Re: URIBL_SBL_A - Spamhaus false positive..
Hello Riccardo, On Thursday, January 23, 2020, 7:53:18 AM, Riccardo Alfieri wrote: RA> if you would care to forward me offlist a complete sample that triggers RA> the FPs I'll be happy to investigate FWIW, these very messages to the SA list this morning mentioning this domain triggered for me as well, e.g.: X-Spam-Report: * -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high * trust * [207.244.88.153 listed in list.dnswl.org] * 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL * blocklist * [URIs: fluent.ltd.uk] * 1.6 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL * blocklist * [URIs: fluent.ltd.uk] -- Best regards, Robert Braver rbra...@ohww.norman.ok.us
Re: which free RBL do you use?
On Friday, November 27, 2009, 11:08:23 AM, Allen Chen wrote: AC> Thanks for all the replies. yes, RBL, I mean DNSBL. Also I heard AC> that configuring DNSBL in sendmail is better than in AC> spammassassin. because this can release some loads on AC> spamassassin. Am I right? For some DNSBLs, yes. For others, you want to allow SpamAssassin to score them. As long as you are bypassing DNSBL checks for authenticated clients, you can safely block everything at SMTP session level with ZEN. In turn, I disable the Spamhaus ZEN checks in SA, as there's no point in querying ZEN twice when everything that shows up there is bloked before it gets to SA. AC> Next, I'm going to upgrade spamassassin to 3.2.5 and try to AC> configure sendmail to check DNSBL. I will try bl.spamcop.net AC> first in sendmail. Your inputs are welcome. I'm looking for some AC> free DNSBLs. We are non-profit organization and don't have too AC> much email traffic. Your organization should be free to use the Spamhaus DNSBLs at no charge. I personally do not block on bl.spamcop.net, but it does add a score of 2.0 in SA. -- Best regards, Robert Braver rbra...@ohww.norman.ok.us
Re: which free RBL do you use?
On Thursday, November 26, 2009, 4:12:57 PM, Allen Chen wrote: AC> I didn't touch my spamassassin server for almost one year. It's AC> still running and filtering spam without any problems. But I AC> think things are changed a lot. I'm using 3.2.4. So I am asking AC> which free RBLs you guys are still using. While it's not free for larger volume/commercial use, Spamhaus ZEN (which includes the SBL, XBL, PBL, and now CSS DNSBLs) has been invaluable here. I've always scored on ZEN, but recently I began moving clients to a newer server where I am enforcing SMTP authentication. As a result, I am now able to block based on PBL listings. This alone has blocked about 80% of the spam outright at the SMTP session level that was previously coming in and then being filtered by SpamAssassin as well as ClamAV. -- Best regards, Robert Braver rbra...@ohww.norman.ok.us
Re: Constant Contact
On Friday, October 16, 2009, 11:49:43 AM, Adam Katz wrote: AK> After some web searches, I decided to use the unsubscribe feature, but AK> apparently I needed to unsubscribe every email address with every AK> company that uses constantcontact.com. To me, this means it is quite AK> clear that Constant Contact's anti-spam policy is improperly enforced AK> at best and flagrantly ignored at worst. FWIW - I have had two experiences with CC customers apparently not playing by the rules. One was a new hotel/conference center that was just built earlier this year. At that time, they helped themselves to the email addresses in the Chamber of Commerce directory and commenced mailing through CC. I complained, and was informed that they were suspended for the ToS violation, and I received no further mail from them. More recently, a political candidate for Governor (who I supported for Lt. Gov. last go around and may very well support for Gov. - BUT I'm reasonably sure I did not sign up on her mailing list) started mailing me - and there's been a lot of e-pending of voter registration lists going on. I was informed that they told CC that all of their lists are legit sign-ups from their web site. Even though I told CC that I'm not 100% sure I didn't sign up (but 95% sure) they are suspended pending further investigation. So in sum, they seem to be very sensitive to abusers causing problems for them (as well as their legitimate users.) I grepped my mail logs and found that my wife and I are among many other users on my system that receive legitimate, desired mail that is delivered through CC. -- Best regards, Robert Braver rbra...@ohww.norman.ok.us
