Discussion:
more habeas spam
Greg Troxel
2009-01-06 15:51:57 UTC
Permalink
I have once again been spammed by a habeas-accredited sender. This time
it's also in senderbase, and thus got a whopping -8.6 from those two
combined. Perhaps one rule should be dropped - two rules controlled by
the same organization having additive scores doesn't seem right.

spample and SA output at

http://www.lexort.com/spam/birthday.txt
http://www.lexort.com/spam/birthday.out

I looked at http://www.senderscorecertified.com and was unable to find a
complaint address.

On December 6, I got another spam that was habeas-accredited and
complained

To: ***@returnpath.net, ***@habeas.com

See the "rewards" msg at http://www.lexort.com/spam/. This is pretty
egregious spam, with the usual fraudulent claim that I signed up. I
have heard nothing back and the sender is still accredited, but now as
SOI rather than COI.

In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
why HABEAS_ACCREDITED_SOI still got a negative score, and after posting
in public did get a response from habeas. But my experience has been
that non-public complaints are ignored.

I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
Kai Schaetzl
2009-01-06 18:31:21 UTC
Permalink
Post by Greg Troxel
In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
I read that bug report now and followed the link to the ruleqa. I have a slightly
different twist on that: should rules with such a low hit rate (whatever they hit)
have such high
scores? I mean, just a few hits on the "other side" will "out-balance" such
a rule quickly. Should such a rule be allowed to have such a great influence?
It appears to me that the HABEAS rules are hitting only a very tiny fraction of
mail, many of the nightly mass-checks don't have a hit at all (or is it that those
checks don't contain any network checks?). The aggregated view shows no hits at all
for these rules.
I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
1. I'm wondering why many rules show a score of 0.0
2. do I understand it correctly that a nightly check contains only the spam
received over the last 24 hours?
3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of
ranking according to the hit rate, but I find it hardly understandable that a rule
that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule that
hits almost no messages still scores at half of that. s/o seems to show the
ham/spam ratio cleanliness?)

There's also something wrong with the ruleqa.cgi. When I click a rule to get the
explanation I get a software error at the bottom, for instance:
http://ruleqa.spamassassin.org/20090103-r730938-n/HABEAS_ACCREDITED_SOI/detail

Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
Jason Bertoch
2009-01-06 19:32:19 UTC
Permalink
-----Original Message-----
Sent: Tuesday, January 06, 2009 1:31 PM
Subject: Re: more habeas spam
There is also bug 5977 for BSP who still doesn't have a clear way to file a
complaint. I just received a spam matching both RCVD_IN_BSP_TRUSTED and
RCVD_IN_DNSWL_LOW. Personally, I'd prefer to see all of these white list
rules go away.
rafa
2009-01-06 19:51:26 UTC
Permalink
Post by Jason Bertoch
-----Original Message-----
Sent: Tuesday, January 06, 2009 1:31 PM
Subject: Re: more habeas spam
There is also bug 5977 for BSP who still doesn't have a clear way to file a
complaint. I just received a spam matching both RCVD_IN_BSP_TRUSTED and
RCVD_IN_DNSWL_LOW. Personally, I'd prefer to see all of these white list
rules go away.
You can request DNSWL to move that IP to NONE.
Karsten Bräckelmann
2009-01-08 15:37:37 UTC
Permalink
Post by Kai Schaetzl
It appears to me that the HABEAS rules are hitting only a very tiny fraction of
mail, many of the nightly mass-checks don't have a hit at all (or is it that those
checks don't contain any network checks?). The aggregated view shows no hits at all
for these rules.
Network tests are done once a week, not daily.
Post by Kai Schaetzl
I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
1. I'm wondering why many rules show a score of 0.0
These appear to be network tests.
Post by Kai Schaetzl
2. do I understand it correctly that a nightly check contains only the spam
received over the last 24 hours?
No. The nightly mass-checks contain the full corpora.
Post by Kai Schaetzl
3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of
ranking according to the hit rate, but I find it hardly understandable that a rule
that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule that
hits almost no messages still scores at half of that. s/o seems to show the
ham/spam ratio cleanliness?)
Correct, S/O is the Spam / Overall ratio. The higher that ratio, the
better the rule and the lower the ham hits (in percent, not absolute
numbers).
--
char *t="\10pse\0r\0dtu\***@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Justin Mason
2009-01-08 15:54:45 UTC
Permalink
On Thu, Jan 8, 2009 at 15:37, Karsten Bräckelmann
Post by Karsten Bräckelmann
Post by Kai Schaetzl
It appears to me that the HABEAS rules are hitting only a very tiny fraction of
mail, many of the nightly mass-checks don't have a hit at all (or is it that those
checks don't contain any network checks?). The aggregated view shows no hits at all
for these rules.
Network tests are done once a week, not daily.
Post by Kai Schaetzl
I'm not sure if I'm reading the ruleqa correctly, although I read it's help.
1. I'm wondering why many rules show a score of 0.0
These appear to be network tests.
Post by Kai Schaetzl
2. do I understand it correctly that a nightly check contains only the spam
received over the last 24 hours?
No. The nightly mass-checks contain the full corpora.
Post by Kai Schaetzl
3. I don't see any explanation for s/o and rank. (Rank seems to be some sort of
ranking according to the hit rate, but I find it hardly understandable that a rule
that hits a lot of messages, like URIBL_SURBL, scores 1.0 as rank and a rule that
hits almost no messages still scores at half of that. s/o seems to show the
ham/spam ratio cleanliness?)
Correct, S/O is the Spam / Overall ratio. The higher that ratio, the
better the rule and the lower the ham hits (in percent, not absolute
numbers).
it's also worth noting that rules intending to hit ham need to have a
very _low_ S/O
Theo Van Dinter
2009-01-09 19:23:59 UTC
Permalink
Post by Karsten Bräckelmann
Post by Kai Schaetzl
It appears to me that the HABEAS rules are hitting only a very tiny fraction of
mail, many of the nightly mass-checks don't have a hit at all (or is it that those
checks don't contain any network checks?). The aggregated view shows no hits at all
for these rules.
Network tests are done once a week, not daily.
Just to share some data, my last weekly run shows:

