You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Neil Schwartzman <ne...@returnpath.net> on 2009/02/06 16:14:57 UTC
re: ReturnPath, Habeas, BondedSender -- are you listening to
complaints?
On Fri, Feb 6, 2009 at 14:22 Karsten Bräckelmann <gu...@rudersport.de>
wrote:
> ReturnPath and acquisitions, hope that triggered your attention. I know
> you're reading this list. ;)
Actually, we weren't, until two people here pinged me. I'm not now, nor have
I ever been a developer. We read the SA Users list.
> There are a few bugs filed to remove any negative score for rules
> concerning your various services. Bottom line of all of them is, to do
> just that in case you fail to police your customers to obey to your
> rules. The most important issue that has been mentioned repeatedly is
> the lack of *any* way to report abuse -- by regular humans. I'm not
> talking ESP here.
>
> There's no abuse address to find anywhere for SA users.
Absolutely we are listening, and absolutely there is a place to file
complaints.
Here's what I wrote to SA Users 14/01/2009:
We have only just begun doing compliance work on Safelist. SA scoring is, of
course, your server, your SpamAssassin rules. I can't speak to what went on
in the past but it is a new day for Habeas clients. We will be applying
programme standards compliance in the same firm, even-handed manner as we do
Sender Score Certified.
If you are presently dissatisfied with the standardized scoring and have
re-weighted, please consider keeping an eye on our performance via the QA
tests Justin made note of, and your own views.
As to the complaint submission issues noted here are concerned, the best
point of contact moving forward for SA users would be
sa-abuse@senderscorecertified.com (please don¹t use my personal address as I
travel frequently, and our Standards team see stuff sent to this alias in
our ticketing queue). Please be sure to make note of the issue being
Safelist or Sender Score Certified, preferably in the subject line.
We acknowledge that there may be some suboptimal hotspots, and we welcome
any data points you can provide. I do want to let you know that given the
immense amount of work ahead of us, (we are working towards systems
integration which is an non-trivial task, along with getting up to speed on
existing clients and issues), responses and actions taken may require a
longer-turn around time than is our intended end-point.
What I can say is that we have a proven track-record (BondedSender -> Sender
Score Certified) and so your patience and help during this transition period
is much appreciated.
> Yes -- I got a bad customer right here in my Inbox, approved by Habeas
> and BondedSender. I'd like to tell you, so you can provide a worthwhile
> service. If only I would know where to send it to.
Thanks, please do sent it in to sa-abuse@senderscorecertified.com
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender -- are you listening to
complaints?
Posted by Neil Schwartzman <ne...@returnpath.net>.
On 06/02/09 8:40 PM, "Greg Troxel" <gd...@ir.bbn.com> wrote:
> After Neil's post to the list forwarded the complaint on January 14 to
> sa-abuse@senderscorecertified.com. I have not heard anything back, so I
> just sent the complaint again.
[...]
> So from where I sit there is no functionging complaint process, and the
> only time I've seen any response at all is from complaining in public.
Greg, I wanted to follow up on this. I just checked our systems, and in
fact, I did respond to your submission. As well, you forwarded the same
submission today.
Sat Jan 17 09:45:49 2009 neil.schwartzman@returnpath.net -
Correspondence added [Reply] [Comment]
Download (untitled) [text/plain 597b]
On Wed Jan 14 10:44:22 2009, gdt@work.lexort.com wrote:
> Please see the below message that I sent on December 6 complaining about
> spam that you accredited.
>
Thanks, we're on it. Indeed, we became aware of this client and
down-graded them from COI to SOI. I'll keep you apprised as we take
additional steps.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender
Posted by Sahil Tandon <sa...@tandon.net>.
On Sat, 28 Feb 2009, Neil Schwartzman wrote:
> We have created an entry on the Spamassassin wiki
> http://wiki.apache.org/spamassassin/ReportingSpam
Broken link in section "Setup of special aliases in Postfix to forward spams
and hams": http://gtmp.org/publications/sa-postfix-en.
