 kstuartKen StuartPremium
join:2003-10-15
N California | reply to elvey
Re: [General] Hey SBC Techs, what's with abuse@pacbell.net? I've been watching this situation ever since the first SPAM message was emailed, and frankly there is no reason to think that blocking or reporting sites is going to solve the SPAM problem. First off, it is like the little boy trying to put his finger in a thousand holes in the dam.
Second, there is no sure fire way to identify SPAM or spammers.
For example, SPAM COP site just blocked:
quote:
Subject: November Business Bulletin: Referral Bonus, Monthly Statements, PayPal for Outlook
From: PayPal
Date: 15 Nov 2003 11:22:40 -0000
The PayPal Business Bulletin
PayPal's E-Commerce Newsletter
November 2003
sent only to PayPal members.
The only anti-SPAM solution is whitelists.
--
SBC Yahoo DSL Standard+ - 1220/218 - Sp. 5100 - 8800 ft from CO - Netgear MR814v1 |
|
|
|
 elveySpamassassin
join:2001-02-17
San Francisco, CA
 ·Virgin Mobile Br..
 ·Sipgate VOIP
| Re: [General] Hey SBC Techs, what's with abuse@pac Well, if you think it's ok for PacBell to support spammers, that's your choice.
1)You call it SPAM not spam, which is rude to the folks at Hormel.
2)You say a "SPAM COP" site blocks email? I suggest there's no such thing. There's an antispam site at spamcop.net, but it doesn't block email. If you don't want to use SpamCop's SCBL to filter your own mail, don't. But don't complain if someone else does. It's their right. Perhaps Paypal's newsletter to its members was nevertheless was spam for some members who had not granted PayPal permission to send it.
3)Non-membership in a white list sure isn't a 'sure fire way to identify SPAM or spammers'. |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | I think your on the wrong side of the fence...
1. Hormel is Spam not spam or SPAM....
2. As has been pointed it is difficult to accurately identify spam. Most spammers are smarter than to send directly, they use proxies or spoof their IP and or domain.
As for the PayPal incident, regardless of whether the user signed up for it, many places require you opt out of mailing lists. Again it is hard to say "PayPal sent me an unsolicited email."
We generally only deal with spam from @pacbell.net and @sbcglobal.net customers. Most others have another abuse email.
We have spamguard in place which accurately identifies 85% or more of the spam to your inbox. It filters 100% of mine, but I have very exclusive rules set on it.
We allow you to set complex rule filters, whitelist, meta tags, and other such to filter bulk mail (the politically correct word for spam).
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
kstuartKen StuartPremium
join:2003-10-15
N California | reply to elvey
quote:
1)You call it SPAM not spam, which is rude to the folks at Hormel.
The term "spam" (or "SPAM") for unsolicited email originated as a reference to a Monty Python skit about the canned meat product, so any use of the word could be considered "rude" to the maker of the product, were it not for the fact that sales of the product are undoubtedly much higher due to the constant "advertising" that occurs when the word is used.
quote:
There's an antispam site at spamcop.net, but it doesn't block email. If you don't want to use SpamCop's SCBL to filter your own mail, don't.
My ISP (I have not fully moved email over to SBC) - due to public dissatisfaction with the realities of SPAM - blocks all email identified by a variety of opportunistic and self-important sites like spamcop.net unless the user inquires and finds out that there is an obscure web site where you can disconnect the blocking. The email are still identified by a header and I have setup my email software to route those to a special folder, which is how I knew about the PayPal example - one of many legitimate emails that would be blocked by these services.
quote:
3)Non-membership in a white list sure isn't a 'sure fire way to identify SPAM or spammers'.
I did not say that. I said "The only anti-SPAM solution is whitelists."
Blacklists block most spam and block some legitimate email.
Whitelists block all unsoliticed email and block no legitimate email. This is by definition.
If I install a whitelist program, and I only put the email addresses of my family and friends in the whitelist, then by definition all email from everyone else is "unsolicited".
Then all I have to do is to add addresses to the whitelist, when I signup for accounts with web retailers and other services.
Whitelists correspond to the way human beings do everything.
For example, do you allow anyone into your house, except people who are known troublemakers? No. You only allow a small number of people into your house whom you have identified as someone you want there - either you give them a key (which is equivalent to being on a whitelist), or you let them in when they knock and have a good reason (which is when someone replies to the original "message blocked" notification from the whitelist).
