You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by David B Funk <db...@engineering.uiowa.edu> on 2019/08/07 20:57:18 UTC

who is IADB and why does this spam get a -3.8 score?

This afternoon I found a spam in one of my spam-traps that was sent via 
constantcontact.com and got a whopping -3.8 from IADB rules.

Why does this spam source get such a boost?

     -0.0 RCVD_IN_IADB_LISTED    RBL: Participates in the IADB system
     -0.1 RCVD_IN_IADB_SPF       RBL: IADB: Sender publishes SPF record
     -1.5 RCVD_IN_IADB_OPTIN     RBL: IADB: All mailing list mail is opt-in
     -2.2 RCVD_IN_IADB_VOUCHED   RBL: ISIPP IADB lists as vouched-for sender
     -0.0 RCVD_IN_IADB_SENDERID  RBL: IADB: Sender publishes Sender ID record

In particular how can they claim "All mailing list mail is opt-in" for a message 
sent to a spam-trap address that has never been used in any way other than a 
spam-trap? (IE never used to send mail, never listed as a contact address, etc).

The message had a "unsubscribe" link but no "report spam" functions.

Why should we have to "unsubscribe" an address that was never subscribed at all?
(that would tend to give legitimacy to the spammer's claims that it was 
subscribed/opt-in ).

who should I report this travesty to?

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: who is IADB and why does this spam get a -3.8 score?

Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.

The offending sender has been terminated by the ESP.

> On Aug 7, 2019, at 3:06 PM, Anne P. Mitchell, Esq. <am...@isipp.com> wrote:
> 
> Hi David!
> 
> We are the IADB, and if you are getting spam from an accredited IP address, we definitely want to know about it.  The reason that email from that IP gets that score is because it is supposed to be 100% opt-in - clearly if you didn't opt in, then it's not - and so we will take the responsible party to task for it, and asap.
> 
> Can you please forward a copy, with headers, directly to me, and I will personally make sure that it is taken care of, and with haste.
> 
> Thank you.
> 
> Anne
> 
> Anne P. Mitchell, Attorney at Law
> CEO/President, Institute for Social Internet Public Policy
> Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Legislative Consultant
> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
> Board of Directors, Denver Internet Exchange
> Board of Directors, Asilomar Microcomputer Workshop
> Legal Counsel: The CyberGreen Institute
> Former Counsel: Mail Abuse Prevention System (MAPS)
> Member: California Bar Association
> 
> 
>> 
>> Why does this spam source get such a boost?
>> 
>>   -0.0 RCVD_IN_IADB_LISTED    RBL: Participates in the IADB system
>>   -0.1 RCVD_IN_IADB_SPF       RBL: IADB: Sender publishes SPF record
>>   -1.5 RCVD_IN_IADB_OPTIN     RBL: IADB: All mailing list mail is opt-in
>>   -2.2 RCVD_IN_IADB_VOUCHED   RBL: ISIPP IADB lists as vouched-for sender
>>   -0.0 RCVD_IN_IADB_SENDERID  RBL: IADB: Sender publishes Sender ID record
>> 
>> In particular how can they claim "All mailing list mail is opt-in" for a message sent to a spam-trap address that has never been used in any way other than a spam-trap? (IE never used to send mail, never listed as a contact address, etc).
>> 
>> The message had a "unsubscribe" link but no "report spam" functions.
>> 
>> Why should we have to "unsubscribe" an address that was never subscribed at all?
>> (that would tend to give legitimacy to the spammer's claims that it was subscribed/opt-in ).
>> 
>> who should I report this travesty to?
>> 
>> -- 
>> Dave Funk                                  University of Iowa
>> <dbfunk (at) engineering.uiowa.edu>        College of Engineering
>> 319/335-5751   FAX: 319/384-0549           1256 Seamans Center
>> Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
>> #include <std_disclaimer.h>
>> Better is not better, 'standard' is better. B{
>

Re: who is IADB and why does this spam get a -3.8 score?

Posted by "Anne P. Mitchell, Esq." <am...@isipp.com>.

Hi David!

We are the IADB, and if you are getting spam from an accredited IP address, we definitely want to know about it.  The reason that email from that IP gets that score is because it is supposed to be 100% opt-in - clearly if you didn't opt in, then it's not - and so we will take the responsible party to task for it, and asap.

Can you please forward a copy, with headers, directly to me, and I will personally make sure that it is taken care of, and with haste.

Thank you.

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association

> On Aug 7, 2019, at 2:57 PM, David B Funk <db...@engineering.uiowa.edu> wrote:
> 
> This afternoon I found a spam in one of my spam-traps that was sent via constantcontact.com and got a whopping -3.8 from IADB rules.
> 
> Why does this spam source get such a boost?
> 
>    -0.0 RCVD_IN_IADB_LISTED    RBL: Participates in the IADB system
>    -0.1 RCVD_IN_IADB_SPF       RBL: IADB: Sender publishes SPF record
>    -1.5 RCVD_IN_IADB_OPTIN     RBL: IADB: All mailing list mail is opt-in
>    -2.2 RCVD_IN_IADB_VOUCHED   RBL: ISIPP IADB lists as vouched-for sender
>    -0.0 RCVD_IN_IADB_SENDERID  RBL: IADB: Sender publishes Sender ID record
> 
> In particular how can they claim "All mailing list mail is opt-in" for a message sent to a spam-trap address that has never been used in any way other than a spam-trap? (IE never used to send mail, never listed as a contact address, etc).
> 
> The message had a "unsubscribe" link but no "report spam" functions.
> 
> Why should we have to "unsubscribe" an address that was never subscribed at all?
> (that would tend to give legitimacy to the spammer's claims that it was subscribed/opt-in ).
> 
> who should I report this travesty to?
> 
> -- 
> Dave Funk                                  University of Iowa
> <dbfunk (at) engineering.uiowa.edu>        College of Engineering
> 319/335-5751   FAX: 319/384-0549           1256 Seamans Center
> Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
> #include <std_disclaimer.h>
> Better is not better, 'standard' is better. B{