Re: [mailop] emailreg.org is down
Rob, Jim ... None of this is particularly related to mail ops. Cheers, Steve ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/10/2019 12:00 PM, Jim Popovitch via mailop wrote: > At the very least, it is a suspicious practice. And certain people > high up in the industry have strongly warned me against ever doing > ANYTHING like that Clearly that is a stated "dislike" of an entity's practice. Your PREVIOUS use of the word "dislike" implied that my opinions about a particular entity were biased an based upon my allegedly "disliking" a particular entity (not disliking their practices, disliking THEM). And it implied that my opinions about your opinions were biased by that dislike. At least, that is the way I interpreted your comment below. Yes, I disliked this one practice of theirs (referring to multiple orgs here), but not because I dislike them, nor was my alleged "dislike" of them (which isn't actually the case - I don't have enough info on "them" to form such an opinion) any kind of basis for disliking this one particular practice. There is even a possibility that I could "like" them overall, but STILL "dislike" this practice. For context, here is your previous comment, to which I had responded: O n 1/10/2019 10:44 AM, Jim Popovitch via mailop wrote: You are de-valuing mine, strictly because I have a biz agreement with some entity you dislike. Given your later response - I think we can safely attribute this to a misunderstanding - that you later clarified. And hopefully this will help you understand why I responded the way I did. -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Thu, 2019-01-10 at 11:37 -0500, Rob McEwen wrote: > On 1/10/2019 10:44 AM, Jim Popovitch via mailop wrote: > > you are de-valuing mine, > > Actually, your opinion about these organizations was important and > noteworthy. if someone has a conflict of interest, it *is* helpful to > get feedback indicating that such an entity is reported to be > operating ethically, even if the conflict of interest remains. That > is noteworthy and valued. So I actually *do* value your opinion on > this matter. I just think you have a poor understanding of how/why > some entity's ethics doesn't and shouldn't necessarily be enough to > counter the problems caused by them having a "conflict of interest" > (even if your opinions are still very helpful) > > > strictly because I have a biz agreement with some entity you > > dislike. > > You're attributing beliefs/opinions/feels/assumptions to me that I > haven't expressed. Yet 2 days ago (Tue, 8 Jan 2019 16:36:28 -0500) you said: > At the very least, it is a suspicious practice. And certain people > high up in the industry have strongly warned me against ever doing > ANYTHING like that Clearly that is a stated "dislike" of an entity's practice. > The PRINCIPLES I expressed stand alone and stand on their own apart > from my feelings or motivations or likes or dislikes. I'm morbidly > fascinated that you can't see that. (but as an INTP personality type > - I'm wired to have an objectivity that often transcends and > overcomes my own personal feelings - one that is often brutally > honest, even to a point that I am my worst critic!) > > > I gave you, and this list, my fair assessment of the entity based > > on years of doing business with them > > And as I said, that was valuable (even if PARTLY "besides the point") At least once, if not multiple times you have expressed to me the following: > (there is just so much going on here that you're missing...) So, admittedly, I'm confused about your responses. Clearly, to me, it seems that you feel I have no idea about what I am saying, therefore my experienced opinion (which btw was also stated by others) is lacking. I'm done wagging this dog, have your last words and revel in them. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/10/2019 10:44 AM, Jim Popovitch via mailop wrote: you are de-valuing mine, Actually, your opinion about these organizations was important and noteworthy. if someone has a conflict of interest, it *is* helpful to get feedback indicating that such an entity is reported to be operating ethically, even if the conflict of interest remains. That is noteworthy and valued. So I actually *do* value your opinion on this matter. I just think you have a poor understanding of how/why some entity's ethics doesn't and shouldn't necessarily be enough to counter the problems caused by them having a "conflict of interest" (even if your opinions are still very helpful) strictly because I have a biz agreement with some entity you dislike. You're attributing beliefs/opinions/feels/assumptions to me that I haven't expressed. The PRINCIPLES I expressed stand alone and stand on their own apart from my feelings or motivations or likes or dislikes. I'm morbidly fascinated that you can't see that. (but as an INTP personality type - I'm wired to have an objectivity that often transcends and overcomes my own personal feelings - one that is often brutally honest, even to a point that I am my worst critic!) I gave you, and this list, my fair assessment of the entity based on years of doing business with them And as I said, that was valuable (even if PARTLY "besides the point") -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Thu, 