Re: Macs/Yosemite can no longer send abuse reports

[Bill Cole]

On 27 Jun 2015, at 18:00, Jo Rhett wrote:


In the meantime, is there a mail client for Yosemite which does work?


I can't guarantee you'll be comfortable with it, but MailMate is surely 
worth a look if you don't mind paying for a piece of well-supported 
software.

Re: Macs/Yosemite can no longer send abuse reports

[Amir Caspi]

On Jun 29, 2015, at 10:30 AM, Kris Deugau  wrote:
> 
> Ben wrote:
> 
>> Second, I'm becoming less and less of a buyer on the whole "report it to
>> the ISP" malarky.  Its starting to become a bit of a 1990's way of doing
>> it.   I increasingly find myself wondering whether ISPs actually bother
>> to read abuse mails or whether they get filtered straight to /dev/null.
> 
> *nod*  Unfortunately true;  reporting to third parties is largely
> ineffective.  I've even had abuse reports rejected as spam, either due
> to the content of the spam or for simply including the original as a
> proper attachment that "could be malicious".

For these reasons, I have also given up reporting directly to third parties. 
However, I do still report to SpamCop on occasion... this serves multiple 
purposes (though their effectiveness is unknown, but anyway), since it will 
automatically generate a report to the ISP if the ISP accepts them, it 
automatically removes my identifying information from the report so spammers 
can't easily harvest my address from the report, any bounces are handled by 
SpamCop, and it adds the IP to the SpamCop RBL for either MTA rejection or SA 
score enhancement.

The utility of SpamCop reports may not be high these days... but that single 
reporting mechanism performs a number of functions, so it's at least better 
(IMHO) than reporting to the ISP directly.

Cheers.

--- Amir
thumbed via iPhone

Re: Macs/Yosemite can no longer send abuse reports

[Kris Deugau]

Ben wrote:

> Second, I'm becoming less and less of a buyer on the whole "report it to
> the ISP" malarky.  Its starting to become a bit of a 1990's way of doing
> it.   I increasingly find myself wondering whether ISPs actually bother
> to read abuse mails or whether they get filtered straight to /dev/null.
> 
> Case in point on number two, for some months now I have been receving
> Spam originating from a Verizon customer. The Verizon customer appears
> to be some sort of marketing company that has a range on the Verizon
> network.
> 
> Every...single...time... I report the spam, full headers & all.  Have
> they done anything about it ?  No.  Has the volume of spam reduced ? No.
> 
> I ended up blocking that IP in a custom RBL that I feed into SpamAssassin.
> 
> Sure, I guess for tweaking your internal SpamAssassin implementation,
> headers could be useful.  But for external reporting, I think they've
> had their day.

*nod*  Unfortunately true;  reporting to third parties is largely
ineffective.  I've even had abuse reports rejected as spam, either due
to the content of the spam or for simply including the original as a
proper attachment that "could be malicious".

Reporting spam to the ISP for filter tuning, on the other hand, is about
the only way to get a systemwide view of what's getting through.

-kgd

Re: Macs/Yosemite can no longer send abuse reports

[jdow]

On 2015-06-29 08:37, Ben wrote:



I can't speak about the specifics of this particular change, but
anything that makes it harder to trivially forward a message,


Whilst I obviously can't argue with you in the context of making it easy to
report spam, there are a couple of things to point out.

First, Jo said "have removed all functionality", that is technically and
factually incorrect, which is why I posted the message I did.  Other methods
remain available and all that needs to be done is for Jo to update the
instructions to users.

Second, I'm becoming less and less of a buyer on the whole "report it to the
ISP" malarky.  Its starting to become a bit of a 1990's way of doing it.   I
increasingly find myself wondering whether ISPs actually bother to read abuse
mails or whether they get filtered straight to /dev/null.

Case in point on number two, for some months now I have been receving Spam
originating from a Verizon customer. The Verizon customer appears to be some
sort of marketing company that has a range on the Verizon network.

Every...single...time... I report the spam, full headers & all.  Have they done
anything about it ?  No.  Has the volume of spam reduced ? No.

I ended up blocking that IP in a custom RBL that I feed into SpamAssassin.

Sure, I guess for tweaking your internal SpamAssassin implementation, headers
could be useful.  But for external reporting, I think they've had their day.


It's an excellent tool for gathering active addresses. Then the spammer simply 
has to craft an email that makes it through the filters, likely sent from a 
completely different source.


Reporting to the ISPs is, except in unusual circumstances, seems to be an 
exceptionally counter-productive trick.


That said, it might pay to catch the mails in the MTA and drop them there. Then 
the naifs at the keyboard think they'd done something useful and you've actually 
made it useful by leaving that address a black hole. Eventually the addresses 
will fall from the live addresses lists and fall to the secondary "we're gonna 
keep trying forever" lists.


{^_^}

Re: Macs/Yosemite can no longer send abuse reports

[John Hardin]

On Mon, 29 Jun 2015, Ben wrote:

Case in point on number two, for some months now I have been receving Spam 
originating from a Verizon customer. The Verizon customer appears to be some 
sort of marketing company that has a range on the Verizon network.


Every...single...time... I report the spam, full headers & all.  Have they 
done anything about it ?  No.  Has the volume of spam reduced ? No.


I ended up blocking that IP in a custom RBL that I feed into SpamAssassin.


