Re: Opt In Spam
On Fri, 2009-07-17 at 03:25 -0700, twofers wrote: Neil Rocks ! Thanks Neil. Wes --- On Thu, 7/16/09, Neil Schwartzman neil.schwartz...@returnpath.net wrote: From: Neil Schwartzman neil.schwartz...@returnpath.net Subject: Re: Opt In Spam To: twofers twof...@yahoo.com, Spamassassin users@spamassassin.apache.org Date: Thursday, July 16, 2009, 1:29 PM FOLLOW-UP: A process was hung on one of the 20 hives serving the whitelists and reported this IP as being listed. We've restarted the process and it is no longer reporting incorrectly. On 16/07/09 8:05 AM, Neil Schwartzman neil.schwartz...@returnpath.net wrote: Now, I am aware that we recently changed the DNS hives serving up Safe (aka safelist aka Habeas) and I'm wondering if there is a glitch between SA and our lists. I don't know. I expect I need to take this up with the developer team, and bump it to someone else over here. I've also BCCed our contacts at SA for clarification -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038 I have (as usual) a different view. Being told how wonderful they were I thought it would be a blast to opt-in, then opt out again. On opting out I found I was mailed again by RP. So I blocked the range. They found another range and spammed me, I blocked it again. Tonight, they have done it again - I guess this is another 'fault with a hive serving the whitelists' or similar b/s. Opt out is opt out. It means I don't want you to keep finding new ranges to spam me about your services; From: Ryan Osborne ryan.osbo...@returnpath.net To: @buzzhost.co.uk Subject: Are you getting your email to the Inbox? Date: Fri, 17 Jul 2009 15:06:02 -0400 (20:06 BST) Mailer: Produced By Microsoft Exchange V6.5 I am reaching out from Return Path regarding your inquiry during our Lunch and Learn. We focus on helping marketers like you increase email response and revenue by maximizing your email delivery rates and optimizing your email performance. On average, 20% of permission email is blocked or filtered by ISPs. ISPs like Hotmail and Yahoo! look at several factors in your sending history (or reputation) to determine legitimate mail from spam, but unfortunately one out of five times they get it wrong. We at Return Path can help you build a stellar sending reputation so that ISPs don’t mistake your messages for spam and instead, fast track your email to the inbox. Once you’re IN, we’ll help ensure your strategy is aligned with subscriber interest so that you can maintain high deliverability rates and drive more response and revenue to your program. Our industry leading monitoring tools and services are used by companies of all shapes and sizes including Polo Ralph Lauren, Software AG, Fidelity Investments, eBay, Coldwater Creek, Overstock.com, REI, Match.com, E-Harmony, Twitter, Facebook, and MySpace, plus 2000 more! You can read our case studies on our website. I welcome the opportunity to talk with you to jointly determine which Return Path solutions will drive the strongest ROI across your email programs. When would be the best time to set up the meeting to review your delivery needs? Let me know what time works best for you. I look forward to speaking with you soon. Best Regards, p.s. If you are new to deliverability and want to learn more before we chat, you can register for our Lunch Learn Webinar: Are My Emails Getting Blocked? Click here to choose the date and time that works for you. Thank you, Ryan Osborne New Business Development Return Path - Increasing Email Reach and Response 8001 Arista Place Suite 300 Broomfield, CO 80021 303-999-3121 (office) 303-496-1283 (fax)
Re: Opt In Spam
On 17/07/09 3:32 PM, rich...@buzzhost.co.uk rich...@buzzhost.co.uk wrote: I have (as usual) a different view. Being told how wonderful they were I thought it would be a blast to opt-in, then opt out again. On opting out I found I was mailed again by RP. So I blocked the range. They found another range and spammed me, I blocked it again. Tonight, they have done it again - I guess this is another 'fault with a hive serving the whitelists' or similar b/s. Opt out is opt out. It means I don't want you to keep finding new ranges to spam me about your services; From: Ryan Osborne ryan.osbo...@returnpath.net To: @buzzhost.co.uk Subject: Are you getting your email to the Inbox? Date: Fri, 17 Jul 2009 15:06:02 -0400 (20:06 BST) Mailer: Produced By Microsoft Exchange V6.5 I¹m not certain who told you were here at Return Path are wonderful, but I do appreciate their input. Now, please don¹t be silly Richard. Your assertion that we encountered a block and then switched to a new IP netblock is preposterous. We have several ranges and mail streams. You opted in and then opted out. OK, in what timeframe? Minutes? Hours? The proscribed 10-day CANSPAM limit? A couple of months? I will ensure you are added to our suppression list and unsubbed from all lists, immediately. If our processes are broken, we want to know; I¹ve BCCed our CPO in on this. Thanks for the heads up. -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
Re: Opt In Spam