2019-01-10 at 09:33 -0500, Rob McEwen wrote: > ... [snip] ... > > So I'll stop here and quit before I put my foot in my mouth! But ya didn't, did ya? Look dude, everybody has opinions. You are de-valuing mine, strictly because I have a biz agreement with some entity you dislike. Pffft. I gave you, and this list, my fair assessment of the entity based on years of doing business with them. If you have years of doing business with them then speak up or else . (now that is how you stop and quit before you put your foot in your mouth) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/10/2019 9:33 AM, Rob McEwen wrote: is basically to say, "but how do you know for sure that the person isn't giving in to competing interests or is compromised? and how dare you question their judgment!" (to summarize your arguments) oops - "double negative" typo - I meant to say: is basically to say, "but how do you know for sure that the person *is* giving in to competing interests or is compromised? and how dare you question their judgment!" (to summarize your arguments) -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/8/2019 5:16 PM, Jim Popovitch via mailop wrote: I also see an issue where you probably shouldn't criticize another DNSBL unless you have data that they are misstating why and how they collect fees for their efforts Jim, My focus was always on "best practices" and principles - and I think I did a pretty good job of avoiding "naming names" (go back and see for yourself). If someone was reading your statement above - and hadn't actually read my earlier few posts I made - they would have a radically twisted (and negative) impression of me and what I stated - compared to what actually happened. But I will say this - I sleep well at night knowing that I am economically incentivized to run invaluement with the highest ethical standards. Why? Because it is in my economic best interest to do my best to make sure that our subscribers' customers are (1) happy with what invaluement causes to be in the spam folder -AND- (2) happy with what invaluement didn't cause to be in the spam folder and that remained in the inbox. PERIOD. This is one of the benefits of not being overly-entangled with conflicts of interest, due to NOT having economic incentives that compete with those two goals. Also, your defense of situations that involve a "conflict of interest" - is basically to say, "but how do you know for sure that the person isn't giving in to competing interests or is compromised? and how dare you question their judgment!" (to summarize your arguments) - but you're sort of missing the point and you're showing a lack of understanding about professional ethics when it comes to conflicts of interest. For example, if a judge were randomly assigned a case where one side of the case was a close blood relative of that judge - that judge would recuse himself due to a conflict of interest - and another judge would be assigned to the case. So what you're doing is no different than that same scenario - except where the judge refuses to recuse himself - and then you come along and tell those who complained "how dare you question that judge's ability to be impartial - you can't know for sure that he will be biased" - Jim - that might be a little bit more of an extreme example - but that is basically YOU on this thread. In that hypothetical situation, if someone were to criticize me for questioning whether that judge should be taking that case - and then claimed that I was allegedly claiming that this judge was an unethical person - BOTH stances are just incredibly offensive and show a childish lack of understanding of professional ethics and maturity. That is basically what you've done on this thread regarding my criticisms of blacklists that accept payment for delistings and/or payments for whitelistings. Just because I consider that a conflict of interest - doesn't mean that I'm making any kind of specific claim that any particular DNSBL is unethical, or run by unethical people. And as far as your "you probably shouldn't criticize" - wow - that just an amazing statement. It makes me inclined to want to reply in ways that wouldn't be professional or nice. So I'll stop here and quit before I put my foot in my mouth! -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 01/08/2019 02:36 PM, Rob McEwen wrote: I get offers OFTEN from those who had been blacklisted by invaluement, where they ask, "Rob, can we pay you to up us set up our system better so that we won't have the kind of security breaches that caused us to get blacklisted?" (and then I kindly state about a dozen extremely high quality tips, based on their specific situation, for them in about 5-10 free minutes of my time that I donate to them) Occasionally, some have even offered to fly me out to their location to train them - I imagine that those might have been high ticket consultancy jobs! That's where it's nice to identify a handful of consulting companies that you are completely unassociated with to point people at. I've heard of people rotating through a list FIFO style. Any company could request to be added to the bottom of the list. As a DNSBL operator, can you guess WHY it wouldn't be ethical for me to start saying "yes" to those offers? I think that it's possible to say yes. But you would have to be EXTREMELY careful about how you did it. Even then, it's more about the perception of what you do than what you actually do. Particularly by the people / institutions that have an axe to grind. