Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Request to change rule RCVD_IN_RP_CERTIFIED

 

 

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


michael.scheidell at secnap

Mar 29, 2012, 12:47 PM

Post #1 of 13 (1753 views)
Permalink
Request to change rule RCVD_IN_RP_CERTIFIED

If you go back, I and many others have complained about the 'pay to
spam' rules currently in SpamAssassin.

Some of these, like linked in, are blatant violations of US federal CAN
Spam laws.
Last time I got a spam from linked in, they insisted: (the company that
certified them, and took money to let them spam), insisted:
A) that somehow _I_ was at fault (you must have signed up)
B) that it was my responsibility to unsubscribe (Sorry, you have to sign
up, and agree to their terms, which allow them to spam you, this was the
only way to unsubscribe)

Well, today, at least they have a link in their spam that lets you
unsubscribe without joining linked in. However, they still don't have a
full physical address of the sender in their emails.

This email was sent to an email address used for technical mailing lists
(I am on the development team for FreeBSD/) and, or harvested from a web
site that archives emails (again, either of these is a violation of
federal can spam laws)

Why bring this up? I want SA to disable all these pay to spam rules as
defaults.
I have brought this up with linked in, and the 'spam for hire' company
that sends these, and all I get is the runaround.

if this rule is truly CERTIFIED not to spam, then they had better review
us federal laws, and make this company conform.
<http://pastebin.com/K0r29v6F>
(even pastebin thought this was spam and made me type in chars to prove
I wasn't a robot/zombot)

--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation

* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________


KMcGrail at PCCC

Mar 29, 2012, 3:06 PM

Post #2 of 13 (1717 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 3/29/2012 3:47 PM, Michael Scheidell wrote:
> If you go back, I and many others have complained about the 'pay to
> spam' rules currently in SpamAssassin.
>
> Some of these, like linked in, are blatant violations of US federal
> CAN Spam laws.
> Last time I got a spam from linked in, they insisted: (the company
> that certified them, and took money to let them spam), insisted:
> A) that somehow _I_ was at fault (you must have signed up)
> B) that it was my responsibility to unsubscribe (Sorry, you have to
> sign up, and agree to their terms, which allow them to spam you, this
> was the only way to unsubscribe)
>
> Well, today, at least they have a link in their spam that lets you
> unsubscribe without joining linked in. However, they still don't have
> a full physical address of the sender in their emails.
>
> This email was sent to an email address used for technical mailing
> lists (I am on the development team for FreeBSD/) and, or harvested
> from a web site that archives emails (again, either of these is a
> violation of federal can spam laws)
>
> Why bring this up? I want SA to disable all these pay to spam rules
> as defaults.
> I have brought this up with linked in, and the 'spam for hire' company
> that sends these, and all I get is the runaround.
>
> if this rule is truly CERTIFIED not to spam, then they had better
> review us federal laws, and make this company conform.
> <http://pastebin.com/K0r29v6F>
> (even pastebin thought this was spam and made me type in chars to
> prove I wasn't a robot/zombot)
>

I read your complaint but have some procedural and technical concerns.
Boiling down to the top two points:

A - CANSPAM is of very little concern to the SA project. We use a
vastly different definition of spam than the legal definition.

B - If a rule such as RP_CERTIFIED starts to hit on more ham than spam,
then it becomes primarily a scoring issue

Looking at my personal corpus, I have 1186 HAMs, 0 tagged as spams and 4
spams that slipped past. In otherwords, the rule is clearly a good
indicator of Spam for me.


As a side note, linkedin likely had someone from FreeBSD list use the
email address to invite people. I doubt linkedin actually did it. They
are an easily abused system but I've never seen them actually support spam.

regards,
KAM


lists at hireahit

Mar 29, 2012, 11:26 PM

Post #3 of 13 (1716 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 3/29/2012 3:06 PM, Kevin A. McGrail wrote:
> As a side note, linkedin likely had someone from FreeBSD list use the
> email address to invite people. I doubt linkedin actually did it.
> They are an easily abused system but I've never seen them actually
> support spam.

