Jump to content
Sign in to follow this  
axxx007

Another idiot direction to "Unsubscrie" from the spam

Recommended Posts

I recieved a spam today touting Kings Island/Kings Dominion. I have never been, never will and am not interested. I sure did not "subscribe" to anything from them or their "partners". I promptly reported the spam, here is the report http://members.spamcop.net/mcgi?action=get...rtid=2471399731.

I get a response back from peak-10.com telling me that I should "unsubscibe" from the newsletter. here is a portion of their email to me :

Dear SpamCop User,

We have received your complaint and the offending e-mail. Within the

body of the e-mail, the sender states:=20

This message was sent to EMAIL ADDRESS MUNGED as a

result of your membership on the Kings Island newsletter mailing list

which you signed up for on the Kings Island website

<http://www1.cedarfair.com/kingsisland>

There is clearly marked unsubscribe information at the bottom of the

e-mail. If the offending e-mail has not been deleted, please select the

link and you will be removed from the list. Should unsolicited e-mail

continue from this user, please notify us immediately.

Thank you for alerting us to this issue.

The Peak10 Support Team

Peak 10 Support can be reached day or night.=20

Call 866-PEAK-TEN (866.732.5836) or send an email to support[at]peak10.com.

This message contains information from Peak 10, Inc. which may be

confidential and privileged. If you are not an intended recipient,

please refrain from any disclosure, copying, distribution or use of this

information and note that such actions are prohibited. If you have

received this transmission in error, please notify

administrator[at]peak10.com by e-mail

It was good to read the earlier post about a reare message from an ISP that cares. But the sad truth is that there are too many biased places that either won't do anything about the spam problem or perhaps are even encouraging the problem.

Share this post


Link to post
Share on other sites

I had a similar thing happen a couple weeks ago with 3 of my users getting on some kind of mailing list. I simply replied to the ISP and informed them that the users involved had never subscribed to any kind of list, and that if the spammer could provide any evidence to the contrary (subscription information, and evidence of confirmation of subscription) I would be very surprised.

The ISP contacted their customer regarding that information, and guess what... They didn't have anything like that. Their excuse was that if you googled the email addresses, they showed up in a couple places on the web. This is probably a similar case of a spammer assuming that the knowledge of the existance of an email address constitutes permission to send their garbage to it.

I would definitely recommend following up with their ISP and let them know they are adding addresses that have not subscribed to the list.

Share this post


Link to post
Share on other sites
I recieved a spam today touting Kings Island/Kings Dominion. I have never been, never will and am not interested. I sure did not "subscribe" to anything from them or their "partners". I promptly reported the spam, here is the report

We have that happening here, tool. From messagelabs.com. Here's their comment after I forwarded them the spam:

The messages that you have submitted were originally sent from xxxxxxxxx.

These message are part of a valid mailing list. At the bottom of each message there is an option to unsubscribe from the mailing list

Robert Sheepwash

Support Centre Analyst

Global Client Support Centre

MessageLabs Inc.

I'm guessing that "valid mailing list" means "paid us money to host it".

Share this post


Link to post
Share on other sites
I'm guessing that "valid mailing list" means "paid us money to host it".
Seems like it. Perhaps Mr Sheepwash is merely expressing the opinion that the sender is not vulnerable to prosecution under CAN-spam which is "close enough" to "valid". (sigh)

Share this post


Link to post
Share on other sites

Seems like it. Perhaps Mr Sheepwash is merely expressing the opinion that the sender is not vulnerable to prosecution under CAN-spam which is "close enough" to "valid". (sigh)

Yes, we are stretching the term "valid" dangerously close to its elastic limit.

One of the defecits of CAN spam is the fact that it allows opt-out mailing so long as the mailer meets the other requirements of the law (mainly, providing a remove mechanism and a, er, valid postal address etc.). That sorta knocks the peg out of any kind of legal challenge to spam based on its "unsolictedness."

For many spammers (and their providers), "not against the law" == "ethical," so they don't see a problem. I recall one outfit congratulating the government on setting up the guidelines (via CAN spam) for ethical e-mail marketing, but of course the government didn't touch on the ethics at all, they just told you the minimum you have to do to keep out of federal prison. Not the same thing.

-- rick

Share this post


Link to post
Share on other sites

Doesn't the CANSpam act also require that the subject include ADV in it? which, of course, can be filtered to Trash?

And, the CANSpam act did not address the ability of server admins to block any IP address that sent unsolicited email so that the proper response is that no matter how many unsubscribe notices they include, you are going to take the advice of the FTC and refuse to use the unsubscribe notice since, at least, 40% are bogus and sometimes dangerous. In addition, you are notifying them that their email is unsolicited and that, if they were using best practices, they could identify and remove your email address from their list because they would have a confirmation token if you were so careless as to report it after confirming that you were interested.