--
Sahil Tandon <sa...@tandon.net>
Re: ReturnPath, Habeas, BondedSender
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Sun, 2009-03-01 at 20:55 -0500, Michael Scheidell wrote:
> > We have created an entry on the Spamassassin wiki
> > http://wiki.apache.org/spamassassin/ReportingSpam
>
> Thanks.. Last time I tried via your web site, I had a salesperson call me
> trying to convince me I should pay return path to 'bless' my marketing
> emails.
>
> Good first step, how, about an RFC complaint abuse@ address?
Yup, good first step. We've been discussing this recently on the dev
list.
We all agree there's a need for a straight way to report abusers. Neil
even advocated having a mailto link on all their pages. Meanwhile,
there's an address for SA users, and it's being pushed on the wiki. If I
get some cycles, I'll try to enhance visibility and google buzz-words on
that page.
Guys, please tell them about any abuse! That way, the SA rules can
become more worthwhile. I did, and the offender has been removed from
all lists.
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: ReturnPath, Habeas, BondedSender
Posted by Justin Mason <jm...@jmason.org>.
> That being said, maybe the rule description should include the reporting
> addresses. Why would I look on the SA wiki for a place to report
> ReturnPath, Habeas, and BondedSender complaints?
actually, the wiki is the right place -- the idea for rule documentation is that
the detailed doc for each rule lives on the wiki. e.g.:
http://wiki.apache.org/spamassassin/Rules/ALL_TRUSTED
http://wiki.apache.org/spamassassin/Rules/RCVD_IN_XBL
http://wiki.apache.org/spamassassin/Rules/RCVD_IN_BSP_TRUSTED
--j.
Re: ReturnPath, Habeas, BondedSender
Posted by Justin Mason <jm...@jmason.org>.
On Tue, Mar 3, 2009 at 01:20, J.D. Falk <jd...@cybernothing.org> wrote:
> Jason Bertoch wrote:
>
>> That being said, maybe the rule description should include the reporting
>> addresses. Why would I look on the SA wiki for a place to report
>> ReturnPath, Habeas, and BondedSender complaints?
>
> What's the process for updating rule descriptions?
>
> (BTW, a quick visit to your favorite search engine should alleviate any
> fears that either Neil or I are marketers.)
hi JD -- open a bug on the SA bugzilla , and attach a patch against
the 3.2.x rules
dir. we'll probably apply it ;)
--j.
Re: ReturnPath, Habeas, BondedSender
Posted by SM <sm...@resistor.net>.
At 17:20 02-03-2009, J.D. Falk wrote:
>(BTW, a quick visit to your favorite search engine should alleviate
>any fears that either Neil or I are marketers.)
I can confirm that J.D. is not in marketing.
He did not "top-post" or send his message in HTML format. :-)
Regards,
-sm
Re: ReturnPath, Habeas, BondedSender
Posted by "J.D. Falk" <jd...@cybernothing.org>.
Jason Bertoch wrote:
> That being said, maybe the rule description should include the reporting
> addresses. Why would I look on the SA wiki for a place to report
> ReturnPath, Habeas, and BondedSender complaints?
What's the process for updating rule descriptions?
(BTW, a quick visit to your favorite search engine should alleviate any
fears that either Neil or I are marketers.)
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
RE: ReturnPath, Habeas, BondedSender
Posted by Jason Bertoch <ja...@electronet.net>.
> -----Original Message-----
> From: Neil Schwartzman [mailto:neil.schwartzman@returnpath.net]
> Sent: Monday, March 02, 2009 12:22 AM
> To: Spamassassin
> Subject: Re: ReturnPath, Habeas, BondedSender
>
>
> > Good first step, now how about an RFC complaint abuse@ address?
>
> So you can complain about any errant returnpath.net emails? That has
> always been in place. It would be inappropriate to complain about
certified
> client emails to our role accounts, ergo the specific addresses for such
> purposes.
> --
I think it's inappropriate to ask someone who received spam accredited by
these organizations to also help sort their abuse mail by having to track
down some non-standard address. If the abuse@ address is too busy, then the
accreditation process needs more work.
