if I reply to the mailing list and not you directly, you should reply to
the mailing list.
-------- Original Message --------
Subject: Re: Getting off the "Cloudmark" formerly "spamnet" blacklist
Date: Tue, 10 Nov 2009 12:25:20 -0800
From: Ted Mittelstaedt <t...@ipinc.net>
Organization: Internet Partners, Inc.
To: Michael Scheidell <scheid...@secnap.net>
References: <4af8b90d.6040...@ipinc.net>
<1257856143.17916.13.ca...@mcdonalddj-dc.austin-energy.net>
<4af98170.3080...@ipinc.net> <4af986af.8040...@secnap.net>
Michael Scheidell wrote:
Ted Mittelstaedt wrote:
How can I? From what I know about razor-revoke, it's the recipients
who are using razor and who get messages that razor tags as spam who
are the ones that run this.
Their recipients who are saying that their messages are being marked
spam are comcast e-mail users. We aren't marking them as spam, we
don't use Razor, and after learning about what's happened to them,
it's doubtful that we ever will.
actually, from the perspective of cloudmark, it did what it was supposed
to do.
it protected the clients who use if from a compromised system.
However, it's false-positiving things, thus once the spamming
has stopped, it's now malfunctioning.
Most people would rather get 10 spams that the spam filter missed
than have 1 legitimate mail message marked spam. Granted, this
ratio falls off - people are more forgiving of false positives
the fewer times that they happen - but nobody wants all of their
incoming mail marked spam due to overly aggressive spam filters.
Keep in mind here that it isn't the SENDERS who are originating the
complaints - it's the RECIPIENTS. The Recipients are seeing all mail
from their corespondents at this company being marked spam, and
complaining to the senders - the senders (now) are not spamming, so
the recipients have, in my opinion, a valid complaint to make
against Comcast. It so happens the only recipients complaining that
this company is sending spam are the ones on Comcasts server. Nobody
else on the Internet, using any OTHER kind of spam filtering service,
is seeing their stuff (now) being marked spam.
Thus, in stacking Cloudmark up against all of the other blacklists
on the Internet, it's clearly a failure. Not because it blocked, but
because it didn't STOP blocking, when every other spam filter system
on the Internet was smart enough to stop blocking.
getting on a blacklist is easy. anyone's, sorbs, barracuda, DCC,
spamcop, anyones.
getting off is hard.
Untrue. As I said, the first thing I checked was the public blacklists
and none of them had this customer listed. Getting off of these lists
is easy - you just stop spamming, and wait 24 hours or so, and your
off most of them, and the few your not off you just submit requests to
remove and they take you off.
What you need to understand is that its really your clients fault for
not taking care of the security issue BEFORE he had a problem.
Sorry, but really, its your clients fault,
and the world really needs to
protect itself from botnets.
Michael, friend, you got things very wrong here.
If our clients were DELIBERATELY spamming, say they thought they
were going to send out a marketing mail or some such, then you would
be correct.
But they were not. They were simply using the largest software
company on Earth's products - Microsoft - like everyone else
in the world who has those products do.
I have a Mac G4 running OSX sitting on my desk here, next to my
Windows box. I also have a FreeBSD system running FreeBSD6 and
firefox 3 in the other room.
On either of those systems I could have done EXACTLY THE SAME THING
that the user at this client who got cracked into did - I could
have opened the same e-mails, gone to the same websites, etc. - and
I WOULDN'T have been cracked.
So, explain again why this was THEIR fault? Don't you think that
the botnet writer has just a tiny tiny bit of blame here? What about
the software developer being paid more money than God sitting up in
a nice comfortable office in Redmond who wrote that piece of shit
that our client was using, and included dozens of security holes
that are exploited by botnet writers, don't you think that HE
has just a tiny tiny bit of culpability?
Every other current production operating system on the face of the earth
doesn't seem to be regularly hijacked by spammers. So, why are you
going to give Microsoft a pass?
