subject:"Barracuda \/ EmailReg.org protection racket\? \(OT, but help\?\)"

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-29 Thread Ted Mittelstaedt




On 6/29/2015 1:37 PM, jdow wrote:

Ted, there is one ISP who insisted on blocking all emails sent from my
system because the internal network is "odd". It's not
"localhost.localdomain" or whatever it was they were looking for. And it
appears on my email headers. They decided "wizardess.wiz" is an illegal
domain so the email from it should not be allowed. Unfortunately one of
my regular correspondents is on knology.net. So he complained enough and
they fixed it. Every once and awhile it kicks in again. (Note that I do
NOT run an MTA here. Email goes directly to dslextreme or earthlink from
here. Both were blocked at the same time. The only thing in common with
the two MTAs is the received from header from this machine I am on.)



I've seen the same thing.  Not with any of my servers but I have had
that happen over the years with customers running Exchange servers
behind scanning firewalls back when I was working for an ISP that did 
connectivity.  They would call us when their recipient's sysadmin 
started speculating that it was the sender ISPs (us) fault.  Naturally 
the recipient IT manager never assumed their own crap was to blame, that 
it was triggering off the internal pass between Exchange server and 
firewall.  I got so tired of explaining the problem I finally gave

up and when a customer would call I'd tell them I'd only fix it if
I could webex into their Exchange server console.  Then I'd fix it
in front of them while they watched so they would get a clue.  That
usually was right after they had gotten done explaining why it must
be our fault for not being able to route to the recipient's ISP or
some such rubbish.


There are any number of poorly thought out block lists. I rather
carefully consider their use here. At one point I got into a somewhat
heated email argument with Paul Vixie over his blocking my email
addresses because of what we now call "Joe Jobs". I made some
unfortunate conclusions about his being a total jerk despite his being
one of the bind utility's chief daddies. He did good work. He just had a
screwdriver and needed a hammer which was more than 20' out of his way
so he banged on the problem with his Jolly Green Giant size screwdriver
handle. (And I am jerk enough I'd still like to stick his screwdriver
blade up his nose after subduing him with my rolling-pin stereotype.)

Fortunately or unfortunately it is impossible in the US to make it
formally illegal to be a total jerk. So we will always have jerks to
deal with. Block lists seem to be run by people who devolve into being
total self-righteous jerks over time. Sadly we have to deal with
whatever we face.



And, for some reason the absolute worst offenders are the commercial 
blocklists.  It's not so much their dizzying methods to get delisted

as much as their faulty logic that lists you in the first place.

Governments also have to be right up there.  I had one time once where
City of Portland was running it's own DNS servers and had a number of
separate subdomains for various departments - and NONE of the subdomains
had MX records even though all of them had different mailservers 
accepting mail, and the users in the departments were using the 
subdomain email address instead of some global thing like 
u...@cityofportland.gov.  I had users wanting to mail to 
billy...@police.pdx.or.us or whatever they were using (I forget) and DNS 
showed no MX record for police.pdx.or.us


Later, the City "fixed" this (a couple years later) by creating MX 
records - except they were not consistent - not all of the city-run DNS

servers had them.

I had to just shortcut it in the mail
configuration to deliver straight to the IP addresses they used.
That configuration stayed in the server for almost a decade, in fact
I removed it last year just to see what would happen.  Nobody complained
so I guess the city must have finally fixed it.

I'm so glad to be out of the connectivity market these days.  I never
have to hear "I'm losing thousands of dollars because your service is
down" again.  It never ceases to amaze me how people will fall apart 
when the Internet connection is down.  Particularly when I can clearly

recall 25 years ago when I would tell people about the new Internet and
they would get that expression of "why would anyone want that"

Ted


{^_^} Joanne

On 2015-06-29 10:16, Ted Mittelstaedt wrote:


On 6/27/2015 4:02 AM, Noel Butler wrote:

Although what you describe is a "workaround", the key is to keep your
house in order so you don't get listed, especially if you have not
actually fixed up the problem,


Oh Noel, why are you giving me fish in a barrel to shoot?

OK, now that you put your foot in it, please elaborate on how a
"house is kept in order" that will protect it from idiots. This is
going to be fun!

Oh and don't forget to define the difference between chronic offenders
and just regular people who get nailed for no reason.

DNBSBL's are just like local sys admins,

they get tired of adding in /32's after /32's

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-29 Thread jdow

Ted, there is one ISP who insisted on blocking all emails sent from my system 
because the internal network is "odd". It's not "localhost.localdomain" or 
whatever it was they were looking for. And it appears on my email headers. They 
decided "wizardess.wiz" is an illegal domain so the email from it should not be 
allowed. Unfortunately one of my regular correspondents is on knology.net. So he 
complained enough and they fixed it. Every once and awhile it kicks in again. 
(Note that I do NOT run an MTA here. Email goes directly to dslextreme or 
earthlink from here. Both were blocked at the same time. The only thing in 
common with the two MTAs is the received from header from this machine I am on.)


There are any number of poorly thought out block lists. I rather carefully 
consider their use here. At one point I got into a somewhat heated email 
argument with Paul Vixie over his blocking my email addresses because of what we 
now call "Joe Jobs". I made some unfortunate conclusions about his being a total 
jerk despite his being one of the bind utility's chief daddies. He did good 
work. He just had a screwdriver and needed a hammer which was more than 20' out 
of his way so he banged on the problem with his Jolly Green Giant size 
screwdriver handle. (And I am jerk enough I'd still like to stick his 
screwdriver blade up his nose after subduing him with my rolling-pin stereotype.)


Fortunately or unfortunately it is impossible in the US to make it formally 
illegal to be a total jerk. So we will always have jerks to deal with. Block 
lists seem to be run by people who devolve into being total self-righteous jerks 
over time. Sadly we have to deal with whatever we face.


{^_^}   Joanne

On 2015-06-29 10:16, Ted Mittelstaedt wrote:


On 6/27/2015 4:02 AM, Noel Butler wrote:

Although what you describe is a "workaround", the key is to keep your
house in order so you don't get listed, especially if you have not
actually fixed up the problem,


Oh Noel, why are you giving me fish in a barrel to shoot?

OK, now that you put your foot in it, please elaborate on how a
"house is kept in order" that will protect it from idiots.  This is
going to be fun!

Oh and don't forget to define the difference between chronic offenders
and just regular people who get nailed for no reason.

  DNBSBL's are just like local sys admins,

they get tired of adding in /32's after /32's for the same @$#holes,
thats when the /32's get removed and /24's get added, it wont take too
long to end up blocking all of your ranges. In fact since you've made
public your stance, it is likely anyone blocking your IP range, and
discovering its your service, may decide to block all of your IP ranges
first off to avoid wack-a-mole games.



Did it ever, possibly, occur to you that my 'workaround' wouldn't work
if someone has a chronic problem?  Nor would it work if someone was just doing
it because they were too lazy to fix an open relay because
the backup IP would just instantly get RBLed again.

Why do you think I RECOMMENDED doing it?  Do you think that _I_ want to
get spammed by the OP if he doesn't know WTF he is doing?

The beauty of my suggestion is if the OP is just going to try doing
it because he doesn't want to clean up his setup, it won't work.

Get it, now?

That's precisely why anyone out there reading this who is running an RBL
is going to ignore "my stance" as you put it.

They know that if I can defeat their RBL by simply switching IP's then
their RBL has a problem.  Because, switching IPs is what snowshoe spammers do
every day and if they cannot block me switching an IP then
they cannot block them and their RBL isn't worth a bucket of hog slop.


Not many people I know have any faith in reputation services that try
"whitelist", but there are a tiny minority that apparently do, though
I've not known or in 25 years heard of, anyone getting blocked because
your using a new IP address on a system sending mail


Nor have I which is one of the primary reasons I thought that what
Reindl said about new IPs was a load of baloney.

  (why should we care

if its a new IP, or a 20yo IP - whats more of interest to us is how new
your "domain" is, who your registrar is, what your authoritative NS's
are, thats where we spam score you, backing off a bit as days and weeks
go by), I'd be more concerned for the users of such a wacky reputation
service than the fact they might block a new IP of mine or whosever.



