Michael Scheidell wrote: > Main sleaze: as in DKIM SIGNED, NOT FORGED, SPF RECORDS MATCH, some > with and some without knowledge and adherence to the US Federal CAN-SPAM > laws.
> Maybe I am stuck in 1994 when (most) people respected the net. Maybe I > react badly when one of these main-sleaze emails makes it past our > filters, but the good news is that they help us identify third party > email marketing companies that aren't careful about their clients. I see similar things, and it annoys me quite a bit too. In Europe, the legal situation is somewhat different, as the Privacy & Electronic Communications Regulations (PECR) outlaw sending unsolicited email to individuals. As a result, what I tend to see and get complaints about is email from valid domains with proper rDNS and SPF which either: (a) advertise generic scams to consumers such as draws for shopping vouchers in UK stores or and recently loans and insurance comparison, which come from the USA with a superficial compliance with "CANSPAM". Notably, the postal address identifying the organisation (either in the US or an accommodation address/mailbox supposedly in the UK such as "56 Gloucester Road #215") is presented as an image. The servers are rented from US-based companies. I have some meta rules based on technical details that help quarantine most of the crap. (b) are from UK-based registered companies and ostensibly directed to other businesses in the UK. Many are for worthless sales training webinars - I don't know if they teach more people how to send lots of spam email. An anonymous benefactor posts a useful monthly list of spammers and their hosts called "UK spammers activity report June 2009" on news:news.admin.net-abuse.email, usually leading with the notoriously annoying and stupid Communicado/Bitesize/Britain in Business. The list can be used to block the ranges (often /24) used by the spammers. What is notable from that list is that most IP addresses aren't in any BL, except sometimes APEWS and BRBL, probably because BLs have few spamtrap addresses that the spammer would want to add - there may be some human intervention to verify that target domains are real users (although of course you can't really send junk in bulk unless it is automated.) I guess these aren't quite as "vertical" as you describe, but there is often some attempt at targeting the spam - sometimes it's clear the spammer has included all email addresses from a web page that mentions, say, a particular town or industry. My understanding of mainsleaze is that it comes from companies you might want to buy something from until you get their spam - what I'm describing isn't quite like that and often operates from a PO Box/accommodation address. There are also, as you mention, often third-party mailers that may still even be in Habeas or similar cleanlists, although they increasingly become infiltrated, then dominated, by clients who abuse the network. Anyway, here are some suggestions to deal with mainsleaze: (1) Report to SpamCop and DCC/Pyzor. (2) Locate the upstream colocation provider (or mailing list provider) and ask them to enforce their AUP and the maximum contractual penalty. One or two hosts unfortunately are so negligent that it might be necessary to go to the backbone provider (not that I've ever done that). (3) More people should consider legal action based on PECR and improper processing of personal data without consent. There have been many cases here in the UK where a few hundred pounds sterling have been awarded by a small claims court, but the case should be properly prepared - e.g. http://www.steveroot.co.uk/2008/02/spam-wars-the-s.html. I also wonder why spam, being (often explicitly) unauthorised use of a receiving server, cannot be prosecuted under anti-cracker legislation. (4) Contact any postal mailbox provider and again ask them to enforce ToS and penalty. (5) Possibly most effective? If the spam contains a free or cheap sales number, ring, ask to speak to the director (the name is usually a matter of public record), and ask why they are wasting people's time (and bandwidth, and CPU) with UBE. If they offer to unsubscribe your address, try to explain the point is that it's an abuse of the network and they shouldn't have sent anything in the first place: if everyone thought it was acceptable to send opt-out spam, email would become unusable. The objective is simply to get an apology, or some indication that they are not complete moral retards. In short, I think more anti-spam activists are needed. CK