It probably would be better to say all of that to Kings Island plus that they have wasted their money using an irresponsible, incompetent mailing list manager (or since it came purportedly from signing up at the website, an incompetent web manager who doesn't know how to manage online subscriptions) and, if you keep receiving unsolicited email from them, you will not only never visit Kings Island, but will recommend to your friends that they never visit them either - with a cc to the mailing list manager. And that, many other email services will start blocking emails from them by content after other people click the 'this is spam' button and so even the ones who are interested in getting unsolicited email from them won't be getting it. Plus the possibility of getting on blocklists for hitting spamtraps. It wouldn't hurt to include their webhost either.

IME, although nothing seems to happen for a long time, eventually, there are enough complaints so that they stop or, at least, they stop - maybe because enough people block them so that there isn't enough response.

This is a time when, IMHO, it is more effective to complain to the entity who has contracted with the mailing list manager than to the mailing list manager.

Miss Betsy

Share this post


Link to post
Share on other sites

It's getting even better. Here's his email from today.

You will need to contact them. Our server are NOT sending the messages. MessageLabs is an internet based security system that relays and scans messages for our clients. Those messages that you are reporting were send by the customer Via our systems. Those messages are part of a mailing list that you CAN unsubscribe from. If you wish to have them stopped but do not want to unsubscribe you can contact them and request that they remove you from the mailing list that they are using.
Did you get that? The spam is NOT coming from his servers ... it's just being relayed through his servers. From one of their clients.

We've been blocking that spam for months now, based off of their domain. But it seems that too many people were doing that so the spammers paid Message Labs to route their spam. We cannot block Message Labs' domain because we still get legitimate email from their other clients.

Is this "bulletproof hosting"?

Share this post


Link to post
Share on other sites
<snip>

Did you get that? The spam is NOT coming from his servers ... it's just being relayed through his servers. From one of their clients.

We've been blocking that spam for months now, based off of their domain. But it seems that too many people were doing that so the spammers paid Message Labs to route their spam. We cannot block Message Labs' domain because we still get legitimate email from their other clients.

<snip>

...Sheesh! I hope you're telling their other clients, those from whom you are getting legitimate e-mail, what a sterling service they're using -- NOT!

Share this post


Link to post
Share on other sites
We have that happening here, tool. From messagelabs.com.

Very odd. http://www.messagelabs.com/ is a mail security vendor, and I can't find any indication that they do remailing for anybody. Couldn't be the same outfit, I suppose. Sounds like a lot of sheep-- er, hogwash.

-- rick

Share this post


Link to post
Share on other sites

Very odd. http://www.messagelabs.com/ is a mail security vendor, and I can't find any indication that they do remailing for anybody. Couldn't be the same outfit, I suppose. Sounds like a lot of sheep-- er, hogwash.

:)

Here are some of the headers. I've washed my info from them, but left their's.

Received: from mail21.messagelabs.com ([62.173.108.19])

by x.x.x with smtp (Exim 4.63)

(envelope-from <x.x[at]ems.euromoneyplc.com>)

id x

Tue, 11 Sep 2007 04:58:54 -0700

X-VirusChecked: Checked

X-Env-Sender: x.x[at]ems.euromoneyplc.com

X-Msg-Ref: server-6.tower-21.messagelabs.com!x!x!x

X-StarScan-Version: 5.5.12.14.2; banners=-,-,-

X-Originating-IP: [146.101.172.6]

Received: (qmail 15447 invoked from network); 11 Sep 2007 11:28:37 -0000

Received: from unknown (HELO mail.euromoneydigital.com) (146.101.172.6)

by server-6.tower-21.messagelabs.com with SMTP; 11 Sep 2007 11:28:37 -0000

Received: from mail pickup service by mail.euromoneydigital.com with Microsoft SMTPSVC;

Tue, 11 Sep 2007 12:38:20 +0100

I know it's "very odd". I would have expected an outfit such as Message Labs to understand these things.

I certainly would not have expected the "it's not from our servers because we're only relaying it" type of response. But I guess that times are tough all over.

Like I said, I've been blocking the euromoney*.* domains for months now. I guess they got tired of it and decided to pay Message Labs for "bulletproof" delivery.

Share this post


Link to post
Share on other sites

Wow, they must be COLOSSALLY slimy if they give these kinds of lame excuses even while being e-mail security experts!

Yep. I didn't think they were at the beginning. But now they're starting to look pretty bad.

