You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/06/14 19:47:52 UTC
[Bug 5922] New: efx.com in def_whitelist used to send spam
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
Summary: efx.com in def_whitelist used to send spam
Product: Spamassassin
Version: 3.2.5
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: craig@myittybitty.com
CC: craig@myittybitty.com
Created an attachment (id=4329)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4329)
actual email with spam tags
per the received headers this looks like it really came from efax. email also
to abuse@efax.com.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #24 from Matt Kettler <mk...@verizon.net> 2009-07-08 19:29:28 PST ---
+1
Generally speaking, I'm not in favor of default whitelists at all.
I feel they should be reserved for when there is a truly significant problem
with SA's handling of a large percentage of nonspam email from a particular
sender.
Does anyone have a score for an efx.com email? If it's not heavily pegged by
one of our rules, there's no justification for it being in the whitelist at
all.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|3.2.5 |3.2.6
--- Comment #19 from Sidney Markowitz <si...@sidney.com> 2008-10-03 13:20:30 PST ---
I changed the Version field on this bug to Trunk, because 1) It is relevant to
trunk too, and 2) I tried to retarget the bug to 3.2.6 and could not see that
in the drop downmenu and mistakenly guessed that it was because the bug was
listed as being for Version 3.2.5.
Argh, now I see that 3.2.6 is at the top of the dropdown list, not after 3.2.5
:-)
Ok, consider this a status update on this bug. I haven't reached anyone at J2
who replies, but I can try a bit more.
Justin, I notice that J2 has a corporate headquarters office in Ireland as well
as California. Do you want to give them a try?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #22 from Justin Mason <jm...@jmason.org> 2009-07-08 15:37:37 PST ---
(In reply to comment #21)
> I have no compunction about removing efax.com from the default whitelist and
> letting people who subscribe to them deal with it just like any other
> commercial newsletter that tends to trigger spam filters.
+1
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #23 from Sidney Markowitz <si...@sidney.com> 2009-07-08 16:03:13 PST ---
Ok, how many PMC votes do we need to remove efax.com from the default
whitelist?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #20 from Dave Pifke <da...@pifke.org> 2009-07-08 12:34:39 PST ---
To add my experience for what it's worth, I just noticed spam from eFax on a
honeypot address. That it triggered USER_IN_DEF_WHITELIST inspired me to come
here and look for a bug.
It did not trigger the Sender Score Certified or Habeas (or whatever they're
calling themselves these days) - maybe they got kicked out of that program?
I did have an eFax account about 10 years ago, but using a different email
address. I never would have opted in for third-party emails, in fact I'm
pretty sure that I would have opted out if they subscribed to these sorts of
offers by default. For an offer from VistaPrint (with whom I have no business
relationship) to show up in my mailbox 10 years later is pretty spammy even if
it were the email address I had used back then.
In the past I've received complaints from my users about their spam slipping
past SA, but this is the first time I've been able to experience it first-hand.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #25 from Matt Kettler <mk...@verizon.net> 2009-07-08 19:37:54 PST ---
side note: I now tally 2 of the required 3 +1 votes. (Sydney seems to imply a
+0 vote, but has not officially cast one yet)
Should we tag this one for vote in the subject?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #30 from Sidney Markowitz <si...@sidney.com> 2009-07-09 12:15:47 PST ---
Committed to branches/3.2/ revision 792638 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=792638 )
Committed to rules/branches/3.2/ revision 792640 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=792640 )
I haven't pushed the update yet because I always have to look up or be reminded
how to do that :-)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #29 from Justin Mason <jm...@jmason.org> 2009-07-09 07:04:01 PST ---
(In reply to comment #28)
> Should this be done for 3.2 and the update channels too? Does that need
> separate votes?
iirc we agreed that rules changes to 3.2.x and its updates didn't require
votes. so go ahead, if you like.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #31 from Sidney Markowitz <si...@sidney.com> 2009-07-09 14:37:47 PST ---
Ok, I pushed the update. It's so hard to remember the complicated procedure
that consists of logging in to the zones machine and running the script I have
there using the command line that is in the first comment of the script :-)
Closing this bug as fixed.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #27 from Justin Mason <jm...@jmason.org> 2009-07-09 04:46:55 PST ---
that's 3 +1s from PMC members. out they go! feel free to remove them, Sidney.
