Re: sneaky pharma spam shooting past standard rules

>> On 15.10.09 10:22, Rick Knight wrote: >>> I'm using Sendmail and I've built it with milter support. >> use >> >> FEATURE(`block_bad_helo') >> >> in sendmail.mc On 15.10.09 13:02, John Hardin wrote: > Has it been made easier to exclude netblocks - like your local network - > from that check?

Re: sneaky pharma spam shooting past standard rules

> On Thu 15 Oct 2009 09:24:44 PM CEST, Matus UHLAR - fantomas wrote >> FEATURE(`block_bad_helo') >> in sendmail.mc On 15.10.09 21:50, Benny Pedersen wrote: > if i remember sendmail it need to be added in sendmail.m4 and when > saved, m4 sendmail.m4 will create sendmail.mc the rules have to be i

Re: svn rules and viewvc

On Thu, 2009-10-15 at 23:35 -0700, R-Elists wrote: > i used to be able to use wget to "easily" download rules from jhardin and > other sandboxes > > now with this new viewvc, it is a total pain in the backside to do anything. The SA team has no control over this at all. It's ASF infrastructure.

Re: [SA] sneaky pharma spam shooting past standard rules

15.10.2009 22:43, Adam Katz kirjoitti: A score of 6 is FREAKISHLY high, even for something with a very low FP rate. I'd score that around 1.2 if I trusted it. I like it, so I'm throwing it in khop-general as MC_TAB_IN_FROM scoring at 0.6 for now: # @Mike Cappella on sa-users, 20090806 20:50

Re: svn rules and viewvc

On Thu, 15 Oct 2009, R-Elists wrote: i used to be able to use wget to "easily" download rules from jhardin and other sandboxes now with this new viewvc, it is a total pain in the backside to do anything. how do we make it so it is easy to get the sandbox rules again? - rh Karsten beat me

Other DNSBL's

I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. http://antispam.imp.ch/06-

Re: sneaky pharma spam shooting past standard rules

On 15-Oct-2009, at 19:36, MySQL Student wrote: smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, permit I'm currently using reject_non_fqdn_sender and reject_non_fqdn_recipient. Completely different restrictions. The

Re: Other DNSBL's

On Fri, Oct 16, 2009 at 09:41:57AM -0400, Warren Togami wrote: > I'm looking to add other DNSBL's to tomorrow's weekly mass check. I > realize most of them probably are too broken to bother, but it would be > nice to get some real numbers to confirm it so since the Internet lacks > any real

Re: sneaky pharma spam shooting past standard rules

Henrik K wrote: > On Thu, Oct 15, 2009 at 03:43:52PM -0400, Adam Katz wrote: >> # @Mike Cappella on sa-users, 20090806 20:50 UTC + 20090822 at 18:19 >> header MC_TAB_IN_FROMFrom:raw =~ /^\t/m >> describe MC_TAB_IN_FROMFrom: Contains a tab >> scoreMC_TAB_IN_FROM0.6 # 20091015, con

Re: [SA] sneaky pharma spam shooting past standard rules

On 10/15/2009 10:56 PM, Henrik K wrote: > You missed the important post: > > http://mail-archives.apache.org/mod_mbox/spamassassin-users/200908.mbox/%3c200908222035.57647.mark.martinec...@ijs.si%3e > For general use, the rule should be tightened. The relaxed version only hit mailing lists fro

Constant Contact

Does anybody here know anything about the legitimacy of Constant Contact ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through constantcontact.com s

RE: Constant Contact

I've heard ads on the radio for Constant Contact before, so I would guess they're legitimate. Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State College Red Hat Certified Technician (RHCT) -Original Message- From:

Re: Constant Contact

Adam Katz wrote: > Does anybody here know anything about the legitimacy of Constant > Contact ? > Sometimes abused, but too legit to outright block based on sending IP, imo. > The biggest problem is that they're well seeded in the DNS whitelists,

Re: Constant Contact

Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact ? Hi, Very legitimate. We have 4 or 5 clients who use it to send out emails to their subscribers. How ever, it can and does get abused by spammers from

Re: Constant Contact

On Oct 16, 2009, at 12:09 PM, Rick Macdougall wrote: Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact ? Hi, Very legitimate. We have 4 or 5 clients who use it to send out emails to their subscribers.

