Mailing List Archive

I score Habeas at 0. SpamAssassin should do this by default. The last
thing this list needs is another Habeas thread; there was a pretty
lengthy one a month or two ago. But the fact remains: Habeas' business
model and 'solution' to the spam epidemic is laughable. If the abuse of
Habeas headers continues I'll start giving Habeas a positive score. This
doesn't answer your question per se, but if you were to change your
Habeas scoring, you'd surely not be the only one.

Damon Cassell


Smart,Dan wrote:

> I have seen nothing on Habeas and their pursuit against the spammer using
> their headers.
>
> Should these still be scored low?
>
> I can't believe a company built on this technology would not have weekly
> status messages on their web site.
>
> <<Dan>>

At 01:10 PM 2/23/2004, Damon Cassell wrote:
>If the abuse of Habeas headers continues I'll start giving Habeas a
>positive score. This doesn't answer your question per se, but if you were
>to change your Habeas scoring, you'd surely not be the only one.

Continues? I haven't seen any of these in *weeks*.


Kelson Vibber
SpeedGate Communications <www.speed.net>

Kelson Vibber wrote:
> [...]
> Continues? I haven't seen any of these in *weeks*.

I've had exactly ONE (yesterday) after several weeks of nothing.
Considering the flood that was occurring, could it be that Habeas
is WORKING, but they're hesitant to comment on pending litigation?

- Bob

Kelson Vibber wrote:

> Continues? I haven't seen any of these in *weeks*.


Well, see this:

Delivered-To: olo@altkom.com.pl
Return-Path: <yk.munroe@mchsi.com>
Received: from wnpgmb06dc1-187-133.dynamic.mts.net
(wnpgmb06dc1-187-133.dynamic.mts.net [::ffff:142.161.187.133])
by nmail.altkom.pl with esmtp; Tue, 09 Mar 2004 03:05:02 +0100
Received: from 50.232.181.164 by 142.161.187.133; Tue, 09 Mar 2004
12:11:04 +0600
Message-ID: <ANEDJKETWOWNPNKNMEPYSPA@telesp.net.br>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
From: "abdul wyckoff" <fkpn2757@telesp.net.br>
Reply-To: "abdul wyckoff" <tcabdul@telesp.net.br>
To: olo@altkom.com.pl
Subject: Fwd: Full Meds Here. Va1ium \ v1@grA . XA+n+ax ' V1\codin
So+m+a # Pnter/m/in zuvvhodtbaux
Date: Tue, 09 Mar 2004 03:02:04 -0300


Got score 0.5 on my recently updated to 2.63 filter. I'm giving Habeas
lower scores, and if another one arrives, 0 scores.

--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.ab.altkom.pl

On Tuesday 09 March 2004 11:47, Aleksander Adamowski wrote:
> > Continues?  I haven't seen any of these in *weeks*.
>
> Well, see this:

Yep, I'm seeing the same thing. Habeas has to really come down hard on
these spammers, and from the latest press release,
http://www.habeas.com/companyPressPR.html#violation
it doesn't really seem like they know who they are, since it is a zombie
drone operation.

They are adding drones to the infringers list, but not fast enough, so
it is still gets a lot through, so it isn't a lot in it for me to let
them have their -8...

Best,

Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net webmaster@skepsis.no editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/ OpenPGP KeyID: 6A6A0BBC

At 02:47 AM 3/9/2004, Aleksander Adamowski wrote:
>Kelson Vibber wrote:
>>Continues? I haven't seen any of these in *weeks*.
>
>Well, see this:

No need to get confrontational. Two weeks ago (2/23/2004) when I wrote
that, I *hadn't* seen any in weeks. And given that it took two weeks for
anyone to post a sighting (dated today, I noticed), it sounds like no one
else had either.

So it's started up again. Has anyone contacted Habeas about this?


Kelson Vibber
SpeedGate Communications <www.speed.net>

Kelson Vibber wrote:

> No need to get confrontational. Two weeks ago (2/23/2004) when I wrote
> that, I *hadn't* seen any in weeks. And given that it took two weeks
> for anyone to post a sighting (dated today, I noticed), it sounds like
> no one else had either.
>
> So it's started up again. Has anyone contacted Habeas about this?

i think it hasn't ever really stopped since back then.

but most of us adjusted the score to ignore the habeas marks.
i found a couple of habeas spams in trashcan. but beside the habeas mark
they're nothing but common dumb blue pill advertising mails that trigger
scores 20-30 points here which would catch them even with the -8 points
from the standard rule.

