I think it's very situational. But Spamhaus seems to imply that it's
currently relevant, not just a one time mistake. It could be more than
just poor list hygiene. Well intentioned people creating systems that
are abused by spammers is something I come across daily. I'll give an
example:
Just today I had a conversation with a customer about how their
Wordpress registration form was being used to send spam. They are not
spammers, their website is not spammy. But when you register, you input
a name and email. Wordpress then sends an email to the address you
entered on their website, and the first sentence in the body of the
email is "Hi {name}" where "{name}" is the name entered into the form.
So, as you probably already guessed, "Hi you can purchase cheap viagra
from bit.ly/spammyurl" (paraphrased example) was the first sentence in
the body of the emails they were sending out.
Just like that Wordpress user had no idea that their systems were
perfectly set up for abuse, the library may have a problem of their own.
On 2024-02-14 17:20, Robert L Mathews via mailop wrote:
I find myself having a difference of opinion with Spamhaus about a
certain type of RBL listing, and I'm wondering what others think.
The situation is that the Reply-To email address of a public library's
"your book is due in five days" reminder system is listed in the
Spamhaus HBL [1], which Spamhaus says is because messages involving
that address are hitting spamtraps.
(That sounds plausible: Maybe some library users don't update their
email addresses, then the library unwisely doesn't remove bouncing
messages to discontinued domain names, and the addresses eventually
get repurposed as spamtraps. Or maybe the library isn't properly
verifying the user-supplied addresses to start with. If people want to
check their own logs, the listed Reply-To email address is
mcpldpubserv at gmail dot com, with an envelope sender of sierranot at
marmot dot org.)
Anyway: One of my customers complained that this listing is causing
SpamAssassin to block their library reminder messages. I "whitelisted"
the address on our end, but in an attempt to be helpful, I also
reported it to Spamhaus as a false positive, because it's affecting
messages that are requested by recipients and transactional.
Spamhaus says they don't remove such listings, though, because by
their definition, it's not a false positive if some of the messages
are reaching spamtraps -- in other words, that addresses sending to
spamtraps are correctly listed as "This email address is used for
malicious activities" in the HBL description solely because of the
spamtraps.
I'm a little surprised by that. The sender is of course engaging in
poor list hygiene, and it's reasonable for an automated RBL process to
initially list an address that is sending to spamtraps. But I've
always thought that trusted RBLs should have a policy of "if it turns
out that a listing is also affecting user-requested, non-malicious,
transactional messages, that's not okay".
Am I off base with that expectation?
(I've also contacted the library, who I have no connection to, but
this has been happening for months, so... <shrug>)
--
Robert L Mathews
Links:
------
[1]
https://docs.spamhaus.com/datasets/docs/source/10-data-type-documentation/datasets/030-datasets.html#hbl
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