Re: New spamhaus list not included
On Sunday, October 4, 2009, 1:55:55 PM, RW wrote: R> Right, although I doubt this list is going to be much use for R> SpamAssassin. With zen being so popular, I think everything that can R> be caught with it will get caught at the smtp level . With SBL you get R> additional deep hits from spammers hiding behind open-relays and other R> exploited servers, but that seems unlikely with CSS. Zen includes the SBL. The SBL includes CSS. If you are blocking at the SMTP level using Zen, there is no point in doing additional lookups in SA. -- Best regards, Robert Braver rbra...@ohww.norman.ok.us
Re: I hate Spam Assassin, don't know how it got on my computer and desperately need to get rid of it
On Monday, October 27, 2008, 4:54:56 PM, Rev. Corbie Mitleid wrote: ccn> 75% of my mail one on one to clients is getting blocked...I keep ccn> having to back-door mail through an online mail service which means I ccn> can't access items I need easily...please, please, how do I remove ccn> it? I didn't ask for it, I don't want it and my clients are furious ccn> at what looks like my lack of response...when I wrote to J Mason he ccn> said it was my ISP, and their tech people say it definitely is not. More information would be helpful. We are all not psychic as you profess to be. If a large portion of your recipients, presumably at a variety of destinations, are not getting your emails, this indicates that the common denominator as to the problem is on your end. Either there is a problem with the reputation of your sending machine or ISP, you are sending directly from a dynamic IP, and/or there are problems with the content of your email that appear "spammy" for some reason. ccn> FIRE THROUGH SPIRIT ccn> www.firethroughspirit.com What do your psychic abilities tell you about the source of the problem? If you hit a wall with that, (as you apparently are since you're posting here with obvious frustration), finding some examples of messages that got sent to a recipient's spam folder by Spamassassin may be helpful, as the headers will often indicate the rules that were triggered. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[2]: How to block the bat!
Hello Payne, On Wednesday, October 17, 2007, 9:43:25 PM, you wrote: c> spam I am using is coming from the mail program. c> http://www.ritlabs.com/en/products/thebat/ Just to be clear, I doubt highly that the spam you are seeing is coming from an actual copy of The Bat. Spamassassin will tag and score messages that claim to be from the Bat that it can tell isn't really (just as is does for obviously false Outlook x-mailer headers). The only problem is that this rule falsely fires sometimes on messages that have been relayed through a mailing list. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re: How to block the bat!
Hello Payne, On Wednesday, October 17, 2007, 9:08:53 PM, you wrote: c> I am getting a lot mail which I know is from a mail program use by c> spammers, called the bat. This comes up on the list from time to time. No, The Bat is a legitimate email client (such as Outlook and Eudora) which, like Outlook and Eudora, is often falsely inserted into the headers by spamware. I first thought that The Bat was spamware when I first saw it in spam headers. I quickly found out that it was not, and after looking into it further, found it to be the Windows email client that I dislike the least. I've been using it now for over 5 years. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[2]: Real fix for stock spams - pick up a pen
On Thursday, November 16, 2006, 8:00:09 PM, Michael Scheidell wrote: MS> It was $500, and the law changed to make it impossible to collect MS> anymore. MS> Before, it was a 'first strike' and you owe $500. Now you have to 'opt MS> out' (they can still send you one) Opt-out applies only if there is an existing business relationship with the recipient, and several other requirements are met. The rules haven't changed w/r/t typical junk faxes... you can(and indeed we are) nailing them for the first fax, last fax, and every fax in between. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re: About the SpamHaus lawsuit?