RE: Other DNSBL's

> > Any other DNSBL's out there that you folks use that are worth > comparing? > > Warren Togami > wtog...@redhat.com Warren, ask michael scheidell... he has a list for you that is 100% effective... :-) - rh

Re: Constant Contact

Hi, >> Does anybody here know anything about the legitimacy of Constant >> Contact ? > > Sometimes abused, but too legit to outright block based on sending IP, imo. In addition to constantcontact, can I add the following to the list of hosts I'd like

RE: [SA] SpamAssassin is not a filter

Per Jessen wrote: > The EU trademark database has 44 hits on registered trademarks > containing 'spam', including Spamhaus, Spamfighter, SpamTrap, noSpam > Proxy, Spamfinder, SPAMNET and SPAMASSASSIN. In other news, Darrell McBride is hired by Hormel to bolster their lagging canned meat busines

Re: Other DNSBL's

> ask michael scheidell... he has a list for you that is 100% effective... yeah, like that same joke that grandpa keeps telling over and over.. the first time it was a little bit funny... but now it is annoying, particularly the way he is the only one in the room laughing each time. -- Rob McEwe

Re: Constant Contact

MySQL Student wrote: Hi, Does anybody here know anything about the legitimacy of Constant Contact ? Sometimes abused, but too legit to outright block based on sending IP, imo. Just to add another data point -- There is a local

Re: Other DNSBL's

R-Elists wrote: Warren, ask michael scheidell... he has a list for you that is 100% effective... seriously, google for 'blocked.secnap.net' give it a try, any ip address that you ever even got one spam on is listed. (note, if you use this list on a production system it will block legit em

Re: Constant Contact

Chris Hoogendyk wrote: Just to add another data point -- There is a local network of small tech entrepreneurs in my region. They have an email list for discussing various aspects of running small businesses (sometimes just one person out of their home), and one of the questions that frequently

RE: Constant Contact

> Complaints liks this keep coming up for various whitelists. > The usage alternative I just suggested may solve this problem > for many people. > > -- > Rob McEwen Mc, what usage alternative? - rh

Re: Constant Contact

UCSC uses them for various announcement messages as well (I think they're mostly in-bound (ie. sending to UCSC addresses), but I don't know if that's 100% true). So, while I can't speak to whether or not they send spam, I can vouch that they are sometimes used to send ham. JRudd On Fri, Oct 16

RE: Constant Contact

here is a fine chance for everyone to vote on some new rule names... ill seed it... CONSTANT_PITA_BULK1 let's be creative now, it's Friday! well, it is always Friday, but you get the point... - rh

Re: Constant Contact

R-Elists wrote: >> Complaints liks this keep coming up for various whitelists. >> The usage alternative I just suggested may solve this problem >> for many people. Just what I said. If an IP whitelist cause too many spams to get a "free pass", then instead of using that whitelist as a free pass

RE: Constant Contact

> > So, even though I cringe when I hear a name like Constant > Contact, it does serve a legitimate business need. snip > Chris Hoogendyk > Chris, -1 no disrespect to you intended, yet says who? our general experience with Constant Contact is negative. - rh

Re: Constant Contact

On Friday 16 October 2009, Adam Katz wrote: >Does anybody here know anything about the legitimacy of Constant >Contact ? > >In preparing a list of HOSTKARMA_W violators for Marc, I noticed a >very large amount of spam, coming from completely different

RE: Constant Contact

> > That domain name should earn an email that came through their > servers an additional 2.5 points IMO. It has been a thorn in > my side since 3, maybe 4 years now. snip > -- > Cheers, Gene Gene, and anyone else that cares to share please... what are you using for your various rules to

Re: Other DNSBL's

Warren Togami wrote: I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. htt

Re: Constant Contact

On Friday 16 October 2009, R-Elists wrote: >> That domain name should earn an email that came through their >> servers an additional 2.5 points IMO. It has been a thorn in >> my side since 3, maybe 4 years now. > >snip > >> -- >> Cheers, Gene > >Gene, > >and anyone else that cares to share please.