On 17/07/09 4:03 PM, Neil Schwartzman neil.schwartz...@returnpath.net wrote: Your assertion that we encountered a block and then switched to a new IP netblock is preposterous. We have several ranges and mail streams. You opted in and then opted out. OK, in what timeframe? Minutes? Hours? The proscribed 10-day CANSPAM limit? A couple of months? I will ensure you are added to our suppression list and unsubbed from all lists, immediately. If our processes are broken, we want to know; I¹ve BCCed our CPO in on this. Richard, I inquired internally, and here is what we understand to have happened. You signed up for a Lunch and Learn. You were mailed the information in that regard. Apparently you were flagged in our systems as having attended the event. You also indicated you wanted a demo of our tools during your sign-up. A sales person, Ryan, followed up on the lead with a 1-to-1 email. He also tried to call the apparently erroneous telephone number you entered in the form. We have verified the unsubscribe and suppressed your address. Let us know if there is anything else we can do to help. Thanks again for bringing this to all our attention. -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
Re: Opt In Spam
On Fri, 2009-07-17 at 14:41 -0600, Neil Schwartzman wrote: On 17/07/09 4:03 PM, Neil Schwartzman neil.schwartz...@returnpath.net wrote: Your assertion that we encountered a block and then switched to a new IP netblock is preposterous. We have several ranges and mail streams. You opted in and then opted out. OK, in what timeframe? Minutes? Hours? The proscribed 10-day CANSPAM limit? A couple of months? I will ensure you are added to our suppression list and unsubbed from all lists, immediately. If our processes are broken, we want to know; I¹ve BCCed our CPO in on this. Richard, I inquired internally, and here is what we understand to have happened. You signed up for a Lunch and Learn. You were mailed the information in that regard. Apparently you were flagged in our systems as having attended the event. I hate to say this, but if that's what you understand to have happened you have some serious issues with data management. Here is what happened. Injected an address into your web form, injected a dead phone number. Never confirmed opt in, when mail came clicked 'unsubscribe' You also indicated you wanted a demo of our tools during your sign-up. A sales person, Ryan, followed up on the lead with a 1-to-1 email. He also tried to call the apparently erroneous telephone number you entered in the form. So, not only have you abused the unsubscribe, you tried to call the number too. Gee, you are very determined spammers dude. We have verified the unsubscribe and suppressed your address. Let us know if there is anything else we can do to help. Can you supply me with all the address ranges you have so I can add manual blocks for them. Thanks. Thanks again for bringing this to all our attention.
Re: Opt In Spam
On Thu, 2009-07-16 at 04:38 -0700, twofers wrote: 66.59.8.161 TRY: OrgAbuseEmail: ab...@streamsend.com
Re: Opt In Spam
Have you reported the abuse to mailto:habeas@abuse.net, as Neil Schwartzman from Return Path (operators of Habeas) requested last time? Just posting to the sa-users list isn't really going to do very much. If there are pervasive FP problems, it will show up in the mass-checks and we'll drop the score. twofers wrote: And yet another SPAM from these opt-in guys. I believe this group are nothing but covert Spammers abusing a privilage afforded them. I receive these spams at two separate email addresses, both I use exclusively for my business, there is no way I'd use these addresses as an opt-in for anything. They are not personal emails and I'd never consider using them as opt-in for anything. I don't opt-in for anything ever to begin with anyway. X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on H67646.safesecureweb.com X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=HABEAS_ACCREDITED_SOI, HTML_IMAGE_RATIO_02,HTML_MESSAGE,LOCAL_URI_NUMERIC_ENDING,MISSING_MID, MPART_ALT_DIFF,SARE_UNSUB09 autolearn=no version=3.2.1 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 1.3 SARE_UNSUB09 URI: SARE_UNSUB09 * 2.0 LOCAL_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] Received: (qmail 17894 invoked from network); 15 Jul 2009 12:21:13 -0400 Received: from mailengine.8lmediamail.com (66.59.8.161) by mail.jelsma.com with SMTP; 15 Jul 2009 12:21:12 -0400 Received-SPF: pass (mail.jelsma.com: SPF record at mailengine.8lmediamail.com designates 66.59.8.161 as permitted sender) Received: by mailengine.8lmediamail.com (PowerMTA(TM) v3.2r23) id hbo0ve0eutci for embroid...@x.com mailto:embroid...@x.com; Wed, 15 Jul 2009 09:14:23 -0700 (envelope-from streamsendboun...@mailengine.8lmediamail.com mailto:streamsendboun...@mailengine.8lmediamail.com) Content-Type: multipart/alternative; boundary=_--=_1073964459106330 MIME-Version: 1.0 X-Mailer: StreamSend - 23361 X-Report-Abuse-At: ab...@streamsend.com mailto:ab...@streamsend.com X-Report-Abuse-Info: It is important to please include full email headers in the report X-Campaign-ID: 20812 X-Streamsendid: 23361+362+1918562+20812+mailengine.8lmediamail.com Date: Wed, 15 Jul 2009 09:14:24 -0700 From: Paul DiFrancesco: Eight Legged Media efly...@8lmediamail.com mailto:efly...@8lmediamail.com To: embroid...@x.com mailto:embroid...@x.com Subject: Visit with over 25 suppliers This is a multi-part message in MIME format.