I'd argue that their inability to offer a functional opt-out is
bordering on spam-support. However, I've never personally encountered
that problem (and I've had a fair amount of success using LinkedIn)

--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


michael.scheidell at secnap

Mar 30, 2012, 3:26 AM

Post #4 of 13 (1711 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 3/29/12 6:06 PM, Kevin A. McGrail wrote:
>
>
> As a side note, linkedin likely had someone from FreeBSD list use the
> email address to invite people. I doubt linkedin actually did it.
> They are an easily abused system but I've never seen them actually
> support spam.

as in 'technically', yes linkedin did (see sender and from headers.) is
in who pushed the button, who loaded the names, no, they didn't. But,
unless they want to identify the user in the From (not the mfrom/sender
which would break spf), they 'sent it', facilitated it being sent,
allowed it to be sent.

or, they allow the sender to forge From headers. (if they didn't send
it, they forged the From headers)

But I am not asking SA to fix linked in, or stop them from spamming (it
was unsolicited, it was commercial. (they want to build up their links,
actual member wants to spam me using linked in).

I want to address the 'easily abused system'.
If linked in has an easily abused system, and RP gets paid to list them,
and the default SA score for RCVD_IN_RP_CERTIFIED is -3.0 points than I
request that until RP stops certifying 'easily abused system(s)' that
the score be lowered.

further, I would like SA to consider, in general, the - scores for all
the 'spam for hire' rules.

If this email would not score high on its own, it would not need -3.0
score. If it gets its score dropped by -3.0 points, not only is
questionable valuable email passed through, but Bayesian keys are added
as if they are 'clean' email.

So, email like this sent from other sources will eventually come in as
'clean', due to Bayesian credits.

I would like to consider tflags for all 'spam for hire' scores be
changed to net nice noautolearn

this way, at least you aren't adding insult to injury.



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation

* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________


michael.scheidell at secnap

Mar 30, 2012, 3:32 AM

Post #5 of 13 (1710 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 3/30/12 2:26 AM, Dave Warren wrote:
> I'd argue that their inability to offer a functional opt-out is
> bordering on spam-support.
months ago, it was non functional (you needed to join, which gave them
permission to spam you in order to opt-out)
they finally (and I hope it was my constant bitching about it) that they
finally STARTED with the 'easy opt-out'.

From a OCD perspective, I might have just dragged them into the 'report
spam' folder (sends to DCC/RAZOR/SPAMCOP) and be done with it if they
had (if they ever do) add the full physical address of the sender (who
is the sender? linkedin? or the guy who loaded up all the @FreeBSD.org
addresses harvested from the developers web site?)

So, no, this isn't an SA issue per say, but I did want to mention that
they look like they finally fixed the easy opt-out. one click, leave
the checkbox, hit 'apply', and they TELL you that you are opted out.

so, they fixed that (still say that if RP gets paid to certify an easily
abused system, then the score should not be -3.0).
and, that score itself is arbitrary, added because its pretty difficult
to qualify a corpus of spammy like emails and decide which ones you
wanted or not.
I am talking about the whole RP/IADB group of rules in general.
Some human being decided on the -3.0 score.


--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation

* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________


KMcGrail at PCCC

Mar 30, 2012, 8:51 AM

Post #6 of 13 (1711 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

> Some human being decided on the -3.0 score.
Yes, and I could argue based on my corpus that -3.0 is not harsh enough
is my basic point.

I agree I'm not looking below the surface of the rules very much,
though. I am simply saying that XYZ rule on my corpus has an extremely
good S/O.

Can anyone add information on this rule from their personal corpora?

regards,
KAM


KMcGrail at PCCC

Mar 30, 2012, 8:52 AM

Post #7 of 13 (1712 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

> I would like to consider tflags for all 'spam for hire' scores be
> changed to net nice noautolearn
>
> this way, at least you aren't adding insult to injury.

