Bonded Sender

[Russ Uhte <ru...@parallax.ws>]

We're moving away from our current antispam setup which uses the bonded 
sender list.  In doing some checking to see how I want to setup SA, I 
noticed that currently many messages that look like spam are being 
whitelisted by our current setup because of the bonded sender list.

What is the basic feeling of Bonded Sender in the SA world?  I'm 
thinking it's crap...

Thanks,
Russ
---
[This E-mail scanned for viruses by Declude Virus]

Re: Bonded Sender

[Martin Hepworth <ma...@solid-state-logic.com>]

Russ Uhte wrote:
> We're moving away from our current antispam setup which uses the bonded 
> sender list.  In doing some checking to see how I want to setup SA, I 
> noticed that currently many messages that look like spam are being 
> whitelisted by our current setup because of the bonded sender list.
> 
> What is the basic feeling of Bonded Sender in the SA world?  I'm 
> thinking it's crap...
> 
> Thanks,
> Russ
> ---
> [This E-mail scanned for viruses by Declude Virus]
> 

Depends on how good the Bonding co. are at responding to abuse. From 
what I've seen most aren't that good (but theres always the exception).

-- 
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

Re: Bonded Sender

[jdow <jd...@earthlink.net>]

From: "Matt Kettler" <mk...@comcast.net>

> Most people having problems with BSP are in category 2, or consider 
> subscriber mail to be spam. (There is a lot of spam-ish subscriber mail 
> out there, my users subscribe to lots of it, on purpose, it's often hard 
> for me to tell without asking the recipient. I also have users that claim 
> that amazon mail is spam, even though they bought items there and didn't 
> clear the "send me special offers" check box.)

At this precise moment I am somewhat hot under the collar with
"subscriber" sort of mail from American Honda Motors Acura people. I
have been unable to disabuse them about my name being Greg (hardly),
my being an Acura owner, my ever intending to own an Acura, and my
future intentions for a visit to nearby Torrance with a load of
fertilizer for their facility. They have no unsubscribe. They have
no other way to get off their infernal "Owner" list. So I rather
nominate them for a black hole listing infinitely deep. I wish they
had a bond so I could nail them for some money. After 5 years of it
I am getting irritated even seeing it in my spam bin.

{^_^} 

Re: Bonded Sender

[Loren Wilton <lw...@earthlink.net>]

> >Be aware though that MANY spammers forge bonded sender tags.  If you have
> >one of the older methods of checking bonded sender, it is very probable
that
> >a lot of your failures are forgeries that the newer bonded sender methods
> >should correctly detect.
>
> Erm, you're thinking of HABEAS SWE. Bonded sender doesn't have a tag in
the
> headers, so there's nothing to forge.

Erp.  Yea.  Long night dealing with flash floods inside the house.

        Loren

Re: Bonded Sender

[Matt Kettler <mk...@comcast.net>]

At 10:18 AM 8/15/2005, Loren Wilton wrote:
>My very minimal experience with Bonded Sender is that the people who
>contract directly are mostly fairly legit.  The people who contract through
>the clever guilt-sharing arrangement at constant contact are spammers.

Agreed.


>Be aware though that MANY spammers forge bonded sender tags.  If you have
>one of the older methods of checking bonded sender, it is very probable that
>a lot of your failures are forgeries that the newer bonded sender methods
>should correctly detect.

Erm, you're thinking of HABEAS SWE. Bonded sender doesn't have a tag in the 
headers, so there's nothing to forge.

Bondedsender is based on your IP address.. Bonded sender works like a 
DNSBL, but is a DNSWL (DNS white list).

If BSP_TRUSTED hits in SA one of two things is true:

1) The server delivering mail has a bond, and you can complain and cost the 
owner of the server money against the bond.

2) Your trusted_networks isn't set properly, usually due to having a NATed 
mailserver, or some other arrangement where the first internet routable, 
non-reserved, IP in the headers isn't your server. This causes SA to trust 
one more header than it should, and spammers can insert a forged Received: 
header that SA will honor for this test that it shouldn't.


Most people having problems with BSP are in category 2, or consider 
subscriber mail to be spam. (There is a lot of spam-ish subscriber mail out 
there, my users subscribe to lots of it, on purpose, it's often hard for me 
to tell without asking the recipient. I also have users that claim that 
amazon mail is spam, even though they bought items there and didn't clear 
the "send me special offers" check box.)


Of course, there are some real spammers using servers with real bonds... 
Start reporting them to bondedsender, the costs will eventually cause them 
to cancel the bond.

This goes double for contract-thru arrangements. The cost of the complaint 
goes against the bond, which will encourage the bonds owner to reduce spam 
volume to reduce their costs. If the money in the bond runs out, their BSP 
listing goes away. Although BSP might let them put more money in, you're at 
least incurring a direct cost to the sender of spam.


>I would not go so far as to say bonded sender is crap.  I would however say
>that it is of fairly minimal usefulness in detecting whether a message is
>spam.  The SURBL list, for instance, is far, far, better.

Well, it's *completely* useless at detecting if a message is spam. So as a 
primary basis of a spam filter, I agree, it's useless.

BSP only tells you if the sending server has a bond, so it's only useful in 
telling you if the message is less likely to be spam.

BSP has no implications that would indicate spam any message. And it 
doesn't even tell you the message isn't spam, it only tells you the server 
owner is putting his money where his mouth is.

Re: Bonded Sender

[Loren Wilton <lw...@earthlink.net>]

My very minimal experience with Bonded Sender is that the people who
contract directly are mostly fairly legit.  The people who contract through
the clever guilt-sharing arrangement at constant contact are spammers.

Be aware though that MANY spammers forge bonded sender tags.  If you have
one of the older methods of checking bonded sender, it is very probable that
a lot of your failures are forgeries that the newer bonded sender methods
should correctly detect.

I would not go so far as to say bonded sender is crap.  I would however say
that it is of fairly minimal usefulness in detecting whether a message is
spam.  The SURBL list, for instance, is far, far, better.

        Loren

Re: Bonded Sender

[Greg Allen <sa...@floridacpu.com>]

First thing I do whenever do an upgrade of SA is to go through and zero
out any rules that suppose someone is a good player. I don't believe in
someone being able to pay to send my system spam. Any such whitelist
systems will eventually be abused IMO. Spammers look at SA rules and take
the easiest target to bypass SA. The easiest target is the large negative
rules. I chose not to provide them any backdoor advantage at all. In other
words, I don't give any large negative points away that could be targeted,
I zero those large negatives out or make them minimal in value.



> We're moving away from our current antispam setup which uses the bonded
> sender list.  In doing some checking to see how I want to setup SA, I
> noticed that currently many messages that look like spam are being
> whitelisted by our current setup because of the bonded sender list.
>
> What is the basic feeling of Bonded Sender in the SA world?  I'm
> thinking it's crap...
>
> Thanks,
> Russ
> ---
> [This E-mail scanned for viruses by Declude Virus]
>
>