Re: Opt In Spam
On 16/07/09 7:38 AM, twofers twof...@yahoo.com wrote: And yet another SPAM from these opt-in guys. SINGLE opt-in (SOI). I believe this group are nothing but covert Spammers abusing a privilage afforded them. Which group? E Z Publishing? They are neither covert, nor spammers. They are an ESP. As such, they certainly have their share of challenges, with regard to client vetting and list provenance. Complaints about them here, and elsewhere are not going unnoticed, I can assure you; we have had a few sit-downs with them and it appears there is need for another. We do want to work with this client to better their practices, and will continue to do so, using the carrot stick mthod of encouragement. We do have sticks of several lengths and weighting to apply if need be, of course. I've BCCed our principal contact at EZP to alert him to the problem. I receive these spams at two separate email addresses, both I use exclusively for my business, there is no way I'd use these addresses as an opt-in for anything. They are not personal emails and I'd never consider using them as opt-in for anything. I don't opt-in for anything ever to begin with anyway. Understood. But here's where it gets weird ... X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on H67646.safesecureweb.com X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=HABEAS_ACCREDITED_SOI, HTML_IMAGE_RATIO_02,HTML_MESSAGE,LOCAL_URI_NUMERIC_ENDING,MISSING_MID, MPART_ALT_DIFF,SARE_UNSUB09 autolearn=no version=3.2.1 X-Spam-Report: * 0.0 MISSING_MID Missing Message-Id: header * 1.3 SARE_UNSUB09 URI: SARE_UNSUB09 * 2.0 LOCAL_URI_NUMERIC_ENDING URI: Ends in a number of at least 4 digits * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.1 MPART_ALT_DIFF BODY: HTML and text parts are different * 0.6 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] Received: (qmail 17894 invoked from network); 15 Jul 2009 12:21:13 -0400 Received: from mailengine.8lmediamail.com (66.59.8.161) This IP is not currently on the Safe whitelist (formerly known as HABEAS_ACCREDITED_SOI ). It was suspended some time ago. Now, I am aware that we recently changed the DNS hives serving up Safe (aka safelist aka Habeas) and I'm wondering if there is a glitch between SA and our lists. I don't know. I expect I need to take this up with the developer team, and bump it to someone else over here. I've also BCCed our contacts at SA for clarification by mail.jelsma.com with SMTP; 15 Jul 2009 12:21:12 -0400 Received-SPF: pass (mail.jelsma.com: SPF record at mailengine.8lmediamail.com designates 66.59.8.161 as permitted sender) Received: by mailengine.8lmediamail.com (PowerMTA(TM) v3.2r23) id hbo0ve0eutci for embroid...@x.com; Wed, 15 Jul 2009 09:14:23 -0700 (envelope-from streamsendboun...@mailengine.8lmediamail.com) Content-Type: multipart/alternative; boundary=_--=_1073964459106330 MIME-Version: 1.0 X-Mailer: StreamSend - 23361 X-Report-Abuse-At: ab...@streamsend.com X-Report-Abuse-Info: It is important to please include full email headers in the report X-Campaign-ID: 20812 X-Streamsendid: 23361+362+1918562+20812+mailengine.8lmediamail.com Date: Wed, 15 Jul 2009 09:14:24 -0700 From: Paul DiFrancesco: Eight Legged Media efly...@8lmediamail.com To: embroid...@x.com Subject: Visit with over 25 suppliers This is a multi-part message in MIME format. -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
Re: Opt In Spam
On Thu, 2009-07-16 at 07:55 -0400, Matt Kettler wrote: Have you reported the abuse to mailto:habeas@abuse.net, as Neil Schwartzman from Return Path (operators of Habeas) requested last time? Just posting to the sa-users list isn't really going to do very much. Have to agree (it's nice to have a moan mind you, it's therapeutic) It has to be outspokenly said that the name EZ Publishing as come up before here and I'm starting to wonder if ESP = EMAIL SPAM PERMITTED up and to the point someone complains about it.
Re: Opt In Spam
On 16-Jul-2009, at 05:38, twofers wrote: * -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better * [66.59.8.161 listed in sa-accredit.habeas.com] If you search for HABEAS_ACCREDITED you will find that a LOT of admins either drop these scores to very low numbers, or actually set them slightly positive. In my mailspool they are a spam indicator and I have them scored as such: score HABEAS_ACCREDITED_COI 1.0 score HABEAS_ACCREDITED_SOI 1.5 -- When the stars threw down their spears And watered heaven with their tears, DidHe smile his work to see? Did He who made the Lamb make thee?
Re: Opt In Spam
FOLLOW-UP: A process was hung on one of the 20 hives serving the whitelists and reported this IP as being listed. We've restarted the process and it is no longer reporting incorrectly. On 16/07/09 8:05 AM, Neil Schwartzman neil.schwartz...@returnpath.net wrote: Now, I am aware that we recently changed the DNS hives serving up Safe (aka safelist aka Habeas) and I'm wondering if there is a glitch between SA and our lists. I don't know. I expect I need to take this up with the developer team, and bump it to someone else over here. I've also BCCed our contacts at SA for clarification -- Neil Schwartzman Director, Certification Security Standards Return Path Inc. 0142002038
