constantcontact.com

> 25_uribl.cf has this line in it:
>
> ## DOMAINS TO SKIP (KNOWN GOOD)
>
> # Don't bother looking for example domains as per RFC 2606.
> uridnsbl_skip_domain example.com example.net example.org
>
> ......
> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>
> Is this a uri that is really suitable for white listing ?
>
>
>

> On Fri, Jul 3, 2009 at 2:39 AM,
> richard@...<richard@...> wrote:
> > I'm probably missing something here - but Constant Contact (who we block
> > by IP) have been a nagging source of spam for us. I'm just wondering why
>
> Could you share your IP list?  I'd like to block these clowns too (and
> I'm lazy).
>
>
> > 25_uribl.cf has this line in it:
> >
> > ## DOMAINS TO SKIP (KNOWN GOOD)
> >
> > # Don't bother looking for example domains as per RFC 2606.
> > uridnsbl_skip_domain example.com example.net example.org
> >
> > ......
> > uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
> >
> > Is this a uri that is really suitable for white listing ?
> >
> >
> >

> I'm probably missing something here - but Constant Contact (who we block
> by IP) have been a nagging source of spam for us. I'm just wondering why
> 25_uribl.cf has this line in it:
>
> ## DOMAINS TO SKIP (KNOWN GOOD)
>
> # Don't bother looking for example domains as per RFC 2606.
> uridnsbl_skip_domain example.com example.net example.org
>
> ......
> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>
> Is this a uri that is really suitable for white listing ?

> richard@... wrote:
>
>> I'm probably missing something here - but Constant Contact (who we block
>> by IP) have been a nagging source of spam for us. I'm just wondering why
>> 25_uribl.cf has this line in it:
>>
>> ## DOMAINS TO SKIP (KNOWN GOOD)
>>
>> # Don't bother looking for example domains as per RFC 2606.
>> uridnsbl_skip_domain example.com example.net example.org
>>
>> ......
>> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>>
>> Is this a uri that is really suitable for white listing ?
>
> A set of perl modules has been uploaded to cpan today for talking to the
> ConstantContact API:
>
> http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
>
> I just thought it was a weird coincidence, seeing as I'd never heared of
> them before today.
>
> --
> Mike Cardwell - IT Consultant and LAMP developer
> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
>
>

> On Fri, Jul 3, 2009 at 09:55, Mike
> Cardwell<spamassassin-users@...> wrote:
>> richard@... wrote:
>>
>>> I'm probably missing something here - but Constant Contact (who we block
>>> by IP) have been a nagging source of spam for us. I'm just wondering why
>>> 25_uribl.cf has this line in it:
>>>
>>> ## DOMAINS TO SKIP (KNOWN GOOD)
>>>
>>> # Don't bother looking for example domains as per RFC 2606.
>>> uridnsbl_skip_domain example.com example.net example.org
>>>
>>> ......
>>> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
>>>
>>> Is this a uri that is really suitable for white listing ?
>>
>> A set of perl modules has been uploaded to cpan today for talking to the
>> ConstantContact API:
>>
>> http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
>>
>> I just thought it was a weird coincidence, seeing as I'd never heared of
>> them before today.
>>
>> --
>> Mike Cardwell - IT Consultant and LAMP developer
>> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
>>
>>
>

> On Fri, Jul 3, 2009 at 5:06 AM, Justin Mason<jm@...> wrote:
> > I've heard that they are diligent about terminating abusive clients.
> > Are you reporting these spams to them?
> >
> > --j.
> >
>
> >From what I've seen, most of the traffic from them probably doesn't
> qualify as spam by the common definition.  It is, however, stuff that
> nobody here wants.  I'm surprised SA is giving them a pass, but there
> have been other strange things that got a free ride through SA in the
> past, like Habeas certified junk.
>
>
> > On Fri, Jul 3, 2009 at 09:55, Mike
> > Cardwell<spamassassin-users@...> wrote:
> >> richard@... wrote:
> >>
> >>> I'm probably missing something here - but Constant Contact (who we block
> >>> by IP) have been a nagging source of spam for us. I'm just wondering why
> >>> 25_uribl.cf has this line in it:
> >>>
> >>> ## DOMAINS TO SKIP (KNOWN GOOD)
> >>>
> >>> # Don't bother looking for example domains as per RFC 2606.
> >>> uridnsbl_skip_domain example.com example.net example.org
> >>>
> >>> ......
> >>> uridnsbl_skip_domain constantcontact.com corporate-ir.net cox.net cs.com
> >>>
> >>> Is this a uri that is really suitable for white listing ?
> >>
> >> A set of perl modules has been uploaded to cpan today for talking to the
> >> ConstantContact API:
> >>
> >> http://search.cpan.org/~arich/Email-ConstantContact-0.02/lib/Email/ConstantContact.pm
> >>
> >> I just thought it was a weird coincidence, seeing as I'd never heared of
> >> them before today.
> >>
> >> --
> >> Mike Cardwell - IT Consultant and LAMP developer
> >> Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
> >>
> >>
> >

> On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>> I've heard that they are diligent about terminating abusive clients.
>> Are you reporting these spams to them?
>>
> Yes - but you would thing a log full of 550's may be a clue.
>
> What concerns me is SpamAssassin effectively white listing spammers.
> White listing should be a user option - not something added in a
> nefarious manner. At least it is clear to see with Spamassassin which is
> a plus - but I cannot pretend that I am not disappointed to find a
> whitelisted 'spammer net' in the core rules. I'm wondering why (other
> than MONEY) it would have ended up in there?

