Mailing List Archive

Barracuda / EmailReg.org protection racket? (OT, but help?)
Hello SA-users,

I have a question on the other side of things: outgoing mail. I know this is off-topic but this seems to the only venue where there might be knowledge of the problem, and the offender is a spamassassin "customer".

(I operate an MTA host on which I run SpamAssassin -- it works flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with spamassassin 3.3.1-1.1) This system is in an Internap data center, and provides mail services for about a half-dozen organizations that I support. SPF and DKIM are correctly configured for hosted domains, as is user authentication for submitted mail.)

I appear to be getting a shakedown scam from Barracuda Networks. They seem to be getting out of the "anti-spam" and into the "protection racket" business.

A small number of recipients have been getting bounce-unsubscribed a community mailing list that I administer. The most recent bounces say that this "blocked using Barracuda Reputation; http://www.barracudanetworks.com/reputation/ " Visiting that page provides no information on the specific reason my MTA has been blocked so I can't determine if there is a configuration issue, but there is a link for one-time removal.

Below that the page says "One way to get your email through spam filters even if you are listed on the BRBL is to register your domain and IPs at EmailReg.org." OK, sounds good, I can prove that my IP address is allowed to send for my domains -- I thought that was what SPF and DKIM are for (which are configured) but whatever.

However, I click through to emailreg.org and AFTER signing up for an account and configuring it they then reveal that there is a $20 "administrative fee" per domain.

This sounds like a scam to me. They're blacklisting mail servers, not telling why, and then offering to take you off the list (without even correcting any problems) for "just" a $20 fee. I don't see how any legitimate RBL can operate with that model.

Has anyone else here run into this? Is there a way out other than bribing Barracuda to not block my mail?

Thanks,
--Jered
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 20.06.2015 um 17:38 schrieb Jered Floyd:
> A small number of recipients have been getting bounce-unsubscribed a
> community mailing list that I administer. The most recent bounces say
> that this "blocked using Barracuda Reputation;
> http://www.barracudanetworks.com/reputation/" Visiting that page
> provides no information on the specific reason my MTA has been blocked
> so I can't determine if there is a configuration issue, but there is a
> link for one-time removal.

you are blacklisted at http://www.barracudacentral.org/rbl
blame your users!

> Below that the page says "One way to get your email through spam filters
> even if you are listed on the BRBL is to register your domain and IPs at
> EmailReg.org." OK, sounds good, I can prove that my IP address is
> allowed to send for my domains -- I thought that was what SPF and DKIM
> are for (which are configured) but whatever.
>
> However, I click through to emailreg.org <http://emailreg.org> and AFTER
> signing up for an account and configuring it they then reveal that there
> is a $20 "administrative fee" per domain.
>
> This sounds like a scam to me. They're blacklisting mail servers, not
> telling why, and then offering to take you off the list (without even
> correcting any problems) for "just" a $20 fee. I don't see how any
> legitimate RBL can operate with that model.

no you don't understand how a Barracuda appliance works
emailreg.org is a whitelist like the ones spamassassin is using

in case of a barracuda appliance it overrides the RBL

> Has anyone else here run into this? Is there a way out other than
> bribing Barracuda to not block my mail?

tell your customers don't send spam
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Harald,

> no you don't understand how a Barracuda appliance works
> emailreg.org is a whitelist like the ones spamassassin is using
>
> in case of a barracuda appliance it overrides the RBL

It's a whitelist that appears to be based solely on paying Barracuda a fee. That doesn't sound like a valid whitelist protocol!


>> Has anyone else here run into this? Is there a way out other than
>> bribing Barracuda to not block my mail?
>
> tell your customers don't send spam

I'm pretty sure none of my users are sending spam. I'm not on any other RBLs, and I haven't seen recent unusual mail volume.

Regardless, with other RBLs there is typically some information on the triggering criteria. That does not appear to be the case here. BRBL seems to be a pay-to-play whitelist with arbitrary and opaque "poor reputation" categorization.