That being said, maybe the rule description should include the reporting
addresses. Why would I look on the SA wiki for a place to report
ReturnPath, Habeas, and BondedSender complaints?
Jason A. Bertoch
Network Administrator
jason@electronet.net
Electronet Broadband Communications
3411 Capital Medical Blvd.
Tallahassee, FL 32308
(V) 850.222.0229 (F) 850.222.8771
Re: ReturnPath, Habeas, BondedSender
Posted by Neil Schwartzman <ne...@returnpath.net>.
On 01/03/09 7:55 PM, "Michael Scheidell" <sc...@secnap.net> wrote:
> Last time I tried via your web site, I had a salesperson call me
> trying to convince me I should pay return path to 'bless' my marketing
> emails.
BTW: I trust your pointed out the error of his ways. If this ever happens
again, get the person's name and write to me directly. Using the
purpose-built addresses will go direct to our compliance queue and avoid any
possibility of such nonsense.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender
Posted by Neil Schwartzman <ne...@returnpath.net>.
I wanted to follow up on this thread with a word of thanks to both the
Spamassassin developer and user communities for the input, and for their
years of hard work into SA.
I'm hopefully not being obsequious here, what many of you may not know is
that I wrote and helped publish the first spam filtering procmail recipes on
the net, back in my days at Concordia University, and have been fighting
spam since 94-95. And so, when it came time to take on the task of Habeas
Safelist compliance the very first problem I had to contend with was spam,
inbound to our ticketing system, rendering the email stream almost
illegible. It was perhaps extra-offensive given my long years in this
business.
Happily, a deployment of, you guessed it, Spamassassin has attenuated 500
spam/day down to 10. So thanks to all of you for making my next daunting
task a whole lot easier. We are now receiving complaints, both loud AND
clear.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender
Posted by Neil Schwartzman <ne...@returnpath.net>.
On 01/03/09 7:55 PM, "Michael Scheidell" <sc...@secnap.net> wrote:
> Good first step, how, about an RFC complaint abuse@ address?
So you can complain about any errant returnpath.net emails? That has always
been in place. It would be inappropriate to complain about certified client
emails to our role accounts, ergo the specific addresses for such purposes.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender
Posted by Michael Scheidell <sc...@secnap.net>.
> We have created an entry on the Spamassassin wiki
> http://wiki.apache.org/spamassassin/ReportingSpam
Thanks.. Last time I tried via your web site, I had a salesperson call me
trying to convince me I should pay return path to 'bless' my marketing
emails.
Good first step, how, about an RFC complaint abuse@ address?
--
Michael Scheidell, CTO
>|SECNAP Network Security
Finalist 2009 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
Re: ReturnPath, Habeas, BondedSender
Posted by Neil Schwartzman <ne...@returnpath.net>.
On 01/03/09 7:58 PM, "Michael Scheidell" <sc...@secnap.net> wrote:
> And why is this original email supposed to be a high priority? Must be a
> marketing person posting it.
Hah. Marketing. Yeah right. That's what it says in my sig. Oh, no wait ...
I believe the reason the email was highest priority is because I responded
to the original thread post, and my MUA retained the original priority.
Either that or my MUA is hosed, because I never touch the priority.
On 01/03/09 7:55 PM, "Michael Scheidell" <sc...@secnap.net> wrote:
> Thanks.. Last time I tried via your web site, I had a salesperson call me
> trying to convince me I should pay return path to 'bless' my marketing
> emails.
Which website? Habeas.com? ReturnPath.net? SenderScoreCertified.com?
SenderScore.org?
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender
Posted by Michael Scheidell <sc...@secnap.net>.
> We have created an entry on the Spamassassin wiki
> http://wiki.apache.org/spamassassin/ReportingSpam
Sorry, but these people have no clue: RFC's? What the heck.