--
ralf

"Ralf Vitasek" <vitasek@tqsoft.de> wrote in message
news:404EEB2A.1050708@tqsoft.de...

> > No need to get confrontational. Two weeks ago (2/23/2004) when I
> > wrote that, I *hadn't* seen any in weeks. And given that it took
> > two weeks for anyone to post a sighting (dated today, I noticed), it
> > sounds like no one else had either.
> >
> > So it's started up again. Has anyone contacted Habeas about this?
>
> i think it hasn't ever really stopped since back then.
>
> but most of us adjusted the score to ignore the habeas marks. i found
> a couple of habeas spams in trashcan. but beside the habeas mark
> they're nothing but common dumb blue pill advertising mails that
> trigger scores 20-30 points here which would catch them even with the
> -8 points from the standard rule.

I set up some post-Spamassassin filtering rules to flag spam that
contained the Habeas watermark and I haven't seen any between the
initial fuss a few weeks ago, and a few I've had in the last couple of
days.

Looking at the subjects, I would say that the recent ones are from the
same source as the first lot.

Cheers,
John

john-news2@cambridgetechgroup.com said:
> > No need to get confrontational. Two weeks ago (2/23/2004) when I
> > wrote that, I *hadn't* seen any in weeks. And given that it took
> > two weeks for anyone to post a sighting (dated today, I noticed), it
> > sounds like no one else had either.
> >
> > So it's started up again. Has anyone contacted Habeas about this? >
> i think it hasn't ever really stopped since back then. >
> but most of us adjusted the score to ignore the habeas marks. i found
> a couple of habeas spams in trashcan. but beside the habeas mark
> they're nothing but common dumb blue pill advertising mails that
> trigger scores 20-30 points here which would catch them even with the
> -8 points from the standard rule.
> I set up some post-Spamassassin filtering rules to flag spam that contained
> the Habeas watermark and I haven't seen any between the initial fuss a few
> weeks ago, and a few I've had in the last couple of days.


I for one give Habeas a + score.

I've just done a quick grep -l of Habeas from my Maildir, and here's the results.

Spam folder : 82 mails

Inbox : 0 mails

spamassassin folder: 150 mails (presumably everyone talking about it on the list, with one or two genuine users of it).

The spam folder is certified spam, with the ones containing Habeas having subjects like:

./spam/1959:Subject: [SA: 25.44] Fwd: Want V^|cod|n , Val.i.um ? V|@grA \ XA/N/Ax Pnt.e.rmin > So+m+a kdwfigegcunl
./spam/1968:Subject: [SA: 25.57] Fwd: +Valium+ ` v1agR@ ' :X:ANAx \ V|co:d|n So:m:a \ /Pntermin/ uiibchgtkyiv
./spam/2054:Subject: [SA: 27.11] Everything 4 U Fwd: V@lium \ v|@gRa - xana|x| ; V1c/odin S|o|ma ( P:n:termin dglvklfdydcr
./spam/2842:Subject: [SA: 20.12] Fwd: Get it all Vcodn ? xana+x+ # Val.i.um ` V1AGr@ So.m.a ' P.n.termin hpibvplqcroy
./spam/2871:Subject: [SA: 17.05] Hot Girl N Big White Dog
./spam/2873:Subject: [SA: 16.52] Fwd: Any Pills U Need. v|agr@ & XAN/a/x . Va|ium _ V|cod|n^ Pnt.e.rmin ) S:o:ma thpmjhmtawfp
./spam/2905:Subject: [SA: 16.29] Fwd: V|@Gra - |XANAX| = Vali/u/m \ V^|cod|n .P.ntermin ~ S0m@ owerewnvdrcz
./spam/2929:Subject: [SA: 19.83] Fwd: V1codi/n $ XA+n+ax ? V|agr@ ) +V+alium +S+oma ` Pnt/e/rmin wzxexbpyhmkg

It's worth noting that my inbox goes back to the 20th August, whereas my spam box only goes back to last Friday.

Owen

--
Via Net.Works UK Ltd
Local Touch Global Reach
Owen McShane Systems Administrator
http://www.vianetworks.co.uk Tel +44 (0)1925 484444

I agree. I just gave a score of 6.00, enough to put it in the
quarantine queue. I figure I have all the mailing lists already
whitelisted anyway.

The way I see it we should incorporate some other -8 or -10 checks into
SA that are bogus. Then mark them up to positive 8 or 10 in your
sa.conf once you install.

Hirotaka Fox


Owen wrote:

I for one give Habeas a + score.