Agreed.  Unfortunately, there ARE such wacky reputation service out there -
fortunately they are in the minority - and occasionally users will want to email
people who are using them and you have to know how
to get around those wacky services.

Ted


Given most medium and large networks use multiple servers for sending
customer mails, when the load balancers are showing the existing cluster
needs expanding, we add more into the cluster, so I cant see anyone
stupid enough to use a service blocking new IP's, if they do, they
deserve all th

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-29 Thread Ted Mittelstaedt



On 6/27/2015 4:02 AM, Noel Butler wrote:

Although what you describe is a "workaround", the key is to keep your
house in order so you don't get listed, especially if you have not
actually fixed up the problem,


Oh Noel, why are you giving me fish in a barrel to shoot?

OK, now that you put your foot in it, please elaborate on how a
"house is kept in order" that will protect it from idiots.  This is
going to be fun!

Oh and don't forget to define the difference between chronic offenders
and just regular people who get nailed for no reason.

 DNBSBL's are just like local sys admins,

they get tired of adding in /32's after /32's for the same @$#holes,
thats when the /32's get removed and /24's get added, it wont take too
long to end up blocking all of your ranges. In fact since you've made
public your stance, it is likely anyone blocking your IP range, and
discovering its your service, may decide to block all of your IP ranges
first off to avoid wack-a-mole games.



Did it ever, possibly, occur to you that my 'workaround' wouldn't work
if someone has a chronic problem?  Nor would it work if someone was just 
doing it because they were too lazy to fix an open relay because

the backup IP would just instantly get RBLed again.

Why do you think I RECOMMENDED doing it?  Do you think that _I_ want to
get spammed by the OP if he doesn't know WTF he is doing?

The beauty of my suggestion is if the OP is just going to try doing
it because he doesn't want to clean up his setup, it won't work.

Get it, now?

That's precisely why anyone out there reading this who is running an RBL
is going to ignore "my stance" as you put it.

They know that if I can defeat their RBL by simply switching IP's then
their RBL has a problem.  Because, switching IPs is what snowshoe 
spammers do every day and if they cannot block me switching an IP then

they cannot block them and their RBL isn't worth a bucket of hog slop.


Not many people I know have any faith in reputation services that try
"whitelist", but there are a tiny minority that apparently do, though
I've not known or in 25 years heard of, anyone getting blocked because
your using a new IP address on a system sending mail


Nor have I which is one of the primary reasons I thought that what
Reindl said about new IPs was a load of baloney.

 (why should we care

if its a new IP, or a 20yo IP - whats more of interest to us is how new
your "domain" is, who your registrar is, what your authoritative NS's
are, thats where we spam score you, backing off a bit as days and weeks
go by), I'd be more concerned for the users of such a wacky reputation
service than the fact they might block a new IP of mine or whosever.



Agreed.  Unfortunately, there ARE such wacky reputation service out 
there - fortunately they are in the minority - and occasionally users 
will want to email people who are using them and you have to know how

to get around those wacky services.

Ted


Given most medium and large networks use multiple servers for sending
customer mails, when the load balancers are showing the existing cluster
needs expanding, we add more into the cluster, so I cant see anyone
stupid enough to use a service blocking new IP's, if they do, they
deserve all the hell they bring upon themselves :)

On 27/06/2015 02:43, Ted Mittelstaedt wrote:


Heh Heh Heh Heh Heh

Since you and Charles have obviously never done this before why do you
feel qualified to comment?

Go ahead and not do this based on these logic castles you have built
that are not founded on any experience of reality. Your customers will
be suffering for a few days while you wait to get off a blacklist
while mine won't.

I have used this trick over many years while waiting for
AOL/Barracuda/etc. to pull their heads out on a de-list request. Of
course, adding a little sophistication in use helps. I ASSUMED I could
point you mules-heads in the right direction and you would use your
brains to figure out how to properly do this instead of figuring out
how to justify ass-sitting and not even trying it out.

But since your obviously too lazy to put any thought into the
technique, I don't see why I should waste my time elaborating any
further on it.

Jered, feel free to email me privately and I'll explain what you need to
do and how to set this up so that it works, if your interested.

Disgustedly,
Ted

On 6/23/2015 12:32 PM, Reindl Harald wrote:


Am 23.06.2015 um 21:28 schrieb Charles Sprickman:

One thing to keep in mind is that you may need to rotate your spare
IPs in now and then. Others can correct me, but my understanding is
that all the major email providers are going to treat an IP that
regularly sends email to them very differently than a "new" IP. You'd
essentially be starting to send from an IP that has no reputation (or
a reputation based on it's neighbors).


and *because* you have *no* reputation you will get a bad result if it
comes to greylisting and similar spam prevention by treat a completly
new IP as suspect and h

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-27 Thread Noel Butler

Although what you describe is a "workaround", the key is to keep your
house in order so you don't get listed, especially if you have not
actually fixed up the problem, DNBSBL's are just like local sys admins,
they get tired of adding in /32's after /32's for the same @$#holes,
thats when the /32's get removed and /24's get added, it wont take too
long to end up blocking all of your ranges. In fact since you've made
public your stance, it is likely anyone blocking your IP range, and
discovering its your service, may decide to block all of your IP ranges
first off to avoid wack-a-mole games. 

Not many people I know have any faith in reputation services that try
"whitelist", but there are a tiny minority that apparently do, though
I've not known or in 25 years heard of, anyone getting blocked because
your using a new IP address on a system sending mail (why should we care
if its a new IP, or a 20yo IP - whats more of interest to us is how new
your "domain" is, who your registrar is, what your authoritative NS's
are, thats where we spam score you, backing off a bit as days and weeks
go by), I'd be more concerned for the users of such a wacky reputation
service than the fact they might block a new IP of mine or whosever. 

Given most medium and large networks use multiple servers for sending
customer mails, when the load balancers are showing the existing cluster
needs expanding, we add more into the cluster, so I cant see anyone
stupid enough to use a service blocking new IP's, if they do, they
deserve all the hell they bring upon themselves :) 

On 27/06/2015 02:43, Ted Mittelstaedt wrote: 

> Heh Heh Heh Heh Heh
> 
> Since you and Charles have obviously never done this before why do you
> feel qualified to comment?
> 
> Go ahead and not do this based on these logic castles you have built
> that are not founded on any experience of reality. Your customers will be 
> suffering for a few days while you wait to get off a blacklist while mine 
> won't.
> 
> I have used this trick over many years while waiting for AOL/Barracuda/etc. 
> to pull their heads out on a de-list request. Of course, adding a little 
> sophistication in use helps. I ASSUMED I could point you mules-heads in the 
> right direction and you would use your brains to figure out how to properly 
> do this instead of figuring out how to justify ass-sitting and not even 
> trying it out.
> 
> But since your obviously too lazy to put any thought into the technique, I 
> don't see why I should waste my time elaborating any further on it.
> 
> Jered, feel free to email me privately and I'll explain what you need to
> do and how to set this up so that it works, if your interested.
> 
> Disgustedly,
> Ted
> 
> On 6/23/2015 12:32 PM, Reindl Harald wrote: 
> Am 23.06.2015 um 21:28 schrieb Charles Sprickman: One thing to keep in mind 
> is that you may need to rotate your spare
> IPs in now and then. Others can correct me, but my understanding is
> that all the major email providers are going to treat an IP that
> regularly sends email to them very differently than a "new" IP. You'd
> essentially be starting to send from an IP that has no reputation (or
> a reputation based on it's neighbors). 
> and *because* you have *no* reputation you will get a bad result if it
> comes to greylisting and similar spam prevention by treat a completly
> new IP as suspect and hence premature rotate IP's until something bad
> happened is exactly what you should *not* do

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-26 Thread Reindl Harald




Am 26.06.2015 um 18:43 schrieb Ted Mittelstaedt:

Heh Heh Heh Heh Heh

Since you and Charles have obviously never done this before why do you
feel qualified to comment?