historical note: I think efax were probably added in response to repeated FPs
in someone's corpus, probably Craig's?. in those days we weren't aware of any
non-opt-in behaviour. there's no reason for any default whitelistee to be kept
in our ruleset nowadays since we can rely (more or less) on third party
reputation services, anyway.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|3.2.5 |SVN Trunk (Latest Devel
| |Version)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #28 from Sidney Markowitz <si...@sidney.com> 2009-07-09 06:55:22 PST ---
efax.com was added in response to bug 1348 as was commented in the
60_whitelist.cf
All the other domains that had been added for bug 1348 have since been removed
except for warehouse.com. That domain used to belong to Micro Warehouse, but
has been defunct since they were purchased by their biggest competitor at the
end of 2003. See
http://web.archive.org/web/20031118210613/http://warehouse.com/
So I went ahead and deleted warehouse.com as well as efax.com from
trunk/rules/60_whitelist.cf
Committed revision 792553 ( https://svn.apache.org/viewcvs.cgi?view=rev&rev=792553 ).
Should this be done for 3.2 and the update channels too? Does that need
separate votes?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #21 from Sidney Markowitz <si...@sidney.com> 2009-07-08 14:56:19 PST ---
I'll take that last comment as a ping and update my status on this. I have not
found a way to contact any human being at J2 and there was no response to
emails sent to obvious places. That doesn't mean that there is no way to
contact them, just not within the time that I have to devote to it and given my
disinclination to make international phone calls to very different time zones.
As far as I can tell efax has a perfectly reasonable opt-in and opt-out process
except for the glaring hole that allows one to change their already confirmed
email address without confirmation.
I have no compunction about removing efax.com from the default whitelist and
letting people who subscribe to them deal with it just like any other
commercial newsletter that tends to trigger spam filters. But I'm not going to
push the rest of the PMC to make that decision.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #26 from Sidney Markowitz <si...@sidney.com> 2009-07-08 20:21:27 PST ---
Oh, no I am a strong +1 for it now that I have exhausted what I am willing to
do to try to give them a chance with no response from them. I was just
expressing that I would not lobby for other PMC members to vote if they were
not inclined to.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #10 from Sidney Markowitz <si...@sidney.com> 2008-06-17 17:15:15 PST ---
(in reply to comment #9)
I'm not ready to agree to removing efax.com from the def whitelist yet. Even if
you don't remember signing up for a free efax account, it does look like you
did sign up at some point, perhaps as part of whatever you did with them in
2004. I just went to the efax.co web site to sign up for an eFax-Free account
and confirmed that they do use confirmed opt-in, i.e., they send an email to
the address that you register with and require clicking on a link in that email
to activate the new account.
Given that, I think that you should follow the link in the emails you received
to unsubscribe, deactivating the efax-Free account. Ordinarily that is not a
wise course of action in actual spam, but there is no evidence that eFax.com is
improper about handling subscription and unsubscription requests. If you do
that and still get the emails, then that would be a different story. But so far
it still seems more likely that eFax.com is not spamming, but sends what some
people think is spam, which is the reason to have them on the def whitelist.
I'll leave this bug open for a bit longer until we hear the results of your
attempt to unsubscribe from the account.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #18 from Sidney Markowitz <si...@sidney.com> 2008-06-18 16:16:23 PST ---
(in reply to comment #12)
I found a hole in the opt-in procedure that would have let someone subscribe
your email address without you being notified (both in this case and as I
commented in bug #5921, with ArcaMax/ReplyPath/PostmasterDirect). Even though
efax.com requires confirmation of an email address to register, if you change
the email address on an eFax-Free account the only notice email is sent to the
old address. A sleazy company that gets paid for generating "confirmed opt-in"
leads could have scammed eFax and you by subscribing their email address and
then switching it to yours.
Proper handling would be to send an activation email to the new address with a
link that must be clicked to complete the change of address, and only then send
the notification to the old address.