Please open a bug but what benefit do you see this having in particular
for the RCVD_IN_RP_CERTIFIED?

regards,
KAM


axb.lists at gmail

Mar 30, 2012, 9:07 AM

Post #8 of 13 (1714 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 03/30/2012 05:52 PM, Kevin A. McGrail wrote:
>
>> I would like to consider tflags for all 'spam for hire' scores be
>> changed to net nice noautolearn
>>
>> this way, at least you aren't adding insult to injury.
>
> Please open a bug but what benefit do you see this having in particular
> for the RCVD_IN_RP_CERTIFIED?
>
> regards,
> KAM

IMO this doesn't rate a bug.
I personally don't approve of what RCVD_IN_RP_CERTIFIED does so I
disabled the rule.

As per default, for most setups RCVD_IN_RP_CERTIFIED works fine.
He who doesn't like it can disable instead of expecting SA to drop it.

Same with other "certification" lookups.


Bowie_Bailey at BUC

Mar 30, 2012, 9:08 AM

Post #9 of 13 (1711 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 3/30/2012 11:51 AM, Kevin A. McGrail wrote:
>> Some human being decided on the -3.0 score.
> Yes, and I could argue based on my corpus that -3.0 is not harsh enough
> is my basic point.
>
> I agree I'm not looking below the surface of the rules very much,
> though. I am simply saying that XYZ rule on my corpus has an extremely
> good S/O.
>
> Can anyone add information on this rule from their personal corpora?

I checked my logs for the last 30 days. RCVD_IN_RP_CERTIFIED hit 505
times, but did not hit a single spam message. There is also not a
single case where it would have changed the ham/spam designation of the
message if it had not hit.

--
Bowie


KMcGrail at PCCC

Mar 30, 2012, 9:29 AM

Post #10 of 13 (1708 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 3/30/2012 12:08 PM, Bowie Bailey wrote:
>
> I checked my logs for the last 30 days. RCVD_IN_RP_CERTIFIED hit 505
> times, but did not hit a single spam message. There is also not a
> single case where it would have changed the ham/spam designation of the
> message if it had not hit.
In other words, a 100% perfect S/O.

For those with issues, I recommend you score it as 0 but otherwise I
need science that debates the rule. Not single jurisdiction legality
debates or broad discussion of how social media works

regards,
KAM


Fortney at CSCConsulting

Mar 31, 2012, 11:25 PM

Post #11 of 13 (1699 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

At 3/30/2012 03:32 AM, Michael Scheidell wrote:
>On 3/30/12 2:26 AM, Dave Warren wrote:
>>I'd argue that their inability to offer a functional opt-out is
>>bordering on spam-support.
>months ago, it was non functional (you needed to join, which gave
>them permission to spam you in order to opt-out)
>they finally (and I hope it was my constant bitching about it) that
>they finally STARTED with the 'easy opt-out'.
>
> From a OCD perspective, I might have just dragged them into the
> 'report spam' folder (sends to DCC/RAZOR/SPAMCOP) and be done with
> it if they had (if they ever do) add the full physical address of
> the sender (who is the sender? linkedin? or the guy who loaded up
> all the @FreeBSD.org addresses harvested from the developers web site?)
>
>So, no, this isn't an SA issue per say, but I did want to mention
>that they look like they finally fixed the easy opt-out. one click,
>leave the checkbox, hit 'apply', and they TELL you that you are opted out.
>
>so, they fixed that (still say that if RP gets paid to certify an
>easily abused system, then the score should not be -3.0).
>and, that score itself is arbitrary, added because its pretty
>difficult to qualify a corpus of spammy like emails and decide which
>ones you wanted or not.
>I am talking about the whole RP/IADB group of rules in general.
>Some human being decided on the -3.0 score.

