Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Fri, 2009-12-04 at 00:18 -0800, jdow wrote:
> From: "LuKreme" <kr...@kreme.com>
> Sent: Thursday, 2009/December/03 20:55
> 
> 
> > On Dec 3, 2009, at 13:43, "richard@buzzhost.co.uk" <richard@buzzhost.co.uk
> > > wrote:
> >> On Thu, 2009-12-03 at 11:23 -0700, J.D. Falk wrote:
> >>> On Dec 2, 2009, at 12:59 AM, richard@buzzhost.co.uk wrote:
> >
> > Look, get a room. Or at least take this twisted courtship dance  offlist 
> > and spare us, please.
> 
> With all the animosity on this issue I decided to give the HABEAS
> rules a score, a negligible score to be sure, just to see what the
> state of HABEAS is for me today.
> 
> In the last four days - nothing either spam or ham.
> 
> Those seeing HABEAS hits: are the hits ancient haiku hits or are they
> the modern DNS test version? I imagine the haiku is still used by
> some spammers. The DNS tests should legitimately show a rather small
> percentage of spam. It appears (weasel word notice) ReturnPath puts
> its members through a wringer to get the approval levels.
> 
> And how was the email determined to be unsolicited? (I believe in one
> case it was a "never used spam trap address.")
> 
> Let's lay some facts out on the table rather than heap a load of
> anecdotal poo on JD over various HABEAS hits.
> 
> And JD, I don't see on your site what it "costs" people to get listed
> on your DNS approval lists other than some tests and documentation. Is
> it possible spammers simply submit some buttered up documentation, get
> approved, and accept getting it knocked back off your lists rapidly as
> a business "time" expense?
> 
> Less shouting and more data and facts seems to be called for on both
> sides. And for the nonce I'll grant both sides the legitimacy of their
> frustrations on this HABEAS thing.
> 
> I note that JD is quite willing to discuss (and seemed to recommend)
> a lowered default score. That seems quite reasonable.
> 
> {^_^}    (Another JD, Jolly Dirty Old Woman type.) 
> 
PREAMBLE:
It's simple for me - I'm not out to win friends or influence anyone and
I find those that grease the wheels for the wholesale distribution of
spam (be it they hold the view it is legitimate or not) in exchange for
money - whilst claiming to be anti-spam - sick individuals that deserve
a good kicking at the very least. That's just my personal view.

RETURN PATH OFFER A PAID FACILITY TO ASSIST IN THE DELIVERY OF UBE.
That's what they do - no matter how nicey nicey Mr Falk may appears to
be. It's his job.

SPAMASSASSIN is about assassinating spam - not facilitating it. Negative
scores applied to a bulk mailing service without the users consent (the
default for Spamassassin is to allow this rule at a minus score) has me
wondering just who's in bed with who? There may be a reasonable argument
that Spamassassin, as configured by default, gives unfair commercial
advantage to HABEAS registered spammers and I'm more curious to find out
WHY than anything else. It would be acceptable for me if it shipped with
a zero score by default with notes in the readme for giving it a minus
score at the users discretion. 

Although this is only a few points in the wrong direction, the
implications this has for the integrity of Spamassassin as an anti-spam
system is in question. Are Return Path making regular donations to
Apache and wanting something in return? What possible plausible reason
is there for a bulk mailing whitelist to appear with a favourable score
in a program heavily used to block spam?

Being well known companies that a person may have once done a very small
amount of business with does not mean that their UBE habits are
acceptable in any way.

FACT
For me, until I changed it to a positive +10 score for HABEAS, the only
time I saw the name was in unwanted UBE - to me, that is SPAM. Making a
fuss on this list (and nowhere else) suddenly had IP's disappear off the
HABEAS list. {dark forces at work indeed}. The kind of people this has
appeared in are not the expected MAINSLEAZE, but shabby bottom feeders.
The kind that think registering with PaytoSpam services (be that a
listing in emailreg.org or Habeas Accreditation) will make them in some
way legitimate in their actions.

FINAL
This is not a social club, it's a question and issues list for
Spamassassin. My question and issue is why, by default, does
Spamassassin use the HABEAS white list, and why is it out of the box set
with a score to favour delivery of their junk? It's a fair question. The
answer 'just change the score' is not the correct answer. The correct
answer will be precisely why this state of affairs exists.

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Charles Gregory <cg...@hwcn.org>]

On Fri, 4 Dec 2009, Yet Another Ninja wrote:
>> ..... 'just change the score' is not the correct answer. 
> the answer is totally correct.

No, it is not. No more than it is correct for a spammer to offer me a 
(working) 'unsubscribe' link. I don't want to discover I've been letting 
spam in the door and get complaints from users because of one (or more!)
'default' settings that are permitting spam.

The 'correct' answer that is being sought is to judge the entire 
underlying 'policy' mechanism for spamassassin which results in the 
*category* of choices about negative scores of which the habeas rule is 
only ONE possible example!

>>  The correct answer will be precisely why this state of affairs exists.
> - because developers think/have thought its a good idea.

SLAP! Don't restate the question like its an answer. He asked for 
reasoning behind the choice, not whether the developers *liked* their 
choice. Of course they liked it. WHY did they like it?

> - because nobody other than you makes such a noise about it.

There's a good point. Why *does* this person see so much spam with the 
habeas rule in it? Which leads to the obvious corrolary, it seems likely 
that the habeas rule got a negative score because it only appears in ham 
in the SA 'master' test corpus. Why is THAT? What skews the messages 
contents so badly? What is different between the two? Anyone thought to 
sit down and question it?