Given this loophole, perhaps it would be appropriate for someone to contact J2
as an official representative of the SpamAssassin PMC and find out if they will
fix it, or else we need to consider removing them from the default whitelist.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #4 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 07:47:41 PST ---
Created an attachment (id=4334)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4334)
3/5
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #13 from Sidney Markowitz <si...@sidney.com> 2008-06-18 05:41:13 PST ---
(in reply to comment #12)
I have no inclination to defend a spammer, nor to defend eFax as a company. But
this situation does not make sense to me as evidence that eFax is spamming.
We have had efax.com on the default whitelist and have not received the number
of complaints that we would have if they were actually signing up people
without permission. My own quite negative past experience as an eFax-Free
customer is that since J2 acquired eFax they have tried to do everything
possible to discourage people from maintaining eFax-Free accounts, just the
opposite of falsely signing them up.
Looking more closely at "The one time I used efax was in 2004 when pay-pro.com
required me to email them through their efax service" I think that is a red
herring. Pay-pro is a service that on their web site asks customers to send
them certain information either by fax or by emailing a scanned image to the
address efax at pay-pro dot com. That is not at all the same as providing an
email address to eFax. I interpret it as Pay-pro setting up their eFax account
so that they receive their faxes at that email address and telling people to
either fax to their eFax account phone number or email scanned images directly
to the email address that those faxes are forwarded to. If that is the case,
eFax would never see that email.
"I would be +1 for removing efax.com from the default whitelist due to this,
unless someone from efax can give us details explaining the situation"
I don't see how that explanation can be had from eFax unless Craig is willing
to contact them using his <craig /at/ progroup.com> address or through some
login on that efax account to ask the for the record of the initial
subscription. I would hope that eFax would not provide that kind of information
about Craig to us if we asked for it.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #12 from Justin Mason <jm...@jmason.org> 2008-06-18 02:11:45 PST ---
(In reply to comment #10)
> (in reply to comment #9)
>
> I'm not ready to agree to removing efax.com from the def whitelist yet. Even if
> you don't remember signing up for a free efax account, it does look like you
> did sign up at some point, perhaps as part of whatever you did with them in
> 2004. I just went to the efax.co web site to sign up for an eFax-Free account
> and confirmed that they do use confirmed opt-in, i.e., they send an email to
> the address that you register with and require clicking on a link in that email
> to activate the new account.
>
> Given that, I think that you should follow the link in the emails you received
> to unsubscribe, deactivating the efax-Free account. Ordinarily that is not a
> wise course of action in actual spam, but there is no evidence that eFax.com is
> improper about handling subscription and unsubscription requests. If you do
> that and still get the emails, then that would be a different story. But so far
> it still seems more likely that eFax.com is not spamming, but sends what some
> people think is spam, which is the reason to have them on the def whitelist.
>
> I'll leave this bug open for a bit longer until we hear the results of your
> attempt to unsubscribe from the account.
I should point out -- Craig mailed me off-list over the past few days, and
we had some correspondence about this bug; I encouraged him to re-post our
chat here in public, but I guess he didn't want to ;)
As his mail notes, the <craig /at/ progroup.com> address had no prior customer
relationship with eFax.com. Even if _he_ sent someone a mail via an efax
address in 2004, that's not exactly opting in to receive marketing mail from
third parties. Worse than that, the address in question is a different
address; someone at eFax correlated his identity 4 years down the line with a
totally different, unrelated, scraped address. This appears to be e-pending
[1], and I don't think we should be whitelisting senders that do this, since it
is a pretty scummy practice.
[1]: http://taint.org/2006/02/20/112342a.html
So I would be +1 for removing efax.com from the default whitelist due to this,
unless someone from efax can give us details explaining the situation.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #15 from Craig Shaver <cr...@myittybitty.com> 2008-06-18 10:58:57 PST ---
...I would hope that eFax would not provide that kind of information
> > about Craig to us if we asked for it.
> it might be worth trying a "forgot my password" using that email address, to
> see if there really is an account backing it up; that or sending a fax to the
> supposed free fax number...
I will attempt to contact efax and ask them about this. I already unsubscribed
using the link on the emails per sid's request. If this is the only complaint
and they don't show up in any black lists then it could be a clitch somewhere.