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 16:36 -0500, Rob McEwen wrote: > On 1/8/2019 4:26 PM, Jim Popovitch via mailop wrote: > > Any value greater than a reasonable amount to provide a > > communications > > portal, and actual communications with, the entity requesting the > > de- > > listing. > > Jim, > I get offers OFTEN from those who had been blacklisted by > invaluement, where they ask, "Rob, can we pay you to up us set up our > system better so that we won't have the kind of security breaches > that caused us to get blacklisted?" (and then I kindly state about a > dozen extremely high quality tips, based on their specific situation, > for them in about 5-10 free minutes of my time that I donate to them) I'm not sure how security breaches got into this They happen, if someone gets listed (or worse) because of it, than paying to clean it up is reasonable and expected. > Occasionally, some have even offered to fly me out to their location > to train them - I imagine that those might have been high ticket > consultancy jobs! > > As a DNSBL operator, can you guess WHY it wouldn't be ethical for me > to start saying "yes" to those offers? I can see the ethics issue involved with playing both sides of the line, sure. I also see an issue where you probably shouldn't criticize another DNSBL unless you have data that they are misstating why and how they collect fees for their efforts. ;-) > (there is just so much going on here that you're missing...) I disagree. While I never profess to know everything, I have been receiving and sending bulk email for ~20 years now. I've received a lot of good help along the way, but I've also received a lot of questionable advice, that seemed right at the time (and was given to me with good intentions). As with most things, fill a room full of people and you'll get varying opinions, and those opinions evolve! ;-) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/8/2019 4:26 PM, Jim Popovitch via mailop wrote: Any value greater than a reasonable amount to provide a communications portal, and actual communications with, the entity requesting the de- listing. Jim, I get offers OFTEN from those who had been blacklisted by invaluement, where they ask, "Rob, can we pay you to up us set up our system better so that we won't have the kind of security breaches that caused us to get blacklisted?" (and then I kindly state about a dozen extremely high quality tips, based on their specific situation, for them in about 5-10 free minutes of my time that I donate to them) Occasionally, some have even offered to fly me out to their location to train them - I imagine that those might have been high ticket consultancy jobs! As a DNSBL operator, can you guess WHY it wouldn't be ethical for me to start saying "yes" to those offers? (there is just so much going on here that you're missing...) -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 18:03 +, Olaf Petry - Hornetsecurity wrote: > > > If the barrier had been $1000, then sure > > > I would have said "it's extortion", but it wasn't. > > Where does the extortion barrier start in your opinion? 1000, 500, > 100, 20 or 1 Buck? Any value greater than a reasonable amount to provide a communications portal, and actual communications with, the entity requesting the de- listing. > Let me ask you a second question before you answer: when does murder > begin: 100, 20 or 1 people killed? "Murder" is declared by a court system, long after a killing takes place. That said, there are reasonable and justifiable reasons to kill someone. But we're way off course now, unless you're advocating for an Internet Court system ;-) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 01/08/2019 11:33 AM, Michael Peddemors wrote: We have long been planning on a IPv6 MTA registry, where those wanting to run MTA's on IPv6 could register as a certified operator, eg. a legitimate party with proper abuse contacts etc.. Okay. I question how large the value is in that. I say this because I can see a died in the wool spammer actually registering, paying the (nominal) fee(s), fulfilling the requirements, etc. Much like some spammers were early adopters of SPF / DKIM / DMARC. The key thing is that the list as described doesn't differentiate between good operators and bad operators that both play by all the standard operating rules. Hence, what value does the registry provide? I guess it does provide a first line of identifying someone that's IPv6 address hopping and sending spam to avoid black lists. DNSBL on IPv4 works well enough, but for the IPv6 size, it is more effective to use a registry model, eg where an operator can say we only accept MTA traffic from IPv6 addresses that are contained in the registry. The black hat in me worries that an unscrupulous mailbox operator could operate their own registry and charge people to be white listed. - But nothing prevents that behavior now. But justifying allocating resources for this project, it is hard to come up with a model that would work, we only have so much free