Re: List of legit mass mailers

2017-03-07 Thread David Jones 
>From: Miles Fidelman 
>Sent: Tuesday, March 7, 2017 3:36 PM
>To: users@spamassassin.apache.org
>Subject: Re: List of legit mass mailers
  
>One might opine that there can be no such thing.  Mass mailings are almost 
>always
>spam - except when distributed by an organization to its own customers or 
>members. 

I don't want to start a huge debate over the definition of spam but there is a 
distinct
difference between spam and UCE primarily due to how it should be handled.  If 
your
SA environment is only filtering a single or a few mailboxes, you can get away 
with
treating spam and UCE the same so I am not talking about small SA instances.  
In a
large SA instance of more than a few hundred mailboxes spam and UCE should be
handled differently.
Spam = malicious email intended to trick the recipient into do something bad.  
This
includes viruses, malware, phishing, Nigerian scams, British lotteries, etc.
UCE = unsolicited commercial email.   This can be something the recipient did
(possibly accidentally) or didn't sign up for.  UCE can come from trustworthy 
senders
which can be safelisted with whitelist_auth.

I think what we are trying to target is the trustworthy commercial senders like
paypal.com, ebay.com which are in the def_whitelist_from_dkim and
def_whitelist_spf and work well in SA with shortcircuiting enabled.

I have extended my list of SA whitelist_* entries to about 4,000 and it is 
working
very well.  I let trusted senders with valid opt-out processing through to the 
end
user so they can decide for themselves to unsubscribe or continue receiving it.
The trick is finding the pattern of trusted sender characteristics which I 
think I
have.

Dave

Re: List of legit mass mailers

2017-03-07 Thread Miles Fidelman 
One might opine that there can be no such thing.  Mass mailings are 
almost always spam - except when distributed by an organization to its 
own customers or members.


Yes, there are mass mailers who distribute for multiple organizations - 
e.g., hosting services - but generally they deliver spam as well as 
legitimate mail.


On the other hand, private email lists are almost never going to make it 
onto such a lists.


Miles Fidelman

On Mon, Mar 6, 2017 at 1:22 PM, Marc Perkel 
> wrote:


Just wondering if anyone has - or in interested in - a list of
legit mass mailing sources?

There are many domains that remail/deliver for other domains that
are 95%+ good email. And they are not perfect and sometimes they
get scammed but are mostly good.

Just wondering if anyone has a list - or is interested in me
producing such a list?

-- 
Marc Perkel - Sales/Support

supp...@junkemailfilter.com 
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400 




--
In theory, there is no difference between theory and practice.
In practice, there is.   Yogi Berra

Re: New whitelisting trick using from and spf

2017-03-07 Thread RW 
On Tue, 7 Mar 2017 09:12:00 -0500
Dianne Skoll wrote:

 
> SPF chose to use envelope sender not because it's more reliable, but
> (I suspect) so as not to break mailing lists.

More likely because the original intent was to reject as early as
possible.

Re: List of legit mass mailers

2017-03-07 Thread Matt Vernhout 
As a starting point you could look at the M3AAWG membership (
https://www.m3aawg.org/about/roster). As they have a vetting criteria and
standard that members need to meet/maintain.

Other organizations that may be good to look at could include ECO.de
(Certified Sender Alliance), or other similar organizations...

Matt

On Mon, Mar 6, 2017 at 1:22 PM, Marc Perkel 
wrote:

> Just wondering if anyone has - or in interested in - a list of legit mass
> mailing sources?
>
> There are many domains that remail/deliver for other domains that are 95%+
> good email. And they are not perfect and sometimes they get scammed but are
> mostly good.
>
> Just wondering if anyone has a list - or is interested in me producing
> such a list?
>
> --
> Marc Perkel - Sales/Support
> supp...@junkemailfilter.com
> http://www.junkemailfilter.com
> Junk Email Filter dot com
> 415-992-3400
>
>

seek-phrases-in-log - does it work correctly?

2017-03-07 Thread mar...@mejor.pl 
Hi!
I'm trying to use
masses/rule-dev/seek-phrases-in-log --reqpatlength 

