyone on this list that might be representing SEM wanted to speak up on the matter. This sounds to be a case worth speaking up on. I found myself wondering if there was anything like the Better Business Bureau or some sort of accreditation that RBL operators can apply for wherein they need to: - demonstrate that they are responsive - publish what is required to be delisted - provide points of contact The intention being that an RBL operator is taking steps / effort to be genuinely good. Yes, mistakes and accidents happen. It's how those mistakes and accidents are responded to that make all the difference. I'd wonder if someone like M3AAWG or the likes could fulfill this function. If such an accreditation existed, then perhaps various filtering software providers could default to only enabling accredited RBLs. I hope it goes without saying that I would want it to be relatively easy to become accredited. I suspect it would need to be even easier to have such accreditation revoked. All players start somewhere small and some grow into big players. Grant. . . . ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
Actually, what I like is those companies that show real time stats on RBL's, you get to see who is the most accurate, not only who would block the most.. If you get 'inaccuracies', then someone has done something wrong. M3AAWG might be exactly the WRONG organization for this, given it's closed membership.. Need a more altruistic partner for vetting.. Anyone have ideas or contacts? (I know, we have even got on SpamEatingMonkey, love to see their listing criteria, there is suspicion that domains in signatures, or forwarded emails might be enough to trigger it) On 2023-07-10 16:30, Grant Taylor via mailop wrote: On 7/10/23 2:40 PM, Jarland Donnell via mailop wrote: The problem is, running any blacklist and wanting to constantly speak to people who are often just confused about how relevant your list even is, are very often two different things. So there's not anyone to talk to, at least not from a public-facing angle. It would certainly be nice if anyone on this list that might be representing SEM wanted to speak up on the matter. This sounds to be a case worth speaking up on. I found myself wondering if there was anything like the Better Business Bureau or some sort of accreditation that RBL operators can apply for wherein they need to: - demonstrate that they are responsive - publish what is required to be delisted - provide points of contact The intention being that an RBL operator is taking steps / effort to be genuinely good. Yes, mistakes and accidents happen. It's how those mistakes and accidents are responded to that make all the difference. I'd wonder if someone like M3AAWG or the likes could fulfill this function. If such an accreditation existed, then perhaps various filtering software providers could default to only enabling accredited RBLs. I hope it goes without saying that I would want it to be relatively easy to become accredited. I suspect it would need to be even easier to have such accreditation revoked. All players start somewhere small and some grow into big players. Grant. . . . ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
On 7/10/23 2:40 PM, Jarland Donnell via mailop wrote: The problem is, running any blacklist and wanting to constantly speak to people who are often just confused about how relevant your list even is, are very often two different things. So there's not anyone to talk to, at least not from a public-facing angle. It would certainly be nice if anyone on this list that might be representing SEM wanted to speak up on the matter. This sounds to be a case worth speaking up on. I found myself wondering if there was anything like the Better Business Bureau or some sort of accreditation that RBL operators can apply for wherein they need to: - demonstrate that they are responsive - publish what is required to be delisted - provide points of contact The intention being that an RBL operator is taking steps / effort to be genuinely good. Yes, mistakes and accidents happen. It's how those mistakes and accidents are responded to that make all the difference. I'd wonder if someone like M3AAWG or the likes could fulfill this function. If such an accreditation existed, then perhaps various filtering software providers could default to only enabling accredited RBLs. I hope it goes without saying that I would want it to be relatively easy to become accredited. I suspect it would need to be even easier to have such accreditation revoked. All players start somewhere small and some grow into big players. Grant. . . . ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