On the other hand I know I did not sign up for efax.
Thanks for looking into this. :)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #9 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 12:45:54 PST ---
(In reply to comment #8)
> Is the free efax account number and email address that is listed in each of
> those mails really yours? If you don't say that you are receiving these
Hi Sid,
To the best of my knowledge I have never signed up for an efax account.
Certainly not on the address they are sending it to. The "craig@progroup.com"
email is very, very old. I only get a few legitimate emails on it. It has not
been actively used for about 10 years. Spammers have collected that email
address from old newsgroup and forum postings. It catches a lot of spam.
I went through all of my archived emails looking for efax. The one time I used
efax was in 2004 when pay-pro.com required me to email them through their efax
service.
This is real spam!
Thanks for taking the time to look into this. Please remove them from the
def_whitelist.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #1 from Justin Mason <jm...@jmason.org> 2008-06-16 02:29:22 PST ---
have you ever had a business relationship with efax? just wondering, since I
don't seem to have any similar spam samples in our corpora.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #5 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 07:48:54 PST ---
Created an attachment (id=4335)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4335)
oops 4 of '6'
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #6 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 07:49:15 PST ---
Created an attachment (id=4336)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4336)
5/6
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #7 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 07:49:46 PST ---
Created an attachment (id=4337)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4337)
6 of 6 all from this year and recently
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #8 from Sidney Markowitz <si...@sidney.com> 2008-06-17 11:21:25 PST ---
Is the free efax account number and email address that is listed in each of
those mails really yours? If you don't say that you are receiving these without
having a free efax account I'm going to close this bug. This is actually a
reason for having efax on the default whitelist. People sign up for free efax
and then receive these very spammy looking mails, but that's what they have
signed up for.
Those emails clearly say that they are being sent to you because you have a
free efax account which provides you with "free" fax services in exchange for
agreeing to let them "spam" you with this stuff. If you don't want to get the
mail from them, either purchase a paid fax service account from them, cancel
the free service, or find a way to filter your mail yourself that is able to
distinguish these mails from the actual faxes and account-related mails you get
from them.
"You received this message because you are registered as an eFax Free
member. Your eFax number is ********833. You are subscribed as
****@********.com.
eFax Free accounts are supported by advertising, as explained in our
Terms of Service and/or Privacy Policy. j2 Global is not responsible
for statement(s) contained in this third party advertisement or for
any transaction between you and the advertiser.
Please click here to stop receiving third-party marketing messages from eFax:
[ url ]
By opting out, your eFax Free account will be closed. If you would
like to opt out, but still wish to retain your eFax account, please
upgrade now"
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Re: [Bug 5922] efx.com in def_whitelist used to send spam
Posted by Michael Peddemors <mi...@linuxmagic.com>.
On Tuesday 17 June 2008 19:44, Sidney Markowitz wrote:
> Michael Peddemors wrote, On 18/6/08 2:28 PM:
> > On Tuesday 17 June 2008 18:35, bugzilla-daemon@bugzilla.spamassassin.org
> >
> > wrote:
> >>> it still seems more likely that eFax.com is not spamming, but sends
> >>> what some people think is spam,
> >
> > I chuckle at this :) If they think it is Spam, it is spam for all intents
> > and purposes if you are the email administrator or ISP trying to keep
> > your cusomter, or trying to stop them from switching to your competitor..
>
> If you have to subscribe to get it, confirm your email address with
> double opt-in, agree to a terms of service that explicitly says that you
> agree that the cost of the service you are getting is receiving
> advertising email, each email contains instructions on how to
> unsubscribe by following a URL or sending an email, and the company
> really does stop sending the mail on receiving an unsubcribe request,
> then there is no reason for SpamAssassin to waste its time labeling that
> mail as spam.
You can tell I am working late when I double post.. and you have to understand
that for my company it would be better if SA didnt' stop email marketing..