I'm not even blindly accepting his assertions. I used to devalue habeas 
back when it was the 'haiku' variety, but I haven't had a problem lately, 
even without a special score. So why is there a problem for him?

- Charles

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Fri, 2009-12-04 at 11:28 +0100, Yet Another Ninja wrote:

> > The correct answer will be precisely why this state of affairs exists.
> 
> - because developers think/have thought its a good idea.
> 
> - because nobody other than you makes such a noise about it. And YOU who 
>  are so against, have you submitted a bug to have whatever reconsidered.
I don't recall that I was making much noise about it, I said my piece
and others with to carry it on - but I'm more than happy to do that.

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

jdow wrote:

> From: "Per Jessen" <pe...@computer.org>
> Sent: Friday, 2009/December/04 09:11
> 
> 
> richard@buzzhost.co.uk wrote:
> 
>> This was raised as the IP appeared in HABEAS and for a few hours it
>> 'vanished' from the list. It's back there now, but DateTheUk is now
>> pumping out via an ip six decimal places up on the last octet.
>> 
>> 80.75.69.195  WHITELISTED:            sa-accredit.habeas.com
>> 
>> The customer concerned then hopped their output to:80.75.69.201
>> 80.75.69.201  WHITELISTED:            sa-accredit.habeas.com
> 
> FYI, 80.75.69.192 - 80.75.69.255 belongs to Easydate Ltd in Edinburgh.
> 
> << jdow: And somehow I suspect Richard didn't bother to report. It
> is more fun to bitch instead. 

Personally I don't bother with reporting either - it's not my job.  I
filter out spam, and when I receive spam from an accredited source, the
accreditors' reputation is lowered (on my system).  That's the risk of
that business.  


/Per Jessen, Zürich

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

From: "Per Jessen" <pe...@computer.org>
Sent: Friday, 2009/December/04 09:11


richard@buzzhost.co.uk wrote:

> This was raised as the IP appeared in HABEAS and for a few hours it
> 'vanished' from the list. It's back there now, but DateTheUk is now
> pumping out via an ip six decimal places up on the last octet.
> 
> 80.75.69.195  WHITELISTED:            sa-accredit.habeas.com
> 
> The customer concerned then hopped their output to:80.75.69.201
> 80.75.69.201  WHITELISTED:            sa-accredit.habeas.com

FYI, 80.75.69.192 - 80.75.69.255 belongs to Easydate Ltd in Edinburgh. 

<< jdow: And somehow I suspect Richard didn't bother to report. It
is more fun to bitch instead. So far the only real metrics I've seen 
indicates it works. That's data from three people, one off this list.

{^_^}

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Fri, 2009-12-04 at 18:11 +0100, Per Jessen wrote:
> richard@buzzhost.co.uk wrote:
> 
> > This was raised as the IP appeared in HABEAS and for a few hours it
> > 'vanished' from the list. It's back there now, but DateTheUk is now
> > pumping out via an ip six decimal places up on the last octet.
> > 
> > 80.75.69.195  WHITELISTED:            sa-accredit.habeas.com
> > 
> > The customer concerned then hopped their output to:80.75.69.201
> > 80.75.69.201  WHITELISTED:            sa-accredit.habeas.com
> 
> FYI, 80.75.69.192 - 80.75.69.255 belongs to Easydate Ltd in Edinburgh. 
> 
> 
> /Per Jessen, Zürich
> 
Correct, and the hits in habeas are shown. The issue with RP is a side
distraction to this.

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

richard@buzzhost.co.uk wrote:

> This was raised as the IP appeared in HABEAS and for a few hours it
> 'vanished' from the list. It's back there now, but DateTheUk is now
> pumping out via an ip six decimal places up on the last octet.
> 
> 80.75.69.195  WHITELISTED:            sa-accredit.habeas.com
> 
> The customer concerned then hopped their output to:80.75.69.201
> 80.75.69.201  WHITELISTED:            sa-accredit.habeas.com

FYI, 80.75.69.192 - 80.75.69.255 belongs to Easydate Ltd in Edinburgh. 


/Per Jessen, Zürich

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

Charles Gregory wrote:

> I don't care. Spamassassin does not have an 'opinion'. It has a
> methodology. 

Umm, it also has a set of rules which essentially make up the
SA "opinion". 


/Per Jessen, Zürich

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Charles Gregory <cg...@hwcn.org>]

On Fri, 4 Dec 2009, richard@buzzhost.co.uk wrote:
>> Okay, let's be methodical. Let us indeed start with those.
>> Did anyone else get them?

No answer.

>> If, so, how did they score?

No answer.

>> If not, then why did only Richard get them?

No answer.

> Point 1 - The Subject that was changed on the other post. JD Falk made
> the original change to abuse me. Go back to the archive and take a look.
> I just inverted it.

I don't care. You can each call the other all the names you want.
But if there is a legitimate issue, it will be answered by addressing the 
questions I posed.

> Point 2 -
> I've stated my opinions on organisations that are involved in bulk
> mailing, but that's all it is. An opinion. They are like axxholes,
> everyone has one.

I don't care. Spamassassin does not have an 'opinion'. It has a
methodology. If that methodology requires review/correction, your opinion 
provides no quantitative feedback.

> Point 3 - My Habeas issue is not about quantity.

If you read my post you would have grasped the simple idea that if ANY 
spam comes to your attention, it is very likely the tip of an unseen 
iceberg of missed spam. So we treat it seriously and investigate. I didn't 
ask how *much* anyone got. I asked whether there was something peculiar to 
your situation that prevented other people from seeing this problem.
see *nay

> ..... I can only cite the current ongoing issue with DateTheUk.
> A company that fished a watermarked address from a Facebook 'Farmville'
> group and then spammed it.