Michael (et all) -

Please excuse if this perpetuates an OT discussion, but I do not
believe Linked-In has changed anything other than their presentation
of how to submit an op-out request. Their procedures still require
you to give them a log-in with all the opportunities to retrieve
cookies just like they always did. The exception is if you are a
registered user of Linked-In and have their cookies on your computer,
then the 'opt-out' request operates on your registered email address.

If this is confusing, here is a simple example. I am being spammed
by Linked-In at a number of Reflector/List-Serve addresses (the
actual list address). I can only assume they hi-jacked one or more
individual address books in order to obtain the list addresses.
Clicking on their 'easy opt-out' link apparently does not pass the
address to which the spam was sent. Instead, if you are a registered
user with Linked-In identity cookies, the 'opt-out' process will do
(whatever it does) in respect to your email membership and not the
address that is being spammed.

The bottom line is that Linked-In is definitely a source of spam that
you cannot control, and I believe they should be labeled as such
until they fix their procedures for having an address removed.

One list manager's opinion.

- JimF


-------------------------------------------------------------
James T. Fortney, Principal
CSC Consulting Services
E-mail: Fortney [at] CSCConsulting
Snail: P.O. Box 3419
Camarillo, CA 93011-3419
--------------------------------------------------------------


Bowie_Bailey at BUC

Apr 2, 2012, 6:44 AM

Post #12 of 13 (1695 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 4/1/2012 2:25 AM, Fortney, James T - CSCCS wrote:
>
> Michael (et all) -
>
> Please excuse if this perpetuates an OT discussion, but I do not
> believe Linked-In has changed anything other than their presentation
> of how to submit an op-out request. Their procedures still require
> you to give them a log-in with all the opportunities to retrieve
> cookies just like they always did. The exception is if you are a
> registered user of Linked-In and have their cookies on your computer,
> then the 'opt-out' request operates on your registered email address.
>
> If this is confusing, here is a simple example. I am being spammed
> by Linked-In at a number of Reflector/List-Serve addresses (the
> actual list address). I can only assume they hi-jacked one or more
> individual address books in order to obtain the list addresses.
> Clicking on their 'easy opt-out' link apparently does not pass the
> address to which the spam was sent. Instead, if you are a registered
> user with Linked-In identity cookies, the 'opt-out' process will do
> (whatever it does) in respect to your email membership and not the
> address that is being spammed.
>
> The bottom line is that Linked-In is definitely a source of spam that
> you cannot control, and I believe they should be labeled as such
> until they fix their procedures for having an address removed.

Actually, my experience has been the opposite. I used to receive lots
of Linked-In emails and complained to them a few times regarding the
lack of an opt-out. Now that they have added one, it seems to work
normally for me. I do not, and have never had, a Linked-In membership.
When I click the opt-out link, it takes me to a page where, if I
remember correctly, it displays your email address and asks you to click
a button to opt out of further emails. As far as I can tell, it seems
to be working. I have not received any Linked-In emails in quite some
time now.

--
Bowie


michael.scheidell at secnap

Apr 2, 2012, 11:20 AM

Post #13 of 13 (1693 views)
Permalink
Re: Request to change rule RCVD_IN_RP_CERTIFIED [In reply to]

On 4/2/12 9:44 AM, Bowie Bailey wrote:
> Actually, my experience has been the opposite. I used to receive lots
> of Linked-In emails and complained to them a few times regarding the
> lack of an opt-out. Now that they have added one, it seems to work
> normally for me. I do not, and have never had, a Linked-In membership.
> When I click the opt-out link, it takes me to a page where, if I
> remember correctly, it displays your email address and asks you to click
> a button to opt out of further emails. As far as I can tell, it seems
> to be working. I have not received any Linked-In emails in quite some
> time now.
>
correct, both of you.
previously, you needed to sign up, accept their TOS. (which allows them
to spam you),
all OT subjects aside, my issue is the 'sfh' (spam for hire) credits in
SA. and the autolearn tflags.



--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation

* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator

______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.