Received: from 38.109.196.48 ([38.109.196.48]) by rpnyex01.rpcorp.local
([192.168.1.16]) with Microsoft Exchange Server HTTP-DAV ;
Sat, 28 Feb 2009 12:34:06 +0000
User-Agent: Microsoft-Entourage/12.15.0.081119
Date: Sat, 28 Feb 2009 06:35:49 -0600
And why is this original email supposed to be a high priority? Must be a
marketing person posting it.
--
Michael Scheidell, CTO
>|SECNAP Network Security
Finalist 2009 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________
ReturnPath, Habeas, BondedSender
Posted by Neil Schwartzman <ne...@returnpath.net>.
We have created an entry on the Spamassassin wiki
http://wiki.apache.org/spamassassin/ReportingSpam
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender -- are you listening to complaints?
Posted by "J.D. Falk" <jd...@cybernothing.org>.
Neil Schwartzman wrote:
> We have created an entry on the Spamassassin wiki
> http://wiki.apache.org/spamassassin/ReportingSpam
Plus, we updated the pages for the specific rules which refer to our data.
Any other suggestions?
--
J.D. Falk
Return Path Inc
http://www.returnpath.net/
Re: ReturnPath, Habeas, BondedSender -- are you listening to
complaints?
Posted by Neil Schwartzman <ne...@returnpath.net>.
I wanted to follow up on this thread with a word of thanks to both the
Spamassassin developer and user communities for the input, and for their
years of hard work into SA.
I'm hopefully not being obsequious here, what many of you may not know is
that I wrote and helped publish the first spam filtering procmail recipes on
the net, back in my days at Concordia University, and have been fighting
spam since 94-95. And so, when it came time to take on the task of Habeas
Safelist compliance the very first problem I had to contend with was spam,
inbound to our ticketing system, rendering the email stream almost
illegible. It was perhaps extra-offensive given my long years in this
business.
Happily, a deployment of, you guessed it, Spamassassin has attenuated 500
spam/day down to 10. So thanks to all of you for making my next daunting
task a whole lot easier. We are now receiving complaints, both loud AND
clear.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender -- are you listening to
complaints?
Posted by Neil Schwartzman <ne...@returnpath.net>.
We have created an entry on the Spamassassin wiki
http://wiki.apache.org/spamassassin/ReportingSpam
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender -- are you listening to
complaints?
Posted by Neil Schwartzman <ne...@returnpath.net>.
On 06/02/09 8:40 PM, "Greg Troxel" <gd...@ir.bbn.com> wrote:
> That's my reply, so I thougth I'd share my experiences to date. On
> December 6th I sent a complaint (about spam certified as
> HABEAS_ACCREDITED_COI) to safelist@returnpath.net and
> complaints@habeas.com. I heard nothing, but noticed a drop to SOI.
> After Neil's post to the list forwarded the complaint on January 14 to
> sa-abuse@senderscorecertified.com. I have not heard anything back, so I
> just sent the complaint again.
As I noted back in January, I had only just assumed the task of compliance
for Safelist days before.
I thought my reply to your post would have been sufficient response, my
sincere apologies for not having replied to your complaint submission.
> I just ran the original message through SA again, and it comes up
>
> Content preview: My Rewards Center - Please Confirm My Rewards Center
> Having
> trouble viewing this email? . [...]
>
> Content analysis details: (-2.3 points, 1.0 required)
>
> pts rule name description
> ---- ----------------------
> --------------------------------------------------
> -4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better
> [64.20.245.66 listed in sa-accredit.habeas.com]
> 0.0 HTML_MESSAGE BODY: HTML included in message
> 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
> [score: 0.5000]
> 2.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
> -0.5 AWL AWL: From: address is in the auto white-list
>
>
> The message has
>
> Accreditor: Habeas
> X-Habeas-Report: Please report use of this mark in spam to
> <http://www.habeas.com/report/>
>
> this goes to a web form, with no abuse email address where one can
> forward full headers.
That is incorrect. There is a box specifically for that purpose, indeed the
webform cannot be used without the submission of full headers. There is even
a phrase to that effect on that page:
"Include the content of the email message including full headers.
(required)"
Furthermore, we have now posted several times about the complaint submission
process.
