Mailing List Archive

1 2  View All
Re: HABEAS_ACCREDITED SPAMMER [ In reply to ]
On Fri, Dec 4, 2009 at 7:33 AM, Bowie Bailey <Bowie_Bailey@buc.com> wrote:
> LuKreme wrote:
>> On 4-Dec-2009, at 01:18, jdow wrote:
>>
>>> With all the animosity on this issue I decided to give the HABEAS
>>> rules a score, a negligible score to be sure, just to see what the
>>> state of HABEAS is for me today.
>>>
>>> In the last four days - nothing either spam or ham.
>>>
>>
>> I tend to see little clusters of HABEAS scores, but they are rare. I might see only 10-20 a month.
>
> After following this thread for a while, I decided to take a look at my
> server.  So here's one more data point:
>
> In the last month, I have seen 718 messages that hit one of the HABEAS
> rules.  Of those, none of them had an overall score higher than 4, and
> there were only 12 that would have been scored as spam without the rule.
>
> Since I don't have access to look at the actual messages and I don't
> know what lists my customers may be signed up for, I can't say anything
> for sure, but it looks like it's working fine here based on the numbers.
>
> --
> Bowie
>

Here is one more data point:
Since October 18th I have seen HABEAS rules listed in Spamassassin
score lines 496122 times.
One such phishing email this week was successfully delivered to 387 in-boxes.
Were it not for the HABEAS_ACCREDITED_SOI -4.30 other rules would have
lead to successfully stopping the message.

--
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
On Fri, 4 Dec 2009, Per Jessen wrote:
> The other side of the argument is - why does any legitimate company need
> to employ a service such as Habeas/Returnpath/whatever?

Any legitimate drug company that wants to send price lists to its
legitimate distributors or end customers, upon request, even if not a
mailing list mail, but specific, one-by-one request/response mails, would
have trouble with spam filters that check for drug names and percentages
and hot words like 'sale'. The preponderance of drug spams makes it very
difficult for these companies. Help from a whitelist is a welcome thing.
But it becomes useless if the spammers suborn the process.

- Charles
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
I've just had another one to a honeypot - care of myspace. My dog does
not have a myspace account. Again, this is a harvested email address.

204.16.33.75 WHITELISTED: sa-accredit.habeas.com

Whilst I appreciate that nobody would turn their noses up at taking $$$
from someone like myspace, there are some serious concerns about their
data here.

I'll check with my dog to make sure he has not subscribed whilst I
turned my back .........

Received: from vmta12.myspace.com (vmta12.myspace.com [204.16.33.75]) by
..... with ESMTP id for
<.....>; Fri, 4 Dec 2009 19:48:32 +0000 (GMT)
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
Chr. von Stuckrad wrote:

> After all this debate about a negatively scored rule I'd disable it
> anyway, because the spammers on the list will target it specifically
> now, knowing it works well for them.

The other side of the argument is - why does any legitimate company need
to employ a service such as Habeas/Returnpath/whatever?
If their customer emails are getting caught as spam, surely they or SA
is doing something wrong to begin with. There is not much spam that is
getting caught purely based on content, most is getting caught on
origin and its reputation.


/Per Jessen, Zürich
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
Charles Gregory wrote:

> I don't care. Spamassassin does not have an 'opinion'. It has a
> methodology.

Umm, it also has a set of rules which essentially make up the
SA "opinion".


/Per Jessen, Zürich
Re: J.D. Falk spineless insults (Re: HABEAS_ACCREDITED SPAMMER) [ In reply to ]
From: <richard@buzzhost.co.uk>
Sent: Friday, 2009/December/04 06:04


> On Fri, 2009-12-04 at 06:55 -0700, LuKreme wrote:
>> On 3-Dec-2009, at 23:06, R-Elists wrote:
>> > certainly we understand your point here, yet what about accountability
>> > for
>> > Return Path Inc (and other RPI companies) related rules in the default
>> > Spamassassin configs?
>>
>>
>> My position on HABEAS is well-know by anyone who cares (I score it +0.5
>> and +2.0); that's not what I'm talking about: it's the constant whinging
>> by richard and falk at each other. Obviously they WANT to be
>> communicating since otherwise they could easily ignore/killfile each
>> other. I'm just tired of them doing it on this mailinglist.
>>
> Your idea of 'constant' amuses me and is stretching the truth
> exponentially.
>
> I'm curious why a commercial whitelist from a bulk mailing company has
> such a positive inroad in Spamassassin. It's a fair question. I'm not
> interested in your personal views of me, my question or my posting. You
> have a killfile? You able to ignore on subject? Skills you may find
> useful to learn yes?

