On 10/7/2013 7:38 PM, Alex wrote:
How would another RBL handle a company that I have personally received
evidence of spamming even if it causes FPs?
Apparently none of the other RBLs consider it spam.
Well then the RBL I'm envisioning might be different. But my goal is to
get framework done and a Proof of Concept and hand it over to the
project so it could evolve.
I've asked the list a few times before about similar companies, such
as verticalresponse.com, which are also mass e-marketers, and I doubt
very much whether all recipients have signed up for their
"newsletters" or "webinars".
There wasn't really any consensus on the list for this sender either.
I've left them off my blacklist for now, despite seeing messages
pertaining to "hair care" and gutter cleaning from their customers.
They're also not on any public blocklists.
I haven't seen any samples for them but I have some techniques I use
with things like specific email addresses, etc. that make misuse very
apparent.
I often see spams that appear to be database compromises because of
this. Just looking at a few days sampling, I can spot:
eWeek
Seagate
MotleyFool
Joomla Shack
Dropbox
DynDNS
Online Sports
Red Envelope
WhitePaperWizard
SecurePayNet/Wild West Domains
That's a 5 minute list and there could be explanations beyond database
compromises. But I'm sure people like DFS and those who use
one-off/specific email addresses for vendors can tell you about when
they see supposedly private information get out with no notification to
those affected.
And I'm not listing the companies that I've contacted who have
appropriately gone "Oh Crap!" and handled it professionally. Some like
SecurePayNet handled it very unprofessionally in my opinion wasting time
of people like me just trying to help them realize they have a major
security risk. Lead a horse to water...
How many of those are now on the dbl or zen?
Spot checking URIBL_DBL shows some overlap but it's very minimal when
the entries are added. As the days go by, the overlap appears higher.
I only have __RCVD_IN_ZEN so I don't have logging of subtests so I can't
easily check overlap
I agree it has collateral damage. You can explain to them that the emails
can be found marked as spam because the company running the events are
spammers is my main response. And searching more about cvent.com just makes
me question their practices and others (such as
http://www.pissedconsumer.com/reviews-by-company/cvent.html) have confirmed
what I have seen which is harvesting of Whois data and spamming it.
Yeah, I saw that too. Their response to me would be to figure out a
way to only let their legitimate stuff through. I could probably also
make some noise to get a contact there through my customer, but it
would probably only lead to lip service. I'd never be able to get them
to switch providers, and as we've seen with verticalresponse, the
alternatives have issues too.
I am a bit jaded as well but I have a nice email from someone at cvent
to go deal with so I'll keep my faith in humanity a bit longer.
I just figured that since it's immediately being dropped, perhaps
sending them a bounce would help to control the number you receive
from them, if not just firewall their block outright.
Or just let them know what they have to scrap out of their lists to hide
the problem...
Yes, it's nice to stop spam but I'm reaching for a higher goal to stop
spammers.
That's because you don't do business with them, so anything received
is unsolicited. In my case, corporate communications are actually
being blocked.
Conjecture that's untrue. I blocked them noting the collateral damage
but again, on our system, we do not block mail, we receive and it's
tagged as spam allowing a user to manually intervene and get the email.
We encourage them to contact the company to complain and/or switch to
more reputable vendors.
Regards,
KAM
