Opt In Lyris Listserv being blocked

[HL7Webmaster]

Our Lyris listserv seems to be ending up on the blocked list. Here is the informaiton provided by the SpamCop lookup:

152.160.212.236 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 16 hours.

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

-------------------------------------------------------------------------------------------

We've been listed on multiple spam websites in the past, some of which offer evidence of the reason. Here's one from the surriel.com website:

From lyris-noreply[at]lists.hl7.org Fri Sep 12 19:44:46 2008 
Delivery-date: Fri, 12 Sep 2008 19:44:46 -0400 
Received: from [152.160.212.236] (helo=lists.amg-hq.org) 
by mail.victim.example with smtp (Exim 4.63) 
(envelope-from <lyris-noreply[at]lists.hl7.org>) 
id 1KeIJi-0002ii-PJ 
for victim[at]smtp.example; Fri, 12 Sep 2008 19:44:46 -0400 
From: "Lyris ListManager" <lyris-noreply[at]lists.hl7.org> 
Reply-To: "Lyris ListManager" <lyris-noreply[at]lists.hl7.org> 
To: victim[at]smtp.example 
Subject: re: your email message 
Date: Fri, 12 Sep 2008 19:50:30 -0400 

The following lines in your email message did not appear to be 
Lyris ListManager commands and were skipped: 

> unsubscribe confirm 
>  -> You did not specify a valid mailing list name to unsubscribe from. 

This email message is simply a notification of how Lyris ListManager understood 
your email message.  If you want to resend your commands, send 
them to lyris[at]lists.hl7.org 

-------------------------------------------------------------------------------------------

Can anyone help me with preventing this in the future? It looks to be a case of autoresponders triggering it, but I can't tell for sure since SpamCop doesn't show evidence. We've sent a request regarding it, but I haven't heard anything yet. I'm hesitant to just turn off the auto responders, they are helpful for the people that don't realize they are not on the list and can't send, or those that need to unsubscribe need to speciy the list name.

[StevenUnderwood]

Well, I just checked and there are no human reports against your IP address. If the entire list is truely opt-in (i.e. you do not add addresses any other way) then someone has signed up for your mailing list using one of SpamCop's spamtrap addresses, probably trying to get you in trouble.

If you are using a confirmation system, you should not have to worry about it and possibly look through your recent subscriptions for unconfirmed subscriptions to get more evidence about where it came from. If you do not do a confirmation loop, the address could be on your list and you will hit the spamtrap each time the list is used which is more trouble. You should contact the deputies[at]admin.spamcop.net address or there are other contact methods in the FAQ.

BTW, you are NOT currently listed.

[SpamCopAdmin]

The ListManager is sending rejection notices to the forged return address on spam and the emails are hitting our traps.

Spammers don't care if the ListManager didn't accept the email, and your users should already know that the lists won't accept posts from non-subscribers. You should turn off the autoresponders.

If you're sending mail to our traps every day, I'll bet that you're sending a hundred times that amount to other innocent victims of spammer forgery.

Here are a couple examples of the traffic:

Sorry, but Lyris ListManager did not find your email address

-> "forged return address"

listed as a member of media.

Only members of media are allowed to contribute messages.

Because Lyris ListManager could not confirm that you are a member of media,

your message was not accepted.

****************************

Sorry, but Lyris ListManager did not find your email address

-> "forged return address"

listed as a member of nucc.

Only members of nucc are allowed to contribute messages.

Because Lyris ListManager could not confirm that you are a member of nucc,

your message was not accepted.

- Don D'Minion - SpamCop Admin -

.

[HL7Webmaster]

StevenUnderwood: Thanks, we're not listed anymore because we've been requested to be removed, however this has happened twice in one week, so we are worried despite our opt-in requirements.