Regards,
--Jered
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 20.06.2015 um 17:49 schrieb Jered Floyd:
>
> Harald,
>
>> no you don't understand how a Barracuda appliance works
>> emailreg.org is a whitelist like the ones spamassassin is using
>>
>> in case of a barracuda appliance it overrides the RBL
>
> It's a whitelist that appears to be based solely on paying Barracuda a fee. That doesn't sound like a valid whitelist protocol!

most whitelists are based on fee

>>> Has anyone else here run into this? Is there a way out other than
>>> bribing Barracuda to not block my mail?
>>
>> tell your customers don't send spam
>
> I'm pretty sure none of my users are sending spam. I'm not on any other RBLs, and I haven't seen recent unusual mail volume.

you need to hit only *once* a honeypot

> Regardless, with other RBLs there is typically some information on the triggering criteria. That does not appear to be the case here. BRBL seems to be a pay-to-play whitelist with arbitrary and opaque "poor reputation" categorization.

no it is not, we used a barracuda appliance for nearly a decade and
there where zero complaints because the RBL, the unwhitelistable URIBL
auf barracuda is much more problematic

listing happens the same way as for other RBLS:

* hit a honeypot
* user complaints

there is a outlook plugin where you can flag every mail as ham or spam
and if a few RCPTs flag mails of your customers as spam, well you got listed
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 06/20/2015 08:38 AM, Jered Floyd wrote:
>
> Hello SA-users,
>
> I have a question on the other side of things: outgoing mail. I know
> this is off-topic but this seems to the only venue where there might
> be knowledge of the problem, and the offender is a spamassassin
> "customer".
>
> (I operate an MTA host on which I run SpamAssassin -- it works
> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
> spamassassin 3.3.1-1.1) This system is in an Internap data center,
> and provides mail services for about a half-dozen organizations that I
> support. SPF and DKIM are correctly configured for hosted domains,
> as is user authentication for submitted mail.)
>
> I appear to be getting a shakedown scam from Barracuda Networks. They
> seem to be getting out of the "anti-spam" and into the "protection
> racket" business.
>
> A small number of recipients have been getting bounce-unsubscribed a
> community mailing list that I administer. The most recent bounces say
> that this "blocked using Barracuda Reputation;
> http://www.barracudanetworks.com/reputation/" Visiting that page
> provides no information on the specific reason my MTA has been blocked
> so I can't determine if there is a configuration issue, but there is a
> link for one-time removal.
>
> Below that the page says "One way to get your email through spam
> filters even if you are listed on the BRBL is to register your domain
> and IPs at EmailReg.org." OK, sounds good, I can prove that my IP
> address is allowed to send for my domains -- I thought that was what
> SPF and DKIM are for (which are configured) but whatever.
>
> However, I click through to emailreg.org <http://emailreg.org> and
> AFTER signing up for an account and configuring it they then reveal
> that there is a $20 "administrative fee" per domain.
>
> This sounds like a scam to me. They're blacklisting mail servers, not
> telling why, and then offering to take you off the list (without even
> correcting any problems) for "just" a $20 fee. I don't see how any
> legitimate RBL can operate with that model.
>
> Has anyone else here run into this? Is there a way out other than
> bribing Barracuda to not block my mail?
>
> Thanks,
> --Jered
>
The BRBL may have listed the entire /24 that includes your sending IPs.
Painful experience has shown that Barracuda won't hear your requests for
delisting, and the listing may never go away.

Barracuda have run their emailreg.org scam for many years.

-Richard
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 21/06/2015 01:38, Jered Floyd wrote:

> I appear to be getting a shakedown scam from Barracuda Networks. They seem to be getting out of the "anti-spam" and into the "protection racket" business.
>
> A small number of recipients have been getting bounce-unsubscribed a community mailing list that I administer. The most recent bounces say that this "blocked using Barracuda Reputation; http://www.barracudanetworks.com/reputation/ [1]" Visiting that page provides no information on the specific reason my MTA has been blocked so I can't determine if there is a configuration issue, but there is a link for one-time removal.

Ask them why, they are under no obligation to remove you, but at least
you'll know why your listed specifically.

> However, I click through to emailreg.org [2] and AFTER signing up for an account and configuring it they then reveal that there is a $20 "administrative fee" per domain.

