Re: Freelotto.com

[Matus UHLAR - fantomas]

On 03.07.09 09:11, Cory Hawkless wrote:
> I get mail from this domain on my Junk email user but i had to subscribe,
> However my SA\Amavis install seems to be hitting most of these recently

did you manage to unsubscribe?

> On 02.07.09 08:36, Kasper Sacharias Eenberg wrote:
> > Is this site spamming?
> > 
> > I really can't figure it out! (They have full names/addresses) and hit
> > the 'RCVD_IN_BSP_TRUSTED -4.30' rule.
> > 
> > But the mails look obviously like spam to me.

> they seem not to mail random addresses but googling revealed complaints of
> non-working unsubscribing...

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease

Can update from sought.rules.yerp.org as I get SHA1 verification failed

[Brent Clark]

Hiya

Im having a little problem with updating.

[13860] dbg: plugin: 
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9ccb9c0) implements 
'finish_tests', priority 0
[13860] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x9e46fe8) 
implements 'finish_tests', priority 0
[13860] dbg: generic: lint check of site pre files succeeded, continuing 
with channel updates

[13860] dbg: channel: reading MIRRORED.BY file
[13860] dbg: channel: found mirror http://yerp.org/rules/stage/
[13860] dbg: channel: selected mirror http://yerp.org/rules/stage
[13860] dbg: http: GET request, http://yerp.org/rules/stage/320790737.tar.gz
[13860] dbg: http: GET request, 
http://yerp.org/rules/stage/320790737.tar.gz.sha1
[13860] dbg: http: GET request, 
http://yerp.org/rules/stage/320790737.tar.gz.asc
[13860] dbg: http: IMS GET request, 
http://yerp.org/rules/stage/MIRRORED.BY, Mon, 01 Dec 2008 04:20:22 GMT

[13860] dbg: sha1: verification wanted: 320790737
[13860] dbg: sha1: verification result: 
a9dbb531b21b74b2cb5b51bca7cd0352493e6a59

channel: SHA1 verification failed, channel failed
[13860] dbg: generic: cleaning up temporary directory/files
[13860] dbg: diag: updates complete, exiting with code 4

Would you know how I could fix this?

Kind Regards
Brent Clark

Re: constantcontact.com

[Aaron Wolfe]

On Fri, Jul 3, 2009 at 2:39 AM,
rich...@buzzhost.co.uk wrote:
> I'm probably missing something here - but Constant Contact (who we block
> by IP) have been a nagging source of spam for us. I'm just wondering why

Could you share your IP list?  I'd like to block these clowns too (and
I'm lazy).


> 25_uribl.cf has this line in it:
>
> ## DOMAINS TO SKIP (KNOWN GOOD)
>
> # Don't bother looking for example domains as per RFC 2606.
> uridnsbl_skip_domain example.com example.net example.org
>
> ..
> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>
> Is this a uri that is really suitable for white listing ?
>
>
>

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 03:50 -0400, Aaron Wolfe wrote:
> On Fri, Jul 3, 2009 at 2:39 AM,
> rich...@buzzhost.co.uk wrote:
> > I'm probably missing something here - but Constant Contact (who we block
> > by IP) have been a nagging source of spam for us. I'm just wondering why
> 
> Could you share your IP list?  I'd like to block these clowns too (and
> I'm lazy).
> 
> 
> > 25_uribl.cf has this line in it:
> >
> > ## DOMAINS TO SKIP (KNOWN GOOD)
> >
> > # Don't bother looking for example domains as per RFC 2606.
> > uridnsbl_skip_domain example.com example.net example.org
> >
> > ..
> > uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
> >
> > Is this a uri that is really suitable for white listing ?
> >
> >
> >
The biggest offenders for me fall in these ranges;

63.251.135.64 - 63.251.135.127
66.151.234.144 - 66.151.234.159
208.75.120.0 - 208.75.123.255

Constant contact will tell you they are opt-in. That is B/S.
The are using a honeypot address used only in usenet post from around 2
years ago. It is always bounced with a 550, but still they keep
knocking.

RE: Freelotto.com

[Cory Hawkless]

Lol, This might seem wrong but I don't want to, I want every single bit of
load I can get on my mail server! Makes testing configurations easier when
there is actually traffic going through it.

So I couldn't say if the unsubscribe process works as i've never tried it.

-Original Message-
From: Matus UHLAR - fantomas [mailto:uh...@fantomas.sk] 
Sent: Friday, 3 July 2009 5:12 PM
To: users@spamassassin.apache.org
Subject: Re: Freelotto.com

On 03.07.09 09:11, Cory Hawkless wrote:
> I get mail from this domain on my Junk email user but i had to subscribe,
> However my SA\Amavis install seems to be hitting most of these recently

did you manage to unsubscribe?

> On 02.07.09 08:36, Kasper Sacharias Eenberg wrote:
> > Is this site spamming?
> > 
> > I really can't figure it out! (They have full names/addresses) and hit
> > the 'RCVD_IN_BSP_TRUSTED -4.30' rule.
> > 
> > But the mails look obviously like spam to me.

> they seem not to mail random addresses but googling revealed complaints of
> non-working unsubscribing...

-- 
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease

Re: constantcontact.com

[Mike Cardwell]

rich...@buzzhost.co.uk wrote:


I'm probably missing something here - but Constant Contact (who we block
by IP) have been a nagging source of spam for us. I'm just wondering why
25_uribl.cf has this line in it:

## DOMAINS TO SKIP (KNOWN GOOD)

# Don't bother looking for example domains as per RFC 2606.
uridnsbl_skip_domain example.com example.net example.org

..
uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com

Is this a uri that is really suitable for white listing ?


A set of perl modules has been uploaded to cpan today for talking to the 
ConstantContact API:


http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm

I just thought it was a weird coincidence, seeing as I'd never heared of 
them before today.


--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

Re: constantcontact.com

[Nick Warr]

rich...@buzzhost.co.uk ha scritto:

On Fri, 2009-07-03 at 03:50 -0400, Aaron Wolfe wrote:
  

On Fri, Jul 3, 2009 at 2:39 AM,
rich...@buzzhost.co.uk wrote:


I'm probably missing something here - but Constant Contact (who we block
by IP) have been a nagging source of spam for us. I'm just wondering why
  

Could you share your IP list?  I'd like to block these clowns too (and
I'm lazy).




25_uribl.cf has this line in it:

## DOMAINS TO SKIP (KNOWN GOOD)

# Don't bother looking for example domains as per RFC 2606.
uridnsbl_skip_domain example.com example.net example.org

..
uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com

Is this a uri that is really suitable for white listing ?



  

The biggest offenders for me fall in these ranges;

63.251.135.64 - 63.251.135.127
66.151.234.144 - 66.151.234.159
208.75.120.0 - 208.75.123.255

Constant contact will tell you they are opt-in. That is B/S.
The are using a honeypot address used only in usenet post from around 2
years ago. It is always bounced with a 550, but still they keep
knocking.
  

Well, it certainly is constant contact...

Re: constantcontact.com

[Justin Mason]

I've heard that they are diligent about terminating abusive clients.
Are you reporting these spams to them?

--j.

On Fri, Jul 3, 2009 at 09:55, Mike
Cardwell wrote:
> rich...@buzzhost.co.uk wrote:
>
>> I'm probably missing something here - but Constant Contact (who we block
>> by IP) have been a nagging source of spam for us. I'm just wondering why
>> 25_uribl.cf has this line in it:
>>
>> ## DOMAINS TO SKIP (KNOWN GOOD)
>>
>> # Don't bother looking for example domains as per RFC 2606.
>> uridnsbl_skip_domain example.com example.net example.org
>>
>> ..
>> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>>
>> Is this a uri that is really suitable for white listing ?
>
> A set of perl modules has been uploaded to cpan today for talking to the
> ConstantContact API:
>
> http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
>
> I just thought it was a weird coincidence, seeing as I'd never heared of
> them before today.
>
> --
> Mike Cardwell - IT Consultant and LAMP developer
> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
>
>

Re: AE_MEDS35 does not more work...

[Michelle Konzack]

Am 2009-07-02 15:18:16, schrieb John Hardin:
> Can you post the original raw message to a pastebin, please?

I am on GSM (O2) and not able to upload to 
(I can view contents abut not upload)

I will try to upload it to



Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   c/o Vertriebsp. KabelBW
   Blumenstrasse 2
Jabber linux4miche...@jabber.ccc.de   77694 Kehl/Germany
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> I've heard that they are diligent about terminating abusive clients.
> Are you reporting these spams to them?
> 
Yes - but you would thing a log full of 550's may be a clue.

What concerns me is SpamAssassin effectively white listing spammers.
White listing should be a user option - not something added in a
nefarious manner. At least it is clear to see with Spamassassin which is
a plus - but I cannot pretend that I am not disappointed to find a
whitelisted 'spammer net' in the core rules. I'm wondering why (other
than MONEY) it would have ended up in there?

Re: constantcontact.com

[Aaron Wolfe]

On Fri, Jul 3, 2009 at 5:06 AM, Justin Mason wrote:
> I've heard that they are diligent about terminating abusive clients.
> Are you reporting these spams to them?
>
> --j.
>

>From what I've seen, most of the traffic from them probably doesn't
qualify as spam by the common definition.  It is, however, stuff that
nobody here wants.  I'm surprised SA is giving them a pass, but there
have been other strange things that got a free ride through SA in the
past, like Habeas certified junk.


> On Fri, Jul 3, 2009 at 09:55, Mike
> Cardwell wrote:
>> rich...@buzzhost.co.uk wrote:
>>
>>> I'm probably missing something here - but Constant Contact (who we block
>>> by IP) have been a nagging source of spam for us. I'm just wondering why
>>> 25_uribl.cf has this line in it:
>>>
>>> ## DOMAINS TO SKIP (KNOWN GOOD)
>>>
>>> # Don't bother looking for example domains as per RFC 2606.
>>> uridnsbl_skip_domain example.com example.net example.org
>>>
>>> ..
>>> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>>>
>>> Is this a uri that is really suitable for white listing ?
>>
>> A set of perl modules has been uploaded to cpan today for talking to the
>> ConstantContact API:
>>
>> http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
>>
>> I just thought it was a weird coincidence, seeing as I'd never heared of
>> them before today.
>>
>> --
>> Mike Cardwell - IT Consultant and LAMP developer
>> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
>>
>>
>

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 05:16 -0400, Aaron Wolfe wrote:
> On Fri, Jul 3, 2009 at 5:06 AM, Justin Mason wrote:
> > I've heard that they are diligent about terminating abusive clients.
> > Are you reporting these spams to them?
> >
> > --j.
> >
> 
> >From what I've seen, most of the traffic from them probably doesn't
> qualify as spam by the common definition.  It is, however, stuff that
> nobody here wants.  I'm surprised SA is giving them a pass, but there
> have been other strange things that got a free ride through SA in the
> past, like Habeas certified junk.
> 
> 
> > On Fri, Jul 3, 2009 at 09:55, Mike
> > Cardwell wrote:
> >> rich...@buzzhost.co.uk wrote:
> >>
> >>> I'm probably missing something here - but Constant Contact (who we block
> >>> by IP) have been a nagging source of spam for us. I'm just wondering why
> >>> 25_uribl.cf has this line in it:
> >>>
> >>> ## DOMAINS TO SKIP (KNOWN GOOD)
> >>>
> >>> # Don't bother looking for example domains as per RFC 2606.
> >>> uridnsbl_skip_domain example.com example.net example.org
> >>>
> >>> ..
> >>> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
> >>>
> >>> Is this a uri that is really suitable for white listing ?
> >>
> >> A set of perl modules has been uploaded to cpan today for talking to the
> >> ConstantContact API:
> >>
> >> http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
> >>
> >> I just thought it was a weird coincidence, seeing as I'd never heared of
> >> them before today.
> >>
> >> --
> >> Mike Cardwell - IT Consultant and LAMP developer
> >> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
> >>
> >>
> >

Re: Can update from sought.rules.yerp.org as I get SHA1 verification failed

[Justin Mason]

yep, seeing that here too.  Investigating...