> On 7/3/2009 11:14 AM, richard@... wrote:
> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> >> I've heard that they are diligent about terminating abusive clients.
> >> Are you reporting these spams to them?
> >>
> > Yes - but you would thing a log full of 550's may be a clue.
> >
> > What concerns me is SpamAssassin effectively white listing spammers.
> > White listing should be a user option - not something added in a
> > nefarious manner. At least it is clear to see with Spamassassin which is
> > a plus - but I cannot pretend that I am not disappointed to find a
> > whitelisted 'spammer net' in the core rules. I'm wondering why (other
> > than MONEY) it would have ended up in there?
>
> this has a historical reasons and its not about "whitelisting spammers"
>
> Many moons ago, when SA started doing URI lookup with the SpamcopURI
> plugin, there was only one URI BL: SURBL and to spare it from
> unnecessary queries, the skip list was implemented avoid the extar load
> and a number of ESPs which back then were considered to never send
> UBE/UCE were added.
> Times have changed and there's option regarding URI lookups, in public
> and private BLs. Also, URI Bls can handle way more traffic than they
> could 6 or 7 years back.
>
> There have been numerous requests to get some of these skip entries
> removed but non was honoured.
>
> The bottom line is that its trivial and cheaper to write a static URI
> rule to tag a URL (if you really need to) and which doesn't affect the
> globe, than hammering the BLs with zillion of extra queries.
>
> SA is conservative and caters to a VERY wide user base, with VERY
> different understanding what is UBE/UCE so while everyone saves reources
> on useless queries, you still havea  way to score constantcontact with
> 100 if its your choice.
>
>
> axb

> On Fri, 2009-07-03 at 12:06 +0200, Yet Another Ninja wrote:
>> On 7/3/2009 11:14 AM, richard@... wrote:
>> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>> >> I've heard that they are diligent about terminating abusive clients.
>> >> Are you reporting these spams to them?
>> >>
>> > Yes - but you would thing a log full of 550's may be a clue.
>> >
>> > What concerns me is SpamAssassin effectively white listing spammers.
>> > White listing should be a user option - not something added in a
>> > nefarious manner. At least it is clear to see with Spamassassin which is
>> > a plus - but I cannot pretend that I am not disappointed to find a
>> > whitelisted 'spammer net' in the core rules. I'm wondering why (other
>> > than MONEY) it would have ended up in there?
>>
>> this has a historical reasons and its not about "whitelisting spammers"
>>
>> Many moons ago, when SA started doing URI lookup with the SpamcopURI
>> plugin, there was only one URI BL: SURBL and to spare it from
>> unnecessary queries, the skip list was implemented avoid the extar load
>> and a number of ESPs which back then were considered to never send
>> UBE/UCE were added.
>> Times have changed and there's option regarding URI lookups, in public
>> and private BLs. Also, URI Bls can handle way more traffic than they
>> could 6 or 7 years back.
>>
>> There have been numerous requests to get some of these skip entries
>> removed but non was honoured.
>>
>> The bottom line is that its trivial and cheaper to write a static URI
>> rule to tag a URL (if you really need to) and which doesn't affect the
>> globe, than hammering the BLs with zillion of extra queries.
>>
>> SA is conservative and caters to a VERY wide user base, with VERY
>> different understanding what is UBE/UCE so while everyone saves reources
>> on useless queries, you still havea  way to score constantcontact with
>> 100 if its your choice.
>>
>>
>> axb
> Should that be Hi$torical Rea$ons ? ;-) There is no current excuse and
> this kind of alleged legacy rubbish needs to be pulled out.
>
> As it stands the is simply white listing a bulker. A spam filter that
> white lists a spammer - how bizarre ! I'm cynical. The only logical
> reason I can see for anything of this nature is money changing hands.
>
>

> On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>> I've heard that they are diligent about terminating abusive clients.
>> Are you reporting these spams to them?
>>
> Yes - but you would thing a log full of 550's may be a clue.
>
> What concerns me is SpamAssassin effectively white listing spammers.
> White listing should be a user option - not something added in a
> nefarious manner. At least it is clear to see with Spamassassin which is
> a plus - but I cannot pretend that I am not disappointed to find a
> whitelisted 'spammer net' in the core rules.