*lol*


Go ahead and not do this based on these logic castles you have built
that are not founded on any experience of reality.  Your customers will
be suffering for a few days while you wait to get off a blacklist while
mine won't.

I have used this trick over many years while waiting for
AOL/Barracuda/etc. to pull their heads out on a de-list request.  Of
course, adding a little sophistication in use helps.  I ASSUMED I could
point you mules-heads in the right direction and you would use your
brains to figure out how to properly do this instead of figuring out how
to justify ass-sitting and not even trying it out.

   But since your obviously too lazy to put any thought into the
technique, I don't see why I should waste my time elaborating any
further on it.

Jered, feel free to email me privately and I'll explain what you need to
do and how to set this up so that it works, if your interested.

Disgustedly,
Ted

On 6/23/2015 12:32 PM, Reindl Harald wrote:


Am 23.06.2015 um 21:28 schrieb Charles Sprickman:

One thing to keep in mind is that you may need to rotate your spare
IPs in now and then. Others can correct me, but my understanding is
that all the major email providers are going to treat an IP that
regularly sends email to them very differently than a “new” IP. You’d
essentially be starting to send from an IP that has no reputation (or
a reputation based on it’s neighbors).


and *because* you have *no* reputation you will get a bad result if it
comes to greylisting and similar spam prevention by treat a completly
new IP as suspect and hence premature rotate IP's until something bad
happened is exactly what you should *not* do




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-26 Thread Ted Mittelstaedt


Heh Heh Heh Heh Heh

Since you and Charles have obviously never done this before why do you
feel qualified to comment?

Go ahead and not do this based on these logic castles you have built
that are not founded on any experience of reality.  Your customers will 
be suffering for a few days while you wait to get off a blacklist while 
mine won't.


I have used this trick over many years while waiting for 
AOL/Barracuda/etc. to pull their heads out on a de-list request.  Of 
course, adding a little sophistication in use helps.  I ASSUMED I could 
point you mules-heads in the right direction and you would use your 
brains to figure out how to properly do this instead of figuring out how 
to justify ass-sitting and not even trying it out.


  But since your obviously too lazy to put any thought into the 
technique, I don't see why I should waste my time elaborating any 
further on it.


Jered, feel free to email me privately and I'll explain what you need to
do and how to set this up so that it works, if your interested.

Disgustedly,
Ted

On 6/23/2015 12:32 PM, Reindl Harald wrote:


Am 23.06.2015 um 21:28 schrieb Charles Sprickman:

One thing to keep in mind is that you may need to rotate your spare
IPs in now and then. Others can correct me, but my understanding is
that all the major email providers are going to treat an IP that
regularly sends email to them very differently than a “new” IP. You’d
essentially be starting to send from an IP that has no reputation (or
a reputation based on it’s neighbors).


and *because* you have *no* reputation you will get a bad result if it
comes to greylisting and similar spam prevention by treat a completly
new IP as suspect and hence premature rotate IP's until something bad
happened is exactly what you should *not* do

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-23 Thread Reindl Harald



Am 23.06.2015 um 21:28 schrieb Charles Sprickman:

One thing to keep in mind is that you may need to rotate your spare IPs in now 
and then.  Others can correct me, but my understanding is that all the major 
email providers are going to treat an IP that regularly sends email to them 
very differently than a “new” IP.  You’d essentially be starting to send from 
an IP that has no reputation (or a reputation based on it’s neighbors).


and *because* you have *no* reputation you will get a bad result if it 
comes to greylisting and similar spam prevention by treat a completly 
new IP as suspect and hence premature rotate IP's until something bad 
happened is exactly what you should *not* do




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-23 Thread Charles Sprickman

Jered Floyd  wrote:

> 
> Hi Ted,
> 
> Thanks for the advice.  I'm doing pretty much all of that except reserving an 
> alternate IP as a backup relay/smarthost.  That's a good idea.
> 
> I use one IP for almost all web traffic (going through a reverse proxy to a 
> VM farm), one for DNS/Kerberos, one for a legacy install of my MUA, and one 
> as both my MX and MTA.  All my internal services relay to the MTA which is 
> listed in SPF and handles DKIM signing; on the inbound side it handles SA and 
> relay to appropriate internal host based on domain.

One thing to keep in mind is that you may need to rotate your spare IPs in now 
and then.  Others can correct me, but my understanding is that all the major 
email providers are going to treat an IP that regularly sends email to them 
very differently than a “new” IP.  You’d essentially be starting to send from 
an IP that has no reputation (or a reputation based on it’s neighbors).

It’s a tempting idea, we had a misconfiguration (a forgotten “mynetworks” 
entry) allow a hacked biz customer to send a giant phishing campaign.  Quick to 
clean up, but it is a PITA to sort things out with AOL and Verizon (and a few 
others that seem to have lightly-staffed postmaster departments).  Being able 
to swap to some new IPs would have been handy, but I’m not confident it’s a 
silver bullet.

Charles

> 
> Having everything relay through one system gives me the opportunity to 
> monitor for unusual mail volume across all services/clients.
> 
> Having an "emergency MTA" in my SPF records that I can relay to (or just 
> bring up as another address on the existing server) would definitely help as 
> long as the netblock isn't listed... getting a spare address on a different 
> network would be useful, but I'm not sure how hard that will be to pry from 
> Internap.
> 
> The form does seem to have worked, and I'm not currently on the BRBL, 
> although this morning I got bounces from a Barracuda customer for a very 
> benign message with "rejected due to spam content," so who knows.  I wish 
> there was better visibility into the process.
> 
> Best,
> --Jered
> 
> 
> - On Jun 23, 2015, at 12:00 AM, Ted Mittelstaedt t...@ipinc.net wrote:
> 
>> Hi Jered,
>> 
>> I'm not a Barracuda customer myself I can only report my own interaction
>> with them.  I run several public mailservers.
>> 
>> 1) I don't run public mailing lists and if I ever was going to do that I
>> would run them on a separate server with a separate IP address
>> 
>> 2) I don't run my webserver on the same server as my mailservers.
>> 
>> 3) I have gotten BLed by Barracuda a couple of times.  It usually takes
>> about 3-4 days to get delisted so while I'm waiting I route outgoing
>> mail through an alternate server.  I get BLed when a customer falls for
>> a phish mail and gives out their password.
>> 
>> My recommendation is you have at least 4 public IP address with servers,
>> one for your webserver, one for your mailserver and one for an alternate
>> mailserver and one for a mailing list server.
>> 
>> As for the "class C block" I think that is likely that you are trying to
>> do everything with a single static IP.  If you had a subnet of public
>> IPs then the ISP that issued it to you would SWIP them to you and
>> you would have no problems proving to Barracuda that your not part of
>> the rabble.
>> 
>> I realize you said your in a data center.  Contact the data center
>> provider and tell them you want a block they will SWIP to you.  I
>> realize this may cost you some more money.  But email is not one of
>> those things you can do well on the cheap.
>> 
>> Ted
>> 
>> 
>> On 6/20/2015 8:38 AM, Jered Floyd wrote:
>>> Hello SA-users,
>>> 
>>> I have a question on the other side of things: outgoing mail. I know
>>> this is off-topic but this seems to the only venue where there might be
>>> knowledge of the problem, and the offender is a spamassassin "customer".
>>> 
>>> (I operate an MTA host on which I run SpamAssassin -- it works
>>> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
>>> spamassassin 3.3.1-1.1) This system is in an Internap data center, and
>>> provides mail services for about a half-dozen organizations that I
>>> support. SPF and DKIM are correctly configured for hosted domains, as is
>>> user authentication for submitted mail.)
>>> 
>>> I appear to be getting a shakedown scam from Barracuda Networks. They
>>> seem to be getting out of the "anti-spam" and into the "protection
>>> racket" business.
>>> 
>>> A small number of recipients have been getting bounce-unsubscribed a
>>> community mailing list that I administer. The most recent bounces say
>>> that this "blocked using Barracuda Reputation;
>>> http://www.barracudanetworks.com/reputation/"; Visiting that page
>>> provides no information on the specific reason my MTA has been blocked
>>> so I can't determine if there is a configuration issue, but there is a
>>> link for one-time removal.
>>> 
>>> Below that the page s