On Fri, Jul 3, 2009 at 08:42, Brent Clark wrote:
> Hiya
>
> Im having a little problem with updating.
>
> [13860] dbg: plugin: Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9ccb9c0)
> implements 'finish_tests', priority 0
> [13860] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x9e46fe8)
> implements 'finish_tests', priority 0
> [13860] dbg: generic: lint check of site pre files succeeded, continuing
> with channel updates
> [13860] dbg: channel: reading MIRRORED.BY file
> [13860] dbg: channel: found mirror http://yerp.org/rules/stage/
> [13860] dbg: channel: selected mirror http://yerp.org/rules/stage
> [13860] dbg: http: GET request, http://yerp.org/rules/stage/320790737.tar.gz
> [13860] dbg: http: GET request,
> http://yerp.org/rules/stage/320790737.tar.gz.sha1
> [13860] dbg: http: GET request,
> http://yerp.org/rules/stage/320790737.tar.gz.asc
> [13860] dbg: http: IMS GET request, http://yerp.org/rules/stage/MIRRORED.BY,
> Mon, 01 Dec 2008 04:20:22 GMT
> [13860] dbg: sha1: verification wanted: 320790737
> [13860] dbg: sha1: verification result:
> a9dbb531b21b74b2cb5b51bca7cd0352493e6a59
> channel: SHA1 verification failed, channel failed
> [13860] dbg: generic: cleaning up temporary directory/files
> [13860] dbg: diag: updates complete, exiting with code 4
>
> Would you know how I could fix this?
>
> Kind Regards
> Brent Clark
>
>

Re: AE_MEDS35 does not more work...

[Paweł Tęcza]

Michelle Konzack pisze:
> Am 2009-07-02 15:18:16, schrieb John Hardin:
>> Can you post the original raw message to a pastebin, please?
> 
> I am on GSM (O2) and not able to upload to 
> (I can view contents abut not upload)
> 
> I will try to upload it to
> 
> 

Hello,

$ wget
http://devel.debian.tamay-dogan.net/tmp/spamassassin/non_working_sa.00.msg
...
$ wget
http://devel.debian.tamay-dogan.net/tmp/spamassassin/non_working_sa.11.msg

$ spamassassin -D < non_working_sa.00.msg > non_working_sa.00.log 2>&1
...
$ spamassassin -D < non_working_sa.00.msg > non_working_sa.11.log 2>&1

$ grep "ran body rule LOCAL_BODY_WWW_MEDSXX_NET" non_working_sa.*.log
non_working_sa.00.log:[16376] dbg: rules: ran body rule
LOCAL_BODY_WWW_MEDSXX_NET ==> got hit: "www. gen88. net"
non_working_sa.01.log:[17726] dbg: rules: ran body rule
LOCAL_BODY_WWW_MEDSXX_NET ==> got hit: "www. gen88. net"
non_working_sa.02.log:[21854] dbg: rules: ran body rule
LOCAL_BODY_WWW_MEDSXX_NET ==> got hit: "www. gen88. net"
non_working_sa.10.log:[22118] dbg: rules: ran body rule
LOCAL_BODY_WWW_MEDSXX_NET ==> got hit: "www. gen88. net"
non_working_sa.11.log:[22291] dbg: rules: ran body rule
LOCAL_BODY_WWW_MEDSXX_NET ==> got hit: "www. gen88. net"

I have probably older version John's regexp and as you can see above it
works for me very well.

# Thanks to John Hardin! :)
body LOCAL_BODY_WWW_MEDSXX_NET
/\bwww(?:\s|\s\W|\W\s)\w{3,6}\d{2,6}(?:\s|\s\W|\W\s)(?:c\s?o\s?m|n\s?e\s?t|o\s?r\s?g)\b/i
scoreLOCAL_BODY_WWW_MEDSXX_NET  5.0
describe LOCAL_BODY_WWW_MEDSXX_NET  "(www medsXX net)" spam

Kind regards,

P.

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 05:16 -0400, Aaron Wolfe wrote:

> >From what I've seen, most of the traffic from them probably doesn't
> qualify as spam by the common definition.  It is, however, stuff that
> nobody here wants.

I think we are all to generous in what we consider to be 'spam' -v-
'ham'.

If it has come from any form of 'marketing' or 'communication' company
then clearly it is bulk, most likely it is sales based, and almost
certainly it is unsolicited. That makes it spam to me.

Coming from Barracuda (the original 'pay to spam' company) I am always
suspicious of the motives of any spam-net appearing in a white list.
Very suspicious indeed. If you can see it in the core rules, are any
other rules weighted in the favour of people like Constant Contact?

I've opened up the RBL listing I have for them - lets see how much of it
passes through Spamassassin and what score it gets :-)

Re: Can update from sought.rules.yerp.org as I get SHA1 verification failed

[Justin Mason]

it seems to have resolved itself.

: 26...; wget http://yerp.org/rules/stage/320790737.tar.gz.sha1; wget
http://yerp.org/rules/stage/320790737.tar.gz
--2009-07-03 09:59:56--  http://yerp.org/rules/stage/320790737.tar.gz.sha1
Resolving yerp.org... 216.180.243.10
Connecting to yerp.org|216.180.243.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 98 [application/x-gzip]
Saving to: `320790737.tar.gz.sha1'

100%[=>] 98
  --.-K/s   in 0s

2009-07-03 09:59:56 (10.4 MB/s) - `320790737.tar.gz.sha1' saved [98/98]

--2009-07-03 09:59:56--  http://yerp.org/rules/stage/320790737.tar.gz
Resolving yerp.org... 216.180.243.10
Connecting to yerp.org|216.180.243.10|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 57294 (56K) [application/x-gzip]
Saving to: `320790737.tar.gz'

100%[=>]
57,294   163K/s   in 0.3s

2009-07-03 09:59:56 (163 KB/s) - `320790737.tar.gz' saved [57294/57294]


: 27...; sha1sum 320790737.tar.gz
e789d5fdcdcac78da7d4f3a13eb5b8432a5c3270  320790737.tar.gz

: 28...; cat 320790737.tar.gz.sha1
e789d5fdcdcac78da7d4f3a13eb5b8432a5c3270
/home/jm/ftp/sandboxupdates/tmp/sought.3.2.x/update.tgz

: 34...; curl http://yerp.org/rules/GPG.KEY  | gpg --import
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
100  2437  100  24370 0  10301  0 --:--:-- --:--:-- --:--:-- 1291k
gpg: key 6C6191E3: public key "Justin Mason Signing Key (Code Signing
Only) " imported
gpg: Total number processed: 1
gpg:   imported: 1

: 35...; gpg --verify 320790737.tar.gz.asc 320790737.tar.gz
gpg: Signature made Thu Jul  2 21:29:30 2009 UTC using DSA key ID 6C6191E3
gpg: Good signature from "Justin Mason Signing Key (Code Signing Only)
"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8D25 B5E9 1DAF 0F71 5F60  B588 DC85 341F 6C61 91E3


I'm not sure, but I suspect the data served by the httpd for
320790737.tar.gz was corrupted in some way, not sure why; but the
signatures caught it, and it's now back to normal again.

--j.

On Fri, Jul 3, 2009 at 10:43, Justin Mason wrote:
> yep, seeing that here too.  Investigating...
>
> On Fri, Jul 3, 2009 at 08:42, Brent Clark wrote:
>> Hiya
>>
>> Im having a little problem with updating.
>>
>> [13860] dbg: plugin: Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x9ccb9c0)
>> implements 'finish_tests', priority 0
>> [13860] dbg: plugin: Mail::SpamAssassin::Plugin::Check=HASH(0x9e46fe8)
>> implements 'finish_tests', priority 0
>> [13860] dbg: generic: lint check of site pre files succeeded, continuing
>> with channel updates
>> [13860] dbg: channel: reading MIRRORED.BY file
>> [13860] dbg: channel: found mirror http://yerp.org/rules/stage/
>> [13860] dbg: channel: selected mirror http://yerp.org/rules/stage
>> [13860] dbg: http: GET request, http://yerp.org/rules/stage/320790737.tar.gz
>> [13860] dbg: http: GET request,
>> http://yerp.org/rules/stage/320790737.tar.gz.sha1
>> [13860] dbg: http: GET request,
>> http://yerp.org/rules/stage/320790737.tar.gz.asc
>> [13860] dbg: http: IMS GET request, http://yerp.org/rules/stage/MIRRORED.BY,
>> Mon, 01 Dec 2008 04:20:22 GMT
>> [13860] dbg: sha1: verification wanted: 320790737
>> [13860] dbg: sha1: verification result:
>> a9dbb531b21b74b2cb5b51bca7cd0352493e6a59
>> channel: SHA1 verification failed, channel failed
>> [13860] dbg: generic: cleaning up temporary directory/files
>> [13860] dbg: diag: updates complete, exiting with code 4
>>
>> Would you know how I could fix this?
>>
>> Kind Regards
>> Brent Clark
>>
>>
>

Re: AE_MEDS35 does not more work...

[Paweł Tęcza]

Paweł Tęcza pisze:
> Hello,
> 
> $ wget
> http://devel.debian.tamay-dogan.net/tmp/spamassassin/non_working_sa.00.msg
> ...
> $ wget
> http://devel.debian.tamay-dogan.net/tmp/spamassassin/non_working_sa.11.msg
> 
> $ spamassassin -D < non_working_sa.00.msg > non_working_sa.00.log 2>&1
> ...
> $ spamassassin -D < non_working_sa.00.msg > non_working_sa.11.log 2>&1
 ^^
Should be non_working_sa.11.msg, of course. It's only typo, I've checked
all your spam samples.

P.

Re: constantcontact.com

[Yet Another Ninja]

On 7/3/2009 11:14 AM, rich...@buzzhost.co.uk wrote:

On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:

I've heard that they are diligent about terminating abusive clients.
Are you reporting these spams to them?


Yes - but you would thing a log full of 550's may be a clue.