On Monday, October 23, 2006, 7:52:56 PM, Marc Perkel wrote: MP> The judge should have raised the issue sua sponte. (of his own motion) While the court can decide, sua sponta, that it doesn't have subject matter jurisdiction, I don't believe it can do that with regards to personal jurisdiction (unless, perhaps, the pleadings were blatantly defective). The Plaintiff did plead (alleged) facts that would tend to support personal jurisdiction over the defendant - the defendant did not refute those facts (if I missed something in the record of the case, please correct me) and, once again, the defendant deliberately allowed judgment to be taken against it. Harping on the court for following the law and because the outcome of the case is exactly what the defendant deliberately allowed to happen is non-sensical. MP> Does anyone have the address of the court? I might write the judge a MP> letter myself. It is trivial to look it up on Google or follow the link to the court's web site from www.uscourts.gov. However, I'd respectfully suggest you don't embarrass yourself. You have no standing in the matter, any such letters would be afforded absolutely no consideration, which is as it should be. Your letter would, at best, simply be sent back to you with a note from the clerk explaining this. As I've explained before, I've been on the receiving end of retaliatory lawsuits and counter-claims from the bad guys (telemarketers, junk faxers and spammers), and am clearly sympathetic to Spamhaus' plight here. However, there is nothing I can see in the record to fault the court on in this case. Spamhaus apparently intends to appeal, so we'll just have to see what issues are raised. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re: R: R: Re[4]: Any comments of the SpamHaus lawsuit?
On Monday, October 23, 2006, 7:07:43 PM, Giampaolo Tomassoni wrote: GT> I would have much more preferred a statement like: 'we can't GT> handle this case since it crosses U.S. borders', but GT> anyway... Me too, but because Spamhaus did not ask that the case be dismissed for lack of personal jurisdiction, that was not an issue that the court had an opportunity to decide. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re: R: Re[4]: Any comments of the SpamHaus lawsuit?
On Monday, October 23, 2006, 5:11:43 PM, Giampaolo Tomassoni wrote: GT> That's not so good, whether confirmed: it would mean that the GT> court recognized that Spamhaus is actually running some GT> unlawful ... No, it only means that Spamhaus abandoned the case and allowed a default judgment and injunction to be entered against it. A default judgment is not a determination on the merits. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[4]: Any comments of the SpamHaus lawsuit?
On Sunday, October 15, 2006, 5:21:38 PM, R Lists06 wrote: >> Blame the plaintiffs, blame what some might consider to be >> less-than-stellar legal advice given Spamhaus, but don't blame the >> court for following the law. >> >> -- >> Best regards, >> Robert Braver RL> Why blame the plaintiffs? The plaintiffs are the parties who filed the lawsuit against Spamhaus. I'm not familiar with the merits of their case, nor was there ever a determination on the merits in this case. Spamhaus walked away from the proceedings, allowing a default judgement to be entered against it. However, Spamhaus has a great deal of credibility as far as I'm concerned, and I have been hauled to court more than once by vindictive "electronic marketing entrepreneurs" making similar claims, so I tend to take it on faith that Spamhaus was publishing accurate information, and therefore the plaintiff's case had no merit. RL> Fortunately or unfortunately as the case may be, law is subject to RL> interpretation based upon precedent, or lack thereof. RL> As is authority and jurisdiction. RL> Plus, people are fallible, make mistakes. Judges too. RL> Then what? Huh? -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[2]: Any comments of the SpamHaus lawsuit?