(PS, ISP operators, raise your hands.. how many have had to resort to blocking
an IP from a company that claimed to do the above?)
but.. so... say I had a company, this hypothetical company that derives it's
income from email advertising.. and uses the daily horoscope as a driver to
get people to sign up..
o They subscribe..
o I send an email 'confirming their email is correct' click here to confirm
o I include a link to terms of service that says the customer agrees to
recieve email (which noone reads of course)
o I include a URL to unsubscribe, (of course it only unsubscribes in a
difficult, or very specific way.
o I don't make a big thing of the line in the terms of service that say I can
sell the address, or that I have 20 different companies that might also use
the same database once I get them.
o I do honour any requests to stop a particular advertising blitz.. (I change
them every 2 weeks anyways)
Does this entitle me to be exempt from SA?
You are going to get a lot of requests pretty quick.. :) Okay, that sounds
like an opinion.. but you get my drift.. No way that SA can possibly audit
this type of behavior..
But if SA is going to say that certain 'behaviors' are not going to be treated
as spam.... how did you put it.. "waste its time labeling that mail as spam."
then I think it is appropriate to put a policy in effect, so noone can
complain about what they belief is 'spam' from these companies not being
stopped.. Then they can look to other tools ;)
But enough comments from both sides of the fence have been on this list lately
to consider the policy idea..
--
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors - President/CEO - LinuxMagic
Products, Services, Support and Development
Visit us at http://www.linuxmagic.com
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-589-0037 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
Re: [Bug 5922] efx.com in def_whitelist used to send spam
Posted by Sidney Markowitz <si...@sidney.com>.
Michael Peddemors wrote, On 18/6/08 4:48 PM:
> Of course, not trying to start a flame war.. but that response isn't really
> formatted as a policy, or is it? Even that would be a start.
That's a good point, and maybe one of the more administrative oriented
members of the PMC will weigh in. I'm personally more interested in
software development questions rather than policy until it becomes time
to debate and vote on an issue within the PMC.
However, I think SpamAssassin manages to avoid the hard questions that
arise when you get to the grey areas. We have a strong bias against
negatively scored rules (so-called 'nice' rules) because from a
technical perspective it is very hard to have a nice rule that does not
provide a loophole for a spammer to take advantage of. The def-whitelist
is a case in point. We do not compile a list of 'good' companies that
are exempt from the rules, as that would open up all the issues that you
mention of how to police the list. The closest there is to that is the
Habeas list, for which Habeas has all the headaches of making sure that
the list stays clean, their reputation is on the line, and the entire
rule can be pulled if Habeas doesn't continue to manage their list
properly. The def whitelist consists only of domains that we have found
don't generate actual spam, aren't likely to, and most importantly
generate significant numbers of false positives if they are not whitelisted.
The primary criterion we use for all of our rules and methods is
improvement in the measures of performance, which measure the ability to
discriminate between spam and ham, minimizing false positives and false
negatives. efax.com mail doesn't show up in our spam corpora and we
don't get complaints about them being in the def whitelist. Or, rather,
the few times we do, it turns out that the person is complaining about
the third-party advertising that they send to people who have efax-Free
accounts. That is double-opt-in confirmed, and so does not meet any
accepted definition of spam.
> But of course, (and we aren't talking about any one company here) a lot of
> companies make the claims that they conform to the above, and yet the same
> IP's are used to send email out under less than conforming circumstances..
I would not want the headache of maintaining a large white list of
supposedly good companies. Our def whitelist is plenty big enough for
me, and I am quite willing to see removed any company that either
doesn't live up to its non-spammer categorization, or even any company
that is no longer large enough or a source of a significant number of
false positives.
> I think the most important item you mentioned is double opt-in, which is an
> entirely different kettle of fish, unless of course they send this is 'Just
> to confirm you wish to get Daily Horoscopes', with a tiny link to terms of
> service which noone reads.. Or social engineering to get people to agree.
I just subscribed to eFax-Free to confirm the procedure. It is as I
remembered from when once actually used the service. They really don't
want people to use their free service, and make it difficult to find on
their website. They clearly state the terms and require clicking on an
activation link that is sent in a confirmation email. This is not a
service that they push in any way, and in fact are quick to permanently
suspend the free service if you receive more than 20 faxes in any month.
They really want people to upgrade to the paid service, which does not
include the third-party marketing email, and they have no problem with
canceling the free service if you don't want that upgrade.