What concerns me is SpamAssassin effectively white listing spammers.
White listing should be a user option - not something added in a
nefarious manner. At least it is clear to see with Spamassassin which is
a plus - but I cannot pretend that I am not disappointed to find a
whitelisted 'spammer net' in the core rules. I'm wondering why (other
than MONEY) it would have ended up in there?


this has a historical reasons and its not about "whitelisting spammers"

Many moons ago, when SA started doing URI lookup with the SpamcopURI 
plugin, there was only one URI BL: SURBL and to spare it from 
unnecessary queries, the skip list was implemented avoid the extar load 
and a number of ESPs which back then were considered to never send 
UBE/UCE were added.
Times have changed and there's option regarding URI lookups, in public 
and private BLs. Also, URI Bls can handle way more traffic than they 
could 6 or 7 years back.


There have been numerous requests to get some of these skip entries 
removed but non was honoured.


The bottom line is that its trivial and cheaper to write a static URI 
rule to tag a URL (if you really need to) and which doesn't affect the 
globe, than hammering the BLs with zillion of extra queries.


SA is conservative and caters to a VERY wide user base, with VERY 
different understanding what is UBE/UCE so while everyone saves reources 
on useless queries, you still havea  way to score constantcontact with 
100 if its your choice.



axb

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 12:06 +0200, Yet Another Ninja wrote:
> On 7/3/2009 11:14 AM, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> >> I've heard that they are diligent about terminating abusive clients.
> >> Are you reporting these spams to them?
> >>
> > Yes - but you would thing a log full of 550's may be a clue.
> > 
> > What concerns me is SpamAssassin effectively white listing spammers.
> > White listing should be a user option - not something added in a
> > nefarious manner. At least it is clear to see with Spamassassin which is
> > a plus - but I cannot pretend that I am not disappointed to find a
> > whitelisted 'spammer net' in the core rules. I'm wondering why (other
> > than MONEY) it would have ended up in there?
> 
> this has a historical reasons and its not about "whitelisting spammers"
> 
> Many moons ago, when SA started doing URI lookup with the SpamcopURI 
> plugin, there was only one URI BL: SURBL and to spare it from 
> unnecessary queries, the skip list was implemented avoid the extar load 
> and a number of ESPs which back then were considered to never send 
> UBE/UCE were added.
> Times have changed and there's option regarding URI lookups, in public 
> and private BLs. Also, URI Bls can handle way more traffic than they 
> could 6 or 7 years back.
> 
> There have been numerous requests to get some of these skip entries 
> removed but non was honoured.
> 
> The bottom line is that its trivial and cheaper to write a static URI 
> rule to tag a URL (if you really need to) and which doesn't affect the 
> globe, than hammering the BLs with zillion of extra queries.
> 
> SA is conservative and caters to a VERY wide user base, with VERY 
> different understanding what is UBE/UCE so while everyone saves reources 
> on useless queries, you still havea  way to score constantcontact with 
> 100 if its your choice.
> 
> 
> axb
Should that be Hi$torical Rea$ons ? ;-) There is no current excuse and
this kind of alleged legacy rubbish needs to be pulled out.

As it stands the is simply white listing a bulker. A spam filter that
white lists a spammer - how bizarre ! I'm cynical. The only logical
reason I can see for anything of this nature is money changing hands.

Re: constantcontact.com

[Justin Mason]

On Fri, Jul 3, 2009 at 10:14,
rich...@buzzhost.co.uk wrote:
> On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>> I've heard that they are diligent about terminating abusive clients.
>> Are you reporting these spams to them?
>>
> Yes - but you would thing a log full of 550's may be a clue.
>
> What concerns me is SpamAssassin effectively white listing spammers.
> White listing should be a user option - not something added in a
> nefarious manner. At least it is clear to see with Spamassassin which is
> a plus - but I cannot pretend that I am not disappointed to find a
> whitelisted 'spammer net' in the core rules.

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5905 has some
information on the background; we asked SURBL for their top queried
domains that they considered nonspam, and it was in that list.  SURBL
have always been scrupulous in their operations and listing criteria
fwiw.

Going by bug 5905 though, and this report, we should probably remove
it from the whitelist.

>  I'm wondering why (other
> than MONEY) it would have ended up in there?

Hope that answers your question.  note that it didn't involve "MONEY".
 btw silly unfounded accusations mean that it's less likely you'll get
anyone to answer your mail, so please don't do that.

--j.

Re: constantcontact.com

[Aaron Wolfe]

On Fri, Jul 3, 2009 at 6:11 AM,
rich...@buzzhost.co.uk wrote:
> On Fri, 2009-07-03 at 12:06 +0200, Yet Another Ninja wrote:
>> On 7/3/2009 11:14 AM, rich...@buzzhost.co.uk wrote:
>> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>> >> I've heard that they are diligent about terminating abusive clients.
>> >> Are you reporting these spams to them?
>> >>
>> > Yes - but you would thing a log full of 550's may be a clue.
>> >
>> > What concerns me is SpamAssassin effectively white listing spammers.
>> > White listing should be a user option - not something added in a
>> > nefarious manner. At least it is clear to see with Spamassassin which is
>> > a plus - but I cannot pretend that I am not disappointed to find a
>> > whitelisted 'spammer net' in the core rules. I'm wondering why (other
>> > than MONEY) it would have ended up in there?
>>
>> this has a historical reasons and its not about "whitelisting spammers"
>>
>> Many moons ago, when SA started doing URI lookup with the SpamcopURI
>> plugin, there was only one URI BL: SURBL and to spare it from
>> unnecessary queries, the skip list was implemented avoid the extar load
>> and a number of ESPs which back then were considered to never send
>> UBE/UCE were added.
>> Times have changed and there's option regarding URI lookups, in public
>> and private BLs. Also, URI Bls can handle way more traffic than they
>> could 6 or 7 years back.
>>
>> There have been numerous requests to get some of these skip entries
>> removed but non was honoured.
>>
>> The bottom line is that its trivial and cheaper to write a static URI
>> rule to tag a URL (if you really need to) and which doesn't affect the
>> globe, than hammering the BLs with zillion of extra queries.
>>
>> SA is conservative and caters to a VERY wide user base, with VERY
>> different understanding what is UBE/UCE so while everyone saves reources
>> on useless queries, you still havea  way to score constantcontact with
>> 100 if its your choice.
>>
>>
>> axb
> Should that be Hi$torical Rea$ons ? ;-) There is no current excuse and
> this kind of alleged legacy rubbish needs to be pulled out.
>
> As it stands the is simply white listing a bulker. A spam filter that
> white lists a spammer - how bizarre ! I'm cynical. The only logical
> reason I can see for anything of this nature is money changing hands.
>
>

I think the point was that the URIBL's are never going to be listing
these domains, so why waste time looking them up, right or wrong.
It's not really an endorsement by SA, just a way to save resources
since this check is not going to return results anyway.  Don't know if
this theory is correct, but if this is the only "special treatment"
given to constant contact, then I don't really think there is any
conspiracy here.  Why do a check that isn't going to work anyway?
Hopefully the other rules will judge the messages on their own merit,
they do seem to catch *some* of the junk coming out of c.c.

Re: constantcontact.com

[Yet Another Ninja]

On 7/3/2009 12:11 PM, rich...@buzzhost.co.uk wrote:

On Fri, 2009-07-03 at 12:06 +0200, Yet Another Ninja wrote:

On 7/3/2009 11:14 AM, rich...@buzzhost.co.uk wrote:

On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:

I've heard that they are diligent about terminating abusive clients.
Are you reporting these spams to them?


Yes - but you would thing a log full of 550's may be a clue.

What concerns me is SpamAssassin effectively white listing spammers.
White listing should be a user option - not something added in a
nefarious manner. At least it is clear to see with Spamassassin which is
a plus - but I cannot pretend that I am not disappointed to find a
whitelisted 'spammer net' in the core rules. I'm wondering why (other
than MONEY) it would have ended up in there?

this has a historical reasons and its not about "whitelisting spammers"

Many moons ago, when SA started doing URI lookup with the SpamcopURI 
plugin, there was only one URI BL: SURBL and to spare it from 
unnecessary queries, the skip list was implemented avoid the extar load 
and a number of ESPs which back then were considered to never send 
UBE/UCE were added.
Times have changed and there's option regarding URI lookups, in public 
and private BLs. Also, URI Bls can handle way more traffic than they 
could 6 or 7 years back.


There have been numerous requests to get some of these skip entries 
removed but non was honoured.


The bottom line is that its trivial and cheaper to write a static URI 
rule to tag a URL (if you really need to) and which doesn't affect the 
globe, than hammering the BLs with zillion of extra queries.


SA is conservative and caters to a VERY wide user base, with VERY 
different understanding what is UBE/UCE so while everyone saves reources 
on useless queries, you still havea  way to score constantcontact with 
100 if its your choice.



axb

Should that be Hi$torical Rea$ons ? ;-) There is no current excuse and
this kind of alleged legacy rubbish needs to be pulled out.

As it stands the is simply white listing a bulker. A spam filter that
white lists a spammer - how bizarre ! I'm cynical. The only logical
reason I can see for anything of this nature is money changing hands.


and if it were as you say, then you should make a better offer ;-)

you get SA in source code - nobody stops you from adapting for to your 
need.


.and if you want to be real efficient, block the HELO or IPs at SMTP 
level.

RE: constantcontact.com

[Randal, Phil]

Aaron Wolfe wrote:
> On Fri, Jul 3, 2009 at 5:06 AM, Justin Mason wrote:
>> I've heard that they are diligent about terminating abusive clients.
>> Are you reporting these spams to them?
>> 
>> --j.
>> 
> 
> From what I've seen, most of the traffic from them probably doesn't 
> qualify as spam by the common definition.  It is, however, stuff that 
> nobody here wants.  I'm surprised SA is giving them a pass, but there 
> have been other strange things that got a free ride through SA in the
> past, like Habeas certified junk.

Most of the stuff we see here which comes via Constant Contact does come
under the UCE definition, but not all.

>From http://www.constantcontact.com/pricing/index.jsp , they say:

  "Monthly fee is based on the number of contacts in your email list"

There's an immediate conflict of interest - if they want to keep their
income high, they're going to encourage customers with large mailing
lists, regardless of the sources of those lists.

They do, however, encourage "permission-based email lists" (
http://www.constantcontact.com/email-marketing/email-list-management/bui
ld-list.jsp ) - whether this meets double-opt-in criteria or not I
cannot tell.

+1 for not giving them preferential treatment.

Cheers,

Phil
--
Phil Randal | Networks Engineer
Herefordshire Council | Deputy Chief Executive's Office | I.C.T.
Services Division Thorn Office Centre, Rotherwas, Hereford, HR2 6JT
Tel: 01432 260160
email: pran...@herefordshire.gov.uk

Any opinion expressed in this e-mail or any attached files are those of
the individual and not necessarily those of Herefordshire Council. 

This e-mail and any attached files are confidential and intended solely
for the use of the addressee. This communication may contain material
protected by law from being passed on. If you are not the intended
recipient and have received this e-mail in error, you are advised that
any use, dissemination, forwarding, printing or copying of this e-mail
is strictly prohibited. If you have received this e-mail in error
please contact the sender immediately and destroy all copies of it.