On Wednesday, October 11, 2006, 1:16:18 AM, hamann.w wrote: hwtod> As a non-american, I can see this as a "vote with your feet" hwtod> case stop buying US products I'm squarely on the side of Spamhaus and sensitive to these issues, as I myself have been sued by a ROKSO-listed spa^H^H^H electronic marketing entrepreneur, in a foreign jurisdiction (California) and had to move to dismiss for lack of personal jurisdiction, which I was successful in doing. Blaming the court, the U.S., or the U.S. legal system is completely unwarranted. From what I have seen from news articles, public discussion, and the documents filed in the case itself, Spamhaus did not challenge personal jurisdiction. Spamhaus, after removing the case from state court to federal court and filing an answer, deliberately allowed a default judgment for damages and a permanent injunction to be taken against it, apparently under the theory that any such judgment would be unenforceable anyway. I'm not an expert on German law, but I suspect that if some spammer sued me in Germany, I'd have to take some affirmative steps to deal with that, lest I end up with a German judgment rendered against me. Blame the plaintiffs, blame what some might consider to be less-than-stellar legal advice given Spamhaus, but don't blame the court for following the law. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[2]: Suing Spammers
On Saturday, May 13, 2006, 7:40:25 PM, Bronto wrote: B> So a good rule of thumb is that since I'm legit, I follow CAN-SPAM. B> Real spammers have to contend with state laws too. I don't have all the facts as to this (theoretical?) situation, so I'll answer the long way. Under CAN-SPAM, legitimate senders of commercial email (e.g. sent with the express permission of the recipient) still have to conform to certain minimum standards, such as the inclusion of a physical mailing address, notification of option to decline to receive further messages, and honoring any such "unsubscribe" requests. While CAN-SPAM doesn't prohibit unsolicited commercial email, it doesn't legalize it either. Common-law claims are still available, and UCE is already pretty much universally prohibited and blocked/filtered by ISPs. If you're sending UCE and standing still (e.g. CAN-SPAM compliant), a large number of your recipients won't get your messages. In fact, CAN-SPAM requires UCE to include a conspicuous notice that the message is a commercial advertisement, (which could be used to score on for SA). What CAN-SPAM does do is provide specific civil remedies and criminal penalties for the standard fraudulent spammer tactics that are required to get around filters and avoid having their plug pulled right away. Fraudulent tactics such as forged headers, unauthorized use of relays/proxies, etc. are still actionable under state laws, other federal laws (such as the Computer Fraud and Abuse Act and RICO), as well as CAN-SPAM. Of course, anyone concerned about their obligations or remedies under CAN-SPAM or other relevant laws should consult a licensed attorney in their state. I'm not attempting to give legal advice to anyone - just perhaps a starting point for some questions for their attorney. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[2]: Suing Spammers
On Saturday, May 13, 2006, 4:55:48 PM, Bronto wrote: B> I thought CAN-SPAM preempted all state's laws.(?) CAN-SPAM does not preempt state laws to the extent that those laws deal with falsity and deception. Provisions relating to forged/missing/obfuscated headers, deceptive subject lines, etc., are in full force and effect. Many state laws allow for substantial statutory damages for such violations, usually to the service provider. Portions of state laws that would regulate otherwise non-fraudulent or deceptive commercial email, e.g. opt-in/opt-out, identification, etc. are preempted. In those areas, CAN-SPAM is the law of the land. -- Best regards, Robert Braver [EMAIL PROTECTED]
Re[2]: Suing Spammers
On Saturday, May 13, 2006, 8:46:46 AM, Rob McEwen wrote: RMPS> Add all this up and I'm quite sure that they had to be RMPS> violating that law in Georgia. I may have missed something - what would be violative of CAN-SPAM and/or Georgia law here? I'm a bit familiar with the GA law because, as having litigated several cases under CAN-SPAM and Oklahoma law, I was asked to review and comment on a draft of the GA law, and I don't see where you have indicated any violations. RMPS> But suppose I **could** prove that they were in violation of RMPS> that law in Georgia, would there be ANY financial motivation RMPS> or reward for me to sue them... (assuming that I won in RMPS> court)? Look at the law. What kind of statutory damages are you entitled to per violation and/or per day? How many violations/days do you have? Are attorney's fees recoverable? (I don't remember the details as to available damages, etc. - I was more concerned with other things in the draft legislation, and in any event never carfully reviewed the GA law as passed). RMPS> If not, I simply don't have the financial resources to put my RMPS> company and myself through such an ordeal. I would go out of RMPS> business for lack of focus on the things that I need to RMPS> concentrate on. It's an unfortunate reality that litigation - even if it's pretty clear cut and oyu're dealing with a slimebag violator who really needs to be stopped - can be costly and include risks. I recently pursued a case against a major spammer in federal court and won. I have a $10 million judgment, (which, along with a dollar, might get me a cup of coffee). I did get the court to issue an injunction, which was what made it worthwhile. However, not everybody is in a position to expend the time and resources to do something like this on principle. If you have a good case, good statutory damages, and a defendant that's a going concern or otherwise has assets, seek out an attorney or law firm willing to take the case on a contingency basis. -- Best regards, Robert Braver [EMAIL PROTECTED]