--
SBC Yahoo DSL Standard+ - 1220/218 - Sp. 5100 - 8800 ft from CO - Netgear MR814v1 |
|
 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by kstuart:
Whitelists block all unsoliticed email and block no legitimate email. This is by definition.
Yes, and "by definition" you live in a dreamworld.
Everybody else on the planet has correspondents who change their email address, has long-lost friends ("Is this the Steve Friedl who ...") and - dare I say it? - prospective customers asking if I can recover a hard drive or write a bit of communications software.
Whitelists are great - kinda like Santa Claus.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
elveySpamassassin
join:2001-02-17
San Francisco, CA Reviews:
·Virgin Mobile Br..
·Sipgate VOIP
| reply to elvey
I provided »www.spamhaus.org/sbl/listings.la···bell.net
as evidence.
I note that no one is disputing that evidence.
CCCMTech said "We generally only deal with spam from @pacbell.net and @sbcglobal.net customers."
"Generally" and "deal with" are vague terms. I can say specifically that is false that you terminate your spamming customers. You host hardcore spam gangs responsible for millions of spam per day, according to the above and otehr solid evidence, who ARE "@pacbell.net and @sbcglobal.net customers". Were this not true, I would be putting myself in legal jeopardy by claiming it to be true.
I want to hear from SBC that the entries at »www.spamhaus.org/sbl/listings.la···bell.net are being looked into and will be terminated, and a 'by when' date.
Friedl, thanks for clarifying, old friend! (Well, old respected teacher, anyway... from my Goldman Suachs days).
On Hormel's product: Why your calling spam SPAM is rude: given your claimed uber-expert experience, you should know that Hormel doesn't like it; the topic comes up often. »www.spam.com/ci/ci_in.htm definitively answers this question. If a newbie calls it SPAM, no big deal. You're no newbie, or so you claim, Stuart. But your erroneous understanding of what whitelisting (Definition: »info.astrian.net/jargon/terms/w/···ist.html) is further suggests you are no expert. Challenge Response "CR", which you confuse with "white listing" is something else entirely!. I did not misquote or misrepresent what you said, contrary to your implication, as the record shows. Whitelisting is a useful component of most anti-spam systems, but CR causes both false positives and false negatives (I know from experience) and it is selfish to use and annoys the people you wish to hear from, so while it's fairly effective, and has a fairly low error rate, it's no panacea. I read an oft quoted (paid for by the well-reviewed CR product) report that showed CR to be perfect, but it was run on simulated spam not actually sent by spammers to the test systems. The test harness sent the test system simulated spam (thereby breaking source-based filtering components of the tested systems) and non-spam and responded to the challenges just for the non-spam.
Thanks for confirming that you were mistaken when you said that SpamCop blocks spam. What ISP do you use that blocks spam using the SCBL, contrary to SpamCop's instructions? "SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations."
Back to the main issue: I expect spammers on PacBell's network who are reported to be terminated. I expect PacBell to be particularly responsive when the spammer is in ROKSO. |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | Although I admit I have not looked at the entire SPAMCop list, most of these email complaints are against web hosted customers. Their Bulk mail may or may not have originated from an SBC account. There are address spoofers (sobig is a great example) Many of these are not as simple as "Oh, this was sent from one of our customers, lets TOS him". I don't have any contact with the dept. that handles this directly. I can however send an intercompany request for info, not sure how much info I can get though. Much of this info is CPNI when dealing with specific individuals. I'm not sure as to the legalities of discussing the account status of other individuals in regards to Bulk mail.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by CCCMTech:
Although I admit I have not looked at the entire SPAMCop list, most of these email complaints are against web hosted customers.
This is called "spam support services" - hosting a website that's pimped by spam - and it's one level removed from the actual bulkers. Many ISPs will terminate a customer for running spam support services, and I hope that SBC is one of them.
Now it's possible that a legit site can get spammed by an "affiliate", but the responsible sites act responsibly to terminate the affiliation immediately and deny payments to the spammers. I've seen this work for years, and it's not hard to tell the responsible sites from those that are clearly hiding behind their affiliates.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | In many cases these addresses are spoofed, falsely identified or otherwise mismarked so it is a rather complex issue to investigate. Combined with the fact that this group does not communicate with customers very often or us even. If you have any legit complaints I can question our abuse group. But I don't know what kind of response I'll receive.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by CCCMTech:
In many cases these addresses are spoofed, falsely identified or otherwise mismarked so it is a rather complex issue to investigate.