Good enough to work with. You've posted your data, now my next question 
is whether anyone else sees the same mail. Just because I don't see it 
over here in Canada doesn't mean you are the only one. But it may very 
well highlight a 'regional bias' in the main spamassassin test corpora.

> 80.75.69.195	WHITELISTED:		sa-accredit.habeas.com
> 80.75.69.201	WHITELISTED:		sa-accredit.habeas.com

Which now leads back to questions about whether we're seeing *hacked* 
servers that just *happen* to be habeas accredited?

> The customer also hits on: list.dnswl.org, so they are clearly aware of
> the need to grease the wheels. Spamassassin was passing the stuff at -9.

(nod) I've seen similar scores on (obvious) spam from 'mailengine'.

> It's not about the listing of a Rogue Customer, it's why they are not
> delisted for doing it - this would give some kind of confidence back.

It may not be the 'customer' at all. Never attribute to malice that which 
can be ascribed to ignorance.

> My personal view is no blind eye should be turned to any spammer,
> especially one coming from a so called reputable source.

So let's get back to defining the source. We've got a habeas 
representative on here? Let's trace this 'datetheul' stuff and see if it 
really is their legitimate business.

By the by, I think I posted on this list a while ago on a similar 
question, as to whether we could really trust *any* whitelists, as they 
simply made for a *deliberate* target of botnet owners. No one made a fuss 
about it before, but what about now? Maybe, once again, the flaw is in 
having a whitelisting system that relies upon third party servers with 
unknown security.

> Point 4 -
> All that is largely irrelevant to this list, but my point of interest is
> why a commercial white list appears in Spamassassin with the default
> scores set the way they are? It's perfectly reasonable to ask.

Well, the obvious 'startnig answer' (just to cut the pedants short) is 
that a whitelist *should* generally betoken increased trust in a source, 
and that it is 'permitted' to look a 'little' spammy because their 
business is advertisting, but not 'spam'. So with that category of mail in 
the 'ham' corpora, spamassassin score generation allows a generous 
negative score. The flaw, here, may be regional bias. Perhaps Spamassassin 
should get a bit more sophsiticated and attempt to generate corpora for 
different regions?


> It could be expanded to ask if there are any plans to include whitelists 
> from other vendors in the default, such as Apache donator Barracuda? 
> Perhaps emailreg.org with a -4 score in the next SA release?

That is the most meaningful question. What is the policy for inclusion, 
and how reliable is it? The key to understanding is to verify whether the 
'spam' you see is *actually* from the 'customer' who obtained the habeas 
accredit and then probe how we would deal with a 'yes' or a 'no'.

> Much that the personality battles and offlist threats and abuse amuse
> me, my question is perfectly reasonable, has it's foundation in fact and
> is on topic.

Which is pretty much what I said. I just clarified the question because 
pedants were answering "because the developers like it".....

But it might help to skip the personality/ad hominem crap. Prove that the 
mail you receive is the rightful mail of the legitimate IP address owner, 
and then ask the habeas people how they 'earned' that accredit....

- C

Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

I've just had another one to a honeypot - care of myspace. My dog does
not have a myspace account. Again, this is a harvested email address.

204.16.33.75	WHITELISTED:		sa-accredit.habeas.com

Whilst I appreciate that nobody would turn their noses up at taking $$$
from someone like myspace, there are some serious concerns about their
data here.

I'll check with my dog to make sure he has not subscribed whilst I
turned my back .........

Received: from vmta12.myspace.com (vmta12.myspace.com [204.16.33.75]) by
 ..... with ESMTP id  for
 <.....>; Fri,  4 Dec 2009 19:48:32 +0000 (GMT)

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

Charles Gregory wrote:

> There's a need. A real genuine need for services like Habeas.  

It almost certainly depends on your environment - like my numbers
showed, over four months, I only had 45 emails that would have gone
down the drain without Habeas.  In comparison to what was processed
that is an incredibly low number.


/Per Jessen, Zürich

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

What I call spam you may call ham. What I call ham you might call spam.

One ring to control them all er one list to filter them all inherently 
cannot
work, especially when people change their minds and decide to
"unsubscribe with extreme prejudice."

{^_^}
----- Original Message ----- 
From: "LuKreme" <kr...@kreme.com>
To: <us...@spamassassin.apache.org>
Sent: Monday, 2009/December/07 09:22
Subject: Re: HABEAS_ACCREDITED WHY BY DEFAULT?


On 7-Dec-2009, at 09:03, Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas. But they 
> need to be *very* well managed and policed. And it seems, from some 
> complaints, that this is not happening....


How a service like HABEAS needs to work is that 1) It keeps a massive 
database of email addresses that are known to either be bad, or to be users 
who have specifically submitted their addresses as not accepting any 
unsolicited unconfirmed emails, ever.  A spammer — er, marketer, submits 
their mailing list and it is 'cleaned' of all those addresses, then 
submitted back to the spammer.

The spammer, in order to register with the service has to pay some amount of 
money (probably a range of $0-$1,000,000 depending on the size of their list 
and profit/non-profit status of the sender) that is held in a third party 
trust. This is money that is deposited in addition to whatever charges there 
are to clean the list. If the spammer sends any messages to an address that 
was scrubbed, then the trust money is donated to some charity and the 
spammers account with the service is revoked and their ENTIRE IP CLASS is 
submitted to RBLs. In addition, bounce processing for the spam—er, marketing 
email is handled by the service. Addresses that bounce are added to the 
database of bad addresses. Spam complaints are added to the database of 
opt-out addresses.