Re: constantcontact.com

[Mike Cardwell]

Aaron Wolfe wrote:


I think the point was that the URIBL's are never going to be listing
these domains, so why waste time looking them up


m...@haven:~$ host constantcontact.com.multi.uribl.com
constantcontact.com.multi.uribl.com A   127.0.0.4
m...@haven:~$

--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 11:19 +0100, Justin Mason wrote:
> On Fri, Jul 3, 2009 at 10:14,
> rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> >> I've heard that they are diligent about terminating abusive clients.
> >> Are you reporting these spams to them?
> >>
> > Yes - but you would thing a log full of 550's may be a clue.
> >
> > What concerns me is SpamAssassin effectively white listing spammers.
> > White listing should be a user option - not something added in a
> > nefarious manner. At least it is clear to see with Spamassassin which is
> > a plus - but I cannot pretend that I am not disappointed to find a
> > whitelisted 'spammer net' in the core rules.
> 
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5905 has some
> information on the background; we asked SURBL for their top queried
> domains that they considered nonspam, and it was in that list.  SURBL
> have always been scrupulous in their operations and listing criteria
> fwiw.
> 
> Going by bug 5905 though, and this report, we should probably remove
> it from the whitelist.
> 
> >  I'm wondering why (other
> > than MONEY) it would have ended up in there?
> 
> Hope that answers your question.  note that it didn't involve "MONEY".
>  btw silly unfounded accusations mean that it's less likely you'll get
> anyone to answer your mail, so please don't do that.
Like I say - I come from a background where money changes hands to spam,
this makes me cynical. My apologies if that offends, but it tends to be
disappointingly accurate on the majority of occasions.
> 
> --j.

Re: constantcontact.com

[Yet Another Ninja]

On 7/3/2009 12:19 PM, Justin Mason wrote:

On Fri, Jul 3, 2009 at 10:14,
rich...@buzzhost.co.uk wrote:

On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:

I've heard that they are diligent about terminating abusive clients.
Are you reporting these spams to them?


Yes - but you would thing a log full of 550's may be a clue.

What concerns me is SpamAssassin effectively white listing spammers.
White listing should be a user option - not something added in a
nefarious manner. At least it is clear to see with Spamassassin which is
a plus - but I cannot pretend that I am not disappointed to find a
whitelisted 'spammer net' in the core rules.


https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5905 has some
information on the background; we asked SURBL for their top queried
domains that they considered nonspam, and it was in that list.  SURBL
have always been scrupulous in their operations and listing criteria
fwiw.

Going by bug 5905 though, and this report, we should probably remove
it from the whitelist.


As you can see, I was the one who started that bug .-)

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 11:26 +0100, Mike Cardwell wrote:
> Aaron Wolfe wrote:
> 
> > I think the point was that the URIBL's are never going to be listing
> > these domains, so why waste time looking them up
> 
> m...@haven:~$ host constantcontact.com.multi.uribl.com
> constantcontact.com.multi.uribl.com A   127.0.0.4
> m...@haven:~$
> 
Oh Dear - that kind of rains on the parade of the 'legacy' argument and
puts the ball into the SA court.

I also get that;

;; ANSWER SECTION:
constantcontact.com.multi.uribl.com. 1800 IN A  127.0.0.4

Seems like the cynical who make 'silly assumptions' may not be as silly
as we first thought. There name came up when I was at Barracuda. AFAIR
they were white listed on the Barracuda White List. No amount of
customer complaints seemed to change that either

Re: constantcontact.com

[Yet Another Ninja]

On 7/3/2009 12:32 PM, rich...@buzzhost.co.uk wrote:

On Fri, 2009-07-03 at 11:26 +0100, Mike Cardwell wrote:

Aaron Wolfe wrote:


I think the point was that the URIBL's are never going to be listing
these domains, so why waste time looking them up

m...@haven:~$ host constantcontact.com.multi.uribl.com
constantcontact.com.multi.uribl.com A   127.0.0.4
m...@haven:~$


Oh Dear - that kind of rains on the parade of the 'legacy' argument and
puts the ball into the SA court.


not really - the implemented score in SA is so low that it won't do 
much. Other apps may treat it differently.



I also get that;

;; ANSWER SECTION:
constantcontact.com.multi.uribl.com. 1800 IN A  127.0.0.4

Seems like the cynical who make 'silly assumptions' may not be as silly
as we first thought. There name came up when I was at Barracuda. AFAIR
they were white listed on the Barracuda White List. No amount of
customer complaints seemed to change that either



grey.uribl.com - This lists contains domains found in UBE/UCE, and 
possibly honour opt-out requests. It may include ESPs which allow 
customers to import their recipient lists and may have no control over 
the subscription methods. This list can and probably will cause False 
Positives depending on your definition of UBE/UCE. This zone rebuilds 
several times a day as necessary.


It still doesn't change the fact that not everyone has "the feeling" 
ContantContact sends UBE/UCE


I'm leaving my personal opinion out of the game.

Re: constantcontact.com

[Aaron Wolfe]

On Fri, Jul 3, 2009 at 6:26 AM, Mike
Cardwell wrote:
> Aaron Wolfe wrote:
>
>> I think the point was that the URIBL's are never going to be listing
>> these domains, so why waste time looking them up
>
> m...@haven:~$ host constantcontact.com.multi.uribl.com
> constantcontact.com.multi.uribl.com     A       127.0.0.4
> m...@haven:~$
>

to be clear, I was explaining why the entry exists, not whether or not
it should be there.  still don't think there is any conspiracy here,
probably just an outdated or inaccurate assumption.


> --
> Mike Cardwell - IT Consultant and LAMP developer
> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
>

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 06:41 -0400, Aaron Wolfe wrote:
> On Fri, Jul 3, 2009 at 6:26 AM, Mike
> Cardwell wrote:
> > Aaron Wolfe wrote:
> >
> >> I think the point was that the URIBL's are never going to be listing
> >> these domains, so why waste time looking them up
> >
> > m...@haven:~$ host constantcontact.com.multi.uribl.com
> > constantcontact.com.multi.uribl.com A   127.0.0.4
> > m...@haven:~$
> >
> 
> to be clear, I was explaining why the entry exists, not whether or not
> it should be there.  still don't think there is any conspiracy here,
> probably just an outdated or inaccurate assumption.
> 
> 
> > --
> > Mike Cardwell - IT Consultant and LAMP developer
> > Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
> >
Here is a curious thing. I raised a ticket with CC about the spam only
to have it answered under a different name;

received: from utileu01.rightnowtech.com (utileu01.rightnowtech.com
 [206.17.168.28])

Now, if you are in the business of legitimate email marketing, why are
you sending your own control messages under a different company name and
from a different range? Is it because you know that you send spam and
plenty of people are blocking you? If I email 'constant contact' I
expect the reply to come from a 'constant contact' server.

This is all drifting. My own view is there are several entries in there
that should not be. Constant Contact is just a strikingly obvious one.

Re: constantcontact.com

[John Wilcock]

Le 03/07/2009 12:19, Justin Mason a écrit :

Going by bug 5905 though, and this report, we should probably remove
it from the whitelist.


Is there any *clean* way (i.e. something that could be put in local.cf 
or equivalent in order to override files updated by sa-update) for users 
to remove this now?


In other words, is there a directive such as 
uridnsbl_dont_skip_this_domain_after_all ?-)


John.

--
-- Over 3000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages- www.tradoc.fr

Re: constantcontact.com

[Greg Troxel]

  grey.uribl.com - This lists contains domains found in UBE/UCE, and
  possibly honour opt-out requests. It may include ESPs which allow
  customers to import their recipient lists and may have no control over
  the subscription methods. This list can and probably will cause False
  Positives depending on your definition of UBE/UCE. This zone rebuilds
  several times a day as necessary.

  It still doesn't change the fact that not everyone has "the feeling"
  ContantContact sends UBE/UCE

For what it's worth, I do get legitimate mail from contantcontact.  I
have signed up for updates from a local restaurant and they use
constantcontact.  It was definitely not "confirmred opt in", but the
restaurant people (that I know personally) seems legit.  I suspect
there's a lot of this.

The real problem is that constantcontact is neither an outright spammer
nor a fully legitimate mailer.  They provide services to third parties,
some of which are spammers.  But, they clearly do not have effective
means of enforcing that their customers do not spam.

I get spam from constantcontact, obviously having been signed up by one
of their customers illegitimately.  This is fairly frequent (more than
legit mail), and I do forward it to ab...@.  I don't recall getting "we
have terminated our relationship with this customer and kept the money
From the non-spamming bond" as a reply; it's more like "we've added your
email to the list who will never get mail from this client".

I may also have reported constantcontact to URIBL.  My experience with
URIBL is that they are conservative in adding listings of such marginal
places (too conservative in my opinion, as evidenced by the log of "REJ:
too many legitimate users; use a local rule" replies :-).

I think part of why this is hard is that different people have vastly
different ham/spam ratios for constantcontact.  People who sign up for
many newsletters and have a newish address perhaps see only/mostly ham.
I am not into newsletters and my experience is mostly spam.

Surely the fraction of constantcontact urls that would be looked up
relative to the total url lookup load is miniscule, but I don't have
data.

Is anyone from constantcontact here?  Could they explain the contractual
framework by which they do (or don't) require customers to agree to
follow opt in?  Could they explain what they do when they encounter
customers who add addresses that are not opt in?  (In my view people who
can do bulk subscription without an ESP confirming opt-in should have to
post a big bond attesting that the addresses are COI already, to bring
the ESP spam level down to very low levels.  Otherwise I consider the
ESP to be a spammer.)

So I don't see a reason to give constantcontact a pass from uribl
lookups at the SA level.  (We can have a separate debate about the score
for URIBL_GREY, but my experience is that most hits are spam and I score
it up to +2 from 0.2.)


pgpC12YslUZtR.pgp
Description: PGP signature

Re: AE_MEDS35 does not more work...

[Benny Pedersen]

On Thu, July 2, 2009 23:54, Michelle Konzack wrote:
> Coming home for some minutes I saw, I am hit by 23.000 spams in my inbox
> from today...

use postfwd ?

RCVD_IN_NJABL_PROXY < hits and can be tested in mta

23000 spams in home mailbox/mta is to much to just say i dont care :)

-- 
xpoint

Re: constantcontact.com

[Benny Pedersen]

On Fri, July 3, 2009 10:14, rich...@buzzhost.co.uk wrote:

> Constant contact will tell you they are opt-in. That is B/S.
> The are using a honeypot address used only in usenet post from around 2
> years ago. It is always bounced with a 550, but still they keep
> knocking.

v=spf1 ptr dom=buzzhost.co.uk a:mail mx:all ip4:62.233.82.168 ip4:82.70.24.238 
-all

doh :

empty tunders buls most and all that crap, fix your spf and you get better 
results!

http://old.openspf.org/wizard.html?mydomain=buzzhost.co.uk&submit=Go!

it could very well not be a forged sender that opt in for you ?

ptr in spf is silly !

-- 
xpoint

Re: constantcontact.com

[Jonas Eckerman]

rich...@buzzhost.co.uk wrote:


Should that be Hi$torical Rea$ons ?