>I've just done a quick grep -l of Habeas from my Maildir, and here's the results.
>
>Spam folder : 82 mails
>
>Inbox : 0 mails
>
>spamassassin folder: 150 mails (presumably everyone talking about it on the list, with one or two genuine users of it).
>
>The spam folder is certified spam, with the ones containing Habeas having subjects like:
>
>./spam/1959:Subject: [SA: 25.44] Fwd: Want V^|cod|n , Val.i.um ? V|@grA \ XA/N/Ax Pnt.e.rmin > So+m+a kdwfigegcunl
>./spam/1968:Subject: [SA: 25.57] Fwd: +Valium+ ` v1agR@ ' :X:ANAx \ V|co:d|n So:m:a \ /Pntermin/ uiibchgtkyiv
>./spam/2054:Subject: [SA: 27.11] Everything 4 U Fwd: V@lium \ v|@gRa - xana|x| ; V1c/odin S|o|ma ( P:n:termin dglvklfdydcr
>./spam/2842:Subject: [SA: 20.12] Fwd: Get it all Vcodn ? xana+x+ # Val.i.um ` V1AGr@ So.m.a ' P.n.termin hpibvplqcroy
>./spam/2871:Subject: [SA: 17.05] Hot Girl N Big White Dog
>./spam/2873:Subject: [SA: 16.52] Fwd: Any Pills U Need. v|agr@ & XAN/a/x . Va|ium _ V|cod|n^ Pnt.e.rmin ) S:o:ma thpmjhmtawfp
>./spam/2905:Subject: [SA: 16.29] Fwd: V|@Gra - |XANAX| = Vali/u/m \ V^|cod|n .P.ntermin ~ S0m@ owerewnvdrcz
>./spam/2929:Subject: [SA: 19.83] Fwd: V1codi/n $ XA+n+ax ? V|agr@ ) +V+alium +S+oma ` Pnt/e/rmin wzxexbpyhmkg
>
>It's worth noting that my inbox goes back to the 20th August, whereas my spam box only goes back to last Friday.
>
>Owen
>
>--
> Via Net.Works UK Ltd
> Local Touch Global Reach
> Owen McShane Systems Administrator
> http://www.vianetworks.co.uk Tel +44 (0)1925 484444
>
>
>

FWIW, I only had 43 emails out of 4219 in my spam corpus that had a fake
Habeas mark...

Rubin

On Wed, 2004-03-10 at 10:29, Hirotaka Fox wrote:
> I agree. I just gave a score of 6.00, enough to put it in the
> quarantine queue. I figure I have all the mailing lists already
> whitelisted anyway.
>
> The way I see it we should incorporate some other -8 or -10 checks into
> SA that are bogus. Then mark them up to positive 8 or 10 in your
> sa.conf once you install.
>
> Hirotaka Fox
>
>
> Owen wrote:
>
> I for one give Habeas a + score.
>
> >I've just done a quick grep -l of Habeas from my Maildir, and here's the results.
> >
> >Spam folder : 82 mails
> >
> >Inbox : 0 mails
> >
> >spamassassin folder: 150 mails (presumably everyone talking about it on the list, with one or two genuine users of it).
> >
> >The spam folder is certified spam, with the ones containing Habeas having subjects like:
> >
> >./spam/1959:Subject: [SA: 25.44] Fwd: Want V^|cod|n , Val.i.um ? V|@grA \ XA/N/Ax Pnt.e.rmin > So+m+a kdwfigegcunl
> >./spam/1968:Subject: [SA: 25.57] Fwd: +Valium+ ` v1agR@ ' :X:ANAx \ V|co:d|n So:m:a \ /Pntermin/ uiibchgtkyiv
> >./spam/2054:Subject: [SA: 27.11] Everything 4 U Fwd: V@lium \ v|@gRa - xana|x| ; V1c/odin S|o|ma ( P:n:termin dglvklfdydcr
> >./spam/2842:Subject: [SA: 20.12] Fwd: Get it all Vcodn ? xana+x+ # Val.i.um ` V1AGr@ So.m.a ' P.n.termin hpibvplqcroy
> >./spam/2871:Subject: [SA: 17.05] Hot Girl N Big White Dog
> >./spam/2873:Subject: [SA: 16.52] Fwd: Any Pills U Need. v|agr@ & XAN/a/x . Va|ium _ V|cod|n^ Pnt.e.rmin ) S:o:ma thpmjhmtawfp
> >./spam/2905:Subject: [SA: 16.29] Fwd: V|@Gra - |XANAX| = Vali/u/m \ V^|cod|n .P.ntermin ~ S0m@ owerewnvdrcz
> >./spam/2929:Subject: [SA: 19.83] Fwd: V1codi/n $ XA+n+ax ? V|agr@ ) +V+alium +S+oma ` Pnt/e/rmin wzxexbpyhmkg
> >
> >It's worth noting that my inbox goes back to the 20th August, whereas my spam box only goes back to last Friday.
> >
> >Owen
> >
> >--
> > Via Net.Works UK Ltd
> > Local Touch Global Reach
> > Owen McShane Systems Administrator
> > http://www.vianetworks.co.uk Tel +44 (0)1925 484444
> >
> >
> >
--
Rubin Bennett <rbennett@thatitguy.com>
RB Technologies