cash flow for altruistic projects that benefit the community.. And while it would not really be nice to have any form of payment preventing parties from conducting email services on IPv6, the idea of a 'paid' registry might make such a project more viable. In my (not so) humble opinion, it all comes down the price point. I'd like to equate it to a co-operative utility company. You pay enough to help support the necessary infrastructure. As long as you're not /for/ /profit/ (via exploitation), I think that something like this can be reasonable. As for fees, I as a stingy private individual would be willing to pay $1 ~ $5 per sending IP per year. I might also be willing to pay $1 ~ $5 to be allowed to slave an RBL zone. (I don't know how such would be licensed.) Assuming that the registry was used by enough people to be worth while. Finally, I support the justification of some nominal amount of money exchanged via credit cards (or maybe other services) as a test to make sure that senders are (more likely to be) who they claim to be. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
However, another take on this.. We have long been planning on a IPv6 MTA registry, where those wanting to run MTA's on IPv6 could register as a certified operator, eg. a legitimate party with proper abuse contacts etc.. DNSBL on IPv4 works well enough, but for the IPv6 size, it is more effective to use a registry model, eg where an operator can say we only accept MTA traffic from IPv6 addresses that are contained in the registry. No different than getting a Dun and Bradstreet in the older days.. But justifying allocating resources for this project, it is hard to come up with a model that would work, we only have so much free cash flow for altruistic projects that benefit the community.. And while it would not really be nice to have any form of payment preventing parties from conducting email services on IPv6, the idea of a 'paid' registry might make such a project more viable. On 2019-01-08 10:12 a.m., Rob McEwen wrote: On 1/8/2019 12:43 PM, Jim Popovitch via mailop wrote: For everyone who says "extortion" is it not legitimate to question their motives for saying so? Let me be clear, the folks that I hear make the extortion claim, all provide competitive offerings or sell fee-based deliverability consulting services. O.o When a play-for-play DNSBL claims, "trust us, we're NOT allowing pay-for-play to influence our blacklisting decisions" - no matter how true that statement is - or how ethical is that DNSBL - such a claim itself is involves a biased conflict of interest. This is why many consider it an unethical practice - no matter how ethical the organization is (or seems to be) which attempts that business model. And for anyone considering that business model - keep in mind that running a DNSBL is already dangerous enough - since you're already (in some cases) harming the incomes of organized-crime organizations. Then considered that such criminals (whose income is harmed by blacklistings!) might be even MORE "triggered" by the "pay up, or you'll stay blacklisted" message. I didn't even want to say this because you'll probably say, "Rob, you're just trying to scare off the competition" - but I can't let this go unmentioned because anyone who might to down that path needs to have been warned - so that they'll at least take precautions. -- "Catch the Magic of Linux..." Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/8/2019 12:43 PM, Jim Popovitch via mailop wrote: For everyone who says "extortion" is it not legitimate to question their motives for saying so? Let me be clear, the folks that I hear make the extortion claim, all provide competitive offerings or sell fee-based deliverability consulting services. O.o When a play-for-play DNSBL claims, "trust us, we're NOT allowing pay-for-play to influence our blacklisting decisions" - no matter how true that statement is - or how ethical is that DNSBL - such a claim itself is involves a biased conflict of interest. This is why many consider it an unethical practice - no matter how ethical the organization is (or seems to be) which attempts that business model. And for anyone considering that business model - keep in mind that running a DNSBL is already dangerous enough - since you're already (in some cases) harming the incomes of organized-crime organizations. Then considered that such criminals (whose income is harmed by blacklistings!) might be even MORE "triggered" by the "pay up, or you'll stay blacklisted" message. I didn't even want to say this because you'll probably say, "Rob, you're just trying to scare off the competition" - but I can't let this go unmentioned because anyone who might to down that path needs to have been warned - so that they'll at least take precautions. -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