THAT service I would allow negative points to in my SA. I can't imagine any 
other commercial whitelist that I would allow negative points for.

-- 
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper
is this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's
dead."

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[LuKreme <kr...@kreme.com>]

On 7-Dec-2009, at 09:03, Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas. But they need to be *very* well managed and policed. And it seems, from some complaints, that this is not happening....


How a service like HABEAS needs to work is that 1) It keeps a massive database of email addresses that are known to either be bad, or to be users who have specifically submitted their addresses as not accepting any unsolicited unconfirmed emails, ever.  A spammer — er, marketer, submits their mailing list and it is 'cleaned' of all those addresses, then submitted back to the spammer.

The spammer, in order to register with the service has to pay some amount of money (probably a range of $0-$1,000,000 depending on the size of their list and profit/non-profit status of the sender) that is held in a third party trust. This is money that is deposited in addition to whatever charges there are to clean the list. If the spammer sends any messages to an address that was scrubbed, then the trust money is donated to some charity and the spammers account with the service is revoked and their ENTIRE IP CLASS is submitted to RBLs. In addition, bounce processing for the spam—er, marketing email is handled by the service. Addresses that bounce are added to the database of bad addresses. Spam complaints are added to the database of opt-out addresses.

THAT service I would allow negative points to in my SA. I can't imagine any other commercial whitelist that I would allow negative points for.

-- 
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper
	is this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's
	dead."

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

> On Sat, 5 Dec 2009, Per Jessen wrote:
>> Won't customers dealing with such a company will have whitelisted them
>> long ago?
>
> For every 'mark' that is out there, stupidly entering their e-mail and  
> then getting a bunch of ads for which they didn't realize they had given  
> permission, there are people that are equally technologically illiterate  
> that don't *think* that they need to do *anything* 'special' to make the  
> mail from their favorite drug company arrive in their mailbox. They see  
> very little spam (thanks to MY efforts - preen, preen) and so they don't  
> think of a spam 'problem' and that the mail they just requested might not 
> make it through.

On 07.12.09 11:03, Charles Gregory wrote:
> So I end up with a customer on the phone complaining. So if that drug  
> company could get themselves on a 'standard' whitelist which I already  
> trust and use, then I don't have to do anything special, and neither does 
> my customer.

I find it a bit funny that you blame HABEAS whitelist, while you recommend
"ordinary" whitelist where both have some rules for listing, and I think
HABEAS has even more scrct rules.

I am not telling that you are correct or not, it's just my observation
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Charles Gregory <cg...@hwcn.org>]

On Sat, 5 Dec 2009, Per Jessen wrote:
> Won't customers dealing with such a company will have whitelisted them
> long ago?

For every 'mark' that is out there, stupidly entering their e-mail and 
then getting a bunch of ads for which they didn't realize they had given 
permission, there are people that are equally technologically illiterate 
that don't *think* that they need to do *anything* 'special' to make the 
mail from their favorite drug company arrive in their mailbox. They see 
very little spam (thanks to MY efforts - preen, preen) and so they don't 
think of a spam 'problem' and that the mail they just requested might not 
make it through.

So I end up with a customer on the phone complaining. So if that drug 
company could get themselves on a 'standard' whitelist which I already 
trust and use, then I don't have to do anything special, and neither does 
my customer.

Some companies are smart enough to add a note to their website that says 
"be sure to add us to your whitelist", but that doesn't help the thousands
of people who read it and say "too complicated for me I hope it works" and 
call me if it doesn't.... :)

There's a need. A real genuine need for services like Habeas. But they 
need to be *very* well managed and policed. And it seems, from some 
complaints, that this is not happening....

- Charles

Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

From: "Per Jessen" <pe...@computer.org>
Sent: Saturday, 2009/December/05 02:20


Charles Gregory wrote:

> On Fri, 4 Dec 2009, Per Jessen wrote:
>> The other side of the argument is - why does any legitimate company
>> need to employ a service such as Habeas/Returnpath/whatever?
> 
> Any legitimate drug company that wants to send price lists to its
> legitimate distributors or end customers, upon request, even if not a
> mailing list mail, but specific, one-by-one request/response mails,
> would have trouble with spam filters that check for drug names and
> percentages and hot words like 'sale'. 

Won't customers dealing with such a company will have whitelisted them
long ago? 


<<jdow: You could take it to the bank that most won't figure out how,
no matter how simple you make it for them. And they WILL complain.


{^_^}
        No matter how idiot proof you make your product you will find that
        God rewards you by presenting you with a better idiot.

Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

McDonald, Dan wrote:

> On Dec 5, 2009, at 4:20 AM, "Per Jessen" <pe...@computer.org> wrote:
> 
>> Charles Gregory wrote:
>>
>>> On Fri, 4 Dec 2009, Per Jessen wrote:
>>>> The other side of the argument is - why does any legitimate company
>>>> need to employ a service such as Habeas/Returnpath/whatever?
>>>
>>> Any legitimate drug company that wants to send price lists to its
>>> legitimate distributors or end customers, upon request, even if not
>>> a mailing list mail, but specific, one-by-one request/response
>>> mails, would have trouble with spam filters that check for drug
>>> names and percentages and hot words like 'sale'.
>>
>> Won't customers dealing with such a company will have whitelisted
>> them long ago?
> 
> No. I only locally whitelist when there is a reported problem, and
> only as a last resort.