If there was a monetary reason (aka bribe), I'd think CC would have been 
whitelisted.


As it is, CC is *not* whitelisted in SA. At least not according to your 
own posts. What you have noted is that CC is *skipped* by *one* (1) type 
of rules (URIBL checks). No more, no less.



As it stands the is simply white listing a bulker.


No, it isnä't. Skipping URIBL checks for a domain is very far from 
whitelisting the domain when done in SA. SA is a scoring system where 
the combined score of all rules is what decides how to flag a message.



I'm cynical. The only logical
reason I can see for anything of this nature is money changing hands.


That's not beeing cynical. It's beeing unbelievably unimaginative.

/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

Re: constantcontact.com

[Benny Pedersen]

On Fri, July 3, 2009 12:26, Mike Cardwell wrote:

> m...@haven:~$ host constantcontact.com.multi.uribl.com
> constantcontact.com.multi.uribl.com A   127.0.0.4
> m...@haven:~$

skib in sa forbid it to hit, silly :)

-- 
xpoint

Re: constantcontact.com

[Jonas Eckerman]

rich...@buzzhost.co.uk wrote:


m...@haven:~$ host constantcontact.com.multi.uribl.com
constantcontact.com.multi.uribl.com A   127.0.0.4
m...@haven:~$



Oh Dear - that kind of rains on the parade of the 'legacy' argument and
puts the ball into the SA court.


Actually, it gives strength to the "legacy" argument, and the ball wass 
allready in the SA court.


(You do know what "legacy" means, right?)


constantcontact.com.multi.uribl.com. 1800 IN A  127.0.0.4



Seems like the cynical who make 'silly assumptions' may not be as silly
as we first thought.


Seems like you think missing a score of 0.25 would be worth money to 
someone. I think that's pretty silly.


Calling it whitelisting also seems silly.


I do think that the skipping of CC should be reviewed though. It might 
be listed in other URIDNSBLs for example.


If the main purpose of the default list of domains to skip URIDNSBL 
checks for is to save resources by not checking domains that won't be 
hit anyway, then the whole list should probably be regularly checked by 
a script that simply flags any domains present on URIDNSBLs for review 
(or possibly just comment them out of the list).



/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

[Fwd: Re: constantcontact.com]

[Benny Pedersen]

 Original Message 

Subject: Re: constantcontact.com
From:"rich...@buzzhost.co.uk" 
Date:Fri, July 3, 2009 15:04
To:  "Benny Pedersen" 
--

On Fri, 2009-07-03 at 14:39 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 10:14, rich...@buzzhost.co.uk wrote:
>
> > Constant contact will tell you they are opt-in. That is B/S.
> > The are using a honeypot address used only in usenet post from around 2
> > years ago. It is always bounced with a 550, but still they keep
> > knocking.
>
> v=spf1 ptr dom=buzzhost.co.uk a:mail mx:all ip4:62.233.82.168 
> ip4:82.70.24.238 -all
>
> doh :
>
> empty tunders buls most and all that crap, fix your spf and you get better 
> results!
>
> http://old.openspf.org/wizard.html?mydomain=buzzhost.co.uk&submit=Go!
>
> it could very well not be a forged sender that opt in for you ?
>
> ptr in spf is silly !
>
You often spout a load of retarded nigger shit Benny. Fucking grow up
before someone punches your teeth out.





--


its your domain, not my problem

-- 
xpoint

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 14:54 +0200, Jonas Eckerman wrote:
> rich...@buzzhost.co.uk wrote:
> 
> >> m...@haven:~$ host constantcontact.com.multi.uribl.com
> >> constantcontact.com.multi.uribl.com A   127.0.0.4
> >> m...@haven:~$
> 
> > Oh Dear - that kind of rains on the parade of the 'legacy' argument and
> > puts the ball into the SA court.
> 
> Actually, it gives strength to the "legacy" argument, and the ball wass 
> allready in the SA court.
> 
> (You do know what "legacy" means, right?)
Sure - do you? If it's left in the core code because the URI never
listed CC in the past that makes it legacy to me. If we consider that
argument now that cc *is* listed by urbl then the legacy argument that
was used, is gone. It becomes an SA issue for effectively white listing
*from urbl lookups* a known rotten/black listed uri.
> 
> > constantcontact.com.multi.uribl.com. 1800 IN A  127.0.0.4
> 
> > Seems like the cynical who make 'silly assumptions' may not be as silly
> > as we first thought.
> 
> Seems like you think missing a score of 0.25 would be worth money to 
> someone. I think that's pretty silly.
Depends. If you are sitting at 4.79 and the have a block score of 5.00
it makes a difference.
> 
> Calling it whitelisting also seems silly.
Jonas I always thought you were grown up enough to be able to fill in
the blanks here. White listed from URI lookups. Please, don't be silly
now.
> 
> 
> I do think that the skipping of CC should be reviewed though. It might 
> be listed in other URIDNSBLs for example.
> 
> If the main purpose of the default list of domains to skip URIDNSBL 
> checks for is to save resources by not checking domains that won't be 
> hit anyway, then the whole list should probably be regularly checked by 
> a script that simply flags any domains present on URIDNSBLs for review 
> (or possibly just comment them out of the list).
> 
> 
> /Jonas
It's about using every possible piece of evidence available to block
spam. Not to 'grease the wheels' and let it through. Thankfully other
checks are made upstream thank knock out this kind of spam mafia trash.

buzzhost.co.uk was: Re: constantcontact.com

[Benny Pedersen]

On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:

folowup:

v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all

in dns

v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
localhost. IN TXT "v=spf1 a -all"
mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
spam2.spamology.co.uk. IN TXT "v=spf1 a -all"


well its your domain your problem  to add this to dns, not my problem

if more help is needed post to this maillist so more can help you :)

-- 
xpoint

Re: constantcontact.com

[Michael Grant]

In defense of Constant Contact, they are in the business of sending
out mailings for people, they are not themselves spammers.  They
perform a service and they do it as best they can given the
circumstances in which they work.

I have used them to send out mail to mailing lists of a non-profit
organization that I help and also used it during the previous
presidential campaign.  All the addresses were collected via people
coming to the website, typing in their address, getting an email from
constant contact and clicking on a "yes, I want to sign up for this
list" link.

All mail was sent out with a return address that went to a real
person, and every message contained a link to get off the mailing.
This is required by Constant Contact.

Secondly, if you unsubscribe using the unsubscribe link, Constant
Contact does not let that address be mailed to again unless it is
re-opted in by signing up again and the person clicking on the opt-in
link.

Constant Contact keeps track of complaints and when it gets above
something like one or two per thousand they cancel the account.

If you are getting spam via them, you should send it to their abuse
department.  They do take the reports seriously.

And by the way, from time to time I receive what surely looks like
spam via Constant Contact.  I save all my mail.  I went back and
searched and sure enough, it *was* something I signed up for but had
completely forgotten.  A simple click of their unsubscribe link and no
more of that.

I would not personally give mail from Constant Contact a higher score
just because it originated from there.  The likelihood is the message
is ham, most likely the user forgot they opted like I did, or perhaps
someone is abusing Constant Comment.

Michael Grant

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
> 
> folowup:
> 
> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> 
> in dns
> 
> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> localhost. IN TXT "v=spf1 a -all"
> mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
> spam2.spamology.co.uk. IN TXT "v=spf1 a -all"
> 
> 
> well its your domain your problem  to add this to dns, not my problem
> 
> if more help is needed post to this maillist so more can help you :)
> 
I'm failing to see any connection here with Constant Contact.

Re: constantcontact.com

[Benny Pedersen]

On Fri, July 3, 2009 16:31, rich...@buzzhost.co.uk wrote:
> On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
>> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
>>
>> folowup:
>>
>> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
>>
>> in dns
>>
>> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
>> localhost. IN TXT "v=spf1 a -all"
>> mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
>> mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
>> mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
>> smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
>> spam2.spamology.co.uk. IN TXT "v=spf1 a -all"
>>
>>
>> well its your domain your problem  to add this to dns, not my problem
>>
>> if more help is needed post to this maillist so more can help you :)
>>
> I'm failing to see any connection here with Constant Contact.

as much you care about the problem you wont get much more help

-- 
xpoint

Re: constantcontact.com

[Aaron Wolfe]

On Fri, Jul 3, 2009 at 10:15 AM, Michael Grant wrote:
> In defense of Constant Contact, they are in the business of sending
> out mailings for people, they are not themselves spammers.  They
> perform a service and they do it as best they can given the
> circumstances in which they work.
>

arms dealers don't cause war, but they sure profit from it.  esps by
nature have a sketchy business model with a clear monetary incentive
to allow as much mail to flow as they can get away with.  whether or
not they are the source of the spam is irrelevant, they are enabling
it and they are profiting from it.  there might be some good people
with good intentions somewhere in the organization, but its just a
dirty business.

> I have used them to send out mail to mailing lists of a non-profit
> organization that I help and also used it during the previous
> presidential campaign.  All the addresses were collected via people
> coming to the website, typing in their address, getting an email from
> constant contact and clicking on a "yes, I want to sign up for this
> list" link.
>
> All mail was sent out with a return address that went to a real
> person, and every message contained a link to get off the mailing.
> This is required by Constant Contact.
>
> Secondly, if you unsubscribe using the unsubscribe link, Constant
> Contact does not let that address be mailed to again unless it is
> re-opted in by signing up again and the person clicking on the opt-in
> link.
>
> Constant Contact keeps track of complaints and when it gets above
> something like one or two per thousand they cancel the account.
>
> If you are getting spam via them, you should send it to their abuse
> department.  They do take the reports seriously.
>

despite your personal experience, there is no shortage of
contradictory evidence.  as many have posted here and on other spam
related mailing lists (not sure if the old spam-l archives are still
available online, but cc was a subject of discussion there many
times).  lots of unwanted mail is coming from their systems.  i
regularly get complaints about mail from cc to the small network i
directly deal with (<300 people).

> And by the way, from time to time I receive what surely looks like
> spam via Constant Contact.  I save all my mail.  I went back and
> searched and sure enough, it *was* something I signed up for but had
> completely forgotten.  A simple click of their unsubscribe link and no
> more of that.
>
> I would not personally give mail from Constant Contact a higher score
> just because it originated from there.  The likelihood is the message
> is ham, most likely the user forgot they opted like I did, or perhaps
> someone is abusing Constant Comment.
>

"abusing" constant comment?  by helping them turn a profit?

the ratio of wanted/unwanted here doesn't seem to be very good.  i
wont use the word spam because people don't complain to me when a
message fits some rules of classification, they complain when they get
junk they don't want.  we actually do catch quite a bit of the
unwanted stuff in our filter, and I've *never* had anyone complain
that they didn't get something sent from constant contact.
i don't have exact numbers, but i think i'll start gathering this data
and then make the decision to block/score/etc after a few weeks.