I am ready to run their score up positive 1 or so. On one hand Their
logic is faulty, I believe - unless they are spammers. I know very
few people who are able to manipulate headers in such a manner as
to insert the Habeas headers. Most of my correspondents use "stock"
mailers like Outlook, Outlook Express, Eudora, etc. None of these,
to my knowledge, can add the Habeas X headers. On another hand I
note that spammers for the most part do forge headers. for them
adding the Habeas mantra is duck soup. On the gripping hand this
means that ISP's mail servers must add that header for most users
which is something they are simply not going to do.

Hence, it is an indicator of spam not of ham.
{^_^}
----- Original Message -----
From: "Hirotaka Fox" <hirotakafox@yahoo.com>

> I agree. I just gave a score of 6.00, enough to put it in the
> quarantine queue. I figure I have all the mailing lists already
> whitelisted anyway.
>
> The way I see it we should incorporate some other -8 or -10 checks into
> SA that are bogus. Then mark them up to positive 8 or 10 in your
> sa.conf once you install.
>
> Hirotaka Fox
>
>
> Owen wrote:
>
> I for one give Habeas a + score.
>
> >I've just done a quick grep -l of Habeas from my Maildir, and here's the
results.
> >
> >Spam folder : 82 mails
> >
> >Inbox : 0 mails
> >
> >spamassassin folder: 150 mails (presumably everyone talking about it on
the list, with one or two genuine users of it).
> >
> >The spam folder is certified spam, with the ones containing Habeas having
subjects like:
> >
> >./spam/1959:Subject: [SA: 25.44] Fwd: Want V^|cod|n , Val.i.um ? V|@grA
\ XA/N/Ax Pnt.e.rmin > So+m+a kdwfigegcunl
> >./spam/1968:Subject: [SA: 25.57] Fwd: +Valium+ ` v1agR@ ' :X:ANAx \
V|co:d|n So:m:a \ /Pntermin/ uiibchgtkyiv
> >./spam/2054:Subject: [SA: 27.11] Everything 4 U Fwd: V@lium \ v|@gRa -
xana|x| ; V1c/odin S|o|ma ( P:n:termin dglvklfdydcr
> >./spam/2842:Subject: [SA: 20.12] Fwd: Get it all Vcodn ? xana+x+ #
Val.i.um ` V1AGr@ So.m.a ' P.n.termin hpibvplqcroy
> >./spam/2871:Subject: [SA: 17.05] Hot Girl N Big White Dog
> >./spam/2873:Subject: [SA: 16.52] Fwd: Any Pills U Need. v|agr@ & XAN/a/x
. Va|ium _ V|cod|n^ Pnt.e.rmin ) S:o:ma thpmjhmtawfp
> >./spam/2905:Subject: [SA: 16.29] Fwd: V|@Gra - |XANAX| = Vali/u/m \
V^|cod|n .P.ntermin ~ S0m@ owerewnvdrcz
> >./spam/2929:Subject: [SA: 19.83] Fwd: V1codi/n $ XA+n+ax ? V|agr@ )
+V+alium +S+oma ` Pnt/e/rmin wzxexbpyhmkg
> >
> >It's worth noting that my inbox goes back to the 20th August, whereas my
spam box only goes back to last Friday.
> >
> >Owen
> >
> >--
> > Via Net.Works UK Ltd
> > Local Touch Global Reach
> > Owen McShane Systems Administrator
> > http://www.vianetworks.co.uk Tel +44 (0)1925 484444
> >
> >
> >

On Wed, 10 Mar 2004, jdow wrote:

> I am ready to run their score up positive 1 or so. On one hand Their
> logic is faulty, I believe - unless they are spammers. I know very
> few people who are able to manipulate headers in such a manner as
> to insert the Habeas headers. Most of my correspondents use "stock"
> mailers like Outlook, Outlook Express, Eudora, etc. None of these,
> to my knowledge, can add the Habeas X headers. On another hand I
> note that spammers for the most part do forge headers. for them
> adding the Habeas mantra is duck soup. On the gripping hand this
> means that ISP's mail servers must add that header for most users
> which is something they are simply not going to do.