Re: Constant Contact

I wrote: >> Before I write a custom rule to add points to anything passing through >> a constantcontact.com relay, I was wondering if anybody here had >> thoughts on this. R-Elists wrote: > what are you using for your various rules to up the score on Constant > Contact emails so that nothing slips

Re: Constant Contact

On 10/16/2009 01:14 PM, Chris Owen wrote: On Oct 16, 2009, at 12:09 PM, Rick Macdougall wrote: Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact ? Hi, Very legitimate. We have 4 or 5 clients who use it to

re-implement all RBLs in metas?

Rob McEwen wrote: > Adam Katz wrote: >> Does anybody here know anything about the legitimacy of Constant >> Contact ? > > Sometimes abused, but too legit to outright block based on sending IP, imo. So in Marc's HostKarma context, that probably means

Re: Constant Contact

On Friday, October 16, 2009, 11:49:43 AM, Adam Katz wrote: AK> After some web searches, I decided to use the unsubscribe feature, but AK> apparently I needed to unsubscribe every email address with every AK> company that uses constantcontact.com. To me, this means it is quite AK> clear that Const

Re: Constant Contact

Warren Togami wrote: > For reasons like this I will not manually unsubscribe spam from > constantcontact.com or tell them what addresses were being sent. They > deserve a hurt reputation if they have a poor anti-spam policy. > Unsubscribing only the offending addresses only artificially hides the

Re: Constant Contact

On Fri, Oct 16, 2009 at 12:49 PM, Adam Katz wrote: > Does anybody here know anything about the legitimacy of Constant > Contact ? Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abus

Re: Constant Contact

On Fri, Oct 16, 2009 at 11:07, R-Elists wrote: > >> >> So, even though I cringe when I hear a name like Constant >> Contact, it does serve a legitimate business need. > > says who? > Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to

Re: Other DNSBL's

Henrik K schrieb: > IMO a centralized rsync datasource for all the mass checked BLs would be > nice. Wonder if someone had the connections to pull it off? It would save > resources from all and speed up the checks. Spamhaus etc would only need to > "donate" the data once a week. We don't see any

Re: Constant Contact

Rob McEwen schrieb: > Just what I said. If an IP whitelist cause too many spams to get a "free > pass", then instead of using that whitelist as a free pass to the > inbox... instead... use it to bypass all checking of the sender IPs > against blacklists, but still do content spam filtering on the

Re: Constant Contact

Tara- Thanks for writing me off-list. I was composing this reply when I saw your message the list come in. Email marketing is a HARD business to be in thanks to spammers that play by their own rules and the resulting necessity of confirmed-opt-in, which is often a show-stopper for the business (

Re: Constant Contact

On Fri, 16 Oct 2009, Tara Natanson wrote: Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abuse@ address but you won't ever hear what happened to it there other than an auto-ack. If you'd like to send me any complaints I can let

Re: Constant Contact

On Fri, 16 Oct 2009, John Rudd wrote: Me. I work for one of their clients (a University). One or two of our divisions use them for large mailings to our internal users. How is Constant Contact better than (say) GNU mailman for that purpose? I don't understand the concept of sending internal

Re: Constant Contact

On 10/16/2009 10:25 PM, Adam Katz wrote: > I suppose it's possible that your customer base is large enough that there aren't any repeat offenders and that each case is unique ... digging through my archives, I don't see more than 2x of any message from a CC customer. look at this way, some sno

