You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Charles Gregory <cg...@hwcn.org> on 2009/12/04 20:57:09 UTC
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?
On Fri, 4 Dec 2009, Per Jessen wrote:
> The other side of the argument is - why does any legitimate company need
> to employ a service such as Habeas/Returnpath/whatever?
Any legitimate drug company that wants to send price lists to its
legitimate distributors or end customers, upon request, even if not a
mailing list mail, but specific, one-by-one request/response mails, would
have trouble with spam filters that check for drug names and percentages
and hot words like 'sale'. The preponderance of drug spams makes it very
difficult for these companies. Help from a whitelist is a welcome thing.
But it becomes useless if the spammers suborn the process.
- Charles
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by "richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>.
I've just had another one to a honeypot - care of myspace. My dog does
not have a myspace account. Again, this is a harvested email address.
204.16.33.75 WHITELISTED: sa-accredit.habeas.com
Whilst I appreciate that nobody would turn their noses up at taking $$$
from someone like myspace, there are some serious concerns about their
data here.
I'll check with my dog to make sure he has not subscribed whilst I
turned my back .........
Received: from vmta12.myspace.com (vmta12.myspace.com [204.16.33.75]) by
..... with ESMTP id for
<.....>; Fri, 4 Dec 2009 19:48:32 +0000 (GMT)
Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by Per Jessen <pe...@computer.org>.
Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas.
It almost certainly depends on your environment - like my numbers
showed, over four months, I only had 45 emails that would have gone
down the drain without Habeas. In comparison to what was processed
that is an incredibly low number.
/Per Jessen, Zürich
Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by jdow <jd...@earthlink.net>.
What I call spam you may call ham. What I call ham you might call spam.
One ring to control them all er one list to filter them all inherently
cannot
work, especially when people change their minds and decide to
"unsubscribe with extreme prejudice."
{^_^}
----- Original Message -----
From: "LuKreme" <kr...@kreme.com>
To: <us...@spamassassin.apache.org>
Sent: Monday, 2009/December/07 09:22
Subject: Re: HABEAS_ACCREDITED WHY BY DEFAULT?
On 7-Dec-2009, at 09:03, Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas. But they
> need to be *very* well managed and policed. And it seems, from some
> complaints, that this is not happening....
How a service like HABEAS needs to work is that 1) It keeps a massive
database of email addresses that are known to either be bad, or to be users
who have specifically submitted their addresses as not accepting any
unsolicited unconfirmed emails, ever. A spammer — er, marketer, submits
their mailing list and it is 'cleaned' of all those addresses, then
submitted back to the spammer.
The spammer, in order to register with the service has to pay some amount of
money (probably a range of $0-$1,000,000 depending on the size of their list
and profit/non-profit status of the sender) that is held in a third party
trust. This is money that is deposited in addition to whatever charges there
are to clean the list. If the spammer sends any messages to an address that
was scrubbed, then the trust money is donated to some charity and the
spammers account with the service is revoked and their ENTIRE IP CLASS is
submitted to RBLs. In addition, bounce processing for the spam—er, marketing
email is handled by the service. Addresses that bounce are added to the
database of bad addresses. Spam complaints are added to the database of
opt-out addresses.
THAT service I would allow negative points to in my SA. I can't imagine any
other commercial whitelist that I would allow negative points for.
--
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper
is this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's
dead."
Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by LuKreme <kr...@kreme.com>.
On 7-Dec-2009, at 09:03, Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas. But they need to be *very* well managed and policed. And it seems, from some complaints, that this is not happening....
How a service like HABEAS needs to work is that 1) It keeps a massive database of email addresses that are known to either be bad, or to be users who have specifically submitted their addresses as not accepting any unsolicited unconfirmed emails, ever. A spammer — er, marketer, submits their mailing list and it is 'cleaned' of all those addresses, then submitted back to the spammer.
The spammer, in order to register with the service has to pay some amount of money (probably a range of $0-$1,000,000 depending on the size of their list and profit/non-profit status of the sender) that is held in a third party trust. This is money that is deposited in addition to whatever charges there are to clean the list. If the spammer sends any messages to an address that was scrubbed, then the trust money is donated to some charity and the spammers account with the service is revoked and their ENTIRE IP CLASS is submitted to RBLs. In addition, bounce processing for the spam—er, marketing email is handled by the service. Addresses that bounce are added to the database of bad addresses. Spam complaints are added to the database of opt-out addresses.
THAT service I would allow negative points to in my SA. I can't imagine any other commercial whitelist that I would allow negative points for.
--
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper
is this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's
dead."
Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
> On Sat, 5 Dec 2009, Per Jessen wrote:
>> Won't customers dealing with such a company will have whitelisted them
>> long ago?
>
> For every 'mark' that is out there, stupidly entering their e-mail and
> then getting a bunch of ads for which they didn't realize they had given
> permission, there are people that are equally technologically illiterate
> that don't *think* that they need to do *anything* 'special' to make the
> mail from their favorite drug company arrive in their mailbox. They see
> very little spam (thanks to MY efforts - preen, preen) and so they don't
> think of a spam 'problem' and that the mail they just requested might not
> make it through.
On 07.12.09 11:03, Charles Gregory wrote:
> So I end up with a customer on the phone complaining. So if that drug
> company could get themselves on a 'standard' whitelist which I already
> trust and use, then I don't have to do anything special, and neither does
> my customer.