Any body who is stuck on Outhouse Expressed is write-off as far
as I'm concerned. For those other mail clients that you mentioned,
just go to: http://habeas.com/supportConfiguration.html and -READ-.
There you will find header imbedding instructions for those clients
and more than a dozen others.

Half of being computer literate is being literate. If you cannot
read the road signs (follow directions, read manuals) then you don't
deserve to be on the information super-highway.

I hope that this has increased your knowledge. ;)

> Hence, it is an indicator of spam not of ham.
> {^_^}

Hmm, then why do some of the major posters to this list use it?

--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

jdow wrote:

>I am ready to run their score up positive 1 or so. On one hand Their
>logic is faulty, I believe - unless they are spammers.
>
I'm beginning to suspect that Habeas is just a mystification set up by
spammers in order to temporarily let them get their spam through the
filters whose authors caught Habeas's bait.

Had anyone seen any evidence that Habeas is a legitimate company? If so,
please, share with us.

--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.ab.altkom.pl

John Hall wrote:

>I set up some post-Spamassassin filtering rules to flag spam that
>contained the Habeas watermark and I haven't seen any between the
>initial fuss a few weeks ago, and a few I've had in the last couple of
>days.
>
>Looking at the subjects, I would say that the recent ones are from the
>same source as the first lot.
>
>
It seems that it never really stopped since he beginning in Jan-12.

I've just typed a quick shell script to extract site-wide timestamps of
sightings (we have 300 accounts on our company's server) of spam with
forged Habeas headers.

They were coming in during Jan, Feb and Mar (there was indeed a gap
between Jan 18 and Feb 15, but being a small site we might have had it
by coincidence):

Jan 12
Jan 13
Jan 15
Jan 16
Jan 18
Feb 15
Feb 17
Feb 18
Feb 20
Feb 21
Feb 27
Feb 28
Feb 29
Mar 1
Mar 2
Mar 4
Mar 8
Mar 9
Mar 10
Mar 11

--
Best Regards,
Aleksander Adamowski
GG#: 274614
ICQ UIN: 19780575
http://olo.ab.altkom.pl

Hi,

On Thu, 11 Mar 2004, Aleksander Adamowski wrote:

> Had anyone seen any evidence that Habeas is a legitimate company? If so,
> please, share with us.

Yes.

Search the SPAM-L archives over, say, the last 3-5 years.
(http://peach.ease.lsoft.com/archives/spam-l.html - subscription to SPAM-L
required.)

As has been beaten to death on many fora, Habeas is not an anti-spam
company, nor are they spammers. They are an email assurance company;
legitimate mailers (bulk or not) agree to some basic "best practices" for
sending email and are allowed to use their trademark, often for a fee.
The intent is to signal the recipient that the sender is a responsible
mailer and therefore increase deliverability of mail sent with the Habeas
mark. This increased deliverability is Habeas' value.

Those misusing the Habeas mark are in fact sued for copyright violation,
trademark dilution, etc. - see
http://www.habeas.com/companyPressPR.html#fivesuits

What you don't see are the number of cease & desist orders sent by
Habeas's staff and other actions that never make it to court.

There is no way to prevent spammers from forging the Habeas mark, a
priori. Habeas' model relies on the deterence value of lawsuits; Habeas is
quite willing to sue to protect their intellectual property. IP law is
much more well-developed than spam law; it's easier for lawyers and judges
to understand and is much easier to successfully prosecute.

That is the nutshell explanation of Habeas model. I didn't invent it, I
don't own stock in Habeas, I don't use their mark, and I have no opinion
of their business model other than it's an interesting application of
trademark and copyright law. If you want to know more, you can do what I
did and read http://www.habeas.com/

----- Sensitive viewers should tune out now -----










I've seen very little Habeas marked spam, hardly any worth mentioning.
What I have seen though, is every ignorant loudmouth dumbass come out of
the woodwork and trash Habeas in a public forum without doing a shred of
research into the company, their history, and their business model. Habeas
is as much a victim as spam recipients are, moreso because they can
actually show how their business has been damaged by misuse of their IP.