0.084 0.0000 1.2638 0.000 0.58 0.00 HABEAS_ACCREDITED_SOI
0.010 0.0000 0.1484 0.000 0.47 0.00 HABEAS_ACCREDITED_COI
0.000 0.0000 0.0000 0.500 0.44 0.00 HABEAS_CHECKED

and generating stats from the last weekly run results from everyone:

0.039 0.0001 0.6879 0.000 0.62 0.00 HABEAS_ACCREDITED_SOI
0.003 0.0000 0.0573 0.000 0.51 0.00 HABEAS_ACCREDITED_COI
0.000 0.0000 0.0000 0.500 0.49 0.00 HABEAS_CHECKED

There's a handful of spam hits for a couple of people, so it's not clear if
that's misfiling or an abusive sender. But these results are pretty good IMO.

Other related services/rules to compare to (everyone's results):

0.076 0.0000 1.7505 0.000 0.68 0.00 RCVD_IN_BSP_TRUSTED
0.008 0.0003 0.1722 0.002 0.52 0.00 RCVD_IN_BSP_OTHER

0.143 0.0118 3.0312 0.004 0.62 0.00 RCVD_IN_DNSWL_LOW
0.203 0.0376 3.8239 0.010 0.55 0.00 RCVD_IN_DNSWL_MED
0.001 0.0002 0.0143 0.011 0.50 0.00 RCVD_IN_DNSWL_HI

