You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <mi...@secnap.com> on 2011/08/10 20:44:38 UTC

linked in spam/return path certified spam

back in (January), we discussed two things
<http://mail-archives.apache.org/mod_mbox/spamassassin-users/201101.mbox/%3C4D401A96.4000000@secnap.com%3E>

#1, having a change in the description of these auto whitelisted spammers,
#2, return path cleaning out their spammers.

got this spam from linked in:

<http://pastebin.com/0vugB6fc>

you can't unsubscribe, not without becoming a member.
(that link is NOT an unsubscribe link.)

linked in members can download a list of email addresses they have 
purchased, and SPAM YOU.
(and you can't opt out without joining linked in.. and by joining linked 
in, you have given them permission to spam you)

companies that have automatic whitelisting that is included in 
spamassassin should have an easier way of reporting abuse.
dnswl has (its easy to find on their web site), but how and why they can 
give them a dnswl_med when you can't unsubscribe is beyond me.
you still don't have anything in the description on these rules.


     DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3,
  , RCVD_IN_RP_CERTIFIED=-0.01,
     RCVD_IN_RP_SAFE=-0.01,

I googled for about 20 mins, and finally found this:
certification@returnpath.net

it is NOT on their web site:
google  site:returnpath.net report+spam
(something about hitting the 'report spam' button) which linked  in does 
NOT have in their spam.



-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
 >*| *SECNAP Network Security Corporation

    * Best Mobile Solutions Product of 2011
    * Best Intrusion Prevention Product
    * Hot Company Finalist 2011
    * Best Email Security Product
    * Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________

Re: linked in spam/return path certified spam

Posted by Kris Deugau <kd...@vianet.ca>.

Michael Scheidell wrote:
> got this spam from linked in:
>
> <http://pastebin.com/0vugB6fc>
>
> you can't unsubscribe, not without becoming a member.
> (that link is NOT an unsubscribe link.)

*nods*  I've gone a couple of rounds several times with their support 
drones trying to get it through that, as a mail admin, I would 
appreciate it if their "Hey, Bob has invited you to join!" messages 
included a "Don't bug me again" link, so I can advise customers 
receiving these (and not wanting them) to just click the link and not be 
contacted again.

I'm pretty sure I never really got it through their heads.  :(

I've pretty much given up, and taken to just adding a suitable blacklist 
filter rule to our SA glue layer for customers reporting these things. 
At least they'll never see another LinkedIn message in their inbox that 
way....

-kgd

Re: linked in spam/return path certified spam

Posted by Jim Knuth <jk...@jkart.de>.

am 11.08.11 00:31 schrieb Benny Pedersen <me...@junc.org>:

> On Thu, 11 Aug 2011 00:23:38 +0200, Jim Knuth wrote:
>
>>> cat /etc/postfix/sender_envelope_blacklist_domains
>>> linkedin.com REJECT
>>> .linkedin.com REJECT
>>
>> the dot is not necessary
>> only linkedin.com REJECT - nothing more ;)
>
> so accept bounce.linkedin.com ?
>
>

yes. accepted ALL before linkedin.com AND only linkedin.com.
In Postfix is that without dot ready.


-- 
Mit freundlichen Grüßen,
with kind regards,
Jim Knuth
---------
Wo die Pferde versagen, schaffen es die Esel.
(Johannes XXIII.)

Re: linked in spam/return path certified spam

Posted by Benny Pedersen <me...@junc.org>.

On Thu, 11 Aug 2011 00:23:38 +0200, Jim Knuth wrote:

>> cat /etc/postfix/sender_envelope_blacklist_domains
>> linkedin.com REJECT
>> .linkedin.com REJECT
>
> the dot is not necessary
> only linkedin.com REJECT - nothing more ;)

so accept bounce.linkedin.com ?

Re: linked in spam/return path certified spam

Posted by Jim Knuth <jk...@jkart.de>.

am 11.08.11 00:15 schrieb Benny Pedersen <me...@junc.org>:

> On Wed, 10 Aug 2011 14:44:38 -0400, Michael Scheidell wrote:
>
>> it is NOT on their web site:
>> google site:returnpath.net report+spam
>> (something about hitting the 'report spam' button) which linked in
>> does NOT have in their spam.
>
> cat /etc/postfix/sender_envelope_blacklist_domains
> linkedin.com REJECT
> .linkedin.com REJECT

the dot is not necessary
only linkedin.com REJECT - nothing more ;)
>
> add it as a check_sender_access in postfix


-- 
Mit freundlichen Grüßen,
with kind regards,
Jim Knuth
---------

Nicht durch Zorn, sondern durch Lachen tötet man.
[Nietzsche]

Re: linked in spam/return path certified spam

Posted by Benny Pedersen <me...@junc.org>.

On Wed, 10 Aug 2011 14:44:38 -0400, Michael Scheidell wrote:

> it is NOT on their web site:
> google  site:returnpath.net report+spam
> (something about hitting the 'report spam' button) which linked  in
> does NOT have in their spam.

cat /etc/postfix/sender_envelope_blacklist_domains
linkedin.com REJECT
.linkedin.com REJECT

add it as a check_sender_access in postfix