Have you two gentlemen reported these spammers to ReturnPath, Lukreme's
long unused address might be a good source for scrubbing the ReturhPath
lists. (So far I've not seen one either way here.) I presume you two
gentlemen are telling me that you never see HABEAS on ham, right?

{^_^}
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
From: "Per Jessen" <per@computer.org>
Sent: Friday, 2009/December/04 09:11


richard@buzzhost.co.uk wrote:

> This was raised as the IP appeared in HABEAS and for a few hours it
> 'vanished' from the list. It's back there now, but DateTheUk is now
> pumping out via an ip six decimal places up on the last octet.
>
> 80.75.69.195 WHITELISTED: sa-accredit.habeas.com
>
> The customer concerned then hopped their output to:80.75.69.201
> 80.75.69.201 WHITELISTED: sa-accredit.habeas.com

FYI, 80.75.69.192 - 80.75.69.255 belongs to Easydate Ltd in Edinburgh.

<< jdow: And somehow I suspect Richard didn't bother to report. It
is more fun to bitch instead. So far the only real metrics I've seen
indicates it works. That's data from three people, one off this list.

{^_^}
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
From: "Per Jessen" <per@computer.org>
Sent: Friday, 2009/December/04 11:19


Chr. von Stuckrad wrote:

> After all this debate about a negatively scored rule I'd disable it
> anyway, because the spammers on the list will target it specifically
> now, knowing it works well for them.

The other side of the argument is - why does any legitimate company need
to employ a service such as Habeas/Returnpath/whatever?
If their customer emails are getting caught as spam, surely they or SA
is doing something wrong to begin with. There is not much spam that is
getting caught purely based on content, most is getting caught on
origin and its reputation.

<<jdow: I have several email sources with which I have a "relationship"
as in signed up for that are not important enough to me to outright
whitelist. I have fun watching them dance around the deadly 5.0 score.
OK OK it is fun for the feeble minded or somebody needing a dose of
graveyard humor, I suppose. But it illustrates the problem an ISP spam
filter might have.

JD's description indicates RP makes an honest attempt to scrub their
lists when problems appear. And, if they do not hear of a problem their
list does not get scrubbed. And if a user plays the 'report as spam'
trick to unsubscribe to a list (something a legitimate friend of mine
experiences too often) that can result in problems for everybody, JD,
his customers, and the cut-off recipients. RP has taken on a job that
is not trivial.

{^_^}
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
From: "Per Jessen" <per@computer.org>
Sent: Saturday, 2009/December/05 02:20


Charles Gregory wrote:

> On Fri, 4 Dec 2009, Per Jessen wrote:
>> The other side of the argument is - why does any legitimate company
>> need to employ a service such as Habeas/Returnpath/whatever?
>
> Any legitimate drug company that wants to send price lists to its
> legitimate distributors or end customers, upon request, even if not a
> mailing list mail, but specific, one-by-one request/response mails,
> would have trouble with spam filters that check for drug names and
> percentages and hot words like 'sale'.

Won't customers dealing with such a company will have whitelisted them
long ago?


<<jdow: You could take it to the bank that most won't figure out how,
no matter how simple you make it for them. And they WILL complain.


{^_^}
No matter how idiot proof you make your product you will find that
God rewards you by presenting you with a better idiot.
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
On Dec 5, 2009, at 4:20 AM, "Per Jessen" <per@computer.org> wrote:

> Charles Gregory wrote:
>
>> On Fri, 4 Dec 2009, Per Jessen wrote:
>>> The other side of the argument is - why does any legitimate company
>>> need to employ a service such as Habeas/Returnpath/whatever?
>>
>> Any legitimate drug company that wants to send price lists to its
>> legitimate distributors or end customers, upon request, even if not a
>> mailing list mail, but specific, one-by-one request/response mails,
>> would have trouble with spam filters that check for drug names and
>> percentages and hot words like 'sale'.
>
> Won't customers dealing with such a company will have whitelisted them
> long ago?

No. I only locally whitelist when there is a reported problem, and
only as a last resort. There is no way for me to know all of the
"trusted partners" that we might do business with. A common whitelist
of legitimate companies is a welcome thing for me.