N¬Æ§Kó0K"wë,jµó8ößÏuÛìM÷Ó¿w@¼ S¢f¢fj)h¦à¨¥¢Z)¢¸¹¸ÞrÔD¨¥¢¦j)kz ++£ Ãj×¹ï j}´×Ý|Ó}ùûM4Ð*'µéí-©à¹¨uàÄ íz{SÊ{¦V¢ÈZ®Ç___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 12:04 -0500, Rob McEwen wrote: > On 1/8/2019 11:46 AM, Jim Popovitch via mailop wrote: > > The same has been said about HTML emails...but that hasn't stopped > > folks from using them.;-) > > "apples to oranges" comparison - sort of like saying it is ok to > cheat on your taxes because some people drive 5 miles above the speed > limit. Sometimes an "apples to apples" comparison doesn't quite exist. > > IMO "suspicious practice" is a wide brush. One might say the same > > about all DNSBLs being suspicious because there is a fair amount of > > ambiguity, mystery, and uncertainty. The reality is pay-to-play > > works (both at Barracuda and UCE Protect), like it or not, it is an > > extremely small entry point for entry level players and it provides > > a way for the operators of those BLs to know exactly who they are > > whitelisting. The only other solution would be an Internet > > Operators License;-) > > My "suspicious practice" label was almost a sarcastic understatement. > I was trying to be generous and forgiving. I don't think you're > understanding exactly how/why pay-for-play for a blacklist comes > across as an unethical extortion scam. Pretend you just got > blacklisted and your users are mad as hell about how much of their > outbound legitimate messages are currently being blocked. Then > pretend that the DNSBL that blacklisted you is willing to delist you, > but ONLY if you would just pay them money. But that's not how it really works. There is no extortion occurring, there is a reasonable entry fee...AND that fee is never requested until you cross a threshold. For everyone who says "extortion" is it not legitimate to question their motives for saying so? Let me be clear, the folks that I hear make the extortion claim, all provide competitive offerings or sell fee-based deliverability consulting services. O.o > Then think hard about all the motivations involved. For example, > suppose you had a security hole that was very brief, and less than 1K > spams went out - you had fixed it quickly - but now a lot more legit > messages are being blocked... and this has been happening for > days now. Then the DNSBL states that they don't care, and you'll stay > listed for almost another week until you pay up. That has never been my experience in almost 20 years of sending legitimate yet sometimes spammy email (think: prostate cancer discussions). I've hit their walls before, but they (Barracuda and UCE Protect) both worked with me and explained the barrier and the reason for the barrier to be lifted. If the barrier had been $1000, then sure I would have said "it's extortion", but it wasn't. It took years to build a good bulk sender reputation, and that reputation is tied to a named entity, and that named entity is verified by a credit card transaction. > Its like that, fwiw. Do you see that there might be a conflict of > interest in their blacklisting/delisting decisions? I see where there can be bad actors, but I have yet to see a bad actor operating a BL used by any relevant receiver. > (unfortunately, some will have to be on the receiving end of this to > actually know how this feels) I've been there, and it never felt like extortion. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/8/2019 11:46 AM, Jim Popovitch via mailop wrote: The same has been said about HTML emails...but that hasn't stopped folks from using them.;-) "apples to oranges" comparison - sort of like saying it is ok to cheat on your taxes because some people drive 5 miles above the speed limit. IMO "suspicious practice" is a wide brush. One might say the same about all DNSBLs being suspicious because there is a fair amount of ambiguity, mystery, and uncertainty. The reality is pay-to-play works (both at Barracuda and UCE Protect), like it or not, it is an extremely small entry point for entry level players and it provides a way for the operators of those BLs to know exactly who they are whitelisting. The only other solution would be an Internet Operators License;-) My "suspicious practice" label was almost a sarcastic understatement. I was trying to be generous and forgiving. I don't think you're understanding exactly how/why pay-for-play for a blacklist comes across as an unethical extortion scam. Pretend you just got blacklisted and your users are mad as hell about how much of their outbound legitimate messages are currently being blocked. Then pretend that the DNSBL that blacklisted you is willing to delist you, but ONLY if you would just pay them money. Then think hard about all the motivations involved. For example, suppose you had a security hole that was very brief, and less than 1K spams went out - you had fixed it quickly - but now a lot more legit messages are being blocked... and this has been happening for days now. Then the DNSBL states that they don't care, and you'll stay listed for almost another week until you pay up. Its like that, fwiw. Do you see that there might be a conflict of interest in their blacklisting/delisting decisions? (unfortunately, some will have to be on the receiving end of this to actually know how this feels) -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 11:26 -0500, Rob McEwen wrote: > On 1/8/2019 10:26 AM, Jim Popovitch via mailop wrote: > > > Which spammer would not pay that fee if they would be interested > > > to > > > get whitelisted? > > > > That's not how it works, and frankly you should know that as a > > security > > expert. > > At the very least, it is a suspicious practice. And certain people > high up in the industry have strongly warned me