On Tue, 05 Jan 2010 12:10:28 -0500 Greg Troxel <g...@ir.bbn.com> wrote:
> > I've recently gotten multiple spams from linkedin. (I don't consider > invitations from people I dimly have heard of spam.) These are > typically invitations that are sent to mailinglists, and occasionally > invitationos from people that I have never ever heard of. > > I believe what is going on is that there is some way for people to > upload an entire addressbook and then bulk-spam all those addresses > with invitations. > > The problem is that linkedin is getting adjusted scores due to > > RCVD_IN_DNSWL_MED > HABEAS_ACCREDITED_SOI > RCVD_IN_BSP_TRUSTED > > Here is an example (I have the postgis mailinglist in > trusted_networks): > > http://www.lexort.com/spam/spam-linkedin.out.txt > > At least for my scores, the +2 points for HABEAS and BSP > counterbalance the dnswl. > > I have sent mail to ab...@linkedin.com, but have never gotten any > response. > > I complained to dnswl, and that got linkedin.com moved to MED from HI > (thanks!), but I think MED is still excessive. > > Once again I went to returnpath and senderscorecertified's web pages, > and found no link to an email address to report being spammed by one > of their customers. Can anyone from returnpath explain why this > glaring problem hasn't been fixed, or better yet fix it? And also > remove linkedin as a certified address, because they are spamming? > > This is a general problem, more than linkedin - this has happened with > twitter and faceboook as well. > > The problem seems to have multiple related components: > > linkedin is a spam source because they off bulk inviting > > whitelists list them because some of their mail is legitimate > > SA gives negative points to whitelists where most of the hosts on > the whitelist don't send spam, and those that do send some ham > > Clearly some things that should happen are: > > dnswl should drop linkedin, because it doesn't meet "Extremely rare > spam occurrences, corrected promptly." because 1) this keeps > happening because the structural problem has not been addressed and > 2) there is no functioning ab...@. I don't think linkedin belongs > even in LOW, but it's fair to be in NONE (legit server, also sends > spam). > > returnpath should drop linkedin, because they send spam and the > mails I referenced above clearly do not meet any definition of opt in > > But it's hard for SA to cause these changes. dnswl clearly has value, > and perhaps part of the difficulty is that it gets used for two > reasons: not blocking connections or greylisting at the MTA level, > and spam filtering. It's certainly reasonable for linkedin to be in > a "don't outright block" list, but not for it to get a pass from > filtering given the spam that comes out of it. > > Does anyone have any ideas of what else might help? #ADD TO THE END OF local.cf at your own risk score RCVD_IN_BSP_TRUSTED 0 4.3 0 4.3 score RCVD_IN_SSC_TRUSTED_COI 0 3.7 0 3.7 score HABEAS_ACCREDITED_COI 0 8.0 0 8.0 score HABEAS_ACCREDITED_SOI 0 4.3 0 4.3 score HABEAS_CHECKED 0 0.2 0 0.2 score RCVD_IN_DNSWL_LOW 0 1 0 1 score RCVD_IN_DNSWL_MED 0 4 0 4 score RCVD_IN_DNSWL_HI 0 8 0 8 score RCVD_IN_IADB_VOUCHED 0 2.2 0 2.2 score RCVD_IN_IADB_DOPTIN 0 4 0 4 score RCVD_IN_IADB_ML_DOPTIN 0 6 0 6 score HASHCASH_20 0.500 score HASHCASH_21 0.700 score HASHCASH_22 1.000 score HASHCASH_23 2.000 score HASHCASH_24 3.000 score HASHCASH_25 4.000 score HASHCASH_HIGH 5.000