SpamCopAdmin: So are those samples actual evidence that was reported as spam, or was sent as replied to spam traps coming from our system? Can you confirm that those autoresponders are the reason for the spam flag? I want to make sure that if we push that change through that we aren't be blocked for some other reason. Is there any evidence of actual messages (non-autoresponder messages) that are being sent from the server? I understand if you are unable to determine that, I just want to make sure that the messages being sent purposefully are not being marked as spam as well, or that there is some issue with people marking our messages as spam, or something else.

Unfortunately, due the opt-in requirements, people don't realize or remember which lists they are subscribed to and often send to lists that they are not subscribed. That automatic message is the only way they realize they've made a mistake. I suppose it is a trade off.

Thanks for the help so far!

[SpamCopAdmin]

Can you confirm that those autoresponders are the reason for the spam flag?

Yes. The ListManager is sending responses to spam coming in with forged return addresses. There is no legitimate email hitting our traps. No users are reporting by mistake, which is actually very rare.

Unfortunately, due the opt-in requirements,

I assume by "opt-in" you mean "double opt-in" or "confirmed opt-in" where the new subscriber has to verify his address before being added to the list.

If that is the case, then it would be impossible to subscribe one of our secret trap addresses, even if somebody knew one, because the confirmation challenge would come to our trap and be automatically reported as spam.

people don't realize or remember which lists they are subscribed to and often send to lists that they are not subscribed. That automatic message is the only way they realize they've made a mistake.

Send the non-subscriber mail to the list owner. Let him decide which mail is from hapless users who need help and which mail is spam that needs to be deleted.

- Don D'Minion - SpamCop Admin -

.

[Derek T]

Unfortunately, due the opt-in requirements, people don't realize or remember which lists they are subscribed to and often send to lists that they are not subscribed. That automatic message is the only way they realize they've made a mistake. I suppose it is a trade off.

The solution is simple: reject the mail with a 5xx code during the SMTP transaction. DON'T under any circumstances generate a new mail to the (always) forged 'From:' field. Now everyone is happy and you stay off the blacklists.

[HL7Webmaster]

I assume by "opt-in" you mean "double opt-in" or "confirmed opt-in" where the new subscriber has to verify his address before being added to the list.

Correct, it is a double/confirmed opt-in. There is a form, followed by an email confirmation link, which then requires an image challenge.

Send the non-subscriber mail to the list owner. Let him decide which mail is from hapless users who need help and which mail is spam that needs to be deleted.

We're a volunteer organization with a large membership and a small number of people to manage them. So that just won't work.

The solution is simple: reject the mail with a 5xx code during the SMTP transaction. DON'T under any circumstances generate a new mail to the (always) forged 'From:' field. Now everyone is happy and you stay off the blacklists.

Do you know how I can do this within Lyris? The emails are being sent through that, not exchange, and I'm not familiar with that as being an option. I suppose it could be custom scripted in TCL or something, but I really don't want to put any custom code between it and the mail if we can avoid it.

Does anyone know how to disable the autoresponders in Lyris? I can't find it on the web or in the help files.

Yes. The ListManager is sending responses to spam coming in with forged return addresses. There is no legitimate email hitting our traps. No users are reporting by mistake, which is actually very rare.

Thanks for the info by the way!

[StevenUnderwood]

I don't thing 500 range errors during the connection will work very well because the addresses are valid, it is just that the particular sender does not have access to the particular list. It would be possible to filter out any IP addresses on specific blocklists from reaching the inbox at all. The SpamCop list used to be better at that before the wide use of botnets.

[michaelanglo]

I don't thing 500 range errors during the connection will work very well because the addresses are valid, it is just that the particular sender does not have access to the particular list. [...]

At least one mailing list server does do it that way

==

The following message to <baen-munged AAT bar.baen.com> was undeliverable.

The reason for the problem:

5.1.0 - Unknown address error 501-'Only subscribers can post messages to this list - send a message to baen-munged-subscribe AAT bar.baen.com to subscribe'

== {53 diffferent mailing lists IIRC}

Same if the only mail accepted was if the "From" was whitelisted.

Choose To Refuse (CTR) "This telephone subscriber is not accepting calls from you"