Same here, but that means any regular business partner in the pharma
business will have been whitelisted long ago.  All it takes is one FP. 


/Per Jessen, Zürich

Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["McDonald, Dan" <Da...@austinenergy.com>]

On Dec 5, 2009, at 4:20 AM, "Per Jessen" <pe...@computer.org> wrote:

> Charles Gregory wrote:
>
>> On Fri, 4 Dec 2009, Per Jessen wrote:
>>> The other side of the argument is - why does any legitimate company
>>> need to employ a service such as Habeas/Returnpath/whatever?
>>
>> Any legitimate drug company that wants to send price lists to its
>> legitimate distributors or end customers, upon request, even if not a
>> mailing list mail, but specific, one-by-one request/response mails,
>> would have trouble with spam filters that check for drug names and
>> percentages and hot words like 'sale'.
>
> Won't customers dealing with such a company will have whitelisted them
> long ago?

No. I only locally whitelist when there is a reported problem, and  
only as a last resort. There is no way for me to know all of the  
"trusted partners" that we might do business with. A common whitelist  
of legitimate companies is a welcome thing for me.

The other way I use it, when I get complaints about receiving "spam",  
is to determine if it is safe to unsubscribe. My users know that bad  
spammers use unsubscribes as reconnaissance to add valid addresses to  
their lists. So, when they forgot that they signed up for something, I  
will often unsubscribe them from a company that is listed in returnpath.


>
> /Per Jessen, Zürich
>

Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

Charles Gregory wrote:

> On Fri, 4 Dec 2009, Per Jessen wrote:
>> The other side of the argument is - why does any legitimate company
>> need to employ a service such as Habeas/Returnpath/whatever?
> 
> Any legitimate drug company that wants to send price lists to its
> legitimate distributors or end customers, upon request, even if not a
> mailing list mail, but specific, one-by-one request/response mails,
> would have trouble with spam filters that check for drug names and
> percentages and hot words like 'sale'. 

Won't customers dealing with such a company will have whitelisted them
long ago? 


/Per Jessen, Zürich

Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Charles Gregory <cg...@hwcn.org>]

On Fri, 4 Dec 2009, Per Jessen wrote:
> The other side of the argument is - why does any legitimate company need
> to employ a service such as Habeas/Returnpath/whatever?

Any legitimate drug company that wants to send price lists to its 
legitimate distributors or end customers, upon request, even if not a 
mailing list mail, but specific, one-by-one request/response mails, would 
have trouble with spam filters that check for drug names and percentages 
and hot words like 'sale'. The preponderance of drug spams makes it very 
difficult for these companies. Help from a whitelist is a welcome thing.
But it becomes useless if the spammers suborn the process.

- Charles

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

From: "Per Jessen" <pe...@computer.org>
Sent: Friday, 2009/December/04 11:19


Chr. von Stuckrad wrote:

> After all this debate about a negatively scored rule I'd disable it
> anyway, because the spammers on the list will target it specifically
> now, knowing it works well for them.

The other side of the argument is - why does any legitimate company need
to employ a service such as Habeas/Returnpath/whatever? 
If their customer emails are getting caught as spam, surely they or SA
is doing something wrong to begin with.  There is not much spam that is
getting caught purely based on content, most is getting caught on
origin and its reputation. 

<<jdow: I have several email sources with which I have a "relationship"
as in signed up for that are not important enough to me to outright
whitelist. I have fun watching them dance around the deadly 5.0 score.
OK OK it is fun for the feeble minded or somebody needing a dose of
graveyard humor, I suppose. But it illustrates the problem an ISP spam
filter might have.

JD's description indicates RP makes an honest attempt to scrub their
lists when problems appear. And, if they do not hear of a problem their
list does not get scrubbed. And if a user plays the 'report as spam'
trick to unsubscribe to a list (something a legitimate friend of mine
experiences too often) that can result in problems for everybody, JD,
his customers, and the cut-off recipients. RP has taken on a job that
is not trivial.

{^_^}

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Per Jessen <pe...@computer.org>]

Chr. von Stuckrad wrote:

> After all this debate about a negatively scored rule I'd disable it
> anyway, because the spammers on the list will target it specifically
> now, knowing it works well for them.

The other side of the argument is - why does any legitimate company need
to employ a service such as Habeas/Returnpath/whatever? 
If their customer emails are getting caught as spam, surely they or SA
is doing something wrong to begin with.  There is not much spam that is
getting caught purely based on content, most is getting caught on
origin and its reputation. 


/Per Jessen, Zürich

RE: HABEAS_ACCREDITED WHY BY DEFAULT?

[R-Elists <li...@abbacomm.net>]

> 
> After all this debate about a negatively scored rule I'd 
> disable it anyway, because the spammers on the list will 
> target it specifically now, knowing it works well for them.
> 
> Stucki

Stucki,

it seems to me that you, of all people, would want a small negative or
positive score on that rule (or any rule) for statistical purposes...

being in the math department and all

:-)

logically, why would you just zero it then?

 - rh

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["Chr. von Stuckrad" <st...@mi.fu-berlin.de>]

On Fri, 04 Dec 2009, richard@buzzhost.co.uk wrote:

> Point 4 -
> All that is largely irrelevant to this list, but my point of interest is
> why a commercial white list appears in Spamassassin with the default
> scores set the way they are? It's perfectly reasonable to ask. It could
> be expanded to ask if there are any plans to include whitelists from
> other vendors in the default, such as Apache donator Barracuda? Perhaps
> emailreg.org with a -4 score in the next SA release?

