that’s nice, but useless unless you also take into account the size of the
registrar, IOW the number of domains they registered in the same period.
Neil Schwartzman
Executive Director
Coalition Against Unsolicited Commercial Email
http://cauce.org
Tel : (303) 800-6345
Twitter : @cauce
On
Begin forwarded message:
> From: Brielle Bruns
> Subject: [SDLU List] Some changes at the AHBL
> Date: March 26, 2014 at 11:59:13 AM EDT
>
> Hey All,
>
> So, this has been a long time coming, but figured I'd make the announcement.
>
> I'm winding down the public DNSbl services of the AHBL.
On Mar 5, 2014, at 10:40 PM, Neil Schwartzman wrote:
> Yeah. An abused, and abusive redirector. They only deal with abuse
> Monday-Friday, 9:00-17:00.* They never break links, but put an interstitial
> in between the victim and the payload. Gee thanks.
BTW spamhaus aren’t the only
On Mar 5, 2014, at 9:38 PM, RW wrote:
> On Wed, 05 Mar 2014 08:18:39 -0500
> Joe Quinn wrote:
>
>
>> By the way, I recommend you inform Spamhaus of the FP on bitly.
>
> It's not an FP, Spamhaus lists it as a redirector, which it is. As has
> already been pointed-out it scores 0.001 in SA.
Yea
On Feb 7, 2014, at 6:08 AM, Benny Pedersen wrote:
> On 2014-02-07 01:33, Noel Butler wrote:
>> else we'd have seen a url in one of his posts
>> advertising it, therefore can be considered UCE
>
> agree if its free to download its not spam, i just think its the grey zone
> here
Sorry, no. The
her types of abuse among registrants.
Neil Schwartzman
Executive Director
Coalition Against Unsolicited Commercial Email
http://cauce.org
Tel : (303) 800-6345
Twitter : @cauce
her types of abuse among registrants.
Neil Schwartzman
Executive Director
Coalition Against Unsolicited Commercial Email
http://cauce.org
Tel : (303) 800-6345
Twitter : @cauce
.7.1 Your access to submit messages to
> this e-mail system has been rejected.
> Nov 12 19:52:14 wellington report[1601]: reporter: could not report spam
> to SpamCop
>
> Has something changed in their policy or what has happened?
>
> Any ideas?
>
> --
> jarif.bit
>
mentioned in the youtube video
Neil Schwartzman
Executive Director
Coalition Against unsolicited Commercial Email
Tel :(303) 800-6345
Mob: (415) 361-0069
@cauce
On Oct 29, 2013, at 9:31 AM, David F. Skoll wrote:
> On Mon, 28 Oct 2013 21:42:29 -0400 (EDT)
> "John R. Levine" wrote:
>
>> But outbound filtering is far more useful when it, you know, actually
>> works.
>
> Outbound filtering is far trickier than inbound filtering. Unless you
> really want
On Oct 29, 2013, at 9:19 AM, Benny Pedersen wrote:
> Marc Perkel skrev den 2013-10-28 22:06:
>> Just wondering if any real people are there or if it's totally
>> automated. They have several of our IP addresses listed and delisting
>> doesn't seem to work. We're a spam filtering company (Junk E
you have to sign up for that service, and depending upon how your network is
set up, you may not be able to receive such reports.
I suggest people take a look at all the FBLs at
http://blog.wordtothewise.com/tag/fbls/
as well
Neil Schwartzman
Executive Director
Coalition Against unsolicited
or wait 24 hours for the listing to expire.
that said deput...@spamcop.net works just fine.
Neil Schwartzman
Executive Director
Coalition Against unsolicited Commercial Email
Tel :(303) 800-6345
Mob: (415) 361-0069
@cauce
On Oct 28, 2013, at 3:08 PM, John Levine wrote:
>> Just won
On Oct 17, 2013, at 6:49 AM, Tom Hendrikx wrote:
>
> Basicly the description "Contains an URL listed in the SBL blocklist
> [URIs: example.com]" is false,
incorrect, not false, which implies maliciousness. I believe Spamhaus only
recently, for some value of recently, started doing NS listing
List verification. Many receiving sites will block after X bounces, clean up
your list from 550s, and spam the real thing from another botted IP.
Neil Schwartzman
Executive Director
Coalition Against unsolicited Commercial Email
Tel :(303) 800-6345
Mob: (415) 361-0069
@cauce
On Oct 16
On Sep 2, 2013, at 9:26 AM, Marcus Loxx wrote:
> Hello. My name is Marcus Loxx.
>
> First, please let me know if this is the correct way to post a question.