> I don't
> think anyone on the SA team wants to start playing whack a mole with all the
> companies that can claim the same and that want preferential, (ie don't stop
> my mail) treatment..
I agree. I think that the way to avoid the whack-a-mole game is to not
have a large general purpose whitelist, and we don't have one.
-- sidney
Re: [Bug 5922] efx.com in def_whitelist used to send spam
Posted by Michael Peddemors <mi...@linuxmagic.com>.
On Tuesday 17 June 2008 19:44, Sidney Markowitz wrote:
> Michael Peddemors wrote, On 18/6/08 2:28 PM:
> > On Tuesday 17 June 2008 18:35, bugzilla-daemon@bugzilla.spamassassin.org
> >
> > wrote:
> >>> it still seems more likely that eFax.com is not spamming, but sends
> >>> what some people think is spam,
> >
> > I chuckle at this :) If they think it is Spam, it is spam for all intents
> > and purposes if you are the email administrator or ISP trying to keep
> > your cusomter, or trying to stop them from switching to your competitor..
>
> If you have to subscribe to get it, confirm your email address with
> double opt-in, agree to a terms of service that explicitly says that you
> agree that the cost of the service you are getting is receiving
> advertising email, each email contains instructions on how to
> unsubscribe by following a URL or sending an email, and the company
> really does stop sending the mail on receiving an unsubcribe request,
> then there is no reason for SpamAssassin to waste its time labeling that
> mail as spam.
Of course, not trying to start a flame war.. but that response isn't really
formatted as a policy, or is it? Even that would be a start.
But of course, (and we aren't talking about any one company here) a lot of
companies make the claims that they conform to the above, and yet the same
IP's are used to send email out under less than conforming circumstances..
Personally have been involved with companies that swore they followed the
above, until the were provent that they weren't..
I think the most important item you mentioned is double opt-in, which is an
entirely different kettle of fish, unless of course they send this is 'Just
to confirm you wish to get Daily Horoscopes', with a tiny link to terms of
service which noone reads.. Or social engineering to get people to agree.
But even then, it still doesn't establish a policy that SA is striving/aiming
to uphold, which might be benificial to all to hear on this list.
Is the policy that SA will not check companies that claim to do:
o Subscribe
o Double Opt-in Confirmation
o Remove Link
How do you audit the above?
What about reselling of email addresses?
How does CAN Spam compliant fit in?
Do they promise that they wont send 'other offerings' after you unsubscribe to
the first one?
There are many grey lines that might be helpful to make black.. And I don't
think anyone on the SA team wants to start playing whack a mole with all the
companies that can claim the same and that want preferential, (ie don't stop
my mail) treatment..
What about compromised accounts on even the best servers?
I am trying not to take a position on this thread.. just want to open the
floor to discussions on this issue, and let SA make their position known.
It is a controversially issue to say the least, and will get more
controversial as time goes by..
--
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors - President/CEO - LinuxMagic
Products, Services, Support and Development
Visit us at http://www.linuxmagic.com
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-589-0037 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
Re: [Bug 5922] efx.com in def_whitelist used to send spam
Posted by Sidney Markowitz <si...@sidney.com>.
Michael Peddemors wrote, On 18/6/08 2:28 PM:
> On Tuesday 17 June 2008 18:35, bugzilla-daemon@bugzilla.spamassassin.org
> wrote:
>>> it still seems more likely that eFax.com is not spamming, but sends what
>>> some people think is spam,
>
> I chuckle at this :) If they think it is Spam, it is spam for all intents and
> purposes if you are the email administrator or ISP trying to keep your
> cusomter, or trying to stop them from switching to your competitor..
If you have to subscribe to get it, confirm your email address with
double opt-in, agree to a terms of service that explicitly says that you
agree that the cost of the service you are getting is receiving
advertising email, each email contains instructions on how to
unsubscribe by following a URL or sending an email, and the company
really does stop sending the mail on receiving an unsubcribe request,
then there is no reason for SpamAssassin to waste its time labeling that
mail as spam.
-- sidney
Re: [Bug 5922] efx.com in def_whitelist used to send spam
Posted by Michael Peddemors <mi...@linuxmagic.com>.