>

Thats why most sane admins ignore it, they have been pulling that stunt
for many years, and likely why they are used by fewer and fewer
companies these days, and why not pay?, its very, very, simple:

Trust can only ever be earned - not bought!

and just because X trusts Y, doesn't mean its safe for Z to trust Y
(seen this first hand many a times over past 20 years), if it becomes a
serious problem tell hte end users to complain to whoever is filtering
their mail with BN.

(we also null out all SA's included whitelist rules)

> This sounds like a scam to me. They're blacklisting mail servers, not telling why, and then offering to take you off the list (without even correcting any problems) for "just" a $20 fee. I don't see how any legitimate RBL can operate with that model.

They arent the first to try make a fast buck, in years gone by SORBS
would only removed you if you paid, its why very few liked/trusted/used
SORBS, although you could ask them to remove you and they would, for
free, unless you ended up being a repetitive listing I suppose, then I
could see them enforcing their policy of the day, they have however
changed that these days I've heard, its been nearly 10 years since I've
talked to M.S. so not sure what policies they use today .



Links:
------
[1] http://www.barracudanetworks.com/reputation/
[2] http://emailreg.org
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 21/06/2015 01:49, Jered Floyd wrote:

> Harald,
>
>> no you don't understand how a Barracuda appliance works
>> emailreg.org is a whitelist like the ones spamassassin is using
>>
>> in case of a barracuda appliance it overrides the RBL
>
> It's a whitelist that appears to be based solely on paying Barracuda a fee. That doesn't sound like a valid whitelist protocol!

I guess they might claim that fee is to validate who you say you are
(yes, same thing SPF and DKIM do now for free) it sure will not stop you
from getting spam from those "trusted" domains.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 21/06/2015 02:16, Richard Doyle wrote:

> On 06/20/2015 08:38 AM, Jered Floyd wrote:
>
>> Hello SA-users,
>>
>> I have a question on the other side of things: outgoing mail. I know
>> this is off-topic but this seems to the only venue where there might
>> be knowledge of the problem, and the offender is a spamassassin
>> "customer".
>>
>> (I operate an MTA host on which I run SpamAssassin -- it works
>> flawlessly. (I am running Debian Postfix 2.7.1-1+squeeze1 with
>> spamassassin 3.3.1-1.1) This system is in an Internap data center,
>> and provides mail services for about a half-dozen organizations that I
>> support. SPF and DKIM are correctly configured for hosted domains,
>> as is user authentication for submitted mail.)
>>
>> I appear to be getting a shakedown scam from Barracuda Networks. They
>> seem to be getting out of the "anti-spam" and into the "protection
>> racket" business.
>>
>> A small number of recipients have been getting bounce-unsubscribed a
>> community mailing list that I administer. The most recent bounces say
>> that this "blocked using Barracuda Reputation;
>> http://www.barracudanetworks.com/reputation/ [1]" Visiting that page
>> provides no information on the specific reason my MTA has been blocked
>> so I can't determine if there is a configuration issue, but there is a
>> link for one-time removal.
>>
>> Below that the page says "One way to get your email through spam
>> filters even if you are listed on the BRBL is to register your domain
>> and IPs at EmailReg.org." OK, sounds good, I can prove that my IP
>> address is allowed to send for my domains -- I thought that was what
>> SPF and DKIM are for (which are configured) but whatever.
>>
>> However, I click through to emailreg.org <http://emailreg.org [2]> and
>> AFTER signing up for an account and configuring it they then reveal
>> that there is a $20 "administrative fee" per domain.
>>
>> This sounds like a scam to me. They're blacklisting mail servers, not
>> telling why, and then offering to take you off the list (without even
>> correcting any problems) for "just" a $20 fee. I don't see how any
>> legitimate RBL can operate with that model.
>>
>> Has anyone else here run into this? Is there a way out other than
>> bribing Barracuda to not block my mail?
>>
>> Thanks,
>> --Jered
> The BRBL may have listed the entire /24 that includes your sending IPs.
> Painful experience has shown that Barracuda won't hear your requests for
> delisting, and the listing may never go away.
>
> Barracuda have run their emailreg.org scam for many years.
>
> -Richard

In listing a /24 , I'm sure they like most DNSBL's only take that avenue
if there are multiple IP's within that range causing, or having the
potential of causing, problems or potential for listing avoidance - this
is common with snowshoe'rs



Links:
------
[1] http://www.barracudanetworks.com/reputation/
[2] http://emailreg.org
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Richard,

> The BRBL may have listed the entire /24 that includes your sending IPs.
> Painful experience has shown that Barracuda won't hear your requests for
> delisting, and the listing may never go away.