> Second, the question is more about spam filtering in general than
> SpamAssassin, but I couldn't think of a better place to post it. If
On Aug 29, 2013, at 4:40 AM, RW wrote:
> On Thu, 29 Aug 2013 00:55:29 +0200
> Michael Schaap wrote:
>
>> On 29-Aug-2013 00:30, John Hardin wrote:
>>> On Wed, 28 Aug 2013, Michael Schaap wrote:
>>>
Hi,
I'm getting loads of fake LinkedIn invites, most of which aren't
caught
Alternatively, I pulled fire alarms at Microsoft and it is very possible people
at Spamhaus also spent reacting to your email because of the erroneous
information posted.
So while John may have been slightly impolitic,and fairly rude, he isn't wrong,
and it isn't about ego (in this case). I can
On Aug 9, 2013, at 6:16 AM, Thomas Harold wrote:
> We see a few of these each week, not sure if they are from Russia:
>
> http://pastebin.com/iBmELtSh
Not really that difficult to block.
31.24.139.73
Senderscore of '3'(out of 100)
https://senderscore.org/lookup.php?lookup=31.24.139.73&ipLoo
On Jul 20, 2013, at 12:16 AM, AndreaS Schamanek
wrote:
> Giles Coochey wrote:
>> Is there a current issue with reporting to spamcop?
>
> I had problems, too. Though, in my case I just got a warning message on the
> Spamcop web interface saying that messages sent to me were bouncing with
> "5.1
On Jul 19, 2013, at 10:35 PM, Andrea wrote:
> Hi all.
>
> Since a few days ago I'm being buried under spam messages that slip through
> my amavis/SA setup.
> The messages all look alike: plaintext with random junk + URL in the body.
> Pastebin with a few examples here: http://g2z.me/ed64d
>
>
On Jun 12, 2013, at 3:37 PM, Daniel McDonald
wrote:
> I believe Paypal is DKIM signed,
Sure is. Also DMARCed and SPFed too.
;; QUESTION SECTION:
;paypal.com.IN TXT
;; ANSWER SECTION:
paypal.com. 7 IN TXT "v=spf1
include:pp._spf.paypal.co
Uhm. perhaps some snippets from the maillogs, or examples?
On Jun 12, 2013, at 5:59 AM, polloxx wrote:
> Dear list,
>
> We see massive spamruns since begin june. Are other people also similar runs?
> They fill our maillog. Fortunately most is blocked.
smime.p7s
Description: S/MIME cryptogra
On Jun 10, 2013, at 9:30 PM, Dave Warren wrote:
> I doubt it's "a guy", but it wouldn't surprise me if the botnet that performs
> the dictionary attack forwards the results off to "a guy" to confirm that
> the account works.
no, really, it's a bot. They have tens of millions of compromised a
On May 6, 2013, at 10:39 AM, Matus UHLAR - fantomas wrote:
>> On May 6, 2013, at 9:08 AM, John Hardin wrote:
>>> If there is a working abuse@ address that *isn't being ignored*, they're
>>> compliant.
>
> On 06.05.13 09:55, Neil Schwartzman wrote:
>
heh, i don't think 'don't ignore' is part of the RFC, but yeah.
On May 6, 2013, at 9:08 AM, John Hardin wrote:
> If there is a working abuse@ address that *isn't being ignored*, they're
> compliant.
compliant with RFCs.
There is nothing wrong with having an alternate address, particularly since
abuse@ tends to garner a ton of spam.
Neil Schwartzman
Executive Director
CAUCE - the Coalition Against Unsolicited Commercial Email
Mob: (415) 361-0069
Skype: spamfighter666
SkypeIn: (303) 800-6345
Yeah sorry, I was confused by the subject line which mislead me to think
the point was about whether or not NJABL is still a functioning DNSBL.
Silly me.
--
Neil Schwartzman
Senior Director, Security Strategy
Email Intelligence Group
Return Path Inc.
+1 (303) 999-3217
AIM: returnpathcanuk
http
That would not be correct. NJABL is alive and kicking, and not all of
their zones are replicated at Spamhaus. The XBL provides more than 'just'
CBL + NJABL, BTW.
--
Neil Schwartzman
Senior Director, Security Strategy
Email Intelligence Group
Return Path Inc.
+1 (303) 999-3217
AIM: retur
://www.returnpath.net/blog/received/2010/11/phishing-attack-an-open-letter-to-the-anti-spam-and-mailbox-operator-community/
--
Neil Schwartzman
Senior Director
Security Strategy, Receiver Services
Tel: (303) 999-3217
AIM: returnpathcanuk
http://www.returnpath.net/blog/received/
Help the poor help
Spamhaus has uncovered a fake spam filter company which was pirating and
selling DNSBL data stolen from major anti-spam systems including Spamhaus,
CBL and SURBL, republishing the stolen data under the name "nszones.com".
more: http://www.spamhaus.org/organization/statement.lasso?ref
orks. They have some stringent limitations in how address-book uploads
are undertaken and user accounts deployed.