I'm not sure if it works correctly, please look:
$ /home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log --ham 
/home/masscheck/auto/tmp/all_w.h --spam /home/masscheck/auto/tmp/all_w.s 
--rules --ruleprefix __SEEK_FRAUD_ --reqpatlength 0
Tue Mar  7 15:28:32 2017: reading /home/masscheck/auto/tmp/all_w.s...
Tue Mar  7 15:28:32 2017: n-grams active: 637
Tue Mar  7 15:28:32 2017: reading /home/masscheck/auto/tmp/all_w.h...
Tue Mar  7 15:28:32 2017: n-grams active: 626
Tue Mar  7 15:28:32 2017: filtering into message subsets...
Tue Mar  7 15:28:32 2017: message subsets found: 10
Tue Mar  7 15:28:32 2017: deduping and assembling regexps...
Tue Mar  7 15:28:32 2017: working on message subset 1 (0)...
#  1.000  73.333   0.000
body __SEEK_FRAUD_8PS1M3  / interested in /
body __SEEK_FRAUD_VMFZAX  / looking for /
#  1.000  66.667   0.000
body __SEEK_FRAUD_MUS7GX  /Dear /
body __SEEK_FRAUD_Y2S6AV  /My name is .{0,20}, I am the personnel manager of a 
large International company\. Most of the work you can do from home, that is, 
at a distance\. Salary is \$2.00-\$5.00\./
#  1.000  40.000   0.000
body __SEEK_FRAUD_KPQM4S  /Re: /
#  1.000  26.667   0.000
body __SEEK_FRAUD_U38RDU  /Best regards\!/
#  1.000  26.667   0.000
body __SEEK_FRAUD_P9TXHY  /Good day/
#  1.000  20.000   0.000
body __SEEK_FRAUD_GDWWR6  /Have a nice day\!/
#  1.000  13.333   0.000
body __SEEK_FRAUD_LN5SMR  /hi\!/


but:

$ /home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log --ham 
/home/masscheck/auto/tmp/all_w.h --spam /home/masscheck/auto/tmp/all_w.s 
--rules --ruleprefix __SEEK_FRAUD_ --reqpatlength 1
Tue Mar  7 15:32:14 2017: reading /home/masscheck/auto/tmp/all_w.s...
Tue Mar  7 15:32:14 2017: n-grams active: 637
Tue Mar  7 15:32:14 2017: reading /home/masscheck/auto/tmp/all_w.h...
Tue Mar  7 15:32:14 2017: n-grams active: 626
Tue Mar  7 15:32:14 2017: filtering into message subsets...
Tue Mar  7 15:32:14 2017: message subsets found: 10
Tue Mar  7 15:32:14 2017: deduping and assembling regexps...
Tue Mar  7 15:32:14 2017: working on message subset 1 (0)...
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.
Use of uninitialized value in numeric lt (<) at 
/home/masscheck/spamassassin-trunk//masses/rule-dev/seek-phrases-in-log line 
675.


perl-5.22.3

Marcin

Re: Yahoo - Can't figure out a server is down?

2017-03-07 Thread @lbutlr 
On 2017-03-06 (04:38 MST), Reindl Harald  wrote:
> 
> Am 06.03.2017 um 12:35 schrieb @lbutlr:
>> On 2017-03-04 (23:32 MST), Rob Gunther  wrote:
>>> 
>>> In the last few weeks we are finding that SOME (but not all) of Yahoo's 
>>> outbound servers are not dealing with this correctly.
>> 
>> This may not work for you, but I solved all my yahoo problems by simply 
>> blocking their servers with a nice message about over a billion accounts 
>> being leaked.
>> 
>> But yahoo was less than 1% of my traffic (and most of that was spam or at 
>> least unwanted email). The only things I get “from” Yahoo anymore are list 
>> messages.
> 
> fine for a server hosting email for you, your wife and your dog but not for 
> anybody else on the server for your wife and dog you could even reject 
> anything which is not whitelisted to start with...

I have a few more accounts than that, but yes, as I said, “this might not work 
for you.”

I blacklisted Roadrunner about 20 years ago and they are still blocked. I’m not 
sure roadrunner still exists, but I haven’t seen them hit the block in years (I 
do see them hit the RBLs, so either they exist and are still spam-friendly or 
they are used as fake helo’s by spammers, I haven’t looked into it.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: New whitelisting trick using from and spf

2017-03-07 Thread Dianne Skoll 
On Tue, 7 Mar 2017 00:04:59 +
David Jones  wrote:

> >Er... well.  The envelope-from is not any more trustworthy than
> >the header From:.  But it *is* the thing the SPF spec say to check,
> >and *not* the header From:.

> It should be way more trustworthy since it is where bounces go.

You assume that someone who is willing to forge a sender address
(whether envelope or header) is going to be fastidious about receiving
bounces? :)

> Many MTAs can do DNS checks (make sure it exists in DNS) plus
> DBL checks against the envelope domain.  Regular user mailboxes
> where compromised accounts come from usually don't/can't spoof
> the envelope-from.  It's definitely more reliable which is why the
> SPF spec chose to use it.

No, that's not true.  It's no more "reliable" than anything else.  In
fact, in the entire SMTP transaction, there's only one set of email
addresses that are reliable, and those are the RCPT To: addresses.

SPF chose to use envelope sender not because it's more reliable, but
(I suspect) so as not to break mailing lists.

Anyway: We see millions of spams per day.  Tons of them have spoofed
envelope sender addresses and tons have spoofed From: header addresses.

Regards,

Dianne.

Re: List of legit mass mailers

2017-03-07 Thread Pedro David Marco 

of course that would be very interesting!

---Pedro.


Just wondering if anyone has - or in interested in - a list of legit 
mass mailing sources?

There are many domains that remail/deliver for other domains that are 
95%+ good email. And they are not perfect and sometimes they get scammed 
but are mostly good.

Just wondering if anyone has a list - or is interested in me producing 
such a list?