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-23 Thread Reindl Harald




Am 23.06.2015 um 14:57 schrieb Jered Floyd:

The form does seem to have worked, and I'm not currently on the BRBL, although
this morning I got bounces from a Barracuda customer for a very benign message
with "rejected due to spam content," so who knows.  I wish there was better
visibility into the process.


then it was not blocked by the RBL but by the contentfilter


Yes, I am aware of that.  My point was that if they are feeling that benign 
content (I'm happy to forward to you) is spam, that may be a prelude to being 
on the BRBL again. (Although that does appear to have been due to a colleague's 
WordPress mishap.)


maybe the RCPT did train his appliance wrong?

most people do that because they don't realize that train ham is more 
important than training spam after a suiteable amount is trained



making the process not visible is by intention on a spamfilter because
otherwise you leak informations how to bypass it


Of course!  With SA I can see what rules are being hit, though, which is nice.  
I'm not sure if the same is possible for a Barracuda client -- I have asked the 
affected recipient.
surely, you see even more on a Barracuda like which tokes of the message 
was a hit and how often that token was marked as spam and as ham in case 
of bayes via the webinterface


a highly customized spamassassin is part of the barracuda appliance



signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-23 Thread Jered Floyd



>> The form does seem to have worked, and I'm not currently on the BRBL, 
>> although
>> this morning I got bounces from a Barracuda customer for a very benign 
>> message
>> with "rejected due to spam content," so who knows.  I wish there was better
>> visibility into the process.
> 
> then it was not blocked by the RBL but by the contentfilter

Yes, I am aware of that.  My point was that if they are feeling that benign 
content (I'm happy to forward to you) is spam, that may be a prelude to being 
on the BRBL again. (Although that does appear to have been due to a colleague's 
WordPress mishap.)

 
> making the process not visible is by intention on a spamfilter because
> otherwise you leak informations how to bypass it

Of course!  With SA I can see what rules are being hit, though, which is nice.  
I'm not sure if the same is possible for a Barracuda client -- I have asked the 
affected recipient.

--Jered

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-23 Thread Reindl Harald




Am 23.06.2015 um 14:47 schrieb Jered Floyd:

The form does seem to have worked, and I'm not currently on the BRBL, although this 
morning I got bounces from a Barracuda customer for a very benign message with 
"rejected due to spam content," so who knows.  I wish there was better 
visibility into the process.


then it was not blocked by the RBL but by the contentfilter

making the process not visible is by intention on a spamfilter because 
otherwise you leak informations how to bypass it


anyways, the biggest drawback of barracuda appliances is that you can 
add additional blacklists but you can *not* score - the choices are 
reject, quarantine, tag and that don't work senseful because if the 
first response is froma RBL with "quarantine" it will not get rejected 
at all while without that RBL listed on a differnt one it would have been





signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-23 Thread Jered Floyd


Hi Ted,

Thanks for the advice.  I'm doing pretty much all of that except reserving an 
alternate IP as a backup relay/smarthost.  That's a good idea.

I use one IP for almost all web traffic (going through a reverse proxy to a VM 
farm), one for DNS/Kerberos, one for a legacy install of my MUA, and one as 
both my MX and MTA.  All my internal services relay to the MTA which is listed 
in SPF and handles DKIM signing; on the inbound side it handles SA and relay to 
appropriate internal host based on domain.

Having everything relay through one system gives me the opportunity to monitor 
for unusual mail volume across all services/clients.

Having an "emergency MTA" in my SPF records that I can relay to (or just bring 
up as another address on the existing server) would definitely help as long as 
the netblock isn't listed... getting a spare address on a different network 
would be useful, but I'm not sure how hard that will be to pry from Internap.

The form does seem to have worked, and I'm not currently on the BRBL, although 
this morning I got bounces from a Barracuda customer for a very benign message 
with "rejected due to spam content," so who knows.  I wish there was better 
visibility into the process.

Best,
--Jered


- On Jun 23, 2015, at 12:00 AM, Ted Mittelstaedt t...@ipinc.net wrote:

> Hi Jered,
> 
> I'm not a Barracuda customer myself I can only report my own interaction
> with them.  I run several public mailservers.
> 
> 1) I don't run public mailing lists and if I ever was going to do that I
> would run them on a separate server with a separate IP address
> 
> 2) I don't run my webserver on the same server as my mailservers.
> 
> 3) I have gotten BLed by Barracuda a couple of times.  It usually takes
> about 3-4 days to get delisted so while I'm waiting I route outgoing
> mail through an alternate server.  I get BLed when a customer falls for
> a phish mail and gives out their password.
> 
> My recommendation is you have at least 4 public IP address with servers,
> one for your webserver, one for your mailserver and one for an alternate
> mailserver and one for a mailing list server.
> 
> As for the "class C block" I think that is likely that you are trying to
> do everything with a single static IP.  If you had a subnet of public
> IPs then the ISP that issued it to you would SWIP them to you and
> you would have no problems proving to Barracuda that your not part of
> the rabble.
> 
> I realize you said your in a data center.  Contact the data center
> provider and tell them you want a block they will SWIP to you.  I
> realize this may cost you some more money.  But email is not one of
> those things you can do well on the cheap.
> 
> Ted
> 
> 
> On 6/20/2015 8:38 AM, Jered Floyd wrote:
>>
>> Hello SA-users,
>>
>> I have a question on the other side of things: outgoing mail. I know
>> this is off-topic but this seems to the only venue where there might be
>> knowledge of the problem, and the offender is a spamassassin "customer".
>>
>> (I operate an MTA host on which I run SpamAssassin -- it works
>> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
>> spamassassin 3.3.1-1.1) This system is in an Internap data center, and
>> provides mail services for about a half-dozen organizations that I
>> support. SPF and DKIM are correctly configured for hosted domains, as is
>> user authentication for submitted mail.)
>>
>> I appear to be getting a shakedown scam from Barracuda Networks. They
>> seem to be getting out of the "anti-spam" and into the "protection
>> racket" business.
>>
>> A small number of recipients have been getting bounce-unsubscribed a
>> community mailing list that I administer. The most recent bounces say
>> that this "blocked using Barracuda Reputation;
>> http://www.barracudanetworks.com/reputation/"; Visiting that page
>> provides no information on the specific reason my MTA has been blocked
>> so I can't determine if there is a configuration issue, but there is a
>> link for one-time removal.
>>
>> Below that the page says "One way to get your email through spam filters
>> even if you are listed on the BRBL is to register your domain and IPs at
>> EmailReg.org." OK, sounds good, I can prove that my IP address is
>> allowed to send for my domains -- I thought that was what SPF and DKIM
>> are for (which are configured) but whatever.
>>
>> However, I click through to emailreg.org  and AFTER
>> signing up for an account and configuring it they then reveal that there
>> is a $20 "administrative fee" per domain.
>>
>> This sounds like a scam to me. They're blacklisting mail servers, not
>> telling why, and then offering to take you off the list (without even
>> correcting any problems) for "just" a $20 fee. I don't see how any
>> legitimate RBL can operate with that model.
>>
>> Has anyone else here run into this? Is there a way out other than
>> bribing Barracuda to not block my mail?
>>
>> Thanks,
>> --Jered

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-22 Thread Ted Mittelstaedt


Hi Jered,

I'm not a Barracuda customer myself I can only report my own interaction
with them.  I run several public mailservers.

1) I don't run public mailing lists and if I ever was going to do that I 
would run them on a separate server with a separate IP address


2) I don't run my webserver on the same server as my mailservers.

3) I have gotten BLed by Barracuda a couple of times.  It usually takes 
about 3-4 days to get delisted so while I'm waiting I route outgoing 
mail through an alternate server.  I get BLed when a customer falls for

a phish mail and gives out their password.

My recommendation is you have at least 4 public IP address with servers,
one for your webserver, one for your mailserver and one for an alternate 
mailserver and one for a mailing list server.