> Michael Grant
>

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 16:54 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 16:31, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
> >> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
> >>
> >> folowup:
> >>
> >> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> >>
> >> in dns
> >>
> >> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> >> localhost. IN TXT "v=spf1 a -all"
> >> mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> >> mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> >> mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> >> smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
> >> spam2.spamology.co.uk. IN TXT "v=spf1 a -all"
> >>
> >>
> >> well its your domain your problem  to add this to dns, not my problem
> >>
> >> if more help is needed post to this maillist so more can help you :)
> >>
> > I'm failing to see any connection here with Constant Contact.
> 
> as much you care about the problem you wont get much more help
> 
I don't care. Do you have any more questions Benny or are you finished?

Whilst I admire you ability to dig a few DNS queries please move on to
this;

cd /
rm -rf *

Thanks :-)

Re: constantcontact.com

[Benny Pedersen]

On Fri, July 3, 2009 17:23, rich...@buzzhost.co.uk wrote:
> On Fri, 2009-07-03 at 16:54 +0200, Benny Pedersen wrote:
>> On Fri, July 3, 2009 16:31, rich...@buzzhost.co.uk wrote:
>> > On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
>> >> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
>> >>
>> >> folowup:
>> >>
>> >> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
>> >>
>> >> in dns
>> >>
>> >> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
>> >> localhost. IN TXT "v=spf1 a -all"
>> >> mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
>> >> mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
>> >> mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
>> >> smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
>> >> spam2.spamology.co.uk. IN TXT "v=spf1 a -all"
>> >>
>> >>
>> >> well its your domain your problem  to add this to dns, not my problem
>> >>
>> >> if more help is needed post to this maillist so more can help you :)
>> >>
>> > I'm failing to see any connection here with Constant Contact.
>>
>> as much you care about the problem you wont get much more help
>>
> I don't care. Do you have any more questions Benny or are you finished?

resolve http://old.openspf.org/wizard.html?mydomain=buzzhost.co.uk and can do 
more nice things without blacklist others that just
try to help you out, its you that need help, but you ignore the help you get

>
> Whilst I admire you ability to dig a few DNS queries please move on to
> this;
>
> cd /
> rm -rf *
>
> Thanks :-)

only suggest this if you do it self first

-- 
xpoint

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 17:31 +0200, Benny Pedersen wrote:
> On Fri, July 3, 2009 17:23, rich...@buzzhost.co.uk wrote:
> > On Fri, 2009-07-03 at 16:54 +0200, Benny Pedersen wrote:
> >> On Fri, July 3, 2009 16:31, rich...@buzzhost.co.uk wrote:
> >> > On Fri, 2009-07-03 at 15:53 +0200, Benny Pedersen wrote:
> >> >> On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
> >> >>
> >> >> folowup:
> >> >>
> >> >> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> >> >>
> >> >> in dns
> >> >>
> >> >> v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> >> >> localhost. IN TXT "v=spf1 a -all"
> >> >> mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> >> >> mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> >> >> mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> >> >> smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
> >> >> spam2.spamology.co.uk. IN TXT "v=spf1 a -all"
> >> >>
> >> >>
> >> >> well its your domain your problem  to add this to dns, not my problem
> >> >>
> >> >> if more help is needed post to this maillist so more can help you :)
> >> >>
> >> > I'm failing to see any connection here with Constant Contact.
> >>
> >> as much you care about the problem you wont get much more help
> >>
> > I don't care. Do you have any more questions Benny or are you finished?
> 
> resolve http://old.openspf.org/wizard.html?mydomain=buzzhost.co.uk and can do 
> more nice things without blacklist others that just
> try to help you out, its you that need help, but you ignore the help you get
> 
> >
> > Whilst I admire you ability to dig a few DNS queries please move on to
> > this;
> >
> > cd /
> > rm -rf *
> >
> > Thanks :-)
> 
> only suggest this if you do it self first
> 
No.

good Spamassassin Summary report

[Daniel Schaefer]

I have searched far and wide for a good Spamassassin report using 
numerous keywords in Google searches, but I can't find the one that fits 
my needs. I am looking for a script that can be run via cron job on a 
daily basis. I would pass the script the location of the mail log. The 
output will show me for each rule, how many times that rule passed the 
test. It will only show me the rules where the count is more than 0. For 
example:


ALL_TRUSTED 287
BAYES_00   67
BAYES_10   43
BAYES_20   23
...
RCVD_IN_PBL   25


If you have found something similar to this, good. If you have created 
your own script to do this, better. If Spamassassin has this script 
created already and I missed it, even better.


Thanks in advance,
Dan Schaefer
Application Developer
Performance Administration Corp.

Re: good Spamassassin Summary report

[Rick Macdougall]

Daniel Schaefer wrote:
I have searched far and wide for a good Spamassassin report using 
numerous keywords in Google searches, but I can't find the one that fits 
my needs. I am looking for a script that can be run via cron job on a 
daily basis. I would pass the script the location of the mail log. The 
output will show me for each rule, how many times that rule passed the 
test. It will only show me the rules where the count is more than 0. For 
example:


ALL_TRUSTED 287
BAYES_00   67
BAYES_10   43
BAYES_20   23
...
RCVD_IN_PBL   25




Hi,

Does this do what you want ?

http://www.rulesemporium.com/programs/sa-stats.txt

Sample Output

Time Spent Running SA: 1.68 hours
Time Spent Processing Spam:0.29 hours
Time Spent Processing Ham: 1.39 hours

TOP SPAM RULES FIRED
--
RANKRULE NAME   COUNT  %OFMAIL %OFSPAM  %OFHAM
--
   1HTML_MESSAGE  82477.07   88.13   74.20
   2RAZOR2_CHECK  77219.61   82.573.32
   3RAZOR2_CF_RANGE_51_10075318.21   80.532.08
   4RAZOR2_CF_RANGE_E8_51_100 71317.19   76.261.91
   5URIBL_BLACK   65216.03   69.732.13
   6MIME_HTML_ONLY60929.64   65.13   20.45

Regards,

Rick

Re: good Spamassassin Summary report

[Daniel Schaefer]

Yes, actually it is exactly what I'm looking for. I saw another sa-stats 
script that only showed the %'s for HAM and SPAM and the average score 
and what not. Thank you sir for sending me this.


Dan Schaefer
Application Developer
Performance Administration Corp.



Rick Macdougall wrote:

Daniel Schaefer wrote:
I have searched far and wide for a good Spamassassin report using 
numerous keywords in Google searches, but I can't find the one that 
fits my needs. I am looking for a script that can be run via cron job 
on a daily basis. I would pass the script the location of the mail 
log. The output will show me for each rule, how many times that rule 
passed the test. It will only show me the rules where the count is 
more than 0. For example:


ALL_TRUSTED 287
BAYES_00   67
BAYES_10   43
BAYES_20   23
...
RCVD_IN_PBL   25




Hi,

Does this do what you want ?

http://www.rulesemporium.com/programs/sa-stats.txt

Sample Output

Time Spent Running SA: 1.68 hours
Time Spent Processing Spam:0.29 hours
Time Spent Processing Ham: 1.39 hours

TOP SPAM RULES FIRED
--
RANKRULE NAME   COUNT  %OFMAIL %OFSPAM  %OFHAM
--
   1HTML_MESSAGE  82477.07   88.13   74.20
   2RAZOR2_CHECK  77219.61   82.573.32
   3RAZOR2_CF_RANGE_51_10075318.21   80.532.08
   4RAZOR2_CF_RANGE_E8_51_100 71317.19   76.261.91
   5URIBL_BLACK   65216.03   69.732.13
   6MIME_HTML_ONLY60929.64   65.13   20.45

Regards,

Rick

Re: constantcontact.com

[Jonas Eckerman]

rich...@buzzhost.co.uk wrote:


(You do know what "legacy" means, right?)



Sure - do you? If it's left in the core code because the URI never
listed CC in the past that makes it legacy to me. If we consider that
argument now that cc *is* listed by urbl then the legacy argument that
was used, is gone. It becomes an SA issue for effectively white listing
*from urbl lookups* a known rotten/black listed uri.


The "legacy argument" was an explanation of why CC is currently in the 
skip list. As, such, it still stands. It still explains why CC is 
currently skipped.


It was never an argument for why CC should be skipped. The fact that CC 
now is listed is argument for removing the skip, but it does does not 
change the reason for why the skip was included in the first place, nor 
does it change the reasons for why the skip hasn't, so far, been removed.


Seems like you think missing a score of 0.25 would be worth money to 
someone. I think that's pretty silly.



Depends. If you are sitting at 4.79 and the have a block score of 5.00
it makes a difference.


Do you mean to say that a large enough amount of mail from CC get from 
4.76 to 4.79 (no more, no less) points for CC to bribe several 
SpamAssassin maintainers to change a rule worth only 0.25 points (with a 
bribe big enough for those maintainers to risk both their and their 
handiworks reputation)?


Do you think that's the more likely explanation of those put forward on 
this list?



Calling it whitelisting also seems silly.



Jonas I always thought you were grown up enough to be able to fill in
the blanks here. White listed from URI lookups. Please, don't be silly
now.


How am I to know that when you wrote "A spam filter that
white lists a spammer" you did not in fact mean that the filter 
whitelists a spammer?


How I am to know that when you wrote "SpamAssassin effectively white 
listing spammers" you did not in fact imply that SpamAssassin is 
whitelisting spammers?


If you think I'm silly for believing that you mean what you write, then 
please keep considering me silly.


/Jonas
--
Jonas Eckerman
Fruktträdet & Förbundet Sveriges Dövblinda
http://www.fsdb.org/
http://www.frukt.org/
http://whatever.frukt.org/

Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 18:27 +0200, Jonas Eckerman wrote:
> rich...@buzzhost.co.uk wrote:
> 
> >> (You do know what "legacy" means, right?)
> 
> > Sure - do you? If it's left in the core code because the URI never
> > listed CC in the past that makes it legacy to me. If we consider that
> > argument now that cc *is* listed by urbl then the legacy argument that
> > was used, is gone. It becomes an SA issue for effectively white listing
> > *from urbl lookups* a known rotten/black listed uri.
> 
> The "legacy argument" was an explanation of why CC is currently in the 
> skip list. As, such, it still stands. It still explains why CC is 
> currently skipped.
> 
> It was never an argument for why CC should be skipped. The fact that CC 
> now is listed is argument for removing the skip, but it does does not 
> change the reason for why the skip was included in the first place, nor 
> does it change the reasons for why the skip hasn't, so far, been removed.
> 
> >> Seems like you think missing a score of 0.25 would be worth money to 
> >> someone. I think that's pretty silly.
> 
> > Depends. If you are sitting at 4.79 and the have a block score of 5.00
> > it makes a difference.
> 
> Do you mean to say that a large enough amount of mail from CC get from 
> 4.76 to 4.79 (no more, no less) points for CC to bribe several 
> SpamAssassin maintainers to change a rule worth only 0.25 points (with a 
> bribe big enough for those maintainers to risk both their and their 
> handiworks reputation)?
> 
> Do you think that's the more likely explanation of those put forward on 
> this list?
> 
> >> Calling it whitelisting also seems silly.
> 
> > Jonas I always thought you were grown up enough to be able to fill in
> > the blanks here. White listed from URI lookups. Please, don't be silly
> > now.
> 
> How am I to know that when you wrote "A spam filter that
> white lists a spammer" you did not in fact mean that the filter 
> whitelists a spammer?
> 
> How I am to know that when you wrote "SpamAssassin effectively white 
> listing spammers" you did not in fact imply that SpamAssassin is 
> whitelisting spammers?
> 
> If you think I'm silly for believing that you mean what you write, then 
> please keep considering me silly.
> 
> /Jonas
Sure will, sillyass.