0.054 0.0001 0.9585 0.000 0.66 0.00 __RCVD_IN_IADB
0.054 0.0001 0.9495 0.000 0.65 0.00 RCVD_IN_IADB_LISTED
0.053 0.0001 0.9352 0.000 0.65 0.00 RCVD_IN_IADB_SPF
0.025 0.0000 0.4425 0.000 0.59 0.00 RCVD_IN_IADB_DOPTIN
0.012 0.0000 0.2042 0.000 0.55 0.00 RCVD_IN_IADB_SENDERID
0.005 0.0000 0.0842 0.000 0.51 0.00 RCVD_IN_IADB_VOUCHED
0.002 0.0000 0.0287 0.000 0.50 0.00 RCVD_IN_IADB_UNVERIFIED_2
0.001 0.0000 0.0215 0.000 0.50 0.00 RCVD_IN_IADB_OPTIN_GT50
0.001 0.0000 0.0143 0.000 0.50 0.00 RCVD_IN_IADB_EPIA
0.001 0.0000 0.0125 0.000 0.50 0.00 RCVD_IN_IADB_LOOSE
0.001 0.0000 0.0107 0.000 0.49 0.00 RCVD_IN_IADB_EDDB
0.001 0.0000 0.0107 0.000 0.49 0.00 RCVD_IN_IADB_ML_DOPTIN
[the other IADB rules show 0 hits]
--
Randomly Selected Tagline:
"We use a NetApp 820 with Oracle8i (running on win2k)- The machine
itself is amazing. Fast, reliable, smarter than us when it breaks,
and support is great."
- JoAnne Martone in <006901c21ddf$11bd8220$***@oit.ads.umass.edu>
Greg Troxel
2009-01-09 20:45:16 UTC
Permalink
Post by Theo Van Dinter
Post by Karsten Bräckelmann
Post by Kai Schaetzl
It appears to me that the HABEAS rules are hitting only a very tiny
fraction of mail, many of the nightly mass-checks don't have a hit
at all (or is it that those checks don't contain any network
checks?). The aggregated view shows no hits at all for these rules.
Network tests are done once a week, not daily.
0.084 0.0000 1.2638 0.000 0.58 0.00 HABEAS_ACCREDITED_SOI
0.010 0.0000 0.1484 0.000 0.47 0.00 HABEAS_ACCREDITED_COI
0.000 0.0000 0.0000 0.500 0.44 0.00 HABEAS_CHECKED
0.039 0.0001 0.6879 0.000 0.62 0.00 HABEAS_ACCREDITED_SOI
0.003 0.0000 0.0573 0.000 0.51 0.00 HABEAS_ACCREDITED_COI
0.000 0.0000 0.0000 0.500 0.49 0.00 HABEAS_CHECKED
There's a handful of spam hits for a couple of people, so it's not
clear if that's misfiling or an abusive sender. But these results are
pretty good IMO.
I searched all of my mail on two machines for HABEAS (I expire a lot of
it, though), and came up with a few messages in a spam complaints folder
(such as the one that I started this thread with), discussion on this
list, private messages to me from people saying they find that these
days habeas accredits spammers, and one other message - a misdirected
political rant from a friend-of-a-friend-.... that was about gitmo, not
spam.

So I wonder if the reality is that

most of the places habeas accredits are legitimate newsletter senders

some of them are spammers

habeas does not respond to complaints in any reasonable/useful way

people like me who don't get the kind of junky newsletters that need
accreditation to be deliverable only get HABEAS-marked mail that is
spam

and thus I have a different local reality than the overall statistics --
a handful of messages received that are accredited, all of them spam,
and no response to complaints. This seems to be the experience of a
number of others.

So, my point was basically that even if in some statistical sense the
rule is valid, is it reasonable to let a for-profit third party sell -4
spamassassin points unless we are convinced that they are very diligent
and respond so quickly and appropropriately to complaints that problems
are very rare? (Obviously I think habeas does not meet the above test.)
If this were -0.2 I wouldn't be so cranky.
Rob Foehl
2009-01-06 20:57:37 UTC
Permalink
Post by Greg Troxel
In https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5902 I asked
why HABEAS_ACCREDITED_SOI still got a negative score, and after posting
in public did get a response from habeas. But my experience has been
that non-public complaints are ignored.
My experiences with Habeas have been so poor that I've actually been
toying with the idea of assigning fairly large positive scores to the
HABEAS_ACCREDITED_* rules. There is a rather stunning overlap with URIBL
hits here, and no evidence of a useful effect on legitimate mail.

The last complaint filed with Habeas was answered with something like
"this customer appears to be following their business model", which was
namely that they "contact people who have posted on certain web sites".
I wonder if they're willing to accredit everyone with that particular
business model...
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
HABEAS_ACCREDITED_SOI still earns a -4.3 in the default scores for 3.2.5.
I'd love to know why this is still the case.