The other way I use it, when I get complaints about receiving "spam",
is to determine if it is safe to unsubscribe. My users know that bad
spammers use unsubscribes as reconnaissance to add valid addresses to
their lists. So, when they forgot that they signed up for something, I
will often unsubscribe them from a company that is listed in returnpath.


>
> /Per Jessen, Zürich
>
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
Charles Gregory wrote:

> On Fri, 4 Dec 2009, Per Jessen wrote:
>> The other side of the argument is - why does any legitimate company
>> need to employ a service such as Habeas/Returnpath/whatever?
>
> Any legitimate drug company that wants to send price lists to its
> legitimate distributors or end customers, upon request, even if not a
> mailing list mail, but specific, one-by-one request/response mails,
> would have trouble with spam filters that check for drug names and
> percentages and hot words like 'sale'.

Won't customers dealing with such a company will have whitelisted them
long ago?


/Per Jessen, Zürich
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
jdow wrote:

> From: "Per Jessen" <per@computer.org>
> Sent: Friday, 2009/December/04 09:11
>
>
> richard@buzzhost.co.uk wrote:
>
>> This was raised as the IP appeared in HABEAS and for a few hours it
>> 'vanished' from the list. It's back there now, but DateTheUk is now
>> pumping out via an ip six decimal places up on the last octet.
>>
>> 80.75.69.195 WHITELISTED: sa-accredit.habeas.com
>>
>> The customer concerned then hopped their output to:80.75.69.201
>> 80.75.69.201 WHITELISTED: sa-accredit.habeas.com
>
> FYI, 80.75.69.192 - 80.75.69.255 belongs to Easydate Ltd in Edinburgh.
>
> << jdow: And somehow I suspect Richard didn't bother to report. It
> is more fun to bitch instead.

Personally I don't bother with reporting either - it's not my job. I
filter out spam, and when I receive spam from an accredited source, the
accreditors' reputation is lowered (on my system). That's the risk of
that business.


/Per Jessen, Zürich
Re: [sa] Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
McDonald, Dan wrote:

> On Dec 5, 2009, at 4:20 AM, "Per Jessen" <per@computer.org> wrote:
>
>> Charles Gregory wrote:
>>
>>> On Fri, 4 Dec 2009, Per Jessen wrote:
>>>> The other side of the argument is - why does any legitimate company
>>>> need to employ a service such as Habeas/Returnpath/whatever?
>>>
>>> Any legitimate drug company that wants to send price lists to its
>>> legitimate distributors or end customers, upon request, even if not
>>> a mailing list mail, but specific, one-by-one request/response
>>> mails, would have trouble with spam filters that check for drug
>>> names and percentages and hot words like 'sale'.
>>
>> Won't customers dealing with such a company will have whitelisted
>> them long ago?
>
> No. I only locally whitelist when there is a reported problem, and
> only as a last resort.

Same here, but that means any regular business partner in the pharma
business will have been whitelisted long ago. All it takes is one FP.


/Per Jessen, Zürich
RE: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
>
> After all this debate about a negatively scored rule I'd
> disable it anyway, because the spammers on the list will
> target it specifically now, knowing it works well for them.
>
> Stucki

Stucki,

it seems to me that you, of all people, would want a small negative or
positive score on that rule (or any rule) for statistical purposes...

being in the math department and all

:-)

logically, why would you just zero it then?

- rh
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
On Sat, 5 Dec 2009, Per Jessen wrote:
> Won't customers dealing with such a company will have whitelisted them
> long ago?

For every 'mark' that is out there, stupidly entering their e-mail and
then getting a bunch of ads for which they didn't realize they had given
permission, there are people that are equally technologically illiterate
that don't *think* that they need to do *anything* 'special' to make the
mail from their favorite drug company arrive in their mailbox. They see
very little spam (thanks to MY efforts - preen, preen) and so they don't
think of a spam 'problem' and that the mail they just requested might not
make it through.

So I end up with a customer on the phone complaining. So if that drug
company could get themselves on a 'standard' whitelist which I already
trust and use, then I don't have to do anything special, and neither does
my customer.

Some companies are smart enough to add a note to their website that says
"be sure to add us to your whitelist", but that doesn't help the thousands
of people who read it and say "too complicated for me I hope it works" and
call me if it doesn't.... :)

There's a need. A real genuine need for services like Habeas. But they
need to be *very* well managed and policed. And it seems, from some
complaints, that this is not happening....

- Charles
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
On 7-Dec-2009, at 09:03, Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas. But they need to be *very* well managed and policed. And it seems, from some complaints, that this is not happening....