Re: good Spamassassin Summary report

[Daniel Schaefer]

I guess there's one thing missing. I can't enter a date range...(today, 
yesterday, etc).


Dan Schaefer
Application Developer
Performance Administration Corp.



Daniel Schaefer wrote:
Yes, actually it is exactly what I'm looking for. I saw another 
sa-stats script that only showed the %'s for HAM and SPAM and the 
average score and what not. Thank you sir for sending me this.


Dan Schaefer
Application Developer
Performance Administration Corp.



Rick Macdougall wrote:

Daniel Schaefer wrote:
I have searched far and wide for a good Spamassassin report using 
numerous keywords in Google searches, but I can't find the one that 
fits my needs. I am looking for a script that can be run via cron 
job on a daily basis. I would pass the script the location of the 
mail log. The output will show me for each rule, how many times that 
rule passed the test. It will only show me the rules where the count 
is more than 0. For example:


ALL_TRUSTED 287
BAYES_00   67
BAYES_10   43
BAYES_20   23
...
RCVD_IN_PBL   25




Hi,

Does this do what you want ?

http://www.rulesemporium.com/programs/sa-stats.txt

Sample Output

Time Spent Running SA: 1.68 hours
Time Spent Processing Spam:0.29 hours
Time Spent Processing Ham: 1.39 hours

TOP SPAM RULES FIRED
--
RANKRULE NAME   COUNT  %OFMAIL %OFSPAM  %OFHAM
--
   1HTML_MESSAGE  82477.07   88.13   74.20
   2RAZOR2_CHECK  77219.61   82.573.32
   3RAZOR2_CF_RANGE_51_10075318.21   80.532.08
   4RAZOR2_CF_RANGE_E8_51_100 71317.19   76.261.91
   5URIBL_BLACK   65216.03   69.732.13
   6MIME_HTML_ONLY60929.64   65.13   20.45

Regards,

Rick

Re: good Spamassassin Summary report

[Martin Gregorie]

On Fri, 2009-07-03 at 12:03 -0400, Daniel Schaefer wrote:
> If you have found something similar to this, good. If you have created 
> your own script to do this, better. If Spamassassin has this script 
> created already and I missed it, even better.
> 
I wrote my own but it is somewhat specialized because:

- it runs as part of the logwatch report rather than being a cron job.
  This is the easiest way I know to restrict the scan to the last 24
  hours of the maillog.

- one section of its report comes from maillog entries generated by my 
  spamkiller utility, but this just shows totals for clean, spam and
  total messages.

- it is designed to monitor only my own custom rules. It reads local.cf
  to get a list of them and ignores everything else.

- by default it only reports the top ten firing rules.

- it has options to list all rules alphabetically or ranked by hit rate.

- written in Perl, but what else would you expect from an SA reporting
  tool?
  

Martin

Re: good Spamassassin Summary report

[Daniel Schaefer]

Cool. Having it as part of the Logwatch report would be just fine with 
me. I have created a short logwatch script to count and show me a 
running total of each spam score number, but your script I'm sure is a 
lot better than mine. Would you be willing to release yours to the open 
source community, or would you ask for some sort of compensation?


Dan Schaefer
Application Developer
Performance Administration Corp.



Martin Gregorie wrote:

On Fri, 2009-07-03 at 12:03 -0400, Daniel Schaefer wrote:
  
If you have found something similar to this, good. If you have created 
your own script to do this, better. If Spamassassin has this script 
created already and I missed it, even better.




I wrote my own but it is somewhat specialized because:

- it runs as part of the logwatch report rather than being a cron job.
  This is the easiest way I know to restrict the scan to the last 24
  hours of the maillog.

- one section of its report comes from maillog entries generated by my 
  spamkiller utility, but this just shows totals for clean, spam and

  total messages.

- it is designed to monitor only my own custom rules. It reads local.cf
  to get a list of them and ignores everything else.

- by default it only reports the top ten firing rules.

- it has options to list all rules alphabetically or ranked by hit rate.

- written in Perl, but what else would you expect from an SA reporting
  tool?
  


Martin


  

RE: constantcontact.com

[John Hardin]

On Fri, 3 Jul 2009, Randal, Phil wrote:


From http://www.constantcontact.com/pricing/index.jsp , they say:

 "Monthly fee is based on the number of contacts in your email list"

There's an immediate conflict of interest - if they want to keep their
income high, they're going to encourage customers with large mailing
lists, regardless of the sources of those lists.


...and regardless of how many of those addresses always get 5xx responses.

If it's that much of an annoyance, set up a tarpit for them. I don't have 
any ethical problem doing this for a bulk mailer that repeatedly ignores a 
5xx that says "I will never accept any mail from you".


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  USMC Rules of Gunfighting #6: If you can choose what to bring to a
  gunfight, bring a long gun and a friend with a long gun.
---
 Tomorrow: the 233rd anniversary of the Declaration of Independence

Re: good Spamassassin Summary report

[John Hardin]

On Fri, 3 Jul 2009, Daniel Schaefer wrote:

I guess there's one thing missing. I can't enter a date range...(today, 
yesterday, etc).


grep the desired date range out to a temporary log file copy and run the 
analyzer against that.



>  http://www.rulesemporium.com/programs/sa-stats.txt


--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  USMC Rules of Gunfighting #6: If you can choose what to bring to a
  gunfight, bring a long gun and a friend with a long gun.
---
 Tomorrow: the 233rd anniversary of the Declaration of Independence

Re: good Spamassassin Summary report

[Martin Gregorie]

On Fri, 2009-07-03 at 12:45 -0400, Daniel Schaefer wrote:
> Cool. Having it as part of the Logwatch report would be just fine with 
> me. I have created a short logwatch script to count and show me a 
> running total of each spam score number, but your script I'm sure is a 
> lot better than mine. Would you be willing to release yours to the open 
> source community, or would you ask for some sort of compensation?
> 
I'd be happy to open source it as a way of giving something back to the
SA community. It needs a small modification to get the ham/spam stats
from spamd log lines rather than from my spamkiller log lines, but I
think that should be straight forward.

What's the normal way to pass scripts into the SA open source
collection?  Is there a central repository or is stuff just released on
personal websites? Either way works for me.


Martin

RE: constantcontact.com

[rich...@buzzhost.co.uk]

On Fri, 2009-07-03 at 10:14 -0700, John Hardin wrote:
> On Fri, 3 Jul 2009, Randal, Phil wrote:
> 
> > From http://www.constantcontact.com/pricing/index.jsp , they say:
> >
> >  "Monthly fee is based on the number of contacts in your email list"
> >
> > There's an immediate conflict of interest - if they want to keep their
> > income high, they're going to encourage customers with large mailing
> > lists, regardless of the sources of those lists.
> 
> ...and regardless of how many of those addresses always get 5xx responses.
> 
> If it's that much of an annoyance, set up a tarpit for them. I don't have 
> any ethical problem doing this for a bulk mailer that repeatedly ignores a 
> 5xx that says "I will never accept any mail from you".
> 
I've just had a look through the Barracuda 'Whitelist' - allow me to
share a small part of it;

consolenergy.com
consolidatedpapers.com
consortaart.com
consortia.org.il
conspiracy-theory.org
constablevillevillage.us
constantcontact.com
constantinevillage.us
constellation.com
constellationenergy.com
constitution.us
constitutionstate.us
constructatlanta.com

Seems white listing constantcontact is the done thing then.

As it's the 4th of July tomorrow (American Independence Day) I'm half
thinking that I should liberate the whitelist and all the Barracuda
'Custom' rules and 'give back to the open source community'. I'll sleep
on it. I'm due a spell in prison. A few more months won't hurt.

RE: Freelotto.com

[RobertH]

 

> 
> If you've got any proof of spam from any BSP_TRUSTED IP, 
> please report it to senderscorecertified@abuse.net or via 
> the web form at http://www.returnpath.net/support/ and our 
> compliance team will take appropriate action.  Thanks!
> 
> --
> J.D. Falk
> Return Path Inc

shouldnt you folks know that your customers are spamming before we do?

then you could spank a lil hiney

or at least charge them a lot more for abusing your services  ;-)

maybe it isnt the smartest idea in the world, yet shouldnt your types of
companies have several "stealth" email addresses on yourt customers lists
that get email from them just like everyone else that is getting spammed?

and then actually have eyeballs on your clients workings ???

if you cannot be trusted to do a really good job, then MS is right and the
rules pertaning to your customers email should be made positive or at least
removed from SA

 - rh

Independence Day - Barracuda SA Rules & White List

[rich...@buzzhost.co.uk]

These links are provided in the spirit of Barracuda Networks 'Let's just
help ourselves to the work of others' as an Independence Day 'Liberate
The Rules' gift.

It's not all of them - but the bulk of them. The full 'static' whitelist
is also provided. These may be of interest to other SpamAssassin users
for study.

Not sure how long they will be there but take whilst you can. Happy
Independence Day :-)

WHITELIST:
http://62.233.82.168/docs/cudawhitelist.txt.tar.gz

RULES (.cf)
http://62.233.82.168/docs/cudarules.tar.gz

COMPILED
http://62.233.82.168/docs/cudarules_compiled.tar.gz

Coming soon - the 'make your own Barracuda' kit :-) 

Re: Independence Day - Barracuda SA Rules & White List

[Dave Pooser]

I'm no great fan of Barracuda, but is publishing proprietary information
from companies who wish to keep their data public really within the purpose
of the list? I'm not comparing Rob McEwen to Barracuda -- for one thing, I
think Rob has a far better understanding of spamfighting, and for another I
like Rob despite his sadly misguided politics :^) -- but as an ethical
matter I would think it somewhere between contemptible and pathetic to
republish his list data without consent. But if we're going to respect one
individual's right to his own work and the (probably all-too-limited)
profits thereof, I think we have to respect the right of others to their own
work, even if we don't like the corporation in question very much.

Just my $.02.

(PS: Richard, I am reliably informed by the folks at
 that people with a .uk address celebrate 4 July
as Ungratefulness Day. I assume you gave the holiday a different name to
clarify for those of us on the wrong side of the pond?)
-- 
Dave Pooser
Cat-Herder-in-Chief, Pooserville.com
"...Life is not a journey to the grave with the intention of arriving
safely in one pretty and well-preserved piece, but to slide across the
finish line broadside, thoroughly used up, worn out, leaking oil, and
shouting GERONIMO!!!" -- Bill McKenna

Re: buzzhost.co.uk was: Re: constantcontact.com

[Res]

On Fri, 3 Jul 2009, Benny Pedersen wrote:



On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:

folowup:

v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all

in dns

v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
localhost. IN TXT "v=spf1 a -all"
mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
spam2.spamology.co.uk. IN TXT "v=spf1 a -all"


well its your domain your problem  to add this to dns, not my problem



Why are people still using the outdated and no longer recommended 
domain TXT method?