As for the "class C block" I think that is likely that you are trying to
do everything with a single static IP.  If you had a subnet of public
IPs then the ISP that issued it to you would SWIP them to you and
you would have no problems proving to Barracuda that your not part of
the rabble.

I realize you said your in a data center.  Contact the data center 
provider and tell them you want a block they will SWIP to you.  I
realize this may cost you some more money.  But email is not one of 
those things you can do well on the cheap.


Ted


On 6/20/2015 8:38 AM, Jered Floyd wrote:


Hello SA-users,

I have a question on the other side of things: outgoing mail. I know
this is off-topic but this seems to the only venue where there might be
knowledge of the problem, and the offender is a spamassassin "customer".

(I operate an MTA host on which I run SpamAssassin -- it works
flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
spamassassin 3.3.1-1.1) This system is in an Internap data center, and
provides mail services for about a half-dozen organizations that I
support. SPF and DKIM are correctly configured for hosted domains, as is
user authentication for submitted mail.)

I appear to be getting a shakedown scam from Barracuda Networks. They
seem to be getting out of the "anti-spam" and into the "protection
racket" business.

A small number of recipients have been getting bounce-unsubscribed a
community mailing list that I administer. The most recent bounces say
that this "blocked using Barracuda Reputation;
http://www.barracudanetworks.com/reputation/"; Visiting that page
provides no information on the specific reason my MTA has been blocked
so I can't determine if there is a configuration issue, but there is a
link for one-time removal.

Below that the page says "One way to get your email through spam filters
even if you are listed on the BRBL is to register your domain and IPs at
EmailReg.org." OK, sounds good, I can prove that my IP address is
allowed to send for my domains -- I thought that was what SPF and DKIM
are for (which are configured) but whatever.

However, I click through to emailreg.org  and AFTER
signing up for an account and configuring it they then reveal that there
is a $20 "administrative fee" per domain.

This sounds like a scam to me. They're blacklisting mail servers, not
telling why, and then offering to take you off the list (without even
correcting any problems) for "just" a $20 fee. I don't see how any
legitimate RBL can operate with that model.

Has anyone else here run into this? Is there a way out other than
bribing Barracuda to not block my mail?

Thanks,
--Jered

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Dianne Skoll

On Sun, 21 Jun 2015 22:55:41 +0200
Reindl Harald  wrote:

> the question is *how* is that de-listing managed and how do you
> manage "i will take care in the future" and if that's not true
> because de-listing is just a click how easy is it for spammers to not
> realy care

I delist anyone who asks without questioning them.  The server stays
delisted for 45 days and then we once again re-evaluate it based
on observed reputation.  We have the whole process pretty much
automated.

This system has worked very well for us.

Regards,

Dianne.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Alarig Le Lay

On Sun Jun 21 16:22:26 2015, Dianne Skoll wrote:
> I don't approve of Barracuda's behaviour.  If they're blocking
> /24s because of some bad machines, you should not have to pay for
> delisting one IP.  If they can prove that your specific IP was responsible
> for a spam run, then it's legit to charge for delisting, but not
> otherwise.

I don’t know how Barracuda manages /24 blacklisting, but generally the
abuse contact is contacted (in fact the ISP, unless you have your own IP
block) and if there isn’t answer for some IPs, the block is blacklisted.

-- 
Alarig Le Lay

signature.asc
Description: Digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Reindl Harald




Am 21.06.2015 um 23:50 schrieb Jered Floyd:

There is a murky relationship between Barracuda and EmailReg.  It's awfully suspicious 
that signing up on whitelist X clears you from "unrelated" blacklist Y.

So, it may not be "paying to delist one IP" in framing, but in action it seems 
to be pretty darn close to that...


no, it is not

if somebody thinks he has a free ride for spam he will be removed from 
EmailReg as fast as lightning - that said from a BN customers from 2005 
until 2014/08 and aware all of bullshit BN do the last few years after 
2013-11 (In November 2013, Barracuda Networks went public on the New 
York Stock Exchange under the ticker symbol CUDA)





signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Jered Floyd

EmailReg.org operates a whitelist, so you pay to get listed there.  The site 
doesn't say much at all about what sort of verification or later delisting for 
spam they might do.

However, they are promoted directly on the "Sorry, your email was blocked" page 
for Barracuda Reputation, and the page explicitly says that if you register at 
EmailReg.org then you'll bypass the BRBL.  

There is a murky relationship between Barracuda and EmailReg.  It's awfully 
suspicious that signing up on whitelist X clears you from "unrelated" blacklist 
Y.

So, it may not be "paying to delist one IP" in framing, but in action it seems 
to be pretty darn close to that...

--Jered

- On Jun 21, 2015, at 5:43 PM, Jim Popovitch jim...@gmail.com wrote:

> On Sun, Jun 21, 2015 at 4:52 PM, Dianne Skoll  wrote:
>> On Sun, 21 Jun 2015 16:26:54 -0400
>> Jim Popovitch  wrote:
>>
>>> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
>>> > you should not have to pay for delisting one IP.
>>> and with BN you are NOT paying for a delisting.
>>
>> You are splitting hairs.  Essentially, you are paying for delisting.
> 
> /sigh
> 
> I'm not splitting hairs, you are redefining "delisting".   Go read the
> first sentence on emailreg.org and learn something about them.
> 
> -Jim P.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Jim Popovitch

On Sun, Jun 21, 2015 at 4:52 PM, Dianne Skoll  wrote:
> On Sun, 21 Jun 2015 16:26:54 -0400
> Jim Popovitch  wrote:
>
>> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
>> > you should not have to pay for delisting one IP.
>> and with BN you are NOT paying for a delisting.
>
> You are splitting hairs.  Essentially, you are paying for delisting.

/sigh

I'm not splitting hairs, you are redefining "delisting".   Go read the
first sentence on emailreg.org and learn something about them.

-Jim P.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Reindl Harald




Am 21.06.2015 um 22:52 schrieb Dianne Skoll:

On Sun, 21 Jun 2015 16:26:54 -0400
Jim Popovitch  wrote:


On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll

you should not have to pay for delisting one IP.

and with BN you are NOT paying for a delisting.


You are splitting hairs.  Essentially, you are paying for delisting.

We run our own set of DNSBLs and we delist anyone who requests
delisting for free.  That's how it should be done


the question is *how* is that de-listing managed and how do you manage 
"i will take care in the future" and if that's not true because 
de-listing is just a click how easy is it for spammers to not realy care


in fact if someone had a hacked server that's bad luck, but if someone 
sends spam by intention and need to spend money to get his IP's 
de-listed there is a barrier because send spam is no longer a business model




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Dianne Skoll

On Sun, 21 Jun 2015 16:26:54 -0400
Jim Popovitch  wrote:

> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
> > you should not have to pay for delisting one IP.
> and with BN you are NOT paying for a delisting.

You are splitting hairs.  Essentially, you are paying for delisting.

We run our own set of DNSBLs and we delist anyone who requests
delisting for free.  That's how it should be done.

Regards,

Dianne.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Reindl Harald




Am 21.06.2015 um 22:22 schrieb Dianne Skoll:

On Sun, 21 Jun 2015 19:23:58 +0200
Reindl Harald  wrote:


spammers don't invest money, never


Of course not.  They pay using a stolen credit card.

I don't approve of Barracuda's behaviour.  If they're blocking
/24s because of some bad machines, you should not have to pay for
delisting one IP.  If they can prove that your specific IP was responsible
for a spam run, then it's legit to charge for delisting, but not
otherwise.

I also don't approve of blocking entire networks for one or a few
bad IPs.  People who use DNSBLs that have those policies simply lack
decent spam filters, so they take a scorched-earth approach


agreed - at least partly - it's hard to say from outside how much "few 
bad IPs" really did send junk and on the other hand there are RBL 
operators which list whole /24 networks just because the operator don#t 
like a single person which writes mails to mailing lists by hand and 
with his full name..


Barracuda is far way from beeing perfect, otherwise i would not have 
spent many hundret hours of my lifetime to build up a replacemnt and 
maintain it, but what they don#t do is list something without any reason 
just to make money




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Jim Popovitch

On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll  wrote:
> you should not have to pay for delisting one IP.

and with BN you are NOT paying for a delisting.You are paying for
the upfront ID validation and verification process that goes into
fast-tracking your email flow.   If you don't want that fine, don't
pay it.