Repeat abuser. TCP tarpit.

--
 John Hardin KA7OHZhttp://www.impsec.org/~jhardin/
 jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
---
  Men by their constitutions are naturally divided in to two parties:
  1. Those who fear and distrust the people and wish to draw all
  powers from them into the hands of the higher classes. 2. Those who
  identify themselves with the people, have confidence in them,
  cherish and consider them as the most honest and safe, although not
  the most wise, depository of the public interests.
  -- Thomas Jefferson
---
 5 days until the 239th anniversary of the Declaration of Independence

Re: Macs/Yosemite can no longer send abuse reports

[Ben]

I can't speak about the specifics of this particular change, but
anything that makes it harder to trivially forward a message,


Whilst I obviously can't argue with you in the context of making it easy 
to report spam, there are a couple of things to point out.


First, Jo said "have removed all functionality", that is technically and 
factually incorrect, which is why I posted the message I did.  Other 
methods remain available and all that needs to be done is for Jo to 
update the instructions to users.


Second, I'm becoming less and less of a buyer on the whole "report it to 
the ISP" malarky.  Its starting to become a bit of a 1990's way of doing 
it.   I increasingly find myself wondering whether ISPs actually bother 
to read abuse mails or whether they get filtered straight to /dev/null.


Case in point on number two, for some months now I have been receving 
Spam originating from a Verizon customer. The Verizon customer appears 
to be some sort of marketing company that has a range on the Verizon 
network.


Every...single...time... I report the spam, full headers & all.  Have 
they done anything about it ?  No.  Has the volume of spam reduced ? No.


I ended up blocking that IP in a custom RBL that I feed into SpamAssassin.

Sure, I guess for tweaking your internal SpamAssassin implementation, 
headers could be useful.  But for external reporting, I think they've 
had their day.

Re: Macs/Yosemite can no longer send abuse reports

[Kris Deugau]

Ben wrote:
> On 27/06/2015 23:00, Jo Rhett wrote:
>> All versions of Yosemite have removed all functionality for sending
>> abuse reports to helpdesks.
> 
> Jo,
> 
> You're making a few mountains out of molehills here !
> 
> They have not "removed all functionality", they have removed ONE function.
> 
> There is nothing stopping you using the raw source shortcut and copy/paste.
> 
> Yes, its unfortunate they have removed the "two shortcut" method, but
> opt-cmd-U followed by a select all and paste is not exactly difficult.

I can't speak about the specifics of this particular change, but
anything that makes it harder to trivially forward a message,
*unaltered*, as an attachment, is raising the threshold for general ISP
end users to Do The Right Thing, on an operation that is all too easy to
do wrong (and therefore render the report much less useful).

Several versions of Apple Mail also seem to randomly QP-encode the
attached message (or ever weirder, one or two messages in a set in the
same forward!).

Back to telling customers "Save as raw message, attach the file to a new
message"...

-kgd, wearing the "ISP spam filter report wrangler" hat

Re: Macs/Yosemite can no longer send abuse reports

[Ben]

On 27/06/2015 23:00, Jo Rhett wrote:

All versions of Yosemite have removed all functionality for sending
abuse reports to helpdesks.


Jo,

You're making a few mountains out of molehills here !

They have not "removed all functionality", they have removed ONE function.

There is nothing stopping you using the raw source shortcut and copy/paste.

Yes, its unfortunate they have removed the "two shortcut" method, but
opt-cmd-U followed by a select all and paste is not exactly difficult.

Yes I hope Apple fix the change, but quite frankly all you need to do is 
update your KB to reflect the changes, big deal.

Re: Macs/Yosemite can no longer send abuse reports

[Dave Warren]

On 2015-06-27 15:00, Jo Rhett wrote:
In the meantime, is there a mail client for Yosemite which does work? 
 I tried Thunderbird, and while it is capable it’s more than 15 clicks 
and manual hand editing to send a report. The two key combinations was 
far easier to use.


I'm not sure if Thunderbird is otherwise hobbled on OSX, but on my OS, 
CTRL+U (View Source) will bring up the original message, and if you add 
the "Forward" button to your toolbar, you can "Forward as attachment" in 
two clicks (to create a message with the currently selected message(s) 
already attached)


What are you doing that takes 15 clicks?

You still need to address the report and add comments, but since this 
needs to be done regardless of client, I don't care to count these steps.


Also, you can set the default forward method if you only intend to 
forward email as an attachment and want the extra click for when you're 
forwarding inline.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

Macs/Yosemite can no longer send abuse reports

[Jo Rhett]

All versions of Yosemite have removed all functionality for sending abuse 
reports to helpdesks. 

In all previous versions of Mail, one uses %-Shift-H to show the headers, and 
then %-Shift-F or clicked Forward to forward the message including the mail 
headers.
 
This functionality is required to report abuse, and required for legal evidence 
in cases where the law has been violated. Apple themselves requires this and 
won't act on abuse without providing this information 
https://www.apple.com/legal/more-resources/phishing/ 


Please speak up and tell Apple this was the wrong choice to make 
https://discussions.apple.com/message/28463275?ac_cid=op123456#28463275 


In the meantime, is there a mail client for Yosemite which does work?  I tried 
Thunderbird, and while it is capable it’s more than 15 clicks and manual hand 
editing to send a report. The two key combinations was far easier to use.

-- 
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.