So if, after a while of wading through the debate, I understand this
right, it boils down to 'are spammers buying out spamassassin
rule-makers' or 'do we have to assume that spamassassin development
was taken over by spammers' or some such theory?

Wouldn't it be far easier to believe, that in long gone times when
'habeas' seemed to proof nonspam (I seem to remember it worked a
while) somebody put that rule in.  And a while later lots of people
simply set their habeas rules to zero after noticing spam-with-habeas.
(the oldest mails with 'Subject:.*habeas' I can find in my archive
were about habeas haikus and these were beginning to be faked 2003/4).

Then I personally simply forgot the whole thing ... til yesterday :-)
AND if the spam-with-habeas is seldom seen it might simply vanish
in the noise or hide below the other rules until somebody(!) notices.

For me all this means - simply forget (zero out) the rules - and if
need be file a bug/request/whatever to get them removed - but not that
I'd assume that spamassassin was subverted to allow spammers? But even
if it were so, it could not go on very long - somebody would(did?) wonder ...

After all this debate about a negatively scored rule I'd disable it
anyway, because the spammers on the list will target it specifically
now, knowing it works well for them.

Stucki

-- 
Christoph von Stuckrad      * * |nickname |Mail <st...@mi.fu-berlin.de> \
Freie Universitaet Berlin   |/_*|'stucki' |Tel(Mo.,Mi.):+49 30 838-75 459|
Mathematik & Informatik EDV |\ *|if online|  (Di,Do,Fr):+49 30 77 39 6600|
Takustr. 9 / 14195 Berlin   * * |on IRCnet|Fax(home):   +49 30 77 39 6601/

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Fri, 2009-12-04 at 10:50 -0500, Charles Gregory wrote:
> On Fri, 4 Dec 2009, richard@buzzhost.co.uk wrote:
> > Qualifies what, that I get UBE that is Habeas Accredited? Should I start
> > with the 40 from 'DateTheuk' in the last 8 days?
> 
> Okay, let's be methodical. Let us indeed start with those.
> 
> Did anyone else get them?
> If, so, how did they score?
> If not, then why did only Richard get them?
> 
> Keep in mind that a 'problem' may be buried by conditions where most of 
> the spam still gets flagged, then blocked because of other positive 
> scoring tests, so we don't *see* the habeas test firing....
> I don't record hits on rules in mail that is flagged ham, but notice that 
> I do see the habeas rule in a couple of cases where I have deliberately 
> blacklisted a mail server like 'mailengine'.
> 
> - Charles
Point 1 - The Subject that was changed on the other post. JD Falk made
the original change to abuse me. Go back to the archive and take a look.
I just inverted it. 

Point 2 -
I've stated my opinions on organisations that are involved in bulk
mailing, but that's all it is. An opinion. They are like axxholes,
everyone has one. 

Point 3 - My Habeas issue is not about quantity. Most of the previous
Habeas spam I did not log, and I regret that.I've set things up
differently so I log each and everyone from now on. So other than my
worthless word I can only cite the current ongoing issue with DateTheUk.
A company that fished a watermarked address from a Facebook 'Farmville'
group and then spammed it.

This was raised as the IP appeared in HABEAS and for a few hours it
'vanished' from the list. It's back there now, but DateTheUk is now
pumping out via an ip six decimal places up on the last octet.

80.75.69.195	WHITELISTED:		sa-accredit.habeas.com

The customer concerned then hopped their output to:80.75.69.201
80.75.69.201	WHITELISTED:		sa-accredit.habeas.com

The customer also hits on: list.dnswl.org, so they are clearly aware of
the need to grease the wheels. Spamassassin was passing the stuff at -9.

It's not about the listing of a Rogue Customer, it's why they are not
delisted for doing it - this would give some kind of confidence back.

My personal view is no blind eye should be turned to any spammer,
especially one coming from a so called reputable source.

Point 4 -
All that is largely irrelevant to this list, but my point of interest is
why a commercial white list appears in Spamassassin with the default
scores set the way they are? It's perfectly reasonable to ask. It could
be expanded to ask if there are any plans to include whitelists from
other vendors in the default, such as Apache donator Barracuda? Perhaps
emailreg.org with a -4 score in the next SA release?

Much that the personality battles and offlist threats and abuse amuse
me, my question is perfectly reasonable, has it's foundation in fact and
is on topic.

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Charles Gregory <cg...@hwcn.org>]

On Fri, 4 Dec 2009, richard@buzzhost.co.uk wrote:
> Qualifies what, that I get UBE that is Habeas Accredited? Should I start
> with the 40 from 'DateTheuk' in the last 8 days?

Okay, let's be methodical. Let us indeed start with those.

Did anyone else get them?
If, so, how did they score?
If not, then why did only Richard get them?

Keep in mind that a 'problem' may be buried by conditions where most of 
the spam still gets flagged, then blocked because of other positive 
scoring tests, so we don't *see* the habeas test firing....
I don't record hits on rules in mail that is flagged ham, but notice that 
I do see the habeas rule in a couple of cases where I have deliberately 
blacklisted a mail server like 'mailengine'.