> So perhaps habeas-certified mail should be tagged
> ACCREDITED_RFC_IGNORANT_ABUSE.
I fail to see where we are RFC ignorant. Not only is there a specific
submission address we have created for the Spamassassin community, but
additionally abuse@habeas.* continues to work, although that would, of
course, be where you would want to send reports of abuse with Habeas.* in
the from, or one of our sending IPs as the culprit.
> So from where I sit there is no functionging complaint process, and the
> only time I've seen any response at all is from complaining in public.
Heh, I'm very curious as to where you sit! There absolutely is (are)
several functioning complaint mechanisms
1. The webform
2. abuse.net
3. sa-abuse@senderscorecertified.com
Let's get specific about this particular sender.
1. We dropped them from COI to SOI. That is an appropriate proclamation of
the providence of their mail, IMO.
2. We are currently investigating them. This may be a revelation, but we do
not terminate clients based on one, or even a couple of complaints. That
would be fool-hardy, leaving our systems and protocols open to gaming. I am
looking at these guys HARD by way of an aggregation of historical issues,
and I have set up active monitoring of their account using all the
investigative/researchy resources I have at hand, which are substantial. At
present time it is too early to say what actions I will take, but they will
be dealt with, and these problems *will* stop, one way or the other.
3. Investigations take time. The reality is, we had a couple of far more
egregious issues to deal with these past weeks (one on Safelist, two on
Certified), and have outright fired some people as a result of the
investigations that superseded this one [I can't tell you who specifically,
but one of our senders was fired from our programme, fired by their ESP, had
a cease & desist letter issued to the for CANSPAM violations by one of the
largest Freemailers, and was fired from an 'affiliate programme' to which
they had appended themselves, directly as a result of of this investigation.
IOW, we put them out of business. Another one, we shut down entirely en
masse, and they are leaving voluntarily. A third, we found to be sending
419. That was shut down at 18:30 last night].
Bottom line:
I will not promise an immediate turn-around on the performance of the list
(realistically, over the next two months you will see significant
improvement) nor (as I said publicly and previously), will I promise
immediate actions to complaint submissions.
What I will promise is that we are listening, we are responsive, we are very
actively working on Safelist, and the intent to fix what is wrong is not
only very real, but fully supported by the CEO, the President, and the VP
for whom I work.
I will not brook the notion for one second that we are unresponsive, nor
uncaring about the situation. We have spent literally hundreds of manhours
to try to make sense of the legacy systems, begin migration, and take steps
to deal with what is clearly a problem. We will continue to do so.
We are NOT fooling around, NOT shining you on. The reality is time and
resource constraints. I sincerely apologize if the time-frame is not
sufficiently rapid to meet your needs; There are only so many hours in the
day, and there are steps *you* can take to deal with sub-optimal senders on
Safelist, or Safelist in its entirety. Eventually, these senders will not be
an issue. At present, doubtlessly they are.
Greg, everyone, please keep your eyes on safelist, and when it appears to be
sufficiently polished for you to reconsider its use, we would be
appreciative were you to reverse a decision to downgrade the score.
As I said last time we had this discussion Greg, downgrading is exactly what
I would have done in your situation.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Re: ReturnPath, Habeas, BondedSender -- are you listening to complaints?
Posted by Greg Troxel <gd...@ir.bbn.com>.
Karsten Bräckelmann <gu...@rudersport.de> writes:
> On Fri, 2009-02-06 at 10:14 -0500, Neil Schwartzman wrote:
>> On Fri, Feb 6, 2009 at 14:22 Karsten Bräckelmann wrote:
>>
>> > [...] The most important issue that has been mentioned repeatedly is
>> > the lack of *any* way to report abuse -- by regular humans. I'm not
>> > talking ESP here.
>
>> Absolutely we are listening, and absolutely there is a place to file
>> complaints.
>>
>> Here's what I wrote to SA Users 14/01/2009:
>
> Oops, you're right, sorry about that. Forgot that post. However, it
> nicely shows the issue at hand. The address for filing complaints for SA
> users and other mere mortals are almost impossible to find. No feedback
> option on your web-sites, Google didn't pull out that post either.