If I sent tons of spam from a server in Korea (with forged from addresses) that promotes an SBC-hosted website, it shouldn't matter whether the emails themselves had any connection with SBC. Spoofing is irrelevant: there would be no reason for the spam if the website didn't derive the benefits of that spam.
Most of this spam is done using affiliate arrangements: the link I spam you with includes (one way or the other) my referral ID, so I get paid on all the hits generated from my spam. If you make that dry up, then the spammers will go elsewhere.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | So if my "Buy your Viagra" email was sent to you from a Korean connection by a Korean customer who decided to spoof an SBC email, you would blame SBC for the email?
I'm failing to see where the irrelevance is. Almost all spammers do not send from their own email so it is not always cut and dry.
Back to the Korean example, how can we TOS a customer who isn't one of our customers? It may not be against that Korean ISP's TOS...
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | Most SPAM from SBC emails do not link to SBC sites, or SBC-Hosted sites... |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | reply to CCCMTech
said by CCCMTech:
So if my "Buy your Viagra" email was sent to you from a Korean connection by a Korean customer who decided to spoof an SBC email, you would blame SBC for the email?
The spoofing is irrelevant - you have to presume that you'll never find the real sender of the email.
But you know who benefits from the spam. If buy-viagra.com is run by me, and I'm an SBC customer, then it's a pretty easy jump to believe that I had something to do with the spam. You'd go after me as a beneficiary of the spam.
This happens all the time because otherwise people could spam with impugnity through Korea or whatever, and then claim "Well the email never touched SBC, so SBC can't touch me".
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | Let's say your not an SBC Customer and have no tie to it other than the SBC email you used a word list to make, but you do run buy-viagra.com....
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by CCCMTech:
Let's say your not an SBC Customer and have no tie to it other than the SBC email you used a word list to make, but you do run buy-viagra.com....
You mean if buy-viagra.com is my website, but I host it elsewhere, and there was no concrete proof that I had anything to do with the emails?
That's easy: there's nothing you can do. One never uses a "From" address for abuse purposes.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site |
|
CCCMTechPremium,VIP,MVM
join:2002-05-17
Baxter, KY | I know I've received spam from "my email address" knowing I didn't send it...sometimes with a fake IP header such as 192.168.23.245 especially for pornographic spam.
--
Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today? |
|
Fishie
join:2003-01-14
Riverside, CA | reply to CCCMTech
said by CCCMTech:
We generally only deal with spam from @pacbell.net and @sbcglobal.net customers. Most others have another abuse email.
We have spamguard in place which accurately identifies 85% or more of the spam to your inbox. It filters 100% of mine, but I have very exclusive rules set on it.
We allow you to set complex rule filters, whitelist, meta tags, and other such to filter bulk mail (the politically correct word for spam).
I have an @pacbell.net address and I have NEVER given it out to any person or company. I receive 50+ spam emails per day. It got so bad, I had to stop using it. I never set any rules in OE because I don't want to fill up my trash can either. Plus, I am afraid it will filter out emails that I actually want. |
|
 AmeritecTechChange we can believe in, 1922Premium
join:2002-09-06
Houston, TX
kudos:6 | said by Fishie:
said by CCCMTech:
We generally only deal with spam from @pacbell.net and @sbcglobal.net customers. Most others have another abuse email.
We have spamguard in place which accurately identifies 85% or more of the spam to your inbox. It filters 100% of mine, but I have very exclusive rules set on it.
We allow you to set complex rule filters, whitelist, meta tags, and other such to filter bulk mail (the politically correct word for spam).
I have an @pacbell.net address and I have NEVER given it out to any person or company. I receive 50+ spam emails per day. It got so bad, I had to stop using it. I never set any rules in OE because I don't want to fill up my trash can either. Plus, I am afraid it will filter out emails that I actually want.
It was most likely not sold by SBC. If you have a common-type address, spammers can get it using dictionary attacks.
--
Independent thinkers tend to ALWAYS have someone not agreeing with them. It's the non-thinkers that always come in legions." -John Callari |
|