- Charles

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

["richard@buzzhost.co.uk" <ri...@buzzhost.co.uk>]

On Fri, 2009-12-04 at 04:16 -0800, jdow wrote:
> From: "Yet Another Ninja" <sa...@alexb.ch>
> Sent: Friday, 2009/December/04 02:28
> 
> 
> > On 12/4/2009 10:57 AM, richard@buzzhost.co.uk wrote:
> >  > FINAL
> >> This is not a social club, it's a question and issues list for
> >> Spamassassin. My question and issue is why, by default, does
> >> Spamassassin use the HABEAS white list, and why is it out of the box set
> >> with a score to favour delivery of their junk? It's a fair question. The
> >> answer 'just change the score' is not the correct answer. 
> > 
> > the answer is totally correct. SA is a framework, which luckily allows 
> > YOU do whatever you want with it, so please do, whatever YOU want (that 
> > does not include beating a dead horse on the list) and move on.
> > 
> >> The correct answer will be precisely why this state of affairs exists.
> > 
> > - because developers think/have thought its a good idea.
> > 
> > - because nobody other than you makes such a noise about it. And YOU who 
> > are so against, have you submitted a bug to have whatever reconsidered.
> > 
> > EOT
> 
> Heh, at this site procaine sits in front of SA. It has a few email
> addresses, a very few, redirected to their own folders that I check
> any time I want some "amusement of that kind." I want to find out just
> how much Richard qualifies for this dubious honor.
> 
> {^_-}

Qualifies what, that I get UBE that is Habeas Accredited? Should I start
with the 40 from 'DateTheuk' in the last 8 days? 

That's 40 to many - would you like to talk in hundreds and thousands to
justify removal or changing of a default white list score?

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

Outlook Express spell checker, that is Procmail not your stupid
substitution however apt it might be.

{+_+}
----- Original Message ----- 
From: "jdow" <jd...@earthlink.net>
Sent: Friday, 2009/December/04 04:16


> Heh, at this site procaine sits in front of SA. It has a few email

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

From: "Yet Another Ninja" <sa...@alexb.ch>
Sent: Friday, 2009/December/04 02:28


> On 12/4/2009 10:57 AM, richard@buzzhost.co.uk wrote:
>  > FINAL
>> This is not a social club, it's a question and issues list for
>> Spamassassin. My question and issue is why, by default, does
>> Spamassassin use the HABEAS white list, and why is it out of the box set
>> with a score to favour delivery of their junk? It's a fair question. The
>> answer 'just change the score' is not the correct answer. 
> 
> the answer is totally correct. SA is a framework, which luckily allows 
> YOU do whatever you want with it, so please do, whatever YOU want (that 
> does not include beating a dead horse on the list) and move on.
> 
>> The correct answer will be precisely why this state of affairs exists.
> 
> - because developers think/have thought its a good idea.
> 
> - because nobody other than you makes such a noise about it. And YOU who 
> are so against, have you submitted a bug to have whatever reconsidered.
> 
> EOT

Heh, at this site procaine sits in front of SA. It has a few email
addresses, a very few, redirected to their own folders that I check
any time I want some "amusement of that kind." I want to find out just
how much Richard qualifies for this dubious honor.

{^_-}

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Yet Another Ninja <sa...@alexb.ch>]

On 12/4/2009 10:57 AM, richard@buzzhost.co.uk wrote:
  > FINAL
> This is not a social club, it's a question and issues list for
> Spamassassin. My question and issue is why, by default, does
> Spamassassin use the HABEAS white list, and why is it out of the box set
> with a score to favour delivery of their junk? It's a fair question. The
> answer 'just change the score' is not the correct answer. 

the answer is totally correct. SA is a framework, which luckily allows 
YOU do whatever you want with it, so please do, whatever YOU want (that 
does not include beating a dead horse on the list) and move on.

> The correct answer will be precisely why this state of affairs exists.

- because developers think/have thought its a good idea.

- because nobody other than you makes such a noise about it. And YOU who 
are so against, have you submitted a bug to have whatever reconsidered.

EOT

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[Kris Deugau <kd...@vianet.ca>]

jdow wrote:
> Color me smartassed but I want numbers not accusations. Can the
> rhetoric and in bland neutral terms describe what you see in terms of
> numbers, possible business relations, however loose, and so forth.

Here's some numbers to play with:

~500K messages delivered daily (as in, passed on to from Postfix to the 
program that actually writes the message to the customer's mailbox tree 
somewhere)

~16K of ~48K accounts have spam filtering enabled

Since Jan 1 2009, hits on HABEAS* rules have resulted in an average of:

        rulename        |       spamperday       |       hamperday
-----------------------+------------------------+-----------------------
  HABEAS_ACCREDITED_COI | 0.04154302670623145401 |  161.4124629080118694
  HABEAS_ACCREDITED_SOI |     6.4124629080118694 | 3887.0326409495548961

(I run a daily script to stuff yesterday's SA log data into a database; 
  so far I haven't gotten around to doing anything with the data.)

I can't attest to the accuracy of any of the hits because this is an ISP 
mail system.  But even considering only a third of the accounts have 
filtering enabled, that's still somewhere in the neighbourhood of 1% of 
all mail hitting HABEAS_ACCREDITED_*.

Checking the spam reporting account shows no actual spams reported with 
HABEAS hits, and one legitimate book fair travel ad from a publishing 
company hitting _SOI;  about 8500 messages have been reported and 
confirmed.  A further ~350 have been reported, but considered legit.

Admittedly, I have to consider a broader range of mail to be 
"legitimate"... but I really haven't had to strain very hard in making 
that distinction in hand-confirming messages reported as spam.

Checking my own personal account on my own server shows a newsletter for 
a rewards program with my bank, occasional messages from eBay, and a 
message from Adobe.  All legitimate.  I don't keep spam around all that 
long, but what's still sticking around doesn't show any HABEAS* hits.

-kgd

Re: HABEAS_ACCREDITED WHY BY DEFAULT?