"Your system, your rules" but IMO anyone who scores HABEAS_SWE as positive
is a moron and anyone who advocates that stupidity to others shouldn't be
trusted to operate a mailserver. Set the score to zero and get on with
your lives; I'm tired of hearing about it.

-- Bob

(this is not directed at anyone in particular; I'm just frustrated
from hearing the same ignorant bullshit over and over. nobody should take
this as a personal flame.)

Hear, hear.

As much as I agree that HABEAS_SWE should not score a high negative
score (if at all) simply because the ease at which it can be copied and
included in UCE, the fact that they actively prosecute where possible
does enamour me to them as a sysadmin. They are essentially doing
exactly the same as the rest of us are forced to do, weather the storm
against unassailable odds. In fact, they are for the most part doing
more than the rest of us can or choose to by actually getting litigious
with these spammers.

Just my 2p/$0.02

Daz


> -----Original Message-----
> From: Bob Apthorpe [mailto:apthorpe+sa@cynistar.net]
> Sent: 11 March 2004 17:06
> To: SATalk list
> Subject: Re: Habeas status?
>
>
> Hi,
>
> On Thu, 11 Mar 2004, Aleksander Adamowski wrote:
>
> > Had anyone seen any evidence that Habeas is a legitimate
> company? If so,
> > please, share with us.
>
> Yes.
>
> Search the SPAM-L archives over, say, the last 3-5 years.
> (http://peach.ease.lsoft.com/archives/spam-l.html -
> subscription to SPAM-L
> required.)
>
> As has been beaten to death on many fora, Habeas is not an anti-spam
> company, nor are they spammers. They are an email assurance company;
> legitimate mailers (bulk or not) agree to some basic "best
> practices" for
> sending email and are allowed to use their trademark, often for a fee.
> The intent is to signal the recipient that the sender is a responsible
> mailer and therefore increase deliverability of mail sent
> with the Habeas
> mark. This increased deliverability is Habeas' value.
>
> Those misusing the Habeas mark are in fact sued for copyright
> violation,
> trademark dilution, etc. - see
> http://www.habeas.com/companyPressPR.html#fivesuits
>
> What you don't see are the number of cease & desist orders sent by
> Habeas's staff and other actions that never make it to court.
>
> There is no way to prevent spammers from forging the Habeas mark, a
> priori. Habeas' model relies on the deterence value of
> lawsuits; Habeas is
> quite willing to sue to protect their intellectual property. IP law is
> much more well-developed than spam law; it's easier for
> lawyers and judges
> to understand and is much easier to successfully prosecute.
>
> That is the nutshell explanation of Habeas model. I didn't
> invent it, I
> don't own stock in Habeas, I don't use their mark, and I have
> no opinion
> of their business model other than it's an interesting application of
> trademark and copyright law. If you want to know more, you
> can do what I
> did and read http://www.habeas.com/
>
> ----- Sensitive viewers should tune out now -----
>
>
>
>
>
>
>
>
>
>
> I've seen very little Habeas marked spam, hardly any worth mentioning.
> What I have seen though, is every ignorant loudmouth dumbass
> come out of
> the woodwork and trash Habeas in a public forum without doing
> a shred of
> research into the company, their history, and their business
> model. Habeas
> is as much a victim as spam recipients are, moreso because they can
> actually show how their business has been damaged by misuse
> of their IP.
>
> "Your system, your rules" but IMO anyone who scores
> HABEAS_SWE as positive
> is a moron and anyone who advocates that stupidity to others
> shouldn't be
> trusted to operate a mailserver. Set the score to zero and get on with
> your lives; I'm tired of hearing about it.
>
> -- Bob
>
> (this is not directed at anyone in particular; I'm just frustrated
> from hearing the same ignorant bullshit over and over. nobody
> should take
> this as a personal flame.)
>

In the last 24 hours or so, I, personally, have gotten at least five
messages which were forged spam habeas marked.

The habeas score probably let these get through. (I have no idea exactly how
many caught spams also had habeas headers - I'm just including the ones I
saw.)

Habeas may not be a scumbag corp, but IMHO, at the current time, the warrant
mark is a lost cause and is much more likely *for me* to indicate spam
rather than something I want to see. I expect for 99.5% of the population I
support, the same is true. Thus, a positive score for Habeas wouldn't be out
of line.

In short, I understand the rant a bit, but disagree on the conclusions
entirely.

Cheers,
Greg

----- Original Message -----
From: "Bob Apthorpe" <apthorpe+sa@cynistar.net>
To: "SATalk list" <spamassassin-users@incubator.apache.org>
Sent: Thursday, March 11, 2004 9:06 AM
Subject: Re: Habeas status?