-Rob
John Hardin
2009-01-06 21:19:13 UTC
Permalink
Post by Rob Foehl
The last complaint filed with Habeas was answered with something like
"this customer appears to be following their business model"
Oh for pete's sake. If that's their criteria for acceptability then Habeas
is useless. After all, a spammer's business model is to send huge volumes
of unsolicited commercial email...
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
***@impsec.org FALaholic #11174 pgpk -a ***@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Any time law enforcement becomes a revenue center, the system
becomes corrupt.
-----------------------------------------------------------------------
11 days until Benjamin Franklin's 303rd Birthday
LuKreme
2009-01-06 22:19:39 UTC
Permalink
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
This has been brought up on the list in the past (there was a long
thread on it last February). The best suggestion I saw in that thread
was

score HABEAS_ACCREDITED_COI -1.0
score HABEAS_ACCREDITED_SOI -0.5
score HABEAS_CHECKED 0

The other suggestion that seemed reasonable was setting all scores to
0. Some people suggested setting the scores to positive numbers.
Based on my own mail, a small positive score for Habeas is reasonable:

score HABEAS_ACCREDITED_COI 0.5
score HABEAS_ACCREDITED_SOI 1.0
score HABEAS_CHECKED 0

It's about 90% Spam for my own mailspool. It used to be used a lot
more, at least in my mail. A lot of commercial or semi-commercial
mailing-lists that I was on tried it out back around 2003-2005, iirc.
Since then, all have stopped using it. The last one to remove them was
the TidBITS mailing list which dropped them on 1-Jan-2007. Certainly
having the very low scores (are they still defaulting to -4.5 and
-8.0?) seems like a spectacularly bad idea.

If you want the real history of Habeas in a nutshell, the company went
to hell when Anne Mitchell left (the same Anne Mitchell who was part
of MAPS back in the day). She's now at the Institute for Spam and
Internet Public Policy <http://www.isipp.com/about.php>. What habeas
became after she left was something quite different from what it had
been under her stewardship.
--
I hear hurricanes a-blowing, I know the end is coming
soon. I fear rivers over-flowing. I hear the voice
of rage and ruin.
Anthony Peacock
2009-01-07 09:00:43 UTC
Permalink
Post by LuKreme
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
This has been brought up on the list in the past (there was a long
thread on it last February). The best suggestion I saw in that thread was
score HABEAS_ACCREDITED_COI -1.0
score HABEAS_ACCREDITED_SOI -0.5
score HABEAS_CHECKED 0
The other suggestion that seemed reasonable was setting all scores to
0. Some people suggested setting the scores to positive numbers. Based
score HABEAS_ACCREDITED_COI 0.5
score HABEAS_ACCREDITED_SOI 1.0
score HABEAS_CHECKED 0
It's about 90% Spam for my own mailspool. It used to be used a lot more,
at least in my mail. A lot of commercial or semi-commercial
mailing-lists that I was on tried it out back around 2003-2005, iirc.
Since then, all have stopped using it. The last one to remove them was
the TidBITS mailing list which dropped them on 1-Jan-2007. Certainly
having the very low scores (are they still defaulting to -4.5 and -8.0?)
seems like a spectacularly bad idea.
If you want the real history of Habeas in a nutshell, the company went
to hell when Anne Mitchell left (the same Anne Mitchell who was part of
MAPS back in the day). She's now at the Institute for Spam and Internet
Public Policy <http://www.isipp.com/about.php>. What habeas became
after she left was something quite different from what it had been under
her stewardship.
I zeroed the scores for all of these rules about a year ago. They were
only hitting on SPAM emails and pushing them into the FN range.
--
Anthony Peacock
CHIME, Royal Free & University College Medical School
WWW: http://www.chime.ucl.ac.uk/~rmhiajp/
Study Health Informatics - Modular Postgraduate Degree
http://www.chime.ucl.ac.uk/study-health-informatics/
Jon Trulson
2009-01-09 17:28:53 UTC
Permalink
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
This has been brought up on the list in the past (there was a long thread
on it last February). The best suggestion I saw in that thread was
[...]
was something quite different from what it had been under her stewardship.
I zeroed the scores for all of these rules about a year ago. They were only
hitting on SPAM emails and pushing them into the FN range.
I second that - habeas stopped being useful a long time ago (IMO of
course :). Just zero them out.
--
Happy cheese in fear | Jon Trulson
against oppressor, rebel! | mailto:***@radscan.com
Brocolli, hostage. -Unknown | 4E2A 697F 66D6 7918 B684
| FEB6 4E98 16C1 25F8 A291
John Hardin
2009-01-09 17:41:50 UTC
Permalink
Post by Jon Trulson
Post by Anthony Peacock
I zeroed the scores for all of these rules about a year ago. They were
only hitting on SPAM emails and pushing them into the FN range.
I second that - habeas stopped being useful a long time ago (IMO of
course :). Just zero them out.
Erm. If they're hitting on nothing but spam, doesn't that mean you should
assign them a *positive* score? ;)
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
***@impsec.org FALaholic #11174 pgpk -a ***@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The problem is when people look at Yahoo, slashdot, or groklaw and
jump from obvious and correct observations like "Oh my God, this
place is teeming with utter morons" to incorrect conclusions like
"there's nothing of value here". -- Al Petrofsky, in Y! SCOX
-----------------------------------------------------------------------
8 days until Benjamin Franklin's 303rd Birthday
Jon Trulson
2009-01-09 17:46:56 UTC
Permalink
Post by John Hardin
Post by Jon Trulson
Post by Anthony Peacock
I zeroed the scores for all of these rules about a year ago. They were
only hitting on SPAM emails and pushing them into the FN range.
I second that - habeas stopped being useful a long time ago (IMO of
course :). Just zero them out.
Erm. If they're hitting on nothing but spam, doesn't that mean you should
assign them a *positive* score? ;)
I didn't say they hit on nothing *but* spam :) I really have no idea
how much ham they hit, but I sure noticed it when spam was allowed
through because of it.