On Tuesday 17 June 2008 18:35, bugzilla-daemon@bugzilla.spamassassin.org
wrote:
> > it still seems more likely that eFax.com is not spamming, but sends what
> > some people think is spam,
I chuckle at this :) If they think it is Spam, it is spam for all intents and
purposes if you are the email administrator or ISP trying to keep your
cusomter, or trying to stop them from switching to your competitor..
But it brings up the important SA philosophy discussion, is SA meant to block
UBE (Unwanted Bulk Email) or Spam? The former includes email marketing
companies.. CAN Spam compliant <sic> or not..
Most end users are not always the brightest bulbs.. signing up for free
horoscopes, or buying on line and not noticing the fine print.. but when they
get on a marketers email list, often it makes their inbox unusable..
Email marketing has reached the point where statistically at some ISP's over
15% of all traffic is from email marketers.. When a typical ISP can easily
block over 85% via commonly available tools including SA and freely available
IP reputation tools, that 15% if it isn't stopped by those tools then becomes
easily over 50% of the delivered email..
And I can personally attest to the poor people who feel like victims that were
reaching over 95% of their inbox filled with email marketing, that did not
believe any more that clicking 'unsubscribe' would help (and often they
believe is a trick) until they starting blocking email marketing.
SA I think needs to carefully consider it's role in this arena, and as you can
see lately with the threads about habeas listed companies, efax, (and I could
add info on many notorious marketing companies who 'claim' to be the good
guys as well) that possibly a firm position statement on this issue is in
order..
I think any form of 'whitelisting' email marketing companies personally, will
lead to more of these discussions..
Jim, you want to lead off?
--
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors - President/CEO - LinuxMagic
Products, Services, Support and Development
Visit us at http://www.linuxmagic.com
------------------------------------------------------------------------
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" is a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-589-0037 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #11 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 18:35:57 PST ---
(In reply to comment #10)
> (in reply to comment #9)
> I'm not ready to agree to removing efax.com from the def whitelist yet. Even if
> you don't remember signing up for a free efax account, it does look like you
> did sign up at some point, perhaps as part of whatever you did with them in
> 2004. ......
> it still seems more likely that eFax.com is not spamming, but sends what some
> people think is spam, which is the reason to have them on the def whitelist.
> I'll leave this bug open for a bit longer until we hear the results of your
> attempt to unsubscribe from the account.
Ok Sid,
I will go to the efax site and see if I can unsub it. I am convinced this is
spam. I think someone is either padding their mailing list with a spammers
list, or just using the spam list directly.
I will update the bug or open a new one if I still get spam from these people.
Thank You,
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #17 from Craig Shaver <cr...@myittybitty.com> 2008-06-18 15:15:29 PST ---
(In reply to comment #12)
...
> I should point out -- Craig mailed me off-list over the past few days, and
> we had some correspondence about this bug; I encouraged him to re-post our
> chat here in public, but I guess he didn't want to ;)
> As his mail notes, the <craig /at/ progroup.com> address had no prior customer
> relationship with eFax.com. Even if _he_ sent someone a mail via an efax
> address in 2004, that's not exactly opting in to receive marketing mail from
> third parties. Worse than that, the address in question is a different
> address; someone at eFax correlated his identity 4 years down the line with a
> totally different, unrelated, scraped address. This appears to be e-pending
> [1], and I don't think we should be whitelisting senders that do this, since it
> is a pretty scummy practice.
> [1]: http://taint.org/2006/02/20/112342a.html
> So I would be +1 for removing efax.com from the default whitelist due to this,
> unless someone from efax can give us details explaining the situation.
Hmmmm, let me fill you in on some details. This is not e-pending. The
craig@progroup.com is a live address. It is just not used any more. I have 3
domains: progroup.com, myittybitty.com, and myitsybitsy.com. They should all
resolve to 64.142.77.168. Some people have made me offers on the progroup.com
domain and I am phasing it out. In fact, there should not be any legitimate use
of the progroup.com address. I do get some good contacts from recruiters that
have gotten the progroup address from an old resume database.