I find it a bit funny that you blame HABEAS whitelist, while you recommend
"ordinary" whitelist where both have some rules for listing, and I think
HABEAS has even more scrct rules.
I am not telling that you are correct or not, it's just my observation
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by Charles Gregory <cg...@hwcn.org>.
On Sat, 5 Dec 2009, Per Jessen wrote:
> Won't customers dealing with such a company will have whitelisted them
> long ago?
For every 'mark' that is out there, stupidly entering their e-mail and
then getting a bunch of ads for which they didn't realize they had given
permission, there are people that are equally technologically illiterate
that don't *think* that they need to do *anything* 'special' to make the
mail from their favorite drug company arrive in their mailbox. They see
very little spam (thanks to MY efforts - preen, preen) and so they don't
think of a spam 'problem' and that the mail they just requested might not
make it through.
So I end up with a customer on the phone complaining. So if that drug
company could get themselves on a 'standard' whitelist which I already
trust and use, then I don't have to do anything special, and neither does
my customer.
Some companies are smart enough to add a note to their website that says
"be sure to add us to your whitelist", but that doesn't help the thousands
of people who read it and say "too complicated for me I hope it works" and
call me if it doesn't.... :)
There's a need. A real genuine need for services like Habeas. But they
need to be *very* well managed and policed. And it seems, from some
complaints, that this is not happening....
- Charles
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by jdow <jd...@earthlink.net>.
From: "Per Jessen" <pe...@computer.org>
Sent: Saturday, 2009/December/05 02:20
Charles Gregory wrote:
> On Fri, 4 Dec 2009, Per Jessen wrote:
>> The other side of the argument is - why does any legitimate company
>> need to employ a service such as Habeas/Returnpath/whatever?
>
> Any legitimate drug company that wants to send price lists to its
> legitimate distributors or end customers, upon request, even if not a
> mailing list mail, but specific, one-by-one request/response mails,
> would have trouble with spam filters that check for drug names and
> percentages and hot words like 'sale'.
Won't customers dealing with such a company will have whitelisted them
long ago?
<<jdow: You could take it to the bank that most won't figure out how,
no matter how simple you make it for them. And they WILL complain.
{^_^}
No matter how idiot proof you make your product you will find that
God rewards you by presenting you with a better idiot.
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by Per Jessen <pe...@computer.org>.
McDonald, Dan wrote:
> On Dec 5, 2009, at 4:20 AM, "Per Jessen" <pe...@computer.org> wrote:
>
>> Charles Gregory wrote:
>>
>>> On Fri, 4 Dec 2009, Per Jessen wrote:
>>>> The other side of the argument is - why does any legitimate company
>>>> need to employ a service such as Habeas/Returnpath/whatever?
>>>
>>> Any legitimate drug company that wants to send price lists to its
>>> legitimate distributors or end customers, upon request, even if not
>>> a mailing list mail, but specific, one-by-one request/response
>>> mails, would have trouble with spam filters that check for drug
>>> names and percentages and hot words like 'sale'.
>>
>> Won't customers dealing with such a company will have whitelisted
>> them long ago?
>
> No. I only locally whitelist when there is a reported problem, and
> only as a last resort.
Same here, but that means any regular business partner in the pharma
business will have been whitelisted long ago. All it takes is one FP.
/Per Jessen, Zürich
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by "McDonald, Dan" <Da...@austinenergy.com>.
On Dec 5, 2009, at 4:20 AM, "Per Jessen" <pe...@computer.org> wrote:
> Charles Gregory wrote:
>
>> On Fri, 4 Dec 2009, Per Jessen wrote:
>>> The other side of the argument is - why does any legitimate company
>>> need to employ a service such as Habeas/Returnpath/whatever?
>>
>> Any legitimate drug company that wants to send price lists to its
>> legitimate distributors or end customers, upon request, even if not a
>> mailing list mail, but specific, one-by-one request/response mails,
>> would have trouble with spam filters that check for drug names and
>> percentages and hot words like 'sale'.
>
> Won't customers dealing with such a company will have whitelisted them
> long ago?
No. I only locally whitelist when there is a reported problem, and
only as a last resort. There is no way for me to know all of the
"trusted partners" that we might do business with. A common whitelist
of legitimate companies is a welcome thing for me.
The other way I use it, when I get complaints about receiving "spam",
is to determine if it is safe to unsubscribe. My users know that bad
spammers use unsubscribes as reconnaissance to add valid addresses to
their lists. So, when they forgot that they signed up for something, I
will often unsubscribe them from a company that is listed in returnpath.
>
> /Per Jessen, Zürich
>
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?
Posted by Per Jessen <pe...@computer.org>.
Charles Gregory wrote:
> On Fri, 4 Dec 2009, Per Jessen wrote:
>> The other side of the argument is - why does any legitimate company
>> need to employ a service such as Habeas/Returnpath/whatever?
>
> Any legitimate drug company that wants to send price lists to its
> legitimate distributors or end customers, upon request, even if not a
> mailing list mail, but specific, one-by-one request/response mails,
> would have trouble with spam filters that check for drug names and
> percentages and hot words like 'sale'.
Won't customers dealing with such a company will have whitelisted them
long ago?
/Per Jessen, Zürich