BarackObama.com on the URIBL

[DavidT]

I just peeked at my SC email account's Held mail folder, and much to my surprise, an email message from Barack Obama had been trapped there. It barely reached my SA threshhold, but the deciding factor was this test: URIBL_BLACK

So, I started grabbing the various hostnames included in URIs in the email and looking them up at URIBL.com and lo and behold, I found this:

barackobama.com Listed on URIBL black

The listing seems pretty "fresh" (Mon, 01 Sep 2008 08:57:04 +0000) and the alarm on my crap detector says that it was a malicious submission by some right-winger. So, I've signed up for a membership at URIBL and requested removal of the listing. The request is currently pending, and I'll be interested to see how it's handled.

The email that got caught had a Subject line of "Help Gulf Coast residents and first responders" and was an appeal for donations to the Red Cross -- not a political message, but because of some rethuglican's actions (remember Florida!), those emails are probably getting trapped in spam filters all over the country today. :angry:

DT

[rconner]

The listing seems pretty "fresh" (Mon, 01 Sep 2008 08:57:04 +0000) and the alarm on my crap detector says that it was a malicious submission by some right-winger. So, I've signed up for a membership at URIBL and requested removal of the listing. The request is currently pending, and I'll be interested to see how it's handled.

So, you can actually get someone listed on URIBL just by submitting one message?

It is indeed the silly season, when crusading would-be public servants demonstrate all the ethics of -- well, of a politician. I am getting e-mail at work from a candidate running in a House race some 250 miles and three states away from where I sit. I've no idea how he got my address (he's in The Other Party anyway), though I have my suspicions. I've already LARTed a couple of these, but they keep coming. I'm pondering whether it is worth a phone call to the campaign HQ for a lecture on spam. Or, maybe a blog entry would be better.

Actually, I'm very surprised that I don't get MORE of this kind of political stuff in my inbox. Maybe all that good e-mail hygiene.

-- rick

[DavidT]

So, you can actually get someone listed on URIBL just by submitting one message?

Dunno. You wouldn't think so, but they don't have a general FAQ page. I might join their email list and see if there's stuff in their list archives about it.

On a related note, I see that there have been some bogus submissions by SpamCop reporting system users against the sending IP from which I received the message in question, as well as hits to the "unsubscribe" URL from the Obama email messages. So, once again, I've got more evidence of sloppy submissions by SpamCop reporting system users....that kind of thing damages the validity of SpamCop. And if Don would like the report ID numbers on the bogus submissions, I'd be happy to supply them.

DT

[DavidT]

UPDATE: The good folks over at URIBL.com have acted upon my "remove" request and BarackObama.com is once again in the clear. Hopefully, they'll whitelist it, to prevent another malicious listing.

DT

[StevenUnderwood]

UPDATE: The good folks over at URIBL.com have acted upon my "remove" request and BarackObama.com is once again in the clear. Hopefully, they'll whitelist it, to prevent another malicious listing.

Looking up http://www.barackobama.com on the parser gives 5 reports, 3 from 9/25 and one each on 9/26 and 9/27. It looks like all 5 of these are seperate messages (different sources or different links or different days). Link for those with access: http://mailsc.spamcop.net/mcgi?action=show...mp;query_type=4

Now I know I have received many DNC emails over the years when I have never requested to be on any such list and reported them all, but I did not receive these. Just because I am a registered democrat from MA does not mean I was their unsolicited messages. These may or may not have been unsolicited messages.

[DavidT]

Looking up http://www.barackobama.com on the parser gives 5 reports

I looked up "http://my.barackobama.com/unsubscribe" and found 18 reports.

Now I know I have received many DNC emails over the years when I have never requested to be on any such list..These may or may not have been unsolicited messages.

Yes, I think you've mentioned that here before. I contend, however, that the Obama campaign did NOT add people to their email lists without their permission and that the reporting is bogus.

Steven, did have you personally received a single unsolicited message from Barack Obama, rather than the "DNC...over the years"? I'm not saying that there has never been a Democrat who did something stupid regarding email subscription practices, but I contend that's not the case here. I've got a bunch of different addresses I've given to various Democratic entities over the years, and I'm NOT getting spammed at those addresses.

DT

[Lking]

Just because I am a registered democrat from MA does not mean I was their unsolicited messages. These may or may not have been unsolicited messages.

Steven I agree. Not to pass judgment on the higher calling of the sender of any peace of email, but unsolicited is unsolicited. If we start giving a pass to any source because we agree with their cause, we open a gray area that makes the hole concept shaky.

Being a registered "rethuglican" if I saw a DNC email I may or may not report the email depending how I felt at that moment.

To keep this from degeneration into a political we/them, I deal the same way with the "Organic Food Newsletter" and some other social issue groups, I have not contacted, and may or may not agree with. The first is the point, the second is not relevant, IMHO.

Lou

[rconner]

Steven I agree. Not to pass judgment on the higher calling of the sender of any peace of email, but unsolicited is unsolicited. If we start giving a pass to any source because we agree with their cause, we open a gray area that makes the hole concept shaky.

I'll sign up to that. People (of all political stripes) often rationalize the worst excesses in the name of saving us from the other guys. That's precisely why we need to write down the rules, and then stick to them. Unsolicited + bulk delivery = toupper(spam). Note that "content" does not appear anywhere in that formula.

-- rick

[Farelf]

... Note that "content" does not appear anywhere in that formula.