I have worked on anti spam projects at Microsoft and Cisco.
(http://www.myittybitty.com/resume20070823.htm)
Before that I did contract programming work in SiliVali for over 10 years.
I am not a spam expert, but I know enough to be dangerous. I keep ALL of my
email. I have email going back to 1993 when I was connected to the net via
uucp. I hate spam. So when I get lots of it I open up the messages to find out
why it was not caught.
They did not get my address from previous contact. Someone subscribed me to the
efax account using an old spammers list. See bug 5921.
Thanks for all the follow up and going the distance on this one. :)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #14 from Justin Mason <jm...@jmason.org> 2008-06-18 09:13:10 PST ---
(In reply to comment #13)
> "I would be +1 for removing efax.com from the default whitelist due to this,
> unless someone from efax can give us details explaining the situation"
>
> I don't see how that explanation can be had from eFax unless Craig is willing
> to contact them using his <craig /at/ progroup.com> address or through some
> login on that efax account to ask the for the record of the initial
> subscription. I would hope that eFax would not provide that kind of information
> about Craig to us if we asked for it.
it might be worth trying a "forgot my password" using that email address, to
see if there really is an account backing it up; that or sending a fax to the
supposed free fax number...
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #2 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 07:47:02 PST ---
Created an attachment (id=4332)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4332)
1 of 5 email
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #16 from Craig Shaver <cr...@myittybitty.com> 2008-06-18 12:34:13 PST ---
This may be more of an FYI than anything; however, I think it is related to the
efax subscription. It seems that someone can subscribe me to these things
without me knowing about it. Mandy Fu at Habeas has provided me with proof of
that.
In bug 5921 I submitted that HABEAS_ACCREDITED_COI was showing up in spam. I
finally got a reply from Mandy Fu at Habeas:
Mandy Fu wrote:
> Hello Craig,
>
> My apologies for assuming everyone understands all this bulk mailers
> lexicon...
>
> Basically the sender is stating that you did opt in for the email
> communication via a 3rd party registration. And you opted in for it on
> 6/7/2008 9:52:31 PM and the IP address you were using during the
> registration is 216.27.67.70. The 3rd party where Arcamax received the
> subscriber (that's you) information from is at the Postmaster Direct
> network (http://www.postmasterdirect.com/signup_page.html). The
> Postmaster Direct network confirms all subscribers requests, which means
> you had to confirm via an email that you did indeed opted in to received
> the initial abuse message you've reported.
>
> However if the information is incorrect, you will work with Arcamax on
> correcting it.
>
> Kind regards,
> Mandy
To which I replied:
>Bogus alert!
>
>This address was never seen by me at any time. I did not confirm this >subscription.
>
>216.27.67.70 is 70.67.27.216.in-addr.arpa domain name pointer >leadgen01.origindata.com
>
>The email that was used is craig@progroup.com, which is no longer in active >use for real mail. It has become a honey pot so to speak.
>
>Why would leadgen01 subscribe me to arcamax.com? Do they get paid for lead >generation by arcamax.com? I still think arcamax.com is a spammer and you are >being used to cover for them.
>
>This is spam and I never signed up for it. Please remove them from your >accreditation service.
>
>Thank you Mandy! :)
BTW, if you hit the "upgrade" link on the efax mail it will log you into my
account at efax. And yes, there is an account at efax in my name. And no, I did
not sign up for it. I also hit the send password/pin thingy on the efax login.
I have yet to hear from them.
Another thing that tells me they scraped an old newsgroup is that in the
upgrade screen they showed me a zip code of 94088. That is the zip code for the
Mary at Maude post office in Sunnyvale. I used to have a PO Box there up until
July 2003. That PO Box and zip code would not have been used by me after that
date. Take one of the emails I sent and try it yourself.
This is spam. Some how they created an account without me knowing it. It could
be similar to the arcamax/habeas spam. Both started at about the same time.
Thanks guys,
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5922] efx.com in def_whitelist used to send spam
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5922
--- Comment #3 from Craig Shaver <cr...@myittybitty.com> 2008-06-17 07:47:25 PST ---
Created an attachment (id=4333)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4333)
2/5 email
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.