>
> A reply to your post points it out quite strikingly.
> http://markmail.org/message/jlagd6vzew4ztohw
That's my reply, so I thougth I'd share my experiences to date. On
December 6th I sent a complaint (about spam certified as
HABEAS_ACCREDITED_COI) to safelist@returnpath.net and
complaints@habeas.com. I heard nothing, but noticed a drop to SOI.
After Neil's post to the list forwarded the complaint on January 14 to
sa-abuse@senderscorecertified.com. I have not heard anything back, so I
just sent the complaint again.
I just ran the original message through SA again, and it comes up
Content preview: My Rewards Center - Please Confirm My Rewards Center Having
trouble viewing this email? . [...]
Content analysis details: (-2.3 points, 1.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-4.3 HABEAS_ACCREDITED_SOI RBL: Habeas Accredited Opt-In or Better
[64.20.245.66 listed in sa-accredit.habeas.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
2.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
-0.5 AWL AWL: From: address is in the auto white-list
The message has
Accreditor: Habeas
X-Habeas-Report: Please report use of this mark in spam to <http://www.habeas.com/report/>
this goes to a web form, with no abuse email address where one can
forward full headers. So perhaps habeas-certified mail should be tagged
ACCREDITED_RFC_IGNORANT_ABUSE.
So from where I sit there is no functionging complaint process, and the
only time I've seen any response at all is from complaining in public.
Thus, I support removing the negative score from default configs - even
if ruleqa says the rules on average work ok. I have gotten some legit
mail from certified senders (shipping confirmations in June/July 2008,
now no longer accredited), but very few. It is not reasonable to let
for-profit companies sell negative scores when those companies don't do
so at a very high level of responsibly - and that does not appear to be
the case from the data I have.
Re: ReturnPath, Habeas, BondedSender -- are you listening
tocomplaints?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Fri, 2009-02-06 at 12:14 -0500, Neil Schwartzman wrote:
> On 06/02/09 12:05 PM, "Karsten Bräckelmann" <gu...@rudersport.de> wrote:
>
> > Since you mentioned it publicly, I assume it is OK to add this to the SA
> > wiki? So we have a place to point anyone to, filing a new bug against SA
> > regarding the HABEAS and RCVD_IN_BSP scores. And maybe even help Google
> > to finally pick it up. I still would wish you'd visibly offer this
> > feedback option yourself, though.
>
> We just got off a previously scheduled call with Darryl, and he mentioned
> the Wiki. We will post something there shortly.
Perfect, thanks. Then I don't need to come up with everything myself.
Please post the link here. I'll be glad to perhaps add some bits and
buzzwords, for the benefit of better search-ability.
> First off, which websites did you go to and were unable to find a place to
> submit?
HABEAS_ACCREDITED_SOI habeas.com, which silently redirects to
returnpath.net. Doesn't even mention you've come to the right place
searching for Habeas.
RCVD_IN_BSP_TRUSTED bondedsender.org, which silently redirects to
senderscorecertified.com
Poked around both sites, didn't find anything other than a form with a
ridiculous tiny text entry. The forms also clearly stated, they don't
want my feedback -- I am not an ESP, neither bulk mailer. I am the
receiver of messages abusing your service. Alas, no option for that.
Google didn't help. Neither did SA bugzilla. Quite the opposite, that's
where I got confirmation there is no such thing as I was looking for.
> Also, Safelist mail often comes with 'Habeas Headers' which provide a link
> to a web-form (yeah, I know, most people hate filling out a form to submit a
> spam complaint).
I would have been happy to. Would have spared my ramblings and saved my
day. Though... do you seriously expect abusers to include such a link?
No Habeas Header. Quite some ID tags, though. Plus a List-Unsubscribe
header. Didn't sign up, won't unsubscribe either. :)
> Lastly, and this isn't me making excuses but providing reasons, I raised
> this issue with my boss this morning. I agree wholeheartedly that an email
> company needs to have a link labeled 'report abuse' on every one of their
> pages, and we will move to get that done. The problem is time, and [...]