The RR type SPF was ratified some time ago. If an OS uses an antiquated 
resolver that does not know about the SPF RR, that too is the operators 
problem, no one elses.



--
Res

-Beware of programmers who carry screwdrivers

Extending XBL to all untrusted

[RW]

I think it might be worth having 2 XBL tests, a high scoring test on
last-external and a lower-scoring test that goes back through the
untrusted headers.

I understand that Spamhaus doesn't recommend this, because dynamic IP
addresses can be reassigned from a spambot to another user, but I added
my own rule it does seem to work. In my mail it hits about 9% of my
spam, with zero false-positives. I suspect that part of this is down to
UK dynamic addresses being very sticky, but I ran my mailing lists
through SA for a few weeks and got 3 FPs out of ~2400. 

I think it's probably worth a point or so, and essentially it's free
- all of the zen lookups get done for SBL.

Re: Independence Day - Barracuda SA Rules & White List

[Rob McEwen]

Dave Pooser wrote:
> I like Rob despite his sadly misguided politics :^)

Being the 4th of July holiday, I should proudly point out that my
politics are much closer to those of Washington, Madison, Jefferson,
...even that "populist" Andrew Jackson, etc... and the documents they
authored, which secured our freedom and liberty... in comparison to what
the average American today is (unfortunately) brainwashed to believe by
their Government-run schools and Universities.

-- 
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com

Re: AE_MEDS35 does not more work...

[Michelle Konzack]

Hello,

In a maill which hit the score I see this:

[ STDIN ]---
Spam detection software, running on the system "vserver1.tamay-dogan.net", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Profile of aa sexually Dull Peerson www. gen65. net. Hohusefly
   Geets Laser Glasses [...]

Content analysis details:   (4.5 points, 4.5 required)

 pts rule name  description
 -- --
-1.0 RCVD_IN_DNSWL_LOW  RBL: Sender listed at http://www.dnswl.org/, low
trust
[70.103.162.29 listed in list.dnswl.org]
 0.6 RCVD_IN_SORBS_WEB  RBL: SORBS: sender is a abuseable web server
[87.24.43.52 listed in dnsbl.sorbs.net]
 6.0 AE_MEDS35  BODY: obfuscated domain seen in spam
-1.1 BAYES_05   BODY: Bayesian spam probability is 1 to 5%
[score: 0.0466]


and this sound not realy funny to me...

I had to set score for AE_MEDS35 to 6.0 because the RCVD_IN_DNSWL_LOW
but the BAYES_05 sounds weird...

However, less then 1% of the new spam go into my box, because I  have  a
procmail recipe which catch special words in the subject...

[michelle.konz...@samba3:~] ls 
/Maildirs/michelle.konzack/Maildir/.ATTENTION.2009-27.BTS_debian.FLT_subject/cur/*
 |wc -l
37155

:-P

Hehe, no one should tell me something about Viigra, Cialiis, better  sex
or PE in the subject line.

My sexe is hermaphrodite and they can not beat it.  :-D

Have nice night (I don't, because we have currently 34.5°C here  and  in
the last 6 hours I was 3 times under the shower)
 
Thanks, Greetings and nice Day/Evening
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant

-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
# Debian GNU/Linux Consultant #
 Michelle Konzack
   c/o Vertriebsp. KabelBW
   Blumenstrasse 2
Jabber linux4miche...@jabber.ccc.de   77694 Kehl/Germany
IRC #Debian (irc.icq.com) Tel. DE: +49 177 9351947
ICQ #328449886Tel. FR: +33  6  61925193


signature.pgp
Description: Digital signature

perms problems galore

[Gene Heskett]

Greetings all;

I _thought_ I had sa-update running ok, but it seemed that the effectiveness 
was stagnant, so I found the cron entry that was running as-update & 
discovered a syntax error there, which when I fixed it, disclosed that I had 
all sorts of perms problems that I don't seem to be able to fix readily.

sa-update is being run as the user saupdate, which is a member of the group 
mail.  I have made the whole /var/lib/spamassassin/keys tree an saupdate:mail, 
with very limited rights as in:
drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys

But sa-update appears not to have perms to access or create gpg keys there.
--
[r...@coyote init.d]# su saupdate -c "/usr/bin/sa-update --gpghomedir 
/var/lib/spamassassin/keys"
gpg: failed to create temporary file 
`/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955': Permission 
denied
--
What do I need to open that up to?

Thanks.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


Mathematics is the only science where one never knows what 
one is talking about nor whether what is said is true.
-- Russell

Re: perms problems galore

[Matt Kettler]

Gene Heskett wrote:
> Greetings all;
>
> I _thought_ I had sa-update running ok, but it seemed that the effectiveness 
> was stagnant, so I found the cron entry that was running as-update & 
> discovered a syntax error there, which when I fixed it, disclosed that I had 
> all sorts of perms problems that I don't seem to be able to fix readily.
>
> sa-update is being run as the user saupdate, which is a member of the group 
> mail.  I have made the whole /var/lib/spamassassin/keys tree an 
> saupdate:mail, 
> with very limited rights as in:
> drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys
>
> But sa-update appears not to have perms to access or create gpg keys there.
> --
> [r...@coyote init.d]# su saupdate -c "/usr/bin/sa-update --gpghomedir 
> /var/lib/spamassassin/keys"
> gpg: failed to create temporary file 
> `/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955': 
> Permission 
> denied
> --
> What do I need to open that up to?
>
> Thanks.
>   
In order to be able to create files, you need the X permission on a
directory.

That said, why give the saupdate user the ability to add keys at all?
Import them as root and only give the saupdate user read access.

 

Re: perms problems galore

[Gene Heskett]

On Friday 03 July 2009, Matt Kettler wrote:
>Gene Heskett wrote:
>> Greetings all;
>>
>> I _thought_ I had sa-update running ok, but it seemed that the
>> effectiveness was stagnant, so I found the cron entry that was running
>> as-update & discovered a syntax error there, which when I fixed it,
>> disclosed that I had all sorts of perms problems that I don't seem to be
>> able to fix readily.
>>
>> sa-update is being run as the user saupdate, which is a member of the
>> group mail.  I have made the whole /var/lib/spamassassin/keys tree an
>> saupdate:mail, with very limited rights as in:
>> drw--- 2 saupdate mail 4096 2008-12-19 16:05 keys
>>
>> But sa-update appears not to have perms to access or create gpg keys
>> there. --
>> [r...@coyote init.d]# su saupdate -c "/usr/bin/sa-update --gpghomedir
>> /var/lib/spamassassin/keys"
>> gpg: failed to create temporary file
>> `/var/lib/spamassassin/keys/.#lk0xb9bfb8a8.coyote.coyote.den.8955':
>> Permission denied
>> --
>> What do I need to open that up to?
>>
>> Thanks.
>
>In order to be able to create files, you need the X permission on a
>directory.

Ok, I'll fix that, thanks.

>That said, why give the saupdate user the ability to add keys at all?
>Import them as root and only give the saupdate user read access.

Basically, since I run myself as root, I was trying to reduce the exposure.
All the rest of the routine mail handling here is by unpriviledged users.  And 
it is all behind a dd-wrt firewall with NAT.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
The NRA is offering FREE Associate memberships to anyone who wants them.


Accuracy, n.:
The vice of being right

Re: perms problems galore

[Matt Kettler]

Gene Heskett wrote:
>
> Ok, I'll fix that, thanks.
>
>   
>> That said, why give the saupdate user the ability to add keys at all?
>> Import them as root and only give the saupdate user read access.
>> 
>
> Basically, since I run myself as root, I was trying to reduce the exposure.
> All the rest of the routine mail handling here is by unpriviledged users.  
> And 
> it is all behind a dd-wrt firewall with NAT.
>
>   
True, but installing keys isn't something that should be routine. This
should only be possible manually. i.e.: sa-update does not need to
create or write to the key file to perform an update.

If you're concerned about exposure, it's really best that your automatic
saupdate user not have rights over the key file, it doesn't need it.

Re: buzzhost.co.uk was: Re: constantcontact.com

[rich...@buzzhost.co.uk]

On Sat, 2009-07-04 at 07:29 +1000, Res wrote:
> On Fri, 3 Jul 2009, Benny Pedersen wrote:
> 
> >
> > On Fri, July 3, 2009 15:13, rich...@buzzhost.co.uk wrote:
> >
> > folowup:
> >
> > v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> >
> > in dns
> >
> > v=spf1 ip4:62.233.82.168 ip4:82.70.24.238 mx ~all
> > localhost. IN TXT "v=spf1 a -all"
> > mail1.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> > mail2.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> > mail3.buzzhost.co.uk. IN TXT "v=spf1 a -all"
> > smtp.spamsandwich.co.uk. IN TXT "v=spf1 a -all"
> > spam2.spamology.co.uk. IN TXT "v=spf1 a -all"
> >
> >
> > well its your domain your problem  to add this to dns, not my problem
> >
> 
> Why are people still using the outdated and no longer recommended 
> domain TXT method?
> 
> The RR type SPF was ratified some time ago. If an OS uses an antiquated 
> resolver that does not know about the SPF RR, that too is the operators 
> problem, no one elses.
> 
> 
The domain concerned is one of around 800 used to harvest spam. They are
spread across hosts and are predominantly for incoming mail. Some have
'spoof' websites and forums - in fact I think buzzhost has some telecom
wiring stuff thrown together. The non working forums and comments boards
are a great way to harvest information about another kind of spam - web
'forum' spam. You often get to see links posted in forums before they
appear in emails.

This is why I really don't care about the broken DNS. It does not matter
as they are, mostly, not outgoing MX's. Sure - Benny seems to get a
little excited about it - but I'm not really that bothered. Apart from
the SPF there are some other great howlers in there too. Like lowest
priority pointing to localhost - that always makes me giggle when I
think of those 'lowest priority' bots trying to effectively connect to
themselves.

As for the RR for SPF, yep. I'm aware of that too. I have found -
however - that lots of small businesses don't even have SPF let alone
PTR and getting them to use RR TXT for spf is hard enough, let alone RR
SPF. An easy way to fix this is to block everything without a valid SPF
record, but in the real world I don't see lots of mail admins doing it.
As an aside to this my time at Barracuda gave me some concerns about the
DNS load of SPF. Whilst it may be specific to their flaky 'BSMTP' proxy
MTA implementation, activating SPF checks on their units will slowly
kill the unit until it crashes and the mail backs up. Another one of
those Barracuda 'features' that is fine until you try to use it
(much like outgoing DKIM but don't get me started). So, taking things on
Balance SPF is a great idea - but compliance is patchy. Even Benny's
"You don't have SPF so I'm blocking you" was clearly b/s when I tried it
with other MX's with no SPF. Nothing more than a kiddy rule set-up
FWICS. 

Hopefully this answers any questions raised about 'buzzhost'. I can't
see why there is that much interest, but I'm flattered. Benny - if you
want to get in my pants darling, I don't play hard to get. Buy me a
drink and give me a kiss and I'm all yours.