Now they're just ignoring our email. My co-worker is on the phone right now to them trying to get someone in management to change it. It's looking more and more like Message Labs is just bulletproof hosting for spammers.

Share this post


Link to post
Share on other sites

Yikes!

I've been talking with messagelabs about our organisation possibly using their services. They called up and and I was going to have discussions with a rep since I was looking at a similar service.

I liked the idea of blocking spam at the gateway but now that I've heard this I'm inclined to steer clear.

Share this post


Link to post
Share on other sites

Yikes!

I've been talking with messagelabs about our organisation possibly using their services. They called up and and I was going to have discussions with a rep since I was looking at a similar service.

I liked the idea of blocking spam at the gateway but now that I've heard this I'm inclined to steer clear.

A possible explanation for all this occurs to me.

A lot of ISPs (like my own) turn to outside services to do their spam filtering, perhaps for outbound mail as well as inbound.

Nothing at all wrong with that, but if the outside service puts its own host names and IP addresses into the header of outgoing mail, it opens itself to claims of delivering spam (i.e., outgoing spams they don't catch). This may be what is happening here.

If I were running one of these services, I'd insist that my customers use some sort of "blind" internal relaying (i.e., get the mail from the user with one MTA, forward it to me via a connection that does not expose my ip or host name, then let me forward it back to another MTA in their domain for delivery).

(As I think about it, this could be the reason why I usually find Received: lines in my incoming mail that point to machines at unrouteable addresses (i.e., the machine at the unrouteable address is actually calling out to the filtering service before passing it on to an MDA for me to pick up).)

As an outside spam filtering service, I would be very reluctant to "tailgate" on to a customer's outgoing MTA and take responsibilitiy for delivery, because it will appear as though any spams I didn't catch (or, indeed, any other kind of abusive mail), came from my own servers. Then, I would be left to stammer such lame (though true) excuses as that given above.

-- rick

Share this post


Link to post
Share on other sites

If I were running one of these services, I'd insist that my customers use some sort of "blind" internal relaying (i.e., get the mail from the user with one MTA, forward it to me via a connection that does not expose my ip or host name, then let me forward it back to another MTA in their domain for delivery).

(As I think about it, this could be the reason why I usually find Received: lines in my incoming mail that point to machines at unrouteable addresses (i.e., the machine at the unrouteable address is actually calling out to the filtering service before passing it on to an MDA for me to pick up).)

As an outside spam filtering service, I would be very reluctant to "tailgate" on to a customer's outgoing MTA and take responsibilitiy for delivery, because it will appear as though any spams I didn't catch (or, indeed, any other kind of abusive mail), came from my own servers. Then, I would be left to stammer such lame (though true) excuses as that given above.

There are so many ways to do this LOGICALLY that I'm amazed that companies like Message Labs have problems.

#1. The way you just described it.

#2. The filtering company sends you a box and updates/admins that box for you. All the mail from your in-house MTA goes through that box and out your IP address with your domain. Nothing indicates that the filtering company has anything to do with the email.

#3. All of your mail is forwarded to the filtering company who maintains an IP address that is linked to your domain (not their domain) and only your domain. This is kind of wasteful with regard to IP addresses, but I don't see that as being as big a problem as spam. It also allows the most flexibility for the clients. They can be anywhere. Even on dynamically allocated addresses. It would take some digging and research to find that your email was handled by the filtering company.

And I'm sure there are more ways of doing it. The only requirements being:

a. All outbound mail has YOUR domain on it and ONLY your domain.

b. Clients from all around the world can subscribe to your service.

c. There is some way to identify a real person that I can call when there is a problem.

d. Nothing your clients do should in any way affect the email classification of other clients. This is a HUGE problem with most services such as this. The dump all their outbound email into a few servers and when one of them gets blacklisted, all mail going out of that server FROM ANY OF THEIR CUSTOMERS is seen as "tainted".

e. Your service needs to be friendly towards greylisting, SPF, Domain Keys, Sender Address Verification and all other popular forms of spam control from the RECIPIENTS' mail servers.

And I want a pony.

Share this post


Link to post
Share on other sites

There are so many ways to do this LOGICALLY that I'm amazed that companies like Message Labs have problems.

So what this calls into question isn't so much ML's honesty as their basic competence to run a mail filter.

I like your name, by the way.

-- rick (conner)

Share this post


Link to post
Share on other sites

So what this calls into question isn't so much ML's honesty as their basic competence to run a mail filter.

I like your name, by the way.

Back at ya! :)

Well, I'm going to have to go with basic incompetence on this. Here's the latest email (please note, the spam HAS stopped and has NOT been seen again).