against ever doing > ANYTHING like that... The same has been said about HTML emails...but that hasn't stopped folks from using them. ;-) IMO "suspicious practice" is a wide brush. One might say the same about all DNSBLs being suspicious because there is a fair amount of ambiguity, mystery, and uncertainty. The reality is pay-to-play works (both at Barracuda and UCE Protect), like it or not, it is an extremely small entry point for entry level players and it provides a way for the operators of those BLs to know exactly who they are whitelisting. The only other solution would be an Internet Operators License ;-) -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On 1/8/2019 10:26 AM, Jim Popovitch via mailop wrote: Which spammer would not pay that fee if they would be interested to get whitelisted? That's not how it works, and frankly you should know that as a security expert. At the very least, it is a suspicious practice. And certain people high up in the industry have strongly warned me against ever doing ANYTHING like that with my invaluement blacklist - because it comes across as an extortion racket. But, ironically, some of these same people have also said to me (i paraphrase), "I know you're really not suppose to do anything like this, and I can't tell you who actually runs this site (which may be different than Barracuda personnel), but I assure you that they are actually doing this ethically, in spite of all the times we said this shouldn't be done" - and I was left with the impression that I STILL shouldn't ever do anything like that. (and I haven't) So there you go - this is something that shouldn't be done - but I got assurances from extremely important people in the DNSBL/spam-filtering industry that THEY are doing it ethically, fwiw. A little confused? Me too. (btw - these same people high up in the industry are not as forgiving or understanding when it comes to a certain other DNSBL that charges for faster delistings) -- Rob McEwen https://www.invaluement.com ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 15:06 +, Olaf Petry - Hornetsecurity wrote: > > > the $$ is to validate the responsible entity behind a sending > > > domain that is whitelisted > > > You are kidding, don't you? No I am not kidding. > Which spammer would not pay that fee if they would be interested to > get whitelisted? That's not how it works, and frankly you should know that as a security expert. > Any service that requests a fee to get whitelisted or unlisted from a > blocklist is at least dubious IMHO. Your ISP charges a fee for access through their network. Think about that for a minute. If you don't pay the fee you have to jump through hoops+loops to access their network (find a friend to bum their wifi, get your mom's password, etc.). If you do pay the fee, that doesn't mean you have free reign to abuse their network. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
N¬Æ§Kó0K"wë,j¹@ÔÄï@ã®ûQAãÑz P¸Ûo¢f¢fj)h¦à¨¥¢Z)¢¸¹¸ÞrÔD¨¥¢¦j)kz ++£ Ãj×¹ï j}´×ÝyÓ®wûM4Ð*'µéí-©à¹¨uàÄ íz{SÊ{¦V¢ÈZ®Ç___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
On Tue, 2019-01-08 at 13:56 +, Mathieu Bourdin wrote: > Wasnt that the paying "service"? I think remember something like 20$ > for getting delisted for each IP or domain. Yep, that's $20 per year. The $$ isn't to fund their vacations or service, the $$ is to validate the responsible entity behind a sending domain that is whitelisted. YMMV, but $20 seems like a pittance to pay to not have to worry or deal with Barracuda BL issues. -Jim P. ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
Wasnt that the paying "service"? I think remember something like 20$ for getting delisted for each IP or domain. We considered it a scam and didn't go forward on that, especially as the "service" itself was only loosely related to Barracuda itself. Seemed weird to us. Might be mistaken though, it was like 4 or 5 years ago. Mathieu Bourdin. -Message d'origine- De : mailop De la part de Steve Atkins Envoyé : mardi 8 janvier 2019 13:08 À : mailop@mailop.org Objet : Re: [mailop] emailreg.org is down > On Jan 8, 2019, at 11:53 AM, David Jones via mailop wrote: > > Anyone on this list know if this site is worth registration? One of our mail > servers was listed on Barracuda BRBL which recommended to sign up with > emailreg.org. > > http://www.emailreg.org/index.cgi?p=register It's a slightly off-the-books service run by Barracuda, or at least by Barracuda employees. If you're listed by Barracuda, and if emailreg.org exists, it's likely worth doing. But it's unlikely to affect anything other than a Barracuda list. Cheers, Steve ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
Re: [mailop] emailreg.org is down
> On Jan 8, 2019, at 11:53 AM, David Jones via mailop wrote: > > Anyone on this list know if this site is worth registration? One of our mail > servers was listed on Barracuda BRBL which recommended to sign up with > emailreg.org. > > http://www.emailreg.org/index.cgi?p=register It's a slightly off-the-books service run by Barracuda, or at least by Barracuda employees. If you're listed by Barracuda, and if emailreg.org exists, it's likely worth doing. But it's unlikely to affect anything other than a Barracuda list. Cheers, Steve ___ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop