You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2009/09/03 16:45:29 UTC

OT: Q about habeas marks

I think someone on this mailing list mentioned that habeas doesn't use, 
or endorse use of the old 'habeas' marks in email anymore, right?
Would it be safe to assume that anyone using this in the headers is a 
spammer trying to get a free ride?
(going to www.habaes.com/report/ brings up a 'this page has disappeared' 
page.
so, a quick header check in the MTA would keep these even from being 
scanned by SA.
and a rule like this should block any (if you don't do this in your mta).
any 'legit' email still using these marks?
header _LOCAL_PHONEY_HABEAS exists:x-habeas-report
score _LOCAL_PHONEY_HABEAS 99

x-accreditor:Habeas
x-habeas-report:Please report use of this mark in spam to www.habeas.com/report/




-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best Anti-Spam Product 2008, Network Products Guide
    * King of Spam Filters, SC Magazine 2008

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

Re: OT: Q about habeas marks

Posted by Neil Schwartzman <ne...@returnpath.net>.

Completely offtopic for SA; however, we are in the midst of taking down habeas.com and I expect this is a product of that work; I too just got a 404 response.

If you wish to discuss this further, please ping me offlist.

On 09-09-03 11:50 AM, "LuKreme" <kr...@kreme.com> wrote:

> Not for me. It redirects to
> http://seal.habeas.com/Company_Feedback.php

Nope, not here.  I get:

"This page has disappeared
We are sorry, but the page you were looking for can't be found. Don't
worry though, we will help get you to the right place.
When in doubt -- goto the home page:"

--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038

Re: OT: Q about habeas marks

Posted by LuKreme <kr...@kreme.com>.

On 3-Sep-2009, at 09:32, Neil Schwartzman wrote:

> On 09-09-03 11:20 AM, "Michael Scheidell" <sc...@secnap.net>  
> wrote:
>
>>>
>>> Sure, but why not go to the correct URL at http://www.habeas.com/report/
>>> instead?
>>>
>>>
>> still brings up 'this page has disappeared'
>
> Not for me. It redirects to
> http://seal.habeas.com/Company_Feedback.php

Nope, not here.  I get:

"This page has disappeared
We are sorry, but the page you were looking for can't be found. Don't  
worry though, we will help get you to the right place.
When in doubt -- goto the home page:"

-- 
Well I've seen the Heart of Darkness/Read the writing on the
	wall/an the voice out in the desert/Was the voice out in the
	hall

Re: OT: Q about habeas marks

Posted by Neil Schwartzman <ne...@returnpath.net>.

On 09-09-03 11:20 AM, "Michael Scheidell" <sc...@secnap.net> wrote:

>> 
>> Sure, but why not go to the correct URL at http://www.habeas.com/report/
>> instead?
>> 
>>   
> still brings up 'this page has disappeared'

Not for me. It redirects to
http://seal.habeas.com/Company_Feedback.php

> ip:  174.143.89.6
> 
> using your marks illegally?
> 
> was source in question.

That IP is on the Safe whitelist. Problem?

You can check the status of any IP you wish at http://senderscore.org
-- 
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038

Re: OT: Q about habeas marks

Posted by Michael Scheidell <sc...@secnap.net>.

Neil Schwartzman wrote:
>
>> (going to www.habaes.com/report/ brings up a 'this page has disappeared'
>> page.
>>     
>
> Sure, but why not go to the correct URL at http://www.habeas.com/report/
> instead?
>
>   
still brings up 'this page has disappeared'

ip:  174.143.89.6

using your marks illegally?

was source in question.

>
>   

-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best Anti-Spam Product 2008, Network Products Guide
    * King of Spam Filters, SC Magazine 2008

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

Re: OT: Q about habeas marks

Posted by Neil Schwartzman <ne...@returnpath.net>.

On 09-09-03 10:45 AM, "Michael Scheidell" <sc...@secnap.net> wrote:

> I think someone on this mailing list mentioned that habeas doesn't use,
> or endorse use of the old 'habeas' marks in email anymore, right?
> Would it be safe to assume that anyone using this in the headers is a
> spammer trying to get a free ride?

That would not be a safe assumption. We are currently in the process of
having our customers (perhaps a dozen I know of) remove them from their
sending infrastructures (not always a simple task).

(I am BCCing in the account managers of two clients I know continue to use
them.)

There are two sets of headers, those you mention below, and the old Haiku:
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to .

The smartest thing you can do is just ignore them both, and query the
whitelist via DNS.

> (going to www.habaes.com/report/ brings up a 'this page has disappeared'
> page.

Sure, but why not go to the correct URL at http://www.habeas.com/report/
instead?

;-)

> so, a quick header check in the MTA would keep these even from being
> scanned by SA.
> and a rule like this should block any (if you don't do this in your mta).
> any 'legit' email still using these marks?
> header _LOCAL_PHONEY_HABEAS exists:x-habeas-report
> score _LOCAL_PHONEY_HABEAS 99
> 
> x-accreditor:Habeas
> x-habeas-report:Please report use of this mark in spam to
> www.habeas.com/report/
> 
> 

-- 
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038