jeffjustice Posted December 29, 2004 Author Share Posted December 29, 2004 I'm not about to argue with the Deputies, and things change over time ... However, in the FAQ about the BL, I once challenged the word "reputation" ... and the response was that this word was actually the correct one. I believe that this 'discussion' is (at least partially) posted somewhere within this Forum structure .. the word 'reputation' should generate a search return .... 22007[/snapback] I've seen that and when we changed IPs I asked that our reputation points carry over as well. I was told this was not possible. So I sat back and watched the system for a month figuring our rep would start to catch up. It obviously hasn't, but that may be due to the recent spam trap hits. Link to comment Share on other sites More sharing options...
Wazoo Posted December 29, 2004 Share Posted December 29, 2004 I've seen that and when we changed IPs I asked that our reputation points carry over as well. I was told this was not possible. That would go back to the development of such data based on the activities of an IP address, not a Domain. So I sat back and watched the system for a month figuring our rep would start to catch up. It obviously hasn't, but that may be due to the recent spam trap hits. Yes, this current situation has started this IP address with a bit of a hurdle to get back to a 'clean' reputation ... on the other hand, the numbers involved in 'seen' traffic should tip the scales a bit quicker ...??? Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 29, 2004 Share Posted December 29, 2004 Good ideas but it could be hard to implement as the majority of complaints are one person's word against another's. I am not sure that I understand. I thought that since you have the spamcop report (one person's word), you have more information to make a decision on whether this mailing is using unsolicited lists. For instance, I thought, in order to show that the list is confirmed subscription, the owner of the list could come up with a unique token showing that the person did answer a confirmation email. If they can't do that, then they aren't using a confirmed subscription list. Of course, if the content of the email is the confirmation message or some other message which looks obviously like a mistake on the reporter's part, you can question the reporter about whether he was aware he reported this email before you even bother the owner of the list. I don't see how it ever comes down to one person's word against another. Miss Betsy Link to comment Share on other sites More sharing options...
Ellen Posted December 29, 2004 Share Posted December 29, 2004 Internal handoff. System is not compromised. SpamAssassin can be configured to automatically submit reports to SpamCop. So if the message rates higher than a 5.0 it can get reported. http://www.spamcop.net/fom-serve/cache/331.html Agreed, that is the definition of spam after all. 21949[/snapback] This is not an automatically submitted SA spam and if it were there would be no report nor would it count towards the blocklist. That said I am looking at your IP 67.43.151.116. One of the reported emails has a subject line of: SunTrust - Protect your account and looks barely distinguishable from a phish. Is this a real mail? I have no clue; if I had received it I would probably assume it's a phish. In the text mime part there are several pages worth of white space -- why? I have no idea. No links, no text beyond: Copyright =C2=A9 2004 SunTrust Banks, Inc. <many blabk lines> his email was sent to x, by=20 SunTrust Banks, Inc 1st Avenue SunTrust HQ=20 RIchmond, VA 23285 United States=20 If you do not wish to receive future e-mail=20 from SunTrust Banks, Inc, please use the link below. and your standard footer. In the html part there appears to be a link that directs me to a blank page. The visible text indicates https but the actual link doesn't seem to be. In any case were I a suntrust customer I am not sure in this day and age that I would have any faith that this was legit. Continuing thru the reports for this IP -- we have the same people sending to a spamtrap that you an I have discussed previously and some other reports from earlier last week. Link to comment Share on other sites More sharing options...
jeffjustice Posted December 30, 2004 Author Share Posted December 30, 2004 Ellen, Regarding SunTrust. I mentioned in my response to Richard that it was fraud and they were cancelled immediately. What other customer's have you provided spam trap data for? I thought we clarified all issues you sent me via email and if I recall there was only one who you provided details for that hit a trap and I cc'd you on the cancellation notice I sent them. If you wish to provide more examples of email sent from our system hitting a spam trap please provide confirmation they hit a trap (just say yeah, this one hit a trap), date/time, and subject and we will remedy the situation by cancelling accounts. Thanks, Jeff Link to comment Share on other sites More sharing options...
Ellen Posted December 31, 2004 Share Posted December 31, 2004 The point I really meant to make -- and somehow got sidetracked -- was that you seemed to be focusing on the SA thing and I didn't think that was all that relevant. The suntrust thing caught my eye and I wandered off on that. Link to comment Share on other sites More sharing options...