I believe you've got it in one. I heard back from a colleague on the same /24 (though not the same address!) and he had a client with a bad WordPress install that was generating spam.

That seems to make this EmailReg situation even more egregious -- if they're really blocking whole networks based on a single IP then it really is a protection scheme operated (opaquely) by Barracuda. "Pay us money if you want mail to get through to our customers; we'll blacklist you arbitrarily otherwise." How can this possibly be legal under US racketeering laws?

--Jered
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
I wonder what their justification is for doing this.

2015-06-21 16:33 GMT+02:00 Jered Floyd <jered@convivian.com>:

>
> Richard,
>
> > The BRBL may have listed the entire /24 that includes your sending IPs.
> > Painful experience has shown that Barracuda won't hear your requests for
> > delisting, and the listing may never go away.
>
> I believe you've got it in one. I heard back from a colleague on the same
> /24 (though not the same address!) and he had a client with a bad WordPress
> install that was generating spam.
>
> That seems to make this EmailReg situation even more egregious -- if
> they're really blocking whole networks based on a single IP then it really
> is a protection scheme operated (opaquely) by Barracuda. "Pay us money if
> you want mail to get through to our customers; we'll blacklist you
> arbitrarily otherwise." How can this possibly be legal under US
> racketeering laws?
>
> --Jered
>
>
>
>
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 21.06.2015 um 17:00 schrieb Jeroen de Neef:
> I wonder what their justification is for doing this.

the questoon is how many addtional IP's on the /24 where in fact sending
spam, see http://www.spamhaus.org/faq/section/Glossary#233

> 2015-06-21 16:33 GMT+02:00 Jered Floyd <jered@convivian.com
> <mailto:jered@convivian.com>>:
>
> Richard,
>
> > The BRBL may have listed the entire /24 that includes your
> sending IPs.
> > Painful experience has shown that Barracuda won't hear your
> requests for
> > delisting, and the listing may never go away.
>
> I believe you've got it in one. I heard back from a colleague on
> the same /24 (though not the same address!) and he had a client with
> a bad WordPress install that was generating spam.
>
> That seems to make this EmailReg situation even more egregious -- if
> they're really blocking whole networks based on a single IP then it
> really is a protection scheme operated (opaquely) by Barracuda.
> "Pay us money if you want mail to get through to our customers;
> we'll blacklist you arbitrarily otherwise." How can this possibly
> be legal under US racketeering laws?
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
> I appear to be getting a shakedown scam from Barracuda Networks.

You are not being shaken down, but you might be slandering. ;-)

I'm fairly certain that BN isn't making much profit off of your $20.
What they are getting is your commitment, and your ID, that one or
more IP addrs under your control will not spam. And if you do spam
from those IPs, and BN detects it, they have evidence to tie you to
the crime (plus previously accepted agreement that you would
voluntarily handle the situation in a mutually agreed upon manner)

$20 is $20, but frankly most people pay more than that in snail mail
postage each year.

-Jim P.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sunday 21 June 2015 at 17:22:58 (EU time), Jim Popovitch wrote:

> > I appear to be getting a shakedown scam from Barracuda Networks.
>
> You are not being shaken down, but you might be slandering. ;-)
>
> I'm fairly certain that BN isn't making much profit off of your $20.
> What they are getting is your commitment, and your ID, that one or
> more IP addrs under your control will not spam. And if you do spam
> from those IPs, and BN detects it, they have evidence to tie you to
> the crime (plus previously accepted agreement that you would
> voluntarily handle the situation in a mutually agreed upon manner)

It seems to me that $20 is nothing to the spammers - and they're already using
techniques to change their IP addresses on a regular basis.