So I zero'd them out, and haven't missed them at all.
--
Happy cheese in fear | Jon Trulson
against oppressor, rebel! | mailto:***@radscan.com
Brocolli, hostage. -Unknown | 4E2A 697F 66D6 7918 B684
| FEB6 4E98 16C1 25F8 A291
mouss
2009-01-08 21:14:21 UTC
Permalink
Post by LuKreme
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
This has been brought up on the list in the past (there was a long
thread on it last February). The best suggestion I saw in that thread was
score HABEAS_ACCREDITED_COI -1.0
score HABEAS_ACCREDITED_SOI -0.5
score HABEAS_CHECKED 0
The other suggestion that seemed reasonable was setting all scores to
0. Some people suggested setting the scores to positive numbers. Based
score HABEAS_ACCREDITED_COI 0.5
score HABEAS_ACCREDITED_SOI 1.0
score HABEAS_CHECKED 0
I have

# Disable Habeas
meta HABEAS_ACCREDITED_COI (0)
meta HABEAS_ACCREDITED_SOI (0)
meta HABEAS_CHECKED (0)

# Disable Bonded Sender
meta RCVD_IN_BSP_OTHER (0)
meta RCVD_IN_BSP_TRUSTED (0)

meta DNS_FROM_DOB (0)
meta RCVD_IN_DOB (0)
meta URIBL_RHS_DOB (0)

They weren't bringing anything, so I preferred to reduce the network
usage...
Post by LuKreme
It's about 90% Spam for my own mailspool. It used to be used a lot more,
at least in my mail. A lot of commercial or semi-commercial
mailing-lists that I was on tried it out back around 2003-2005, iirc.
Since then, all have stopped using it. The last one to remove them was
the TidBITS mailing list which dropped them on 1-Jan-2007. Certainly
having the very low scores (are they still defaulting to -4.5 and -8.0?)
seems like a spectacularly bad idea.
If you want the real history of Habeas in a nutshell, the company went
to hell when Anne Mitchell left (the same Anne Mitchell who was part of
MAPS back in the day). She's now at the Institute for Spam and Internet
Public Policy <http://www.isipp.com/about.php>. What habeas became
after she left was something quite different from what it had been under
her stewardship.
Habeas were acquired by ReturnPath back in August. I however don't know
what RP want to do with that...
Sergey Kovalev
2009-01-09 10:21:44 UTC
Permalink
Post by Greg Troxel
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
I have
# Disable Habeas
meta HABEAS_ACCREDITED_COI (0)
meta HABEAS_ACCREDITED_SOI (0)
meta HABEAS_CHECKED (0)
# Disable Bonded Sender
meta RCVD_IN_BSP_OTHER (0)
meta RCVD_IN_BSP_TRUSTED (0)
meta DNS_FROM_DOB (0)
meta RCVD_IN_DOB (0)
meta URIBL_RHS_DOB (0)
They weren't bringing anything, so I preferred to reduce the network
usage...
I may be wrong, but I thought that "0" disables the rule, not "(0)".