> Hi,
>
> On Thu, 11 Mar 2004, Aleksander Adamowski wrote:
>
> > Had anyone seen any evidence that Habeas is a legitimate company? If so,
> > please, share with us.
>
> Yes.
>
> Search the SPAM-L archives over, say, the last 3-5 years.
> (http://peach.ease.lsoft.com/archives/spam-l.html - subscription to SPAM-L
> required.)
>
> As has been beaten to death on many fora, Habeas is not an anti-spam
> company, nor are they spammers. They are an email assurance company;
> legitimate mailers (bulk or not) agree to some basic "best practices" for
> sending email and are allowed to use their trademark, often for a fee.
> The intent is to signal the recipient that the sender is a responsible
> mailer and therefore increase deliverability of mail sent with the Habeas
> mark. This increased deliverability is Habeas' value.
>
> Those misusing the Habeas mark are in fact sued for copyright violation,
> trademark dilution, etc. - see
> http://www.habeas.com/companyPressPR.html#fivesuits
>
> What you don't see are the number of cease & desist orders sent by
> Habeas's staff and other actions that never make it to court.
>
> There is no way to prevent spammers from forging the Habeas mark, a
> priori. Habeas' model relies on the deterence value of lawsuits; Habeas is
> quite willing to sue to protect their intellectual property. IP law is
> much more well-developed than spam law; it's easier for lawyers and judges
> to understand and is much easier to successfully prosecute.
>
> That is the nutshell explanation of Habeas model. I didn't invent it, I
> don't own stock in Habeas, I don't use their mark, and I have no opinion
> of their business model other than it's an interesting application of
> trademark and copyright law. If you want to know more, you can do what I
> did and read http://www.habeas.com/
>
> ----- Sensitive viewers should tune out now -----
>
>
>
>
>
>
>
>
>
>
> I've seen very little Habeas marked spam, hardly any worth mentioning.
> What I have seen though, is every ignorant loudmouth dumbass come out of
> the woodwork and trash Habeas in a public forum without doing a shred of
> research into the company, their history, and their business model. Habeas
> is as much a victim as spam recipients are, moreso because they can
> actually show how their business has been damaged by misuse of their IP.
>
> "Your system, your rules" but IMO anyone who scores HABEAS_SWE as positive
> is a moron and anyone who advocates that stupidity to others shouldn't be
> trusted to operate a mailserver. Set the score to zero and get on with
> your lives; I'm tired of hearing about it.
>
> -- Bob
>
> (this is not directed at anyone in particular; I'm just frustrated
> from hearing the same ignorant bullshit over and over. nobody should take
> this as a personal flame.)

On Thu, Mar 11, 2004 at 10:29:39AM -0800, Gregory Sloop is rumored to have said:
>
> Habeas may not be a scumbag corp, but IMHO, at the current time, the warrant
> mark is a lost cause and is much more likely *for me* to indicate spam
> rather than something I want to see. I expect for 99.5% of the population I
> support, the same is true. Thus, a positive score for Habeas wouldn't be out
> of line.

Ahh, I love being classified as a spammer for using a service which indicates that I'm a legitimate sender...

Zero the score if you like, but giving it a positive score is simply foolish. If the only thing keeping these spams from getting caught is the -8 that the SWE test gives, disabling the SWE test should be enough. There's no reason to penalize the thousands of legitimate senders using the warrant mark..



--
"I've just learned about his illness. Let's hope it's nothing trivial."
- Irvin S. Cobb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


"Gregory Sloop" writes:
>In the last 24 hours or so, I, personally, have gotten at least five
>messages which were forged spam habeas marked.
>
>The habeas score probably let these get through. (I have no idea exactly how
>many caught spams also had habeas headers - I'm just including the ones I
>saw.)
>
>Habeas may not be a scumbag corp, but IMHO, at the current time, the warrant
>mark is a lost cause and is much more likely *for me* to indicate spam
>rather than something I want to see. I expect for 99.5% of the population I
>support, the same is true. Thus, a positive score for Habeas wouldn't be out
>of line.
>
>In short, I understand the rant a bit, but disagree on the conclusions
>entirely.