So, spammer pays BN $20, gets found out some while later, moves IP, and pays
BN $20 for that address instead (meanwhile raking in another $20 quicker than
most of us do, I suspect). Or, are you assuming that spammers don't have
multiple identities / businesses / bank accounts to make their payments from?

> $20 is $20, but frankly most people pay more than that in snail mail
> postage each year.

Er, so? Most people pay more than $20 for lots of things per year - that
doesn't mean you should just give $20 to anyone who asks for it, so that you
can carry on running a legitimate business.


Regards,


Antony.

--
BASIC is to computer languages what Roman numerals are to arithmetic.

Please reply to the list;
please *don't* CC me.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 21.06.2015 um 18:58 schrieb Antony Stone:
> On Sunday 21 June 2015 at 17:22:58 (EU time), Jim Popovitch wrote:
>
>>> I appear to be getting a shakedown scam from Barracuda Networks.
>>
>> You are not being shaken down, but you might be slandering. ;-)
>>
>> I'm fairly certain that BN isn't making much profit off of your $20.
>> What they are getting is your commitment, and your ID, that one or
>> more IP addrs under your control will not spam. And if you do spam
>> from those IPs, and BN detects it, they have evidence to tie you to
>> the crime (plus previously accepted agreement that you would
>> voluntarily handle the situation in a mutually agreed upon manner)
>
> It seems to me that $20 is nothing to the spammers - and they're already using
> techniques to change their IP addresses on a regular basis.
>
> So, spammer pays BN $20, gets found out some while later, moves IP, and pays
> BN $20 for that address instead (meanwhile raking in another $20 quicker than
> most of us do, I suspect). Or, are you assuming that spammers don't have
> multiple identities / businesses / bank accounts to make their payments from?

spammers don't invest money, never

spammers just use botnets and hacked machines and leave the collateral
damage for the hacked machines and network ranges to the owner

>> $20 is $20, but frankly most people pay more than that in snail mail
>> postage each year.
>
> Er, so? Most people pay more than $20 for lots of things per year - that
> doesn't mean you should just give $20 to anyone who asks for it, so that you
> can carry on running a legitimate business

there are more RBL's that you think which handle "bad neigbourhood" not
only Barracuda - example: http://www.uceprotect.net/de/index.php?m=3&s=4

it escalates based on network size and spammer ips detected:

/23: 9 abuser IP's
/22: 14 abuser IP's
/21: 24 abuser IP#s
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On 21 Jun 2015, at 10:33, Jered Floyd wrote:

> Richard,
>
>> The BRBL may have listed the entire /24 that includes your sending
>> IPs.
>> Painful experience has shown that Barracuda won't hear your requests
>> for
>> delisting, and the listing may never go away.
>
> I believe you've got it in one. I heard back from a colleague on the
> same /24 (though not the same address!) and he had a client with a bad
> WordPress install that was generating spam.
>
> That seems to make this EmailReg situation even more egregious -- if
> they're really blocking whole networks based on a single IP then it
> really is a protection scheme operated (opaquely) by Barracuda. "Pay
> us money if you want mail to get through to our customers; we'll
> blacklist you arbitrarily otherwise." How can this possibly be legal
> under US racketeering laws?


I'm not defending Barracuda specifically, as I have long believed them
to be an opportunistic, ethics-free, low-quality organization selling
overpriced garbage to people too desperately clueless to know better...

However, even carelessly run blacklists of IPs for email have been
protected in US courts by 2 things:

1. Blacklist operators are not doing any actual blocking, their users
are. Senders on "collateral damage" IPs are free to appeal to the actual
sites rejecting their mail for exceptions and any
competently-administered site will be able to do so. Any DNSBL operator
is akin to a movie reviewer: they don't directly control anyone's
behavior, they merely influence those who choose to pay them heed.

2. Virtually every US law explicitly touching Internet filtering (COPPA,
COPPA2, CAN-SPAM, etc.) has included some "safe haven" provision for
those implementing and using filtering tools in good faith. The
interpretation of what constitutes "good faith" has been extremely
broad, essentially meaning that if Barracuda has a theory that listing
innocents in the vicinity of spammers helps avoid future spam, they
don't need to actually have evidence of its validity or weight any
tangible damage against theoretical benefit.