"the linkedin 'never send me email' has never worked"
If you have verifiable proof of this, feel free to send it to my attention
offlist, and I will have someone h
redirects to
> http://seal.habeas.com/Company_Feedback.php
Nope, not here. I get:
"This page has disappeared
We are sorry, but the page you were looking for can't be found. Don't
worry though, we will help get you to the right place.
When in doubt -- goto the home page:
habeas.com/Company_Feedback.php
> ip: 174.143.89.6
>
> using your marks illegally?
>
> was source in question.
That IP is on the Safe whitelist. Problem?
You can check the status of any IP you wish at http://senderscore.org
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
r:Habeas
> x-habeas-report:Please report use of this mark in spam to
> www.habeas.com/report/
>
>
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
year is obs-year, and "MUST NOT be used" to generate
> messages, but "MUST be honored" "when interpreting messages". Hm.
>
> Is the Expedia server really in Alaska? I think that's the only place
> in timezone -0800 this time of year.
>
d isn't it?
This is a tough row to ho, and I've not gone down this road in a while but
cunillingus is misspelt, potentially leading to the lack of reaction. By
your rules.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
01420
On 17/07/09 4:03 PM, "Neil Schwartzman"
wrote:
> Your assertion that we encountered a block and then switched to a new IP
> netblock is preposterous. We have several ranges and mail streams. You opted
> in and then opted out. OK, in what timeframe? Minutes? Hours? The
ses are broken, we want to know; I¹ve BCCed
our CPO in on this.
Thanks for the heads up.
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
Zero-out our scoring? That is and will always be your right.
Making it a positive spam sign?? Well, if you run a home system with no
users, I suppose no damage done. If you are running SA in front of actual
users at a business installation, I'd think it very brave to incur known
false po
FOLLOW-UP:
A process was hung on one of the 20 hives serving the whitelists and
reported this IP as being listed. We've restarted the process and it is
no longer reporting incorrectly.
On 16/07/09 8:05 AM, "Neil Schwartzman" wrote:
Now, I am aware that we recently change
15 Jul 2009 09:14:24 -0700
> From: "Paul DiFrancesco: Eight Legged Media"
> To: embroid...@x.com
> Subject: Visit with over 25 suppliers
> This is a multi-part message in MIME format.
>
>
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
can¹t imagine why
http://neilschwartzman.com//Neil_Schwartzman/shared/pat6952719.pdf
http://neilschwartzman.com//Neil_Schwartzman/shared/harris-complaint.pdf
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
#x27;m saying they are
> scamming and abusing, as well as spamming.
Ah, our good friends at E Z Publishing. They are an ESP, apparently one of
the clients is being bad.
Please send me a complaint with FULL headers to habeas@abuse.net and
I'll take care of this immediately, as will EZP.
Thanks for the heads up.
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
the directory and your name is not in there? Perhaps there is a
> misspelling or something?
Perhaps you can use this new thing called 'google' they have out, it is way
kewl:
http://www.google.com/search?client=safari&rls=en-us&q=Tara+Natanson+%2B+con
stant+contact&ie=UTF-8&oe=UTF-8
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
ing them out is certainly within
your right. Making them a positive sign given the totality of our client
list would be, in my mind, silly. Unless you enjoy false positives.
--
Neil Schwartzman
Director, Certification Security & Standards
Return Path Inc.
0142002038
a
clue offered as to how to call them from SA.
TIA
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
mailreg.org, and have
some limited input into the BRBL, I believe.
It seems to me there is a greater relationship between emailreg.org and
Barracuda than has been stated, given what appears to be intimate knowledge
of my delisting requests. Can you clarify?
Thanks.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
On 29/05/09 9:32 AM, "Andy Dorman" wrote:
> Neil Schwartzman wrote:
>>
>> Given the huge amount of bumph I've seen and heard about emailreg.org, I
>> figured it would be an interesting experiment to see if what everybody
>> feared was happening was tr
s Please
> take some time to have a check, They must have something you'd like to
> buy.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
ent IP, and there are a raft
of DNSBL operators to back me up on that one. Our clients get listed, I want
to know why, but I never ever ever ask for delistings. Ever. Why would I?
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
ffecting large proportions of a client IP
space, or repeated offenses earns a client a trip to the woodshed, and if
that doesn't get them to correct their errant ways, we invite them to no
longer darken our door.
It isn't worth it to them, nor to us.
--
Neil Schwartzman
Director, Accreditat
Unsubscribe Functionality
FQ rDNS
SPF
DKIM
RFC Role account functionality
CBL
PBL
XBL
DROP
FBL Sign-up
Volume Sufficiency
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
d them in the past 30 days ...
I realize I owe this group a list of things we check. Stand by.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
have been using for 3 years, developed without
public consultation.