Well, we're working on fixes now. Let's just say, it appears we may be
able to use the Habeas forgery as a spamsign in certain circumstances ;)

Interestingly, I'm getting *none* with forged Habeas hdrs. I'm
increasingly sure that at least some of the top spammers are sharing
list-washing data on known spamtraps, since this is the third spamsign
variant I've received no copies of.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAUMHXQTcbUG5Y7woRAvO/AKDJ8oTC+ODzUxsFZ5usB9bQ/4Gk0QCfcF7W
BToJQpvdsMc/1TbnglkXX2U=
=OWhe
-----END PGP SIGNATURE-----

Just a follow-up.

I've gotten at least 3-4 more in the last few hours.

I'd be glad to forward these on to anyone who would like to review them.

---
I'm not advocating a positive score, just saying that I've NEVER, to my
knowledge, ever received a SWE marked mail that was legitimate. Perhaps that
screws someone who does use it properly, and I understand the frustration.
But realize that spam blocking is probabilistic.(sp) I have to guess what's
spam and what isn't. The SWE mark, on my mail at least is *much* more likely
to be a spam indicator than not.

Perhaps sometime in the future, that will be fixed, and the service will get
used more widely. Until then, it's more than likely to be used as a huge
stone around your neck than a bonus.

Life's full of contradictions.

Cheers,
Greg

=================================================================
Sloop Network & Computer Consulting
Gregory Sloop, Principal
networkguru@sloop.net / www.sloop.net
PO Box 16990 Portland OR 97292
v. 503.251.0452
================================================================
----- Original Message -----
From: "Justin Mason" <jm@jmason.org>
To: "Gregory Sloop" <lsgregs@sloop.net>
Cc: "SATalk list" <spamassassin-users@incubator.apache.org>
Sent: Thursday, March 11, 2004 11:45 AM
Subject: Re: Habeas status?


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> "Gregory Sloop" writes:
> >In the last 24 hours or so, I, personally, have gotten at least five
> >messages which were forged spam habeas marked.
> >
> >The habeas score probably let these get through. (I have no idea exactly
how
> >many caught spams also had habeas headers - I'm just including the ones I
> >saw.)
> >
> >Habeas may not be a scumbag corp, but IMHO, at the current time, the
warrant
> >mark is a lost cause and is much more likely *for me* to indicate spam
> >rather than something I want to see. I expect for 99.5% of the population
I
> >support, the same is true. Thus, a positive score for Habeas wouldn't be
out
> >of line.
> >
> >In short, I understand the rant a bit, but disagree on the conclusions
> >entirely.
>
> Well, we're working on fixes now. Let's just say, it appears we may be
> able to use the Habeas forgery as a spamsign in certain circumstances ;)
>
> Interestingly, I'm getting *none* with forged Habeas hdrs. I'm
> increasingly sure that at least some of the top spammers are sharing
> list-washing data on known spamtraps, since this is the third spamsign
> variant I've received no copies of.
>
> - --j.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Exmh CVS
>
> iD8DBQFAUMHXQTcbUG5Y7woRAvO/AKDJ8oTC+ODzUxsFZ5usB9bQ/4Gk0QCfcF7W
> BToJQpvdsMc/1TbnglkXX2U=
> =OWhe
> -----END PGP SIGNATURE-----

> Just a follow-up.
>
> I've gotten at least 3-4 more in the last few hours.
>
> I'd be glad to forward these on to anyone who would like to review them.

I also get a number of these. I also keep all missed spam around. I can
arrange to make these messages available to developers if anyone is
interested.

Sincerely,
Kirk Ismay
System Administrator
http://www.netidea.biz/

There are 10 types of people in this world...
Those who can read binary, and those who can't.

At 01:27 PM 3/11/2004, Gregory Sloop wrote:
>I've NEVER, to my knowledge, ever received a SWE marked mail that was
>legitimate.

Not even Justin's post in this thread a two hours ago?

Kelson Vibber
SpeedGate Communications <www.speed.net>

On Thu, Mar 11, 2004 at 01:52:00PM -0800, Kelson Vibber is rumored to have said:
>
> At 01:27 PM 3/11/2004, Gregory Sloop wrote:
> >I've NEVER, to my knowledge, ever received a SWE marked mail that was
> >legitimate.
>
> Not even Justin's post in this thread a two hours ago?

Or any of mine?

Remember that you're not likely to notice them when they're part of a legitimate message, but they stick out like a sore thumb when you're perusing your false negatives. The fact that you're reading this (assuming you didn't +5 the HABEAS_SWE rule) means that you're getting legitimate mail from people/orgs that use the mark properly.


--
"I am become death, shatterer of worlds."
- Robert J. Oppenheimer (1904-1967) (citing from the Bhagavad Gita, after witnessing the world's first nuclear explosion)