Probably I should re-read Mail::SpamAssassin::Conf(3).
McDonald, Dan
2009-01-09 12:42:55 UTC
Permalink
Post by Sergey Kovalev
Post by mouss
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
meta DNS_FROM_DOB (0)
meta RCVD_IN_DOB (0)
meta URIBL_RHS_DOB (0)
They weren't bringing anything, so I preferred to reduce the network
usage...
I may be wrong, but I thought that "0" disables the rule, not "(0)".
Probably I should re-read Mail::SpamAssassin::Conf(3).
score 0 disables the rule. meta (0) always returns false.
So he is still querying the RBLs, but throwing the results on the floor.
--
Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
Austin Energy
http://www.austinenergy.com
mouss
2009-01-10 10:43:42 UTC
Permalink
Post by McDonald, Dan
Post by Sergey Kovalev
Post by mouss
Post by Greg Troxel
I realize that HABEAS_ACCREDITED_SOI has or had a reasonable ruleqa
value. But, I wonder if SA should apply higher standards than that, and
not give negative scores to databases that don't behave reasonably.
meta DNS_FROM_DOB (0)
meta RCVD_IN_DOB (0)
meta URIBL_RHS_DOB (0)
They weren't bringing anything, so I preferred to reduce the network
usage...
I may be wrong, but I thought that "0" disables the rule, not "(0)".
Probably I should re-read Mail::SpamAssassin::Conf(3).
score 0 disables the rule. meta (0) always returns false.
So he is still querying the RBLs, but throwing the results on the floor.
really? I see

meta RCVD_IN_DSBL (0)

in the updates. I doubt this means SA still queries dsbl.

Can someone please clarify?
Neil Schwartzman
2009-01-14 16:05:09 UTC
Permalink
Post by LuKreme
If you want the real history of Habeas in a nutshell, the company went
to hell when Anne Mitchell left (the same Anne Mitchell who was part
of MAPS back in the day). She's now at the Institute for Spam and
Internet Public Policy <http://www.isipp.com/about.php>. What habeas
became after she left was something quite different from what it had
been under her stewardship.
Hi there.

I was there too! (Habeas employee #3).

Habeas is no more, we (Return Path) bought them last August.
http://www.returnpath.net/blog/2008/08/return-path-to-acquire-habeas.php

To address a couple of issues raised here ...

We have only just begun doing compliance work on Safelist. SA scoring is, of
course, your server, your SpamAssassin rules. I can't speak to what went on
in the past but it is a new day for Habeas clients. We will be applying
programme standards compliance in the same firm, even-handed manner as we do
Sender Score Certified.

If you are presently dissatisfied with the standardized scoring and have
re-weighted, please consider keeping an eye on our performance via the QA
tests Justin made note of, and your own views.

As to the complaint submission issues noted here are concerned, the best
point of contact moving forward for SA users would be
sa-***@senderscorecertified.com (please don¹t use my personal address as I
travel frequently, and our Standards team see stuff sent to this alias in
our ticketing queue). Please be sure to make note of the issue being
Safelist or Sender Score Certified, preferably in the subject line.

We acknowledge that there may be some suboptimal hotspots, and we welcome
any data points you can provide. I do want to let you know that given the
immense amount of work ahead of us, (we are working towards systems
integration which is an non-trivial task, along with getting up to speed on
existing clients and issues), responses and actions taken may require a
longer-turn around time than is our intended end-point.

What I can say is that we have a proven track-record (BondedSender -> Sender
Score Certified) and so your patience and help during this transition period
is much appreciated.
--
Neil Schwartzman
Director, Accreditation Standards & Security
Sender Score Certified | Sender Score Safelist
Return Path Inc.
0142002038
Greg Troxel
2009-01-14 17:40:28 UTC
Permalink
Post by Neil Schwartzman
As to the complaint submission issues noted here are concerned, the best
point of contact moving forward for SA users would be
travel frequently, and our Standards team see stuff sent to this alias in
our ticketing queue). Please be sure to make note of the issue being
Safelist or Sender Score Certified, preferably in the subject line.
If your company is serious about addressing complaints, then please make
it easier. Specifically:

On the home page for returnpath (which www.habeas.com redirects to)
add an obvious link explaining how to submit spam complaints by email.
The current top of the page has "I'm a [bulk mailer|ESP|ISP]" and
"someone who has been spammed by one of our customers" is notably
missing.

The "contact us" page is a sales form - with no useful contact
information for victims of your certifications.