Re: Constant Contact

On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote: > > > Before I write a custom rule to add points to anything passing through > > > a constantcontact.com relay, I was wondering if anybody here had > > > thoughts on this. > I lied. I actually wrote a rule and stuck it in my testing area. As >

Re: Constant Contact

In addition to constantcontact, can I add the following to the list of hosts I'd like people's input on as to whether it's spam: - blueskycommunications.com - pm0.net - topica.com IMHO, at least Constant Contact has legitimate senders. Topica is all crap mailings. That said, I score CC ju

Re: Constant Contact

On Fri, Oct 16, 2009 at 13:29, John Hardin wrote: > On Fri, 16 Oct 2009, John Rudd wrote: > >> Me.  I work for one of their clients (a University).  One or two of >> our divisions use them for large mailings to our internal users. > > How is Constant Contact better than (say) GNU mailman for that

Re: Constant Contact

Karsten Bräckelmann wrote: > On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote: >> rawbody __CCM_UNSUB >> /"https?:..visitor\.constantcontact.com\/[^<>]{60,200}>SafeUnsubscribe > Ouch! Rawbody, that hurts. > > If you really can't tell from the / a link URI alone, you'd better have > a look at

Re: Constant Contact

On Fri, 2009-10-16 at 17:17 -0400, Adam Katz wrote: > Karsten Bräckelmann wrote: > > On Fri, 2009-10-16 at 14:54 -0400, Adam Katz wrote: > > Inappropriate description. > > > > Inappropriate logic. IFF the terminology used would be appropriate, you > > rather should take the then-false listing up

Re: Constant Contact

Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through

Re: Constant Contact

One factor in scoring white list like mine is that different people have different definitions as to what is spam. And people have different values as to blocking spam at the expense of blocking good email. In my business if I block a good email it's worse than 100 spams getting through. I am p

Re: Constant Contact

Hi, >> How is Constant Contact better than (say) GNU mailman for that purpose? I >> don't understand the concept of sending internal mail via an external third >> party... In addition to what's already been mentioned, CC also provides a nice template that people can drop their message into and cl

Re: Constant Contact

Tara Natanson wrote: On Fri, Oct 16, 2009 at 12:49 PM, Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact ? Hello, I work for Constant Contact. We take reports of spam very seriously. Complaints are processed through our abus

Re: Constant Contact

On Fri, 2009-10-16 at 15:09 -0700, Marc Perkel wrote: > I wouldn't say they are perfect but they try to be. It's close enough > for my white list. They shut down abusers and the opt out works. ^ This implies there is, in fact, abuse. Thus, they are not "t

Re: Constant Contact

On Fri, 2009-10-16 at 16:25 -0400, Adam Katz wrote: > My own proposal to fixing this is to bring back Blue Security's > do-not-email list, which is to say a freely available index of secure > hashes representing email addresses that have opted out of bulk email. > (Recall that the controversial a

KHOP_NO_FULL_NAME

I have not yet analysed what whitehats cause this, but this rule seems suspipicious to me at moment. At the bright side: HOSTKARMA is a pleasant thing to have, now that my config is fixed with the community aid. Email: 1280 Autolearn: 765 AvgScore: 13.53 AvgScanTime: 11.23 sec Spam: 632

Re: KHOP_NO_FULL_NAME

17.10.2009 3:12, Jari Fredriksson kirjoitti: I have not yet analysed what whitehats cause this, but this rule seems suspipicious to me at moment. Now I have. Legitimate bulk mailers. From: "NYTimes.com" From: "Iltalehti.fi" Newspapers. And others. Guestionable rule. -- http://www.iki.f

Re: Constant Contact

Adam Katz wrote: Does anybody here know anything about the legitimacy of Constant Contact ? In preparing a list of HOSTKARMA_W violators for Marc, I noticed a very large amount of spam, coming from completely different companies, was sent through co