I have raised this to our Anti spam team and they have notified me that

our client is not sending spam this is just a newsletter that has an

option to not receive this newsletter. Alternatively if this option is

not easily viewable you may contact the sender and have them remove you

from their sending list.

Kind Regards, .

Igor S

I'd like to thank Igor for ending the spam flood, even if he has to repeat what seems to be Message Labs' official position on spam ("If we're being paid, it ain't spam").

"...you may contact the sender..."

Yes, the spam came from a server at Message Labs. Message Labs is the sender.

"...has an option to not receive this..."

Yes, because we all know that we SHOULD click on the "unsubscribe me" links in any email that we don't wish to receive. This will in no way be used by the spammers to confirm legitimate addresses.

"....our client is not sending spam..."

Because spam is that which we do not do.

http://www.rhyolite.com/anti-spam/that-which-we-dont.html

Share this post


Link to post
Share on other sites

I hope you sent your remarks on his email to Igor - including the thank you.

I always say that even the FTC recommends /not/ using unsubscribes in unsolicited emails since only 40% are real.

Miss Betsy

Share this post


Link to post
Share on other sites

Well, once again I am being spammed by Messagelabs.com

Received: from mail174.messagelabs.com ([85.158.138.51])

by x.x.com with smtp (Exim 4.67)

(envelope-from <1.1[at]ems.euromoneyplc.com>)

id 1-1-a

for x[at]x.com; Mon, 22 Oct 2007 03:09:04 -0700

The person receiving the spam this time has been gone since April 2005 so I'm pretty sure that he was not able to double-opt-in.

And the most annoying thing is that it was getting past SpamAssassin because Messagelabs.com is listed in some 3rd party whitelist.

RCVD_IN_DNSWL_MED

http://www.dnswl.org/

Am I the only one who would NEVER trust a 3rd party whitelist? Particularly if you're using any of the Bayes-based systems. It makes me wonder why SpamAssassin included them in their default rule set.

*sigh*

Share this post


Link to post
Share on other sites
RCVD_IN_DNSWL_MED

http://www.dnswl.org/

I'm not a SpamAssassin expert, but how does getting a hit on any SA test at all actually help a message get past the filter? Does this test give you negative points if you hit it? Also, is this a test that the SA authors themselves came up with, or something written by others?

Just wondering.

-- rick

Share this post


Link to post
Share on other sites

I'm not a SpamAssassin expert, but how does getting a hit on any SA test at all actually help a message get past the filter? Does this test give you negative points if you hit it? Also, is this a test that the SA authors themselves came up with, or something written by others?

-- rick

Yes, the test adds a negative number to the score of the mail being parsed.

# DNSWL
score RCVD_IN_DNSWL_LOW 0 -1 0 -1
score RCVD_IN_DNSWL_MED 0 -4 0 -4
score RCVD_IN_DNSWL_HI 0 -8 0 -8

That's in 50_scores.cf which is part of the default ruleset released with SA.

Share this post


Link to post
Share on other sites

Forgive me for the excessively long rant ...

I think that having negative scoring tests is a GOOD idea. Just amassing negative scores will make false positives too common.

But including a 3rd party whitelist? By default. That's just stupid. A spammer could (although not many would take the time) invest a little work in getting onto that whitelist and then slowly corrupt the Bayes-based filtering system of anyone using it. Provided that they also use a Bayesian system.

Since you know you'll have 4 points knocked off of your spam score, keep the spammishness down for the first few messages. They'll be learned by the Bayesian system as "okay". Then you can ratchet up the spam content.

Do this late at night (the messages from MessageLabs.com arrive at 3am my time) and you can have someone's Bayesian filter learning "v1agr4" as legit content by the time they get in at 7am.

Yesterday I received 2 spams for MessageLabs.com.

Today I received 4 spams from them.

And now they're just ignoring my emails to them. A professional message service would not. But a message service selling spam services would.

Igor managed to get me off of their list for a month. But now I'm back on it. And there is no way that those addresses re-signed-up for it.

Looks like I'll have to reject their messages at SMTP time (thanks to Exim4's incredible configuration options). Now, a professional message service would review their reject logs and clean their mailing lists. Anyone want to place bets on whether MessageLabs.com will have removed those names after 6 months of continual 5xx rejection errors?

The reason I find this so incredibly offensive is that it impairs my ability to construct valid blacklists on my local server. I have enough problems with gmail and hotmail and yahoo and so forth. MessageLabs.com is dumping the work and expense of blocking spam onto me just so they can save more of the money the spammers are paying them to send their spam.

Gmail I can accept. They offer a free service. While spammers take advantage of them, they provide a free service to a lot of regular people.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×