-Jim P.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Dianne Skoll

On Sun, 21 Jun 2015 19:23:58 +0200
Reindl Harald  wrote:

> spammers don't invest money, never

Of course not.  They pay using a stolen credit card.

I don't approve of Barracuda's behaviour.  If they're blocking
/24s because of some bad machines, you should not have to pay for
delisting one IP.  If they can prove that your specific IP was responsible
for a spam run, then it's legit to charge for delisting, but not
otherwise.

I also don't approve of blocking entire networks for one or a few
bad IPs.  People who use DNSBLs that have those policies simply lack
decent spam filters, so they take a scorched-earth approach.

Regards,

Dianne.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Reindl Harald




Am 21.06.2015 um 20:52 schrieb Antony Stone:

On Sunday 21 June 2015 at 19:23:58 (EU time), Reindl Harald wrote:


spammers don't invest money, never


Ah, my bad understanding - I followed the link you posted earlier
http://www.spamhaus.org/faq/section/Glossary#233 which pointed me to
http://www.spamhaus.org/news/article/641?article=641 which contains the quote
from a spam enabling entity:

"$70,875/month gets you 9 class C's spread across at least 5 providers with
bandwidth for 8 Millions HTML emails per day per class C. Network blocks
(class C's) will be replaced after at least 60 days if they are blocked.
Network Blocks may be replaced solely in the event such Network Block has been
blacklisted by SpamHaus."

That looked to me like the spammers were paying for the IP address ranges
which we were discussing being blocked


that's why spammers mostly use hijacked servers or enduser machines like 
on ore most likely more IP's in the /24 network of the thread starter, 
he is just a victim of another fool not are about security updates on 
his webservers if you follow the thread




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Antony Stone

On Sunday 21 June 2015 at 19:23:58 (EU time), Reindl Harald wrote:

> spammers don't invest money, never

Ah, my bad understanding - I followed the link you posted earlier 
http://www.spamhaus.org/faq/section/Glossary#233 which pointed me to 
http://www.spamhaus.org/news/article/641?article=641 which contains the quote 
from a spam enabling entity:

"$70,875/month gets you 9 class C's spread across at least 5 providers with 
bandwidth for 8 Millions HTML emails per day per class C. Network blocks 
(class C's) will be replaced after at least 60 days if they are blocked. 
Network Blocks may be replaced solely in the event such Network Block has been 
blacklisted by SpamHaus."

That looked to me like the spammers were paying for the IP address ranges 
which we were discussing being blocked.


Regards,


Antony.

-- 
It is also possible that putting the birds in a laboratory setting 
inadvertently renders them relatively incompetent.

 - Daniel C Dennett

   Please reply to the list;
 please *don't* CC me.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Bill Cole


On 21 Jun 2015, at 10:33, Jered Floyd wrote:


Richard,

The BRBL may have listed the entire  /24 that includes your sending 
IPs.
Painful experience has shown that Barracuda won't hear your requests 
for

delisting, and the listing may never go away.


I believe you've got it in one.  I heard back from a colleague on the 
same /24 (though not the same address!) and he had a client with a bad 
WordPress install that was generating spam.


That seems to make this EmailReg situation even more egregious -- if 
they're really blocking whole networks based on a single IP then it 
really is a protection scheme operated (opaquely) by Barracuda.  "Pay 
us money if you want mail to get through to our customers; we'll 
blacklist you arbitrarily otherwise."  How can this possibly be legal 
under US racketeering laws?



I'm not defending Barracuda specifically, as I have long believed them 
to be an opportunistic, ethics-free, low-quality organization selling 
overpriced garbage to people too desperately clueless to know better...


However, even carelessly run blacklists of IPs for email have been 
protected in US courts by 2 things:


1. Blacklist operators are not doing any actual blocking, their users 
are. Senders on "collateral damage" IPs are free to appeal to the actual 
sites rejecting their mail for exceptions and any 
competently-administered site will be able to do so. Any DNSBL operator 
is akin to a movie reviewer: they don't directly control anyone's 
behavior, they merely influence those who choose to pay them heed.


2. Virtually every US law explicitly touching Internet filtering (COPPA, 
COPPA2, CAN-SPAM, etc.) has included some "safe haven" provision for 
those implementing and using filtering tools in good faith. The 
interpretation of what constitutes "good faith" has been extremely 
broad, essentially meaning that if Barracuda has a theory that listing 
innocents in the vicinity of spammers helps avoid future spam, they 
don't need to actually have evidence of its validity or weight any 
tangible damage against theoretical benefit.


The flipside of this de facto immunity is that you are free to point out 
to those who reject your mail due to Barracuda's shoddy advice that 
Barracuda gives shoddy advice for which they do not deserve much 
attention or any money.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Reindl Harald



Am 21.06.2015 um 18:58 schrieb Antony Stone:

On Sunday 21 June 2015 at 17:22:58 (EU time), Jim Popovitch wrote:


I appear to be getting a shakedown scam from Barracuda Networks.


You are not being shaken down, but you might be slandering.  ;-)

I'm fairly certain that BN isn't making much profit off of your $20.
What they are getting is your commitment, and your ID, that one or
more IP addrs under your control will not spam.  And if you do spam
from those IPs, and BN detects it, they have evidence to tie you to
the crime (plus previously accepted agreement that you would
voluntarily handle the situation in a mutually agreed upon manner)


It seems to me that $20 is nothing to the spammers - and they're already using
techniques to change their IP addresses on a regular basis.

So, spammer pays BN $20, gets found out some while later, moves IP, and pays
BN $20 for that address instead (meanwhile raking in another $20 quicker than
most of us do, I suspect).  Or, are you assuming that spammers don't have
multiple identities / businesses / bank accounts to make their payments from?


spammers don't invest money, never

spammers just use botnets and hacked machines and leave the collateral 
damage for the hacked machines and network ranges to the owner



$20 is $20, but frankly most people pay more than that in snail mail
postage each year.


Er, so?  Most people pay more than $20 for lots of things per year - that
doesn't mean you should just give $20 to anyone who asks for it, so that you
can carry on running a legitimate business


there are more RBL's that you think which handle "bad neigbourhood" not 
only Barracuda - example: http://www.uceprotect.net/de/index.php?m=3&s=4


it escalates based on network size and spammer ips detected:

/23: 9 abuser IP's
/22: 14 abuser IP's
/21: 24 abuser IP#s



signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Antony Stone

On Sunday 21 June 2015 at 17:22:58 (EU time), Jim Popovitch wrote:

> > I appear to be getting a shakedown scam from Barracuda Networks.
> 
> You are not being shaken down, but you might be slandering.  ;-)
> 
> I'm fairly certain that BN isn't making much profit off of your $20.
> What they are getting is your commitment, and your ID, that one or
> more IP addrs under your control will not spam.  And if you do spam
> from those IPs, and BN detects it, they have evidence to tie you to
> the crime (plus previously accepted agreement that you would
> voluntarily handle the situation in a mutually agreed upon manner)

It seems to me that $20 is nothing to the spammers - and they're already using 
techniques to change their IP addresses on a regular basis.

So, spammer pays BN $20, gets found out some while later, moves IP, and pays 
BN $20 for that address instead (meanwhile raking in another $20 quicker than 
most of us do, I suspect).  Or, are you assuming that spammers don't have 
multiple identities / businesses / bank accounts to make their payments from?

> $20 is $20, but frankly most people pay more than that in snail mail
> postage each year.

Er, so?  Most people pay more than $20 for lots of things per year - that 
doesn't mean you should just give $20 to anyone who asks for it, so that you 
can carry on running a legitimate business.

Regards,

Antony.

-- 
BASIC is to computer languages what Roman numerals are to arithmetic.

   Please reply to the list;
 please *don't* CC me.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Jim Popovitch

> I appear to be getting a shakedown scam from Barracuda Networks.