The flipside of this de facto immunity is that you are free to point out
to those who reject your mail due to Barracuda's shoddy advice that
Barracuda gives shoddy advice for which they do not deserve much
attention or any money.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sunday 21 June 2015 at 19:23:58 (EU time), Reindl Harald wrote:

> spammers don't invest money, never

Ah, my bad understanding - I followed the link you posted earlier
http://www.spamhaus.org/faq/section/Glossary#233 which pointed me to
http://www.spamhaus.org/news/article/641?article=641 which contains the quote
from a spam enabling entity:

"$70,875/month gets you 9 class C's spread across at least 5 providers with
bandwidth for 8 Millions HTML emails per day per class C. Network blocks
(class C's) will be replaced after at least 60 days if they are blocked.
Network Blocks may be replaced solely in the event such Network Block has been
blacklisted by SpamHaus."

That looked to me like the spammers were paying for the IP address ranges
which we were discussing being blocked.


Regards,


Antony.

--
It is also possible that putting the birds in a laboratory setting
inadvertently renders them relatively incompetent.

- Daniel C Dennett

Please reply to the list;
please *don't* CC me.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 21.06.2015 um 20:52 schrieb Antony Stone:
> On Sunday 21 June 2015 at 19:23:58 (EU time), Reindl Harald wrote:
>
>> spammers don't invest money, never
>
> Ah, my bad understanding - I followed the link you posted earlier
> http://www.spamhaus.org/faq/section/Glossary#233 which pointed me to
> http://www.spamhaus.org/news/article/641?article=641 which contains the quote
> from a spam enabling entity:
>
> "$70,875/month gets you 9 class C's spread across at least 5 providers with
> bandwidth for 8 Millions HTML emails per day per class C. Network blocks
> (class C's) will be replaced after at least 60 days if they are blocked.
> Network Blocks may be replaced solely in the event such Network Block has been
> blacklisted by SpamHaus."
>
> That looked to me like the spammers were paying for the IP address ranges
> which we were discussing being blocked

that's why spammers mostly use hijacked servers or enduser machines like
on ore most likely more IP's in the /24 network of the thread starter,
he is just a victim of another fool not are about security updates on
his webservers if you follow the thread
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sun, 21 Jun 2015 19:23:58 +0200
Reindl Harald <h.reindl@thelounge.net> wrote:

> spammers don't invest money, never

Of course not. They pay using a stolen credit card.

I don't approve of Barracuda's behaviour. If they're blocking
/24s because of some bad machines, you should not have to pay for
delisting one IP. If they can prove that your specific IP was responsible
for a spam run, then it's legit to charge for delisting, but not
otherwise.

I also don't approve of blocking entire networks for one or a few
bad IPs. People who use DNSBLs that have those policies simply lack
decent spam filters, so they take a scorched-earth approach.

Regards,

Dianne.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll <dfs@roaringpenguin.com> wrote:
> you should not have to pay for delisting one IP.

and with BN you are NOT paying for a delisting. You are paying for
the upfront ID validation and verification process that goes into
fast-tracking your email flow. If you don't want that fine, don't
pay it.

-Jim P.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 21.06.2015 um 22:22 schrieb Dianne Skoll:
> On Sun, 21 Jun 2015 19:23:58 +0200
> Reindl Harald <h.reindl@thelounge.net> wrote:
>
>> spammers don't invest money, never
>
> Of course not. They pay using a stolen credit card.
>
> I don't approve of Barracuda's behaviour. If they're blocking
> /24s because of some bad machines, you should not have to pay for
> delisting one IP. If they can prove that your specific IP was responsible
> for a spam run, then it's legit to charge for delisting, but not
> otherwise.
>
> I also don't approve of blocking entire networks for one or a few
> bad IPs. People who use DNSBLs that have those policies simply lack
> decent spam filters, so they take a scorched-earth approach

agreed - at least partly - it's hard to say from outside how much "few
bad IPs" really did send junk and on the other hand there are RBL
operators which list whole /24 networks just because the operator don#t
like a single person which writes mails to mailing lists by hand and
with his full name......

