spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Gregory <cgreg...@hwcn.org>
Subject Re: semi-legit senders in DNSWL and habeas - a hard problem
Date Wed, 06 Jan 2010 15:11:38 GMT
On Tue, 5 Jan 2010, Greg Troxel wrote:
: Thanks.  A link like "report spam" in the top bar, alongside "marketers
: and senders" would help.  That should link to a page that gives an email
: address where one can forward the full offending message, and a way to
: lookup IP addresses to see if they are still in the database, like other
: DNSBLS.

I agree with both these ideas. The DNSBL lookup could actually be a 'front 
end' to the mechanism, so that people don't send a report if an IP has 
already been removed from the whitelist(s). Saves time dealing with old 
problems....

: The 'report spam' link should be blindingly obvious.

This needs empahsizing. The people who use it will not be customers 
familiar with (and willing to navigate) the whole site. If I find that 
returnpath is a problem, it will be quicker and easier to disable the 
whitelist rather than fight my way through those forms, so its in 
returnpath's own interest to make it easy...

: On the real issue, I find it hard to believe I'm the first one to
: complain about linkedin invitation spam.  Is this really true?

Possibly. Most people accept that this sort of abuse is not a fault WITH 
'linkedin', but merely abuse OF 'linkedin' and so they send their abuse 
report to linkedin directly.

: Is my supposition that there is some sort of bulk invitation process 
: correct? Do your whitelist membership criteria permit this kind of 
: misbehavior?

It certainly should not! Any service capable of permitting the submission 
of 'mailing lists' and their use for a 'sneaky' custom e-mail, by FREE
accounts should NEVER be whitelisted, or you are just inviting abuse of 
the mechanism by eager spammers who want the negative score.

: in which case it's wrong to list linkedin, as the postgis-devel
: mailinglist surely did not agree to get invitations.

Actually, what should really happen, and I'm hoping the guys at returnpath 
are listening:

Ask 'linkedin' to setup their servers so that 'invites' are sent by a 
dedicated IP address that is NOT used for any other regular meil. Then 
REMOVE that IP (or range) from the whitelist, so that it does not gain the 
same benefits as personal mail sent from one 'linkedin' member to another.
You still have 'linkedin' as a customer, and their whitelisting is 
meaningful.

- Charles


Mime
View raw message