You are not being shaken down, but you might be slandering.  ;-)

I'm fairly certain that BN isn't making much profit off of your $20.
What they are getting is your commitment, and your ID, that one or
more IP addrs under your control will not spam.  And if you do spam
from those IPs, and BN detects it, they have evidence to tie you to
the crime (plus previously accepted agreement that you would
voluntarily handle the situation in a mutually agreed upon manner)

$20 is $20, but frankly most people pay more than that in snail mail
postage each year.

-Jim P.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Reindl Harald




Am 21.06.2015 um 17:00 schrieb Jeroen de Neef:

I wonder what their justification is for doing this.


the questoon is how many addtional IP's on the /24 where in fact sending 
spam, see http://www.spamhaus.org/faq/section/Glossary#233



2015-06-21 16:33 GMT+02:00 Jered Floyd mailto:je...@convivian.com>>:

Richard,

 > The BRBL may have listed the entire  /24 that includes your
sending IPs.
 > Painful experience has shown that Barracuda won't hear your
requests for
 > delisting, and the listing may never go away.

I believe you've got it in one.  I heard back from a colleague on
the same /24 (though not the same address!) and he had a client with
a bad WordPress install that was generating spam.

That seems to make this EmailReg situation even more egregious -- if
they're really blocking whole networks based on a single IP then it
really is a protection scheme operated (opaquely) by Barracuda.
"Pay us money if you want mail to get through to our customers;
we'll blacklist you arbitrarily otherwise."  How can this possibly
be legal under US racketeering laws?




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Jeroen de Neef

I wonder what their justification is for doing this.

2015-06-21 16:33 GMT+02:00 Jered Floyd :

>
> Richard,
>
> > The BRBL may have listed the entire  /24 that includes your sending IPs.
> > Painful experience has shown that Barracuda won't hear your requests for
> > delisting, and the listing may never go away.
>
> I believe you've got it in one.  I heard back from a colleague on the same
> /24 (though not the same address!) and he had a client with a bad WordPress
> install that was generating spam.
>
> That seems to make this EmailReg situation even more egregious -- if
> they're really blocking whole networks based on a single IP then it really
> is a protection scheme operated (opaquely) by Barracuda.  "Pay us money if
> you want mail to get through to our customers; we'll blacklist you
> arbitrarily otherwise."  How can this possibly be legal under US
> racketeering laws?
>
> --Jered
>
>
>
>

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-21 Thread Jered Floyd


Richard,

> The BRBL may have listed the entire  /24 that includes your sending IPs.
> Painful experience has shown that Barracuda won't hear your requests for
> delisting, and the listing may never go away.

I believe you've got it in one.  I heard back from a colleague on the same /24 
(though not the same address!) and he had a client with a bad WordPress install 
that was generating spam.

That seems to make this EmailReg situation even more egregious -- if they're 
really blocking whole networks based on a single IP then it really is a 
protection scheme operated (opaquely) by Barracuda.  "Pay us money if you want 
mail to get through to our customers; we'll blacklist you arbitrarily 
otherwise."  How can this possibly be legal under US racketeering laws?

--Jered

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Noel Butler

 

On 21/06/2015 02:16, Richard Doyle wrote: 

> On 06/20/2015 08:38 AM, Jered Floyd wrote: 
> 
>> Hello SA-users,
>> 
>> I have a question on the other side of things: outgoing mail. I know
>> this is off-topic but this seems to the only venue where there might
>> be knowledge of the problem, and the offender is a spamassassin
>> "customer".
>> 
>> (I operate an MTA host on which I run SpamAssassin -- it works
>> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
>> spamassassin 3.3.1-1.1) This system is in an Internap data center,
>> and provides mail services for about a half-dozen organizations that I
>> support. SPF and DKIM are correctly configured for hosted domains,
>> as is user authentication for submitted mail.)
>> 
>> I appear to be getting a shakedown scam from Barracuda Networks. They
>> seem to be getting out of the "anti-spam" and into the "protection
>> racket" business.
>> 
>> A small number of recipients have been getting bounce-unsubscribed a
>> community mailing list that I administer. The most recent bounces say
>> that this "blocked using Barracuda Reputation; 
>> http://www.barracudanetworks.com/reputation/ [1]" Visiting that page
>> provides no information on the specific reason my MTA has been blocked
>> so I can't determine if there is a configuration issue, but there is a
>> link for one-time removal.
>> 
>> Below that the page says "One way to get your email through spam
>> filters even if you are listed on the BRBL is to register your domain
>> and IPs at EmailReg.org." OK, sounds good, I can prove that my IP
>> address is allowed to send for my domains -- I thought that was what
>> SPF and DKIM are for (which are configured) but whatever.
>> 
>> However, I click through to emailreg.org  and
>> AFTER signing up for an account and configuring it they then reveal
>> that there is a $20 "administrative fee" per domain.
>> 
>> This sounds like a scam to me. They're blacklisting mail servers, not
>> telling why, and then offering to take you off the list (without even
>> correcting any problems) for "just" a $20 fee. I don't see how any
>> legitimate RBL can operate with that model.
>> 
>> Has anyone else here run into this? Is there a way out other than
>> bribing Barracuda to not block my mail?
>> 
>> Thanks,
>> --Jered
> The BRBL may have listed the entire /24 that includes your sending IPs.
> Painful experience has shown that Barracuda won't hear your requests for
> delisting, and the listing may never go away.
> 
> Barracuda have run their emailreg.org scam for many years.
> 
> -Richard

In listing a /24 , I'm sure they like most DNSBL's only take that avenue
if there are multiple IP's within that range causing, or having the
potential of causing, problems or potential for listing avoidance - this
is common with snowshoe'rs 

 

Links:
--
[1] http://www.barracudanetworks.com/reputation/
[2] http://emailreg.org

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Noel Butler

On 21/06/2015 01:49, Jered Floyd wrote: 

> Harald,
> 
>> no you don't understand how a Barracuda appliance works
>> emailreg.org is a whitelist like the ones spamassassin is using
>> 
>> in case of a barracuda appliance it overrides the RBL
> 
> It's a whitelist that appears to be based solely on paying Barracuda a fee. 
> That doesn't sound like a valid whitelist protocol!

I guess they might claim that fee is to validate who you say you are
(yes, same thing SPF and DKIM do now for free) it sure will not stop you
from getting spam from those "trusted" domains.

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Noel Butler

On 21/06/2015 01:38, Jered Floyd wrote: 

> I appear to be getting a shakedown scam from Barracuda Networks. They seem to 
> be getting out of the "anti-spam" and into the "protection racket" business.
> 
> A small number of recipients have been getting bounce-unsubscribed a 
> community mailing list that I administer. The most recent bounces say that 
> this "blocked using Barracuda Reputation; 
> http://www.barracudanetworks.com/reputation/ [1]" Visiting that page provides 
> no information on the specific reason my MTA has been blocked so I can't 
> determine if there is a configuration issue, but there is a link for one-time 
> removal.

Ask them why, they are under no obligation to remove you, but at least
you'll know why your listed specifically. 

> However, I click through to emailreg.org [2] and AFTER signing up for an 
> account and configuring it they then reveal that there is a $20 
> "administrative fee" per domain.

> 

Thats why most sane admins ignore it, they have been pulling that stunt
for many years, and likely why they are used by fewer and fewer
companies these days, and why not pay?, its very, very, simple: 

Trust can only ever be earned - not bought! 

and just because X trusts Y, doesn't mean its safe for Z to trust Y
(seen this first hand many a times over past 20 years), if it becomes a
serious problem tell hte end users to complain to whoever is filtering
their mail with BN. 

(we also null out all SA's included whitelist rules) 

> This sounds like a scam to me. They're blacklisting mail servers, not telling 
> why, and then offering to take you off the list (without even correcting any 
> problems) for "just" a $20 fee. I don't see how any legitimate RBL can 
> operate with that model.

They arent the first to try make a fast buck, in years gone by SORBS
would only removed you if you paid, its why very few liked/trusted/used
SORBS, although you could ask them to remove you and they would, for
free, unless you ended up being a repetitive listing I suppose, then I
could see them enforcing their policy of the day, they have however
changed that these days I've heard, its been nearly 10 years since I've
talked to M.S. so not sure what policies they use today . 