Spam I got from someone you certified (ADRevolution LLC) listed
http://www.habeas.com/report/ for reporting abuse, but that's a web
form with no email address for forwarding the spam. It is not
reasonable to ask people to fill out a web form.

I forwarded the ADRevolution spam to ***@returnpath.net and
***@habeas.com on December 6 and still have heard nothing. I
notice that the accreditation level has been dropped from COI to SOI
(where it remains today) but that's not good enough.

The safelisted sender feedback page mentions "our rigorous SafeList
standards", but there is no obvious link to those standards.
Randy
2009-01-15 22:08:23 UTC
Permalink
Post by Neil Schwartzman
Post by LuKreme
If you want the real history of Habeas in a nutshell, the company went
to hell when Anne Mitchell left (the same Anne Mitchell who was part
of MAPS back in the day). She's now at the Institute for Spam and
Internet Public Policy <http://www.isipp.com/about.php>. What habeas
became after she left was something quite different from what it had
been under her stewardship.
Hi there.
I was there too! (Habeas employee #3).
Habeas is no more, we (Return Path) bought them last August.
http://www.returnpath.net/blog/2008/08/return-path-to-acquire-habeas.php
To address a couple of issues raised here ...
We have only just begun doing compliance work on Safelist. SA scoring is, of
course, your server, your SpamAssassin rules. I can't speak to what went on
in the past but it is a new day for Habeas clients. We will be applying
programme standards compliance in the same firm, even-handed manner as we do
Sender Score Certified.
If you are presently dissatisfied with the standardized scoring and have
re-weighted, please consider keeping an eye on our performance via the QA
tests Justin made note of, and your own views.
As to the complaint submission issues noted here are concerned, the best
point of contact moving forward for SA users would be
travel frequently, and our Standards team see stuff sent to this alias in
our ticketing queue). Please be sure to make note of the issue being
Safelist or Sender Score Certified, preferably in the subject line.
We acknowledge that there may be some suboptimal hotspots, and we welcome
any data points you can provide. I do want to let you know that given the
immense amount of work ahead of us, (we are working towards systems
integration which is an non-trivial task, along with getting up to speed on
existing clients and issues), responses and actions taken may require a
longer-turn around time than is our intended end-point.
What I can say is that we have a proven track-record (BondedSender -> Sender
Score Certified) and so your patience and help during this transition period
is much appreciated.
Yep, I would say some spam is HABEAS_ACCREDITED_SOI. I would call these
1/2 spammers because some of their stuff is legit (Headers, Sent via
Legit mail server, etc ...) :)

Return-Path: <***@cmpgnr.com>
X-Original-To: ***@address.com
Delivered-To: ***@address.com
Received: from localhost (localhost [127.0.0.1])
by mail1.livedatagroup.com (Postfix) with ESMTP id 681F6146C6A
for <***@address.com>; Thu, 15 Jan 2009 13:37:17 -0500 (EST)
Received: from mail1.livedatagroup.com ([an ip address])
by localhost (mail1.livedatagroup.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 04245-08 for <***@livedatagroup.com>;
Thu, 15 Jan 2009 13:37:16 -0500 (EST)
Received: from mta27br.cmpgnr.com (mta27br.cmpgnr.com [216.24.228.27])
by mail1.livedatagroup.com (Postfix) with SMTP id CB0F3B602C
for <***@address.com>; Thu, 15 Jan 2009 13:37:15 -0500 (EST)
Message-ID: <***@mta27br.cmpgnr.com>
Date: Thu, 15 Jan 2009 13:37:05 -0500 (EST)
From: SanNas Times Webinar Series <***@sannastimes.com>
Reply-To: "SanNas Times Webinar Series" <***@cmpgnr.com>
To: ***@livedatagroup.com
Subject: Data Deduplication Demystified
Errors-To: ***@cmpgnr.com
Mime-Version: 1.0
X-Campaign: 1394501.1393170.920385.1617844263
Bounces-To: ***@cmpgnr.com
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: amavisd-new at livedatagroup.com
X-Spam-Status: No, score=-4.673 tagged_above=-9999 required=5
tests=[BAYES_20=-0.74, HABEAS_ACCREDITED_SOI=-4.3, HTML_MESSAGE=0.001,
HTML_TEXT_AFTER_BODY=0.115, MIME_HTML_ONLY=0.001, URIBL_GREY=0.25]
X-Spam-Score: -4.673

Loading...