elvey
Spamassassin
join:2001-02-17
San Francisco, CA
 ·Pacific Bell - SBC
 ·Comcast
·SONIC.NET
|  [General] Hey SBC Techs, what's with abuse@pacbell.net?
abuse@pacbell.net is completely out to lunch:
Seems like there's no one there. Are you guys in touch with anyone in abuse? I don't expect responses to every email, but I expect spammers to be terminated.
»www.spamhaus.org/sbl/listings.la···bell.net
for example, shows SBC to be part of the problem, not part of the solution.
And Yahoo is also spammer-friendly. |
|
kstuart
Ken Stuart
Premium
join:2003-10-15
N California
| I've been watching this situation ever since the first SPAM message was emailed, and frankly there is no reason to think that blocking or reporting sites is going to solve the SPAM problem. First off, it is like the little boy trying to put his finger in a thousand holes in the dam.
Second, there is no sure fire way to identify SPAM or spammers.
For example, SPAM COP site just blocked:
quote:
Subject: November Business Bulletin: Referral Bonus, Monthly Statements, PayPal for Outlook
From: PayPal
Date: 15 Nov 2003 11:22:40 -0000
The PayPal Business Bulletin
PayPal's E-Commerce Newsletter
November 2003
sent only to PayPal members.
The only anti-SPAM solution is whitelists.
--
SBC Yahoo DSL Standard+ - 1220/218 - Sp. 5100 - 8800 ft from CO - Netgear MR814v1 |
|
elvey
Spamassassin
join:2001-02-17
San Francisco, CA
·Pacific Bell - SBC
·Comcast
·SONIC.NET
| Re: [General] Hey SBC Techs, what's with abuse@pac
Well, if you think it's ok for PacBell to support spammers, that's your choice.
1)You call it SPAM not spam, which is rude to the folks at Hormel.
2)You say a "SPAM COP" site blocks email? I suggest there's no such thing. There's an antispam site at spamcop.net, but it doesn't block email. If you don't want to use SpamCop's SCBL to filter your own mail, don't. But don't complain if someone else does. It's their right. Perhaps Paypal's newsletter to its members was nevertheless was spam for some members who had not granted PayPal permission to send it.
3)Non-membership in a white list sure isn't a 'sure fire way to identify SPAM or spammers'. |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| I think your on the wrong side of the fence...
1. Hormel is Spam not spam or SPAM....
2. As has been pointed it is difficult to accurately identify spam. Most spammers are smarter than to send directly, they use proxies or spoof their IP and or domain.
As for the PayPal incident, regardless of whether the user signed up for it, many places require you opt out of mailing lists. Again it is hard to say "PayPal sent me an unsolicited email."
We generally only deal with spam from @pacbell.net and @sbcglobal.net customers. Most others have another abuse email.
We have spamguard in place which accurately identifies 85% or more of the spam to your inbox. It filters 100% of mine, but I have very exclusive rules set on it.
We allow you to set complex rule filters, whitelist, meta tags, and other such to filter bulk mail (the politically correct word for spam).
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
kstuart
Ken Stuart
Premium
join:2003-10-15
N California
| reply to elvey
quote:
1)You call it SPAM not spam, which is rude to the folks at Hormel.
The term "spam" (or "SPAM") for unsolicited email originated as a reference to a Monty Python skit about the canned meat product, so any use of the word could be considered "rude" to the maker of the product, were it not for the fact that sales of the product are undoubtedly much higher due to the constant "advertising" that occurs when the word is used.
quote:
There's an antispam site at spamcop.net, but it doesn't block email. If you don't want to use SpamCop's SCBL to filter your own mail, don't.
My ISP (I have not fully moved email over to SBC) - due to public dissatisfaction with the realities of SPAM - blocks all email identified by a variety of opportunistic and self-important sites like spamcop.net unless the user inquires and finds out that there is an obscure web site where you can disconnect the blocking. The email are still identified by a header and I have setup my email software to route those to a special folder, which is how I knew about the PayPal example - one of many legitimate emails that would be blocked by these services.
quote:
3)Non-membership in a white list sure isn't a 'sure fire way to identify SPAM or spammers'.
I did not say that. I said "The only anti-SPAM solution is whitelists."
Blacklists block most spam and block some legitimate email.
Whitelists block all unsoliticed email and block no legitimate email. This is by definition.
If I install a whitelist program, and I only put the email addresses of my family and friends in the whitelist, then by definition all email from everyone else is "unsolicited".
Then all I have to do is to add addresses to the whitelist, when I signup for accounts with web retailers and other services.
Whitelists correspond to the way human beings do everything.
For example, do you allow anyone into your house, except people who are known troublemakers? No. You only allow a small number of people into your house whom you have identified as someone you want there - either you give them a key (which is equivalent to being on a whitelist), or you let them in when they knock and have a good reason (which is when someone replies to the original "message blocked" notification from the whitelist).
--
SBC Yahoo DSL Standard+ - 1220/218 - Sp. 5100 - 8800 ft from CO - Netgear MR814v1 |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by kstuart  :
Whitelists block all unsoliticed email and block no legitimate email. This is by definition.