[jdow <jd...@earthlink.net>]

From: <ri...@buzzhost.co.uk>
Sent: Friday, 2009/December/04 01:57


> On Fri, 2009-12-04 at 00:18 -0800, jdow wrote:
>> From: "LuKreme" <kr...@kreme.com>
>> Sent: Thursday, 2009/December/03 20:55
>>
>>
>> > On Dec 3, 2009, at 13:43, "richard@buzzhost.co.uk" 
>> > <richard@buzzhost.co.uk
>> > > wrote:
>> >> On Thu, 2009-12-03 at 11:23 -0700, J.D. Falk wrote:
>> >>> On Dec 2, 2009, at 12:59 AM, richard@buzzhost.co.uk wrote:
>> >
>> > Look, get a room. Or at least take this twisted courtship dance 
>> > offlist
>> > and spare us, please.
>>
>> With all the animosity on this issue I decided to give the HABEAS
>> rules a score, a negligible score to be sure, just to see what the
>> state of HABEAS is for me today.
>>
>> In the last four days - nothing either spam or ham.
>>
>> Those seeing HABEAS hits: are the hits ancient haiku hits or are they
>> the modern DNS test version? I imagine the haiku is still used by
>> some spammers. The DNS tests should legitimately show a rather small
>> percentage of spam. It appears (weasel word notice) ReturnPath puts
>> its members through a wringer to get the approval levels.
>>
>> And how was the email determined to be unsolicited? (I believe in one
>> case it was a "never used spam trap address.")
>>
>> Let's lay some facts out on the table rather than heap a load of
>> anecdotal poo on JD over various HABEAS hits.
>>
>> And JD, I don't see on your site what it "costs" people to get listed
>> on your DNS approval lists other than some tests and documentation. Is
>> it possible spammers simply submit some buttered up documentation, get
>> approved, and accept getting it knocked back off your lists rapidly as
>> a business "time" expense?
>>
>> Less shouting and more data and facts seems to be called for on both
>> sides. And for the nonce I'll grant both sides the legitimacy of their
>> frustrations on this HABEAS thing.
>>
>> I note that JD is quite willing to discuss (and seemed to recommend)
>> a lowered default score. That seems quite reasonable.
>>
>> {^_^}    (Another JD, Jolly Dirty Old Woman type.)
>>
> PREAMBLE:
> It's simple for me - I'm not out to win friends or influence anyone and
> I find those that grease the wheels for the wholesale distribution of
> spam (be it they hold the view it is legitimate or not) in exchange for
> money - whilst claiming to be anti-spam - sick individuals that deserve
> a good kicking at the very least. That's just my personal view.
>
> RETURN PATH OFFER A PAID FACILITY TO ASSIST IN THE DELIVERY OF UBE.
> That's what they do - no matter how nicey nicey Mr Falk may appears to
> be. It's his job.
>
> SPAMASSASSIN is about assassinating spam - not facilitating it. Negative
> scores applied to a bulk mailing service without the users consent (the
> default for Spamassassin is to allow this rule at a minus score) has me
> wondering just who's in bed with who? There may be a reasonable argument
> that Spamassassin, as configured by default, gives unfair commercial
> advantage to HABEAS registered spammers and I'm more curious to find out
> WHY than anything else. It would be acceptable for me if it shipped with
> a zero score by default with notes in the readme for giving it a minus
> score at the users discretion.
>
> Although this is only a few points in the wrong direction, the
> implications this has for the integrity of Spamassassin as an anti-spam
> system is in question. Are Return Path making regular donations to
> Apache and wanting something in return? What possible plausible reason
> is there for a bulk mailing whitelist to appear with a favourable score
> in a program heavily used to block spam?
>
> Being well known companies that a person may have once done a very small
> amount of business with does not mean that their UBE habits are
> acceptable in any way.
>
> FACT
> For me, until I changed it to a positive +10 score for HABEAS, the only
> time I saw the name was in unwanted UBE - to me, that is SPAM. Making a
> fuss on this list (and nowhere else) suddenly had IP's disappear off the
> HABEAS list. {dark forces at work indeed}. The kind of people this has
> appeared in are not the expected MAINSLEAZE, but shabby bottom feeders.
> The kind that think registering with PaytoSpam services (be that a
> listing in emailreg.org or Habeas Accreditation) will make them in some
> way legitimate in their actions.
>
> FINAL
> This is not a social club, it's a question and issues list for
> Spamassassin. My question and issue is why, by default, does
> Spamassassin use the HABEAS white list, and why is it out of the box set
> with a score to favour delivery of their junk? It's a fair question. The
> answer 'just change the score' is not the correct answer. The correct
> answer will be precisely why this state of affairs exists.

Color me smartassed but I want numbers not accusations. Can the
rhetoric and in bland neutral terms describe what you see in terms of
numbers, possible business relations, however loose, and so forth.

I do note I also want a précis's of what ReturnPath insists upon for
opting into receiving business emails. If it is double opt-in that is
good. If it's "I sent one inquiry, received an answer, and presumed
that was the end of the affair but messages keep coming" that is another.
(It is staggeringly bad marketing behavior. But, these days that is an
epidemic.)

Then let's compare what is seen with what is claimed on both sides of
this battle royale. The name calling creates no progress to a worthwhile
understanding. It may be that ReturnPath has a hole in their qualification
process they need to plug to restore their reputation. If it leads to
their DNS tool being a better tool for spam fighting so be it. (I suspect
the default is as wonkity off one way as your +10 is the other.)

If this were a debate JD would be winning at this point, mainly for
holding his rhetoric away from ad-hominem attacks.

{^_^}