> On Fri, 2009-07-03 at 12:06 +0200, Yet Another Ninja wrote:
>> On 7/3/2009 11:14 AM, richard@... wrote:
>>> On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>>>> I've heard that they are diligent about terminating abusive clients.
>>>> Are you reporting these spams to them?
>>>>
>>> Yes - but you would thing a log full of 550's may be a clue.
>>>
>>> What concerns me is SpamAssassin effectively white listing spammers.
>>> White listing should be a user option - not something added in a
>>> nefarious manner. At least it is clear to see with Spamassassin which is
>>> a plus - but I cannot pretend that I am not disappointed to find a
>>> whitelisted 'spammer net' in the core rules. I'm wondering why (other
>>> than MONEY) it would have ended up in there?
>> this has a historical reasons and its not about "whitelisting spammers"
>>
>> Many moons ago, when SA started doing URI lookup with the SpamcopURI
>> plugin, there was only one URI BL: SURBL and to spare it from
>> unnecessary queries, the skip list was implemented avoid the extar load
>> and a number of ESPs which back then were considered to never send
>> UBE/UCE were added.
>> Times have changed and there's option regarding URI lookups, in public
>> and private BLs. Also, URI Bls can handle way more traffic than they
>> could 6 or 7 years back.
>>
>> There have been numerous requests to get some of these skip entries
>> removed but non was honoured.
>>
>> The bottom line is that its trivial and cheaper to write a static URI
>> rule to tag a URL (if you really need to) and which doesn't affect the
>> globe, than hammering the BLs with zillion of extra queries.
>>
>> SA is conservative and caters to a VERY wide user base, with VERY
>> different understanding what is UBE/UCE so while everyone saves reources
>> on useless queries, you still havea  way to score constantcontact with
>> 100 if its your choice.
>>
>>
>> axb
> Should that be Hi$torical Rea$ons ? ;-) There is no current excuse and
> this kind of alleged legacy rubbish needs to be pulled out.
>
> As it stands the is simply white listing a bulker. A spam filter that
> white lists a spammer - how bizarre ! I'm cynical. The only logical
> reason I can see for anything of this nature is money changing hands.

> On Fri, Jul 3, 2009 at 5:06 AM, Justin Mason<jm@...> wrote:
>> I've heard that they are diligent about terminating abusive clients.
>> Are you reporting these spams to them?
>>
>> --j.
>>
>
> From what I've seen, most of the traffic from them probably doesn't
> qualify as spam by the common definition.  It is, however, stuff that
> nobody here wants.  I'm surprised SA is giving them a pass, but there
> have been other strange things that got a free ride through SA in the
> past, like Habeas certified junk.    

> On Fri, Jul 3, 2009 at 10:14,
> richard@...<richard@...> wrote:
> > On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
> >> I've heard that they are diligent about terminating abusive clients.
> >> Are you reporting these spams to them?
> >>
> > Yes - but you would thing a log full of 550's may be a clue.
> >
> > What concerns me is SpamAssassin effectively white listing spammers.
> > White listing should be a user option - not something added in a
> > nefarious manner. At least it is clear to see with Spamassassin which is
> > a plus - but I cannot pretend that I am not disappointed to find a
> > whitelisted 'spammer net' in the core rules.
>
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5905 has some
> information on the background; we asked SURBL for their top queried
> domains that they considered nonspam, and it was in that list.  SURBL
> have always been scrupulous in their operations and listing criteria
> fwiw.
>
> Going by bug 5905 though, and this report, we should probably remove
> it from the whitelist.
>
> >  I'm wondering why (other
> > than MONEY) it would have ended up in there?
>
> Hope that answers your question.  note that it didn't involve "MONEY".
>  btw silly unfounded accusations mean that it's less likely you'll get
> anyone to answer your mail, so please don't do that.

> On Fri, Jul 3, 2009 at 10:14,
> richard@...<richard@...> wrote:
>> On Fri, 2009-07-03 at 10:06 +0100, Justin Mason wrote:
>>> I've heard that they are diligent about terminating abusive clients.
>>> Are you reporting these spams to them?
>>>
>> Yes - but you would thing a log full of 550's may be a clue.
>>
>> What concerns me is SpamAssassin effectively white listing spammers.
>> White listing should be a user option - not something added in a
>> nefarious manner. At least it is clear to see with Spamassassin which is
>> a plus - but I cannot pretend that I am not disappointed to find a
>> whitelisted 'spammer net' in the core rules.
>
> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5905 has some
> information on the background; we asked SURBL for their top queried
> domains that they considered nonspam, and it was in that list.  SURBL
> have always been scrupulous in their operations and listing criteria
> fwiw.
>
> Going by bug 5905 though, and this report, we should probably remove
> it from the whitelist.