Yes, and "by definition" you live in a dreamworld.
Everybody else on the planet has correspondents who change their email address, has long-lost friends ("Is this the Steve Friedl who ...") and - dare I say it? - prospective customers asking if I can recover a hard drive or write a bit of communications software.
Whitelists are great - kinda like Santa Claus.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
kstuart
Ken Stuart
Premium
join:2003-10-15
N California
| reply to elvey
Re: [General] Hey SBC Techs, what's with abuse@pacbell.net?
You clearly don't know how Whitelist Software works.
It is not just "if you aren't on the list, fawgeddaboudit".
If an address is not on the list, the software sends a message to the address, giving a way to send a valid message to the intended recipient.
Thus any real human person can reach you, but a direct emailing program sending out to 100 million email addresses is not going to be able to deal with the whitelist software's request.
quote:
prospective customers
is a different situation. On the one hand, you don't want to make them have to respond to the whitelist software's email. On the other hand, spam blacklists have often blocked emails from prospective customers. So, there is currently no good solution for business.
--
SBC Yahoo DSL Standard+ - 1220/218 -
Sp. 5100 -
8800 ft from CO - Netgear MR814v1 |
|
elvey
Spamassassin
join:2001-02-17
San Francisco, CA
·Pacific Bell - SBC
·Comcast
·SONIC.NET
| reply to elvey
Re: [General] Hey SBC Techs, what's with abuse@pac
I provided »www.spamhaus.org/sbl/listings.la···bell.net
as evidence.
I note that no one is disputing that evidence.
CCCMTech said "We generally only deal with spam from @pacbell.net and @sbcglobal.net customers."
"Generally" and "deal with" are vague terms. I can say specifically that is false that you terminate your spamming customers. You host hardcore spam gangs responsible for millions of spam per day, according to the above and otehr solid evidence, who ARE "@pacbell.net and @sbcglobal.net customers". Were this not true, I would be putting myself in legal jeopardy by claiming it to be true.
I want to hear from SBC that the entries at »www.spamhaus.org/sbl/listings.la···bell.net are being looked into and will be terminated, and a 'by when' date.
Friedl, thanks for clarifying, old friend! (Well, old respected teacher, anyway... from my Goldman Suachs days).
On Hormel's product: Why your calling spam SPAM is rude: given your claimed uber-expert experience, you should know that Hormel doesn't like it; the topic comes up often. »www.spam.com/ci/ci_in.htm definitively answers this question. If a newbie calls it SPAM, no big deal. You're no newbie, or so you claim, Stuart. But your erroneous understanding of what whitelisting (Definition: »info.astrian.net/jargon/terms/w/···ist.html) is further suggests you are no expert. Challenge Response "CR", which you confuse with "white listing" is something else entirely!. I did not misquote or misrepresent what you said, contrary to your implication, as the record shows. Whitelisting is a useful component of most anti-spam systems, but CR causes both false positives and false negatives (I know from experience) and it is selfish to use and annoys the people you wish to hear from, so while it's fairly effective, and has a fairly low error rate, it's no panacea. I read an oft quoted (paid for by the well-reviewed CR product) report that showed CR to be perfect, but it was run on simulated spam not actually sent by spammers to the test systems. The test harness sent the test system simulated spam (thereby breaking source-based filtering components of the tested systems) and non-spam and responded to the challenges just for the non-spam.
Thanks for confirming that you were mistaken when you said that SpamCop blocks spam. What ISP do you use that blocks spam using the SCBL, contrary to SpamCop's instructions? "SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations."
Back to the main issue: I expect spammers on PacBell's network who are reported to be terminated. I expect PacBell to be particularly responsive when the spammer is in ROKSO. |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| Although I admit I have not looked at the entire SPAMCop list, most of these email complaints are against web hosted customers. Their Bulk mail may or may not have originated from an SBC account. There are address spoofers (sobig is a great example) Many of these are not as simple as "Oh, this was sent from one of our customers, lets TOS him". I don't have any contact with the dept. that handles this directly. I can however send an intercompany request for info, not sure how much info I can get though. Much of this info is CPNI when dealing with specific individuals. I'm not sure as to the legalities of discussing the account status of other individuals in regards to Bulk mail.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by CCCMTech :
Although I admit I have not looked at the entire SPAMCop list, most of these email complaints are against web hosted customers.
This is called "spam support services" - hosting a website that's pimped by spam - and it's one level removed from the actual bulkers. Many ISPs will terminate a customer for running spam support services, and I hope that SBC is one of them.
Now it's possible that a legit site can get spammed by an "affiliate", but the responsible sites act responsibly to terminate the affiliation immediately and deny payments to the spammers. I've seen this work for years, and it's not hard to tell the responsible sites from those that are clearly hiding behind their affiliates.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| In many cases these addresses are spoofed, falsely identified or otherwise mismarked so it is a rather complex issue to investigate. Combined with the fact that this group does not communicate with customers very often or us even. If you have any legit complaints I can question our abuse group. But I don't know what kind of response I'll receive.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by CCCMTech :
In many cases these addresses are spoofed, falsely identified or otherwise mismarked so it is a rather complex issue to investigate.