Links:
--
[1] http://www.barracudanetworks.com/reputation/
[2] http://emailreg.org

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Richard Doyle

On 06/20/2015 08:38 AM, Jered Floyd wrote:
>
> Hello SA-users,
>
> I have a question on the other side of things: outgoing mail.  I know
> this is off-topic but this seems to the only venue where there might
> be knowledge of the problem, and the offender is a spamassassin
> "customer".
>
> (I operate an MTA host on which I run SpamAssassin -- it works
> flawlessly.  (I am running Debian Postfix 2.7.1-1+squeeze1 with
> spamassassin 3.3.1-1.1)   This system is in an Internap data center,
> and provides mail services for about a half-dozen organizations that I
> support.   SPF and DKIM are correctly configured for hosted domains,
> as is user authentication for submitted mail.)
>
> I appear to be getting a shakedown scam from Barracuda Networks.  They
> seem to be getting out of the "anti-spam" and into the "protection
> racket" business.
>
> A small number of recipients have been getting bounce-unsubscribed a
> community mailing list that I administer.  The most recent bounces say
> that this "blocked using Barracuda Reputation; 
> http://www.barracudanetworks.com/reputation/";  Visiting that page
> provides no information on the specific reason my MTA has been blocked
> so I can't determine if there is a configuration issue, but there is a
> link for one-time removal.
>
> Below that the page says "One way to get your email through spam
> filters even if you are listed on the BRBL is to register your domain
> and IPs at EmailReg.org." OK, sounds good, I can prove that my IP
> address is allowed to send for my domains -- I thought that was what
> SPF and DKIM are for (which are configured) but whatever.
>
> However, I click through to emailreg.org  and
> AFTER signing up for an account and configuring it they then reveal
> that there is a $20 "administrative fee" per domain.
>
> This sounds like a scam to me.  They're blacklisting mail servers, not
> telling why, and then offering to take you off the list (without even
> correcting any problems) for "just" a $20 fee.  I don't see how any
> legitimate RBL can operate with that model.
>
> Has anyone else here run into this?  Is there a way out other than
> bribing Barracuda to not block my mail?
>
> Thanks,
> --Jered
>
The BRBL may have listed the entire  /24 that includes your sending IPs.
Painful experience has shown that Barracuda won't hear your requests for
delisting, and the listing may never go away.

Barracuda have run their emailreg.org scam for many years.

-Richard

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Reindl Harald



Am 20.06.2015 um 17:49 schrieb Jered Floyd:


Harald,


no you don't understand how a Barracuda appliance works
emailreg.org is a whitelist like the ones spamassassin is using

in case of a barracuda appliance it overrides the RBL


It's a whitelist that appears to be based solely on paying Barracuda a fee.  
That doesn't sound like a valid whitelist protocol!


most whitelists are based on fee


Has anyone else here run into this?  Is there a way out other than
bribing Barracuda to not block my mail?


tell your customers don't send spam


I'm pretty sure none of my users are sending spam.  I'm not on any other RBLs, 
and I haven't seen recent unusual mail volume.


you need to hit only *once* a honeypot


Regardless, with other RBLs there is typically some information on the triggering 
criteria.  That does not appear to be the case here.  BRBL seems to be a pay-to-play 
whitelist with arbitrary and opaque "poor reputation" categorization.


no it is not, we used a barracuda appliance for nearly a decade and 
there where zero complaints because the RBL, the unwhitelistable URIBL 
auf barracuda is much more problematic


listing happens the same way as for other RBLS:

* hit a honeypot
* user complaints

there is a outlook plugin where you can flag every mail as ham or spam 
and if a few RCPTs flag mails of your customers as spam, well you got listed




signature.asc
Description: OpenPGP digital signature

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Jered Floyd


Harald,

> no you don't understand how a Barracuda appliance works
> emailreg.org is a whitelist like the ones spamassassin is using
> 
> in case of a barracuda appliance it overrides the RBL

It's a whitelist that appears to be based solely on paying Barracuda a fee.  
That doesn't sound like a valid whitelist protocol!

 
>> Has anyone else here run into this?  Is there a way out other than
>> bribing Barracuda to not block my mail?
> 
> tell your customers don't send spam

I'm pretty sure none of my users are sending spam.  I'm not on any other RBLs, 
and I haven't seen recent unusual mail volume.  

Regardless, with other RBLs there is typically some information on the 
triggering criteria.  That does not appear to be the case here.  BRBL seems to 
be a pay-to-play whitelist with arbitrary and opaque "poor reputation" 
categorization.

Regards,
--Jered

Re: Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Reindl Harald




Am 20.06.2015 um 17:38 schrieb Jered Floyd:

A small number of recipients have been getting bounce-unsubscribed a
community mailing list that I administer.  The most recent bounces say
that this "blocked using Barracuda Reputation;
http://www.barracudanetworks.com/reputation/";  Visiting that page
provides no information on the specific reason my MTA has been blocked
so I can't determine if there is a configuration issue, but there is a
link for one-time removal.


you are blacklisted at http://www.barracudacentral.org/rbl
blame your users!


Below that the page says "One way to get your email through spam filters
even if you are listed on the BRBL is to register your domain and IPs at
EmailReg.org." OK, sounds good, I can prove that my IP address is
allowed to send for my domains -- I thought that was what SPF and DKIM
are for (which are configured) but whatever.

However, I click through to emailreg.org  and AFTER
signing up for an account and configuring it they then reveal that there
is a $20 "administrative fee" per domain.

This sounds like a scam to me.  They're blacklisting mail servers, not
telling why, and then offering to take you off the list (without even
correcting any problems) for "just" a $20 fee.  I don't see how any
legitimate RBL can operate with that model.


no you don't understand how a Barracuda appliance works
emailreg.org is a whitelist like the ones spamassassin is using

in case of a barracuda appliance it overrides the RBL


Has anyone else here run into this?  Is there a way out other than
bribing Barracuda to not block my mail?


tell your customers don't send spam




signature.asc
Description: OpenPGP digital signature

Barracuda / EmailReg.org protection racket? (OT, but help?)

2015-06-20 Thread Jered Floyd


Hello SA-users, 

I have a question on the other side of things: outgoing mail. I know this is 
off-topic but this seems to the only venue where there might be knowledge of 
the problem, and the offender is a spamassassin "customer". 

(I operate an MTA host on which I run SpamAssassin -- it works flawlessly. (I 
am running Debian Postfix 2.7.1-1+squeeze1 with spamassassin 3.3.1-1.1) This 
system is in an Internap data center, and provides mail services for about a 
half-dozen organizations that I support. SPF and DKIM are correctly configured 
for hosted domains, as is user authentication for submitted mail.) 

I appear to be getting a shakedown scam from Barracuda Networks. They seem to 
be getting out of the "anti-spam" and into the "protection racket" business. 

A small number of recipients have been getting bounce-unsubscribed a community 
mailing list that I administer. The most recent bounces say that this "blocked 
using Barracuda Reputation; http://www.barracudanetworks.com/reputation/ " 
Visiting that page provides no information on the specific reason my MTA has 
been blocked so I can't determine if there is a configuration issue, but there 
is a link for one-time removal. 

Below that the page says "One way to get your email through spam filters even 
if you are listed on the BRBL is to register your domain and IPs at 
EmailReg.org." OK, sounds good, I can prove that my IP address is allowed to 
send for my domains -- I thought that was what SPF and DKIM are for (which are 
configured) but whatever. 

However, I click through to emailreg.org and AFTER signing up for an account 
and configuring it they then reveal that there is a $20 "administrative fee" 
per domain. 

This sounds like a scam to me. They're blacklisting mail servers, not telling 
why, and then offering to take you off the list (without even correcting any 
problems) for "just" a $20 fee. I don't see how any legitimate RBL can operate 
with that model. 

Has anyone else here run into this? Is there a way out other than bribing 
Barracuda to not block my mail? 

Thanks, 
--Jered

40 matches

Mail list logo