Different strokes ... Aussies reading that had best not forget that *our* pollies are protected on their own turf. Not that they (so far) seem to be abusing the priviledge but contributing to getting their mails blocked within Aus when the Aus Ð…pam Act says they're not UCE and thus may be broadcast with impunity might leave a local resident/ISP vulnerable, I should think. Enforcement here anyway is strong on the prosecution of the victims (generally not being as agile as the perpetrators and always more available).

[DavidT]

Aussies reading that had best not forget that *our* pollies are protected on their own turf.

On a similar note, ours are immune to our otherwise effective "Do Not Call" registry of phone numbers not be bothered by solicitations over the phone. I'm not looking forward to the next few months...maybe I'll unplug my primary phone until after November.

And for you Republicans here in the forums, I'm sorry if I offended you with that "pet name" above. It certainly doesn't apply to all members of the GOP -- just to the ones who deserve it. ;-)

In any case, I'm just happy that I was able to improve the deliverability of messages from the Obama campaign. However, in further email discussions with some of the URIBL admins, it turns out that there are some "exploit" issues with the community blogs on the "my.barackobama.com" site, in which malicious people have managed to create accounts and then embed links to trojan downloader sites, perhaps flying under the radar of the site admins.

DT

[Farelf]

On a similar note, ours are immune to our otherwise effective "Do Not Call" registry of phone numbers not be bothered by solicitations over the phone. ...

Same

...I'm not looking forward to the next few months...maybe I'll unplug my primary phone until after November. ...

They generally confine themselves to 'phone surveys here (randomized general population and demographic sampling) but that is mixed in with newspaper opinion polls etc. so it is sometimes hard to tell when it's on behalf of a particular party except when they try to get too cute - such as mispronouncing their own candidate's names then claim the 'underdog' status and sympathy on the basis of the ensuing biased response.

I am not aware of outright vote solicitation by 'phone happening (State election this weekend), that might even be illegal (all sorts of electoral commission rules at various times in the lead up) but I don't think so - but it would certainly be counter-productive if it did occur, little excuse being required to despise a politician. Ours is mostly a warm climate - it saves energy (and time) to despise them all from the outset. It also minimizes disappointment, the cause of so much rioting and sedition amongst more excitable peoples.

... In any case, I'm just happy that I was able to improve the deliverability of messages from the Obama campaign. ...

Good result, regardless of political persuasion, in my book.

... However, in further email discussions with some of the URIBL admins, it turns out that there are some "exploit" issues with the community blogs on the "my.barackobama.com" site, in which malicious people have managed to create accounts and then embed links to trojan downloader sites, perhaps flying under the radar of the site admins.

Seems almost inevitable, in retrospect. May not even have been overly 'political', just normal spammer opportunism (they tend to follow traffic flow of course).

[Lking]

On a similar note, ours are immune to our otherwise effective "Do Not Call" registry of phone numbers not be bothered by solicitations over the phone. I'm not looking forward to the next few months...maybe I'll unplug my primary phone until after November.

Yes, I liked the way politicians excluded non-profits, pollsters and themselves from the Do Not Call restrictions. Personally I particularly dislike when the politicians try to imitate pollsters. You know the question, 'Given X is known to have sex with the dead and Y likes puppies, do you "strongly agree" or "agree" that Y will do a better job?'

And for you Republicans here in the forums, I'm sorry if I offended you with that "pet name" above. It certainly doesn't apply to all members of the GOP -- just to the ones who deserve it. ;-)

No offense taken. Some should need to reapply for membership in the human race.

[DavidT]

I did some additional research on the possibility of spamming from "barackobama.com" and found an extended discussion in "alt.politics.democrats" about an incident of bogus form-based subscriptions described in this article:

Prankster Pollutes Obama’s E-mail List

Someone signed up a lot of anti-spammers (they missed me, however) to mailings, using insulting "names" that then showed up in the "personalization" of the messages. Seems that the Obama campaign's technical folks weren't using confirmed opt-in techniques. A cleanup was done after-the-fact once the abuse was traced, but it took longer than it should have. The Usenet threads about this problem seem to have died away back in March, so the continuing SC reports I pointed out most likely are not due to that incident, but I suppose the possibility exists...only people with access to the actual reports and the reporters would be able to determine for sure. There's only one report in NANAS (back in March) of a spam from the "bluestatedigital" company that broadcasts the "BarackObama.com" emails.

DT

[Miss Betsy]

Myself, if I ever get something from someone who looks legitimate, I prefer to manually alert them to the possibility that their security is possibly lacking (or best practices - however, you want to phrase it).

If I get another one, I would alert the ISP as well. After that, particularly if no response, then I would consider it spam.

Part of the rationale, apart from being helpful, is that too often other people don't consider it spam so it doesn't do any good to report anyway.

Miss Betsy

[turetzsr]

Myself, if I ever get something from someone who looks legitimate, I prefer to manually alert them to the possibility that their security is possibly lacking (or best practices - however, you want to phrase it).

<snip>

...IIUC, the theory behind not "unsubscribing" to e-mail to which you did not subscribe is that doing so confirms that your e-mail address is valid, prompting more spam. Doing what you suggest must be done with care or could accomplish the same bad result. In this case, DT, a highly knowledgeable user, has satisfied himself that the source of the e-mail in question is actually Senator Obama's campaign. I would counsel casual users of e-mail to not try to do what you suggest, here, Miss Betsy, without guidance from a highly knowledgeable person.