If I sent tons of spam from a server in Korea (with forged from addresses) that promotes an SBC-hosted website, it shouldn't matter whether the emails themselves had any connection with SBC. Spoofing is irrelevant: there would be no reason for the spam if the website didn't derive the benefits of that spam.
Most of this spam is done using affiliate arrangements: the link I spam you with includes (one way or the other) my referral ID, so I get paid on all the hits generated from my spam. If you make that dry up, then the spammers will go elsewhere.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| So if my "Buy your Viagra" email was sent to you from a Korean connection by a Korean customer who decided to spoof an SBC email, you would blame SBC for the email?
I'm failing to see where the irrelevance is. Almost all spammers do not send from their own email so it is not always cut and dry.
Back to the Korean example, how can we TOS a customer who isn't one of our customers? It may not be against that Korean ISP's TOS...
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA | Most SPAM from SBC emails do not link to SBC sites, or SBC-Hosted sites... |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to CCCMTech
said by CCCMTech :
So if my "Buy your Viagra" email was sent to you from a Korean connection by a Korean customer who decided to spoof an SBC email, you would blame SBC for the email?
The spoofing is irrelevant - you have to presume that you'll never find the real sender of the email.
But you know who benefits from the spam. If buy-viagra.com is run by me, and I'm an SBC customer, then it's a pretty easy jump to believe that I had something to do with the spam. You'd go after me as a beneficiary of the spam.
This happens all the time because otherwise people could spam with impugnity through Korea or whatever, and then claim "Well the email never touched SBC, so SBC can't touch me".
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
kstuart
Ken Stuart
Premium
join:2003-10-15
N California
| reply to elvey
Re: [General] Hey SBC Techs, what's with abuse@pacbell.net?
The page on the Hormel site is interesting, and I will defer to their wishes and use lower case for unsoliticed email.
However, some web page's definition of "whitelist" is just their opinion - a word is defined by use. And more importantly, I was referring to "whitelist software" - which is not just software that implements a whitelist, just as "windows software" is not just software that implements a windowing system.
(I have not seen the use of "challenge response" at all, so excuse me if I ignore that reference altogether.)
The software that I have seen that calls itself "whitelist" software operates as follows:
- User creates a list of accepted email addresses - the whitelist. Example:
fred@yahoo.com,cindy@hotmail.com,sports-talk@yahoogroups.com
- All email from addresses that are not on the list are either put in a separate folder or deleted (user's choice), and an email is sent to the sender stating that to contact this person, they need to perform a human-only action (such as reply to the email after removing some characters according to instructions).
I don't see how such a system can have "false positive" or "false negatives" unless the particular software package happened to have bugs.
The advantage is removal of all unsoliticed email - by definition - and the disadvantage is that humans who have not previously emailed you must send the email a second time.
--
SBC Yahoo DSL Standard+ - 1220/218 - Sp. 5100 - 8800 ft from CO - Netgear MR814v1 |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| reply to Steve
Re: [General] Hey SBC Techs, what's with abuse@pac
Let's say your not an SBC Customer and have no tie to it other than the SBC email you used a word list to make, but you do run buy-viagra.com....
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by CCCMTech :
Let's say your not an SBC Customer and have no tie to it other than the SBC email you used a word list to make, but you do run buy-viagra.com....
You mean if buy-viagra.com is my website, but I host it elsewhere, and there was no concrete proof that I had anything to do with the emails?
That's easy: there's nothing you can do. One never uses a "From" address for abuse purposes.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTech
Premium,VIP,MVM
join:2002-05-17
Pound, VA
| I know I've received spam from "my email address" knowing I didn't send it...sometimes with a fake IP header such as 192.168.23.245 especially for pornographic spam.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
Rossz
join:2002-12-12
Dublin, CA
| reply to elvey
I get virtually no spam on my primary email account. Here's how I keep my mail box clean.
1. I run my own mail server.
2. I use Spam Assassin and have the system configured to scan the email at the MTA and bounce high scoring items then (that means no bounces to a faked return adddress).
3. I refuse all email from China and Korea. Brazil is close to being blocked. I also block listings from spamhaus.org.
4. I munge my email address in all news groups, even the ones that have a rule saying "don't munge your email address" (I tell people who complained to F* off, if they are too stupid to figure out how to unmunge, I don't need to hear from them).
5. When a website (or whatever) requires an email address, I use a disposable one. One of the benefits of running your own mail server is an unlimited supply of email addresses.
The only spam that slips by are the one or two liners that say "get your herbal viagra here". There just isn't enough text for SA to build up a score. Those types of spam almost always come from dynamic ip addresses. The only reason I haven't blocked dynamic addresses is I have one friend who's mail server sits in a dynamic range. When he finally switches to static, the dynamic block will be kicked in. |
|