How a service like HABEAS needs to work is that 1) It keeps a massive database of email addresses that are known to either be bad, or to be users who have specifically submitted their addresses as not accepting any unsolicited unconfirmed emails, ever. A spammer — er, marketer, submits their mailing list and it is 'cleaned' of all those addresses, then submitted back to the spammer.

The spammer, in order to register with the service has to pay some amount of money (probably a range of $0-$1,000,000 depending on the size of their list and profit/non-profit status of the sender) that is held in a third party trust. This is money that is deposited in addition to whatever charges there are to clean the list. If the spammer sends any messages to an address that was scrubbed, then the trust money is donated to some charity and the spammers account with the service is revoked and their ENTIRE IP CLASS is submitted to RBLs. In addition, bounce processing for the spam—er, marketing email is handled by the service. Addresses that bounce are added to the database of bad addresses. Spam complaints are added to the database of opt-out addresses.

THAT service I would allow negative points to in my SA. I can't imagine any other commercial whitelist that I would allow negative points for.

--
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper
is this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's
dead."
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
What I call spam you may call ham. What I call ham you might call spam.

One ring to control them all er one list to filter them all inherently
cannot
work, especially when people change their minds and decide to
"unsubscribe with extreme prejudice."

{^_^}
----- Original Message -----
From: "LuKreme" <kremels@kreme.com>
To: <users@spamassassin.apache.org>
Sent: Monday, 2009/December/07 09:22
Subject: Re: HABEAS_ACCREDITED WHY BY DEFAULT?


On 7-Dec-2009, at 09:03, Charles Gregory wrote:
> There's a need. A real genuine need for services like Habeas. But they
> need to be *very* well managed and policed. And it seems, from some
> complaints, that this is not happening....


How a service like HABEAS needs to work is that 1) It keeps a massive
database of email addresses that are known to either be bad, or to be users
who have specifically submitted their addresses as not accepting any
unsolicited unconfirmed emails, ever. A spammer — er, marketer, submits
their mailing list and it is 'cleaned' of all those addresses, then
submitted back to the spammer.

The spammer, in order to register with the service has to pay some amount of
money (probably a range of $0-$1,000,000 depending on the size of their list
and profit/non-profit status of the sender) that is held in a third party
trust. This is money that is deposited in addition to whatever charges there
are to clean the list. If the spammer sends any messages to an address that
was scrubbed, then the trust money is donated to some charity and the
spammers account with the service is revoked and their ENTIRE IP CLASS is
submitted to RBLs. In addition, bounce processing for the spam—er, marketing
email is handled by the service. Addresses that bounce are added to the
database of bad addresses. Spam complaints are added to the database of
opt-out addresses.

THAT service I would allow negative points to in my SA. I can't imagine any
other commercial whitelist that I would allow negative points for.

--
"Whose motorcycle is this?" "It's chopper, baby." "Whose chopper
is this?" "It's Zed's." "Who's Zed?" "Zed' dead, baby. Zed's
dead."
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
> On Sat, 5 Dec 2009, Per Jessen wrote:
>> Won't customers dealing with such a company will have whitelisted them
>> long ago?
>
> For every 'mark' that is out there, stupidly entering their e-mail and
> then getting a bunch of ads for which they didn't realize they had given
> permission, there are people that are equally technologically illiterate
> that don't *think* that they need to do *anything* 'special' to make the
> mail from their favorite drug company arrive in their mailbox. They see
> very little spam (thanks to MY efforts - preen, preen) and so they don't
> think of a spam 'problem' and that the mail they just requested might not
> make it through.

On 07.12.09 11:03, Charles Gregory wrote:
> So I end up with a customer on the phone complaining. So if that drug
> company could get themselves on a 'standard' whitelist which I already
> trust and use, then I don't have to do anything special, and neither does
> my customer.

I find it a bit funny that you blame HABEAS whitelist, while you recommend
"ordinary" whitelist where both have some rules for listing, and I think
HABEAS has even more scrct rules.

I am not telling that you are correct or not, it's just my observation
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
Re: HABEAS_ACCREDITED WHY BY DEFAULT? [ In reply to ]
Charles Gregory wrote:

> There's a need. A real genuine need for services like Habeas.

It almost certainly depends on your environment - like my numbers
showed, over four months, I only had 45 emails that would have gone
down the drain without Habeas. In comparison to what was processed
that is an incredibly low number.


/Per Jessen, Zürich

1 2  View All