Barracuda is far way from beeing perfect, otherwise i would not have
spent many hundret hours of my lifetime to build up a replacemnt and
maintain it, but what they don#t do is list something without any reason
just to make money
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sun, 21 Jun 2015 16:26:54 -0400
Jim Popovitch <jimpop@gmail.com> wrote:

> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
> > you should not have to pay for delisting one IP.
> and with BN you are NOT paying for a delisting.

You are splitting hairs. Essentially, you are paying for delisting.

We run our own set of DNSBLs and we delist anyone who requests
delisting for free. That's how it should be done.

Regards,

Dianne.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 21.06.2015 um 22:52 schrieb Dianne Skoll:
> On Sun, 21 Jun 2015 16:26:54 -0400
> Jim Popovitch <jimpop@gmail.com> wrote:
>
>> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
>>> you should not have to pay for delisting one IP.
>> and with BN you are NOT paying for a delisting.
>
> You are splitting hairs. Essentially, you are paying for delisting.
>
> We run our own set of DNSBLs and we delist anyone who requests
> delisting for free. That's how it should be done

the question is *how* is that de-listing managed and how do you manage
"i will take care in the future" and if that's not true because
de-listing is just a click how easy is it for spammers to not realy care

in fact if someone had a hacked server that's bad luck, but if someone
sends spam by intention and need to spend money to get his IP's
de-listed there is a barrier because send spam is no longer a business model
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
On Sun, Jun 21, 2015 at 4:52 PM, Dianne Skoll <dfs@roaringpenguin.com> wrote:
> On Sun, 21 Jun 2015 16:26:54 -0400
> Jim Popovitch <jimpop@gmail.com> wrote:
>
>> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
>> > you should not have to pay for delisting one IP.
>> and with BN you are NOT paying for a delisting.
>
> You are splitting hairs. Essentially, you are paying for delisting.

/sigh

I'm not splitting hairs, you are redefining "delisting". Go read the
first sentence on emailreg.org and learn something about them.

-Jim P.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
EmailReg.org operates a whitelist, so you pay to get listed there. The site doesn't say much at all about what sort of verification or later delisting for spam they might do.

However, they are promoted directly on the "Sorry, your email was blocked" page for Barracuda Reputation, and the page explicitly says that if you register at EmailReg.org then you'll bypass the BRBL.

There is a murky relationship between Barracuda and EmailReg. It's awfully suspicious that signing up on whitelist X clears you from "unrelated" blacklist Y.

So, it may not be "paying to delist one IP" in framing, but in action it seems to be pretty darn close to that...

--Jered


----- On Jun 21, 2015, at 5:43 PM, Jim Popovitch jimpop@gmail.com wrote:

> On Sun, Jun 21, 2015 at 4:52 PM, Dianne Skoll <dfs@roaringpenguin.com> wrote:
>> On Sun, 21 Jun 2015 16:26:54 -0400
>> Jim Popovitch <jimpop@gmail.com> wrote:
>>
>>> On Sun, Jun 21, 2015 at 4:22 PM, Dianne Skoll
>>> > you should not have to pay for delisting one IP.
>>> and with BN you are NOT paying for a delisting.
>>
>> You are splitting hairs. Essentially, you are paying for delisting.
>
> /sigh
>
> I'm not splitting hairs, you are redefining "delisting". Go read the
> first sentence on emailreg.org and learn something about them.
>
> -Jim P.
Re: Barracuda / EmailReg.org protection racket? (OT, but help?) [ In reply to ]
Am 21.06.2015 um 23:50 schrieb Jered Floyd:
> There is a murky relationship between Barracuda and EmailReg. It's awfully suspicious that signing up on whitelist X clears you from "unrelated" blacklist Y.
>
> So, it may not be "paying to delist one IP" in framing, but in action it seems to be pretty darn close to that...

no, it is not

if somebody thinks he has a free ride for spam he will be removed from
EmailReg as fast as lightning - that said from a BN customers from 2005
until 2014/08 and aware all of bullshit BN do the last few years after
2013-11 (In November 2013, Barracuda Networks went public on the New
York Stock Exchange under the ticker symbol CUDA)

1 2  View All