Not meaning to accuse you. In fact, I'm quite happy to get a response
that fast. Figured I should do something and rattle a bit, given the
poor results I found, and this topic coming up every now and then.
To clarify: I do not want to outright disable the existing (very few)
negative scoring rules in SA. I do however strongly believe that every
service impacting the SA score must provide an obvious way for feedback.
Daryl and Neil -- sorry, didn't mean to rain on your parade. :) Pure
coincidence I got pestered by -8.6 on a spam...
guenther
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: ReturnPath, Habeas, BondedSender -- are you listening
tocomplaints?
Posted by Neil Schwartzman <ne...@returnpath.net>.
On 06/02/09 12:05 PM, "Karsten Bräckelmann" <gu...@rudersport.de> wrote:
> Since you mentioned it publicly, I assume it is OK to add this to the SA
> wiki? So we have a place to point anyone to, filing a new bug against SA
> regarding the HABEAS and RCVD_IN_BSP scores. And maybe even help Google
> to finally pick it up. I still would wish you'd visibly offer this
> feedback option yourself, though.
We just got off a previously scheduled call with Darryl, and he mentioned
the Wiki. We will post something there shortly.
First off, which websites did you go to and were unable to find a place to
submit?
Also, Safelist mail often comes with 'Habeas Headers' which provide a link
to a web-form (yeah, I know, most people hate filling out a form to submit a
spam complaint).
Lastly, and this isn't me making excuses but providing reasons, I raised
this issue with my boss this morning. I agree wholeheartedly that an email
company needs to have a link labeled 'report abuse' on every one of their
pages, and we will move to get that done. The problem is time, and
priorities, quite frankly. We are in a massive state of flux having recently
sold two divisions and having purchased a third, so our web folks and
marketing are slammed.
In the meantime, I updated the abuse.net listings so all road lead to Rome,
or in this case, the RT queue myself and other team members watch.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
re: ReturnPath, Habeas, BondedSender -- are you listening to
complaints?
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Fri, 2009-02-06 at 10:14 -0500, Neil Schwartzman wrote:
> On Fri, Feb 6, 2009 at 14:22 Karsten Bräckelmann wrote:
>
> > ReturnPath and acquisitions, hope that triggered your attention. I know
> > you're reading this list. ;)
>
> Actually, we weren't, until two people here pinged me. I'm not now, nor have
> I ever been a developer. We read the SA Users list.
Well, you used to -- Habeas staff posted to this list before, as I could
quickly confirm from my patchy local archive.
Thanks for the quick response, Neil. And the two anonymous people. ;)
> > [...] The most important issue that has been mentioned repeatedly is
> > the lack of *any* way to report abuse -- by regular humans. I'm not
> > talking ESP here.
> Absolutely we are listening, and absolutely there is a place to file
> complaints.
>
> Here's what I wrote to SA Users 14/01/2009:
Oops, you're right, sorry about that. Forgot that post. However, it
nicely shows the issue at hand. The address for filing complaints for SA
users and other mere mortals are almost impossible to find. No feedback
option on your web-sites, Google didn't pull out that post either.
A reply to your post points it out quite strikingly.
http://markmail.org/message/jlagd6vzew4ztohw
> > Yes -- I got a bad customer right here in my Inbox, approved by Habeas
> > and BondedSender. I'd like to tell you, so you can provide a worthwhile
> > service. If only I would know where to send it to.
>
> Thanks, please do sent it in to sa-abuse@senderscorecertified.com
Will do right away, thanks for the address and the pointer to your
previous post.
Since you mentioned it publicly, I assume it is OK to add this to the SA
wiki? So we have a place to point anyone to, filing a new bug against SA
regarding the HABEAS and RCVD_IN_BSP scores. And maybe even help Google
to finally pick it up. I still would wish you'd visibly offer this
feedback option yourself, though.
guenther
Btw, you don't necessarily need to be a developer to find this list
useful. Less chatter and cries for help than on the users list, more
discussion about rules and scores. ;)
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}