jeffjustice Posted December 31, 2004 Author Share Posted December 31, 2004 Ah ok. Well if SA isn't that relevant do we agree then that the root of our issue has been a couple of customers hitting spam traps? We have rooted out two customers thanks to your help. Can we continue to receive reports of dates/times, subjects, for those that do hit traps? Using harvested email lists is not only a violation of our terms of service but it also falls under the 'aggrevated' offense section of the CAN-spam law (meaning if it is found that the law is violated and it is also found that the addresses were harvested the fines per email triple). I appreciate the discussion we have all had here. Thanks for all the input to help clarify what is going on. Have a Happy New Year! Jeff Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 31, 2004 Share Posted December 31, 2004 Well if SA isn't that relevant do we agree then that the root of our issue has been a couple of customers hitting spam traps? That could be some of it. It could also be some people on those same lists that contain the spamtraps also contain unsolicited addresses of spamcop reporters and are being reported as such. It could also be that someone is reporting messages received at an address that was subscribed by the previous owner of that address. This is where dropping bounced mesages off of actie lists becomes important. It could also be someone reporting traffic that they did agree to accept but either forgot or have changed their mind or is being held by something like spamcops Held Mail. That would be against spamcops reporting rules and punishable by the deputies if reported to them. SpamAssassin really only comes into play if the receiver is using SpamAssassin and reporting on that fact. There are amny reasons for being reported, some valid, some not. Link to comment Share on other sites More sharing options...
Merlyn Posted December 31, 2004 Share Posted December 31, 2004 If you are only counting spamtraps as evidence of a bad list then when does a human complaint come into view? Link to comment Share on other sites More sharing options...
Wazoo Posted December 31, 2004 Share Posted December 31, 2004 SenderBase data today; Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.5 .. 173% Last 30 days .. 4.7 .. 402% Average ........ 4.0 Recalling the "less than 10 user reports" and the previously cpatured high of 609% increase in traffic, I would suggest that yes, spamtrap hits were the largest reasons for the BL listing. Looking at the drop in traffic after dropping two accounts, some might point to the massive size of the server and/or firewall logs could / should have been a clue .. but of course, from this side of the screen, there's no way to know just how these two accounts were pitched at the time they came knocking on your door ... or maybe there was that one question that didn't get asked <g> Link to comment Share on other sites More sharing options...
jeffjustice Posted December 31, 2004 Author Share Posted December 31, 2004 SenderBase data today; Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.5 .. 173% Last 30 days .. 4.7 .. 402% Average ........ 4.0 Recalling the "less than 10 user reports" and the previously cpatured high of 609% increase in traffic, I would suggest that yes, spamtrap hits were the largest reasons for the BL listing. Looking at the drop in traffic after dropping two accounts, some might point to the massive size of the server and/or firewall logs could / should have been a clue .. but of course, from this side of the screen, there's no way to know just how these two accounts were pitched at the time they came knocking on your door ... or maybe there was that one question that didn't get asked <g> 22105[/snapback] Volume decrease is due to the Holidays. There hasn't been a lot of activity this week or last as a result. The accounts we dropped were not that large in terms of volume and our daily average volume is still in line with what we'd consider "normal". Link to comment Share on other sites More sharing options...
jeffjustice Posted December 31, 2004 Author Share Posted December 31, 2004 That could be some of it. It could also be some people on those same lists that contain the spamtraps also contain unsolicited addresses of spamcop reporters and are being reported as such. Possibly. Hard to know though w/o the report details. It could also be that someone is reporting messages received at an address that was subscribed by the previous owner of that address. This is where dropping bounced mesages off of actie lists becomes important. Hard bounces are unsubscribed immediately. This is not only good practice in general but is a requirement for us to stay on the Yahoo, AOL, etc whitelists. It could also be someone reporting traffic that they did agree to accept but either forgot or have changed their mind or is being held by something like spamcops Held Mail. That would be against spamcops reporting rules and punishable by the deputies if reported to them. Interesting to note that the majority of email users define spam as something they initially wanted but then becomes too frequent. I think the number is like 60% of email users quote this as one definition of spam. SpamAssassin really only comes into play if the receiver is using SpamAssassin and reporting on that fact. Agreed, and of the report details I have seen, the majority have had SA scores over 5.0. Link to comment Share on other sites More sharing options...
jeffjustice Posted December 31, 2004 Author Share Posted December 31, 2004 If you are only counting spamtraps as evidence of a bad list then when does a human complaint come into view? 22104[/snapback] That isn't quite my point. We don't only look at traps. Spamtraps are 100% undeniable proof that the list is bad and if I'm notified I can act immediately w/o further investigation. We have cancelled accounts in the past based on "human complaints". It is very obvious when someone has a list they are spamming. Open rates and bounce rates are extremely telling signs coupled with complaints sent to our abuse address etc. Link to comment Share on other sites More sharing options...
Ellen Posted January 1, 2005 Share Posted January 1, 2005 We have rooted out two customers thanks to your help. Can we continue to receive reports of dates/times, subjects, for those that do hit traps? 22101[/snapback] Sure -- you can always write to me at the address in my sig if you have questions which is likely to get a faster response because I only hit the forums once a day and tend to skim which means I may or may not see a post here. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.