Why exactly is it that when a user of Microsoft Windows doesn't
apply patches that it's their fault when their system is cracked?
What exactly do you think a patch IS? If their system had been written
properly in the beginning it wouldn't need to be patched. If they
weren't logged in as administrator - which is necessary for Windows
desktop systems since most Windows software developers are shit-ass lazy
bastards who ignore the Microsoft directives about writing usermode
programs so they don't have to run as the root, I mean administrative,
user to get any functionality out of them - then even if they had been
cracked it would only be their profile trashed, and the bot wouldn't go
any further.
If you write software for Apple and you do it in such a way that
your MacOS X software requires root access to run, then if your
software gets ANY amount of visibility, you will get a call from
Apple politely trying to educate you, and if you ignore this then
they get nasty, and if you ignore that, then they publically speak
against your software - and then all the Apple users will stop
buying your shit, and you will be out of business.
What, you think Microsoft has LESS pull than Apple in this area,
and couldn't do the same thing?
In the last 3-4 years there's been less than 5 root-exploitable
holes in Apache - which is arguably the most popular UNIX program
ever, and is installed on the most Unix systems in the world -
yet Apache isn't even installed on all of them. I can't remember
when the last root-exploit came out for a program that is enabled
on FreeBSD out of the box - it might have been the Telnet
bug so many years ago.
Yet, every week there's DOZENS of security patches that MS releases
for XP and Vista and soon, Windows 7.
So, please save your moralizing. Microsoft is the richest software
company in the world, they get PAID REAL MONEY by everyone that uses
their crap - yet they can't produce a secure OS to save their lives.
By contrast, Debian, Ubuntu, FreeBSD, OpenBSD - all UNPAID, and all
ROUTINELY release os's that are not attackable by botnets. And Apple
used FreeBSD as it's base for Darwin - and they ALSO have no problems
in this regard either. Please, name 5 viruses that routinely attack
MacOSX.
Our clients retain outside expertise because THEY KNOW THEY ARE
BONEHEADS when it comes to software. And, your expecting boneheads
to actually see through the ten thousand tons of marketing BULLCRAP
that Microsoft's bowl movements dump on the business world every year,
claiming their stuff is so great, so secure, so all-fired-wonderful?
You say the world really needs to protect itself from botnets?
Jesus, I think the world REALLY needs to protect itself from
MICROSOFT. They OBVIOUSLY have absolutely NO SENSE WHATSOEVER
of responsibility for the piece-o-shit, holey as swiss cheese,
crapware that they stick up the collective ass of the world's
businesses every year.
I can almost excuse the botnet writers - they at least are
amoral sociopaths and are doing EXACTLY as I would expect criminals
to behave. But, Microsoft couldn't be more two-faced if every
one of their employees had eyes, ears, nose and a mouth on the
back of their heads. They EVEN HAD a secure security model -
remember NT 3.51? You know, the ONLY version of Windows where
ring 0 was separated from usermode programs? And they chucked
that out with NT4 when they pushed the video system into ring
0 so that crap-ass games could run faster. Who cares that
it allowed malware to take over the system.
Michael, get some perspective, please. Your blaming the victim.
Eventually (based on how cloudmark updates their system), your clients
ip will be removed from their database.
MAYBE (like barracuda, sorbs) they might have a way to for an
accelerated removal.
(barracuda, you either pay per domain, or fight your way though to
someone who will do it for you)
spamcop will automatically remove in (7 days?) if no more spam.
DCC is 30 days (if using the DCC reputation filter)
asking SpamAssassin group how to get off of cloudmark's list will be
useless.
I didn't. I asked:
"I have no experience with them and was wondering if anyone has bought
their SA plugin and can relate any good or bad experiences they have
with them."
Ted
Ask cloudmark.
Ted
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). For
Information please see http://www.spammertrap.com
_________________________________________________________________________
--
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best Anti-Spam Product 2008, Network Products Guide
* King of Spam Filters, SC Magazine 2008
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