Enabled = on the whitelist
Suspended = removed from the whitelist, live in the client account
Disabled = removed from the client account
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Retur
On 28/05/09 10:42 AM, "Karsten Bräckelmann" wrote:
> Yes, every list does have occasional FPs. So your point about those 22
> listings is what exactly?
My point is the 409 false positives. Sorry if I was unclear or obtuse.
--
Neil Schwartzman
Director, Accreditation Secu
8. In some rare cases, your recipients' Barracuda Spam Firewall may be
misconfigured
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
The opinions contained herein are my personal stance and may not reflect the
viewpoint of Return Path Inc.
strike out in wildly new directions.
;-)
Ok seriously, why take a chance? There tends to be coherence between the OED
and American Heritage in terms of definitions. Why try to start a new one
for dead domain?
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
tarbaby.junkemailfilter.com. It will help stop
> spammers at the source.
>
>
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
On 24/04/09 11:44 PM, it was written:
> Most people do not fall for it, but the dumbest ones do fall for it.
This is not a question of intellect, it is a question of the verisimilitude
of the messaging.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
ertified and Safelist whitelists, and we are rolling out DKIM as a
requirement sometime this year.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
"KEYWORD= profanity: bitch;sexual discrimination: bitch"
Sent from: "Neil Schwartzman "
Folder: "SMTP Messages\Inbound"
Location: "psp/TRACYSV05"
On 09/04/09 3:55 PM, "Neil Schwartzman"
wrote:
> On 09/04/09 2:35 PM, "Matus UHLAR - fan
d clarity or rDNS resolution HELO, and so on and
it is something *we* recommend to our certified and safelisted clients
(beyond FQ rDSN which is a requirement), but blocking on something that is
far far far from an industry standard? I'd suggest that is silly at best,
but "do tell us how
On 06/04/09 10:53 AM, "Matus UHLAR - fantomas" wrote:
> On 04.04.09 16:30, Neil Schwartzman wrote:
>> On 04/04/09 4:22 PM, "RobertH" wrote:
>>
>>> 0.2 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
>>> address
>
d, runningtimes.com and runnersworld.com may be "legit").
Consent, not content (well, mostly), mouss. As unlikely as it sounds to you
and me, people *do* sign up for this stuff.
Anyway, quite offtopic to this discussion group.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
ois.arin.net
PaeTec Communications, Inc. PAETECCOMM (NET-209-92-0-0-1)
209.92.0.0 - 209.92.255.255
Rodale Inc. RODALE-430488 (NET-209-92-22-0-1)
209.92.22.0 - 209.92.23.255
# ARIN WHOIS database, last updated 2009-04-03 19:10
-
e's enough senders in the
world who actually do need help, we don't need to create business.
Thanks.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
oks for when specific types of
> rules (whitelist / blacklist or other reputation rules) should be in
> agreement, yet oppose each other?
>
> i realize that it is time sensative on some types of rules yet this is
> reputation based on actual domain name and ip address
Yes pleas
On 26/03/09 10:29 PM, "Matt Kettler" wrote:
> Neil Schwartzman wrote:
>>
>> Say one is using Postfix and needs SA in front of ~15 aliases. How
>> long should this take?
>
> That depends mostly on how you want to integrate SA into postfix.
>
> Instal
Say one is using Postfix and needs SA in front of ~15 aliases. How long
should this take?
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
what would be helpful here is for us to list what we check.
I'll try to post that later in the day.
--
Neil Schwartzman
Director, Accreditation Security & Standards
Certified | Safelist
Return Path Inc.
0142002038
#x27;s about 800 of them.
These are not placating platitudes; again, we take this seriously. Without
our receiving partners, our product becomes valueless. This is a point
recognized and acknowledged all the way to the top of the company, and
unlike Habeas, I do not report to Sales. That's not h
roblems spammers bring. They are both proactive, and
in my opinion, rapidly reactive to problems brought to their attention.
If you spot spam coming off their systems, send it to ab...@ning.com and
copy us in at the address listed on the wiki. We want to hear about it, and
we want to help Ning put
aints, both loud AND
clear.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
s ever happens
again, get the person's name and write to me directly. Using the
purpose-built addresses will go direct to our compliance queue and avoid any
possibility of such nonsense.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
role accounts, ergo the specific addresses for such purposes.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
on call me
> trying to convince me I should pay return path to 'bless' my marketing
> emails.
Which website? Habeas.com? ReturnPath.net? SenderScoreCertified.com?
SenderScore.org?
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
We have created an entry on the Spamassassin wiki
http://wiki.apache.org/spamassassin/ReportingSpam
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
is that we have a proven track-record (BondedSender -> Sender
Score Certified) and so your patience and help during this transition period
is much appreciated.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
79 matches
Mail list logo
