Lisa:

Thanks so much for that  link to HotMail's filter policies.
(http://office.Microsoft.com/Assistance/9798/newfilters.aspx)
Have you received any info on others?

Debbie Rodgers
Paradise Porch
Outdoor havens in a hectic world
FREE Eight easy ways to create privacy in your outdoor space
www.paradiseporch.com

Here's the problem.  I sent in a few emails stating that this is a one-sided
group that doesn't really address the issue at all.  The email pointed out
where this problem started and what can be done to fix it.  Unfortunately, the
admins felt fit to discard my email and push it away rather than open up the
forum to both sides of the issue.

I actively block spam from coming into our network.  I received 25 just today
from over the weekend and it becomes a problem when you have over 100 people
on your mail server that receive the same amount with the same content.

I have been pretty much forced to start my own group called "I Did Not Get My
Spam =:)" at http://groups.yahoo.com/group/i_did_not_get_my_spam and open it
up to BOTH sides of the issue so that this can be a problem better addressed
by EVERYONE.  The administrators of the "I Did Not Get My Mail" group are just
as bad as a spam filter when it comes to this issue if they're not willing to
get this problem resolved.

Spam Filtering was the first salvo in this and now that it's gotten out of
control, people complain.  Well, what started it to spiral downwards to begin
with?


> Hi all-
>
> Thanks for creating this group. Filtering is an out of control response to
> an out of control spam problem.  I hope that our efforts can effect the
> issue in a positive way.
>
> I'm looking for documentation on filtering parameters for different email
> clients and filtering software.  Example: Microsoft posts its junkmail
> parameters at
> http://office.microsoft.com/Assistance/9798/newfilters.aspx
>
> Can anyone direct me to other similar documentation for other apps?
>
> Thank you in advance,
> Lisa Micklin
> The Weekly Wake Up E-zine
> It's Like A Shot of Wheatgrass For Your Soul
>  <http://www.becomingu.net/ww.htm> http://www.becomingu.net/ww.htm
>

CNET February 28, 2003


MSN blocks e-mail from rival ISPs
By Stefanie Olsen

THE REDMOND, WASH., COMPANY, which has nearly 120 million e-mail
customers through its Hotmail and MSN Internet services, confirmed
Friday it had wrongly placed a group of Internet protocol addresses
from AOL Time Warner's RoadRunner broadband service and EarthLink on
its "blocklist" of known spammers whose mail should be barred from
customer in-boxes.
        (MSNBC is a Microsoft - NBC joint venture.)
        Once notified of the error by the two ISPs, MSN moved the IP
addresses "over to a safe list immediately," according to a
Microsoft spokeswoman.

"Considering the different levels of (spam) protections on the MSN
service, more spam mail is going to get blocked," she said. "But if
a (spammer) is working with an EarthLink address, for example, that
inevitably could cause them to be blocked."
        MSN and Hotmail use spam-filtering software and services from
San Francisco-based Brightmail, whose techniques focus on the
message's content when filtering spam. Beyond that, MSN's spam-abuse
team compiles its own list of IP addresses that are known to
generate unsolicited junk messages, and it blocks all messages from
them.
        RoadRunner spokesman Keith Cocozza said that the ISP started
receiving complaints last Friday that some of its 2.6 million
customers nationwide could not send e-mail to MSN subscribers.
Cocozza said MSN fixed the problem this week.

        "RoadRunner ended up on MSN's spam blacklist, and they
weren't certain why, and neither are we," he said. "We're still
working on this with MSN so it doesn't happen again."
        Because spam has grown to epidemic proportions, ISPs—
including MSN, EarthLink, AOL and its subsidiary RoadRunner—have
gone to great lengths to stanch a problem that is affecting
customers and their own networks heavily. But as more vigilant
antispam measures are employed, legitimate messages are increasingly
caught in the net, causing frustration at both ends.Antispammers say
that MSN's action in blocking the rival ISPs was likely caused by
human error.
         "It typically happens only by human error, due to
technicians getting things wrong," said Steve Linford, president of
the blocklist The Spamhaus Project. He added that EarthLink and
RoadRunner are known for having good spam-abuse teams that work to
prevent people from using their networks to send junk mail. But he
said that some spam inevitably slips through.
         "The enormous spam problem is causing this," said
Linford. "We're more likely to see errors and large providers
getting blocked with ISPs, as they maintain their own blacklist,
because the possibility for human error is enormous."
         Linford runs a blocklist that is used by some smaller ISPs.
But he said that if his blocklist prevented mail from EarthLink or
RoadRunner, "then it would be history" at any major ISP that used
it. Still, blocklists have been known to mistakenly add a range of
IP addresses.
        Customers of RoadRunner posted messages to newsgroups and its
help pages about the problems with MSN this week. "Something is
amiss, currently some RoadRunner e-mail customers cannot e-mail MSN
e-mail customers. It apparently does not (affect) everyone, but most
users. Of course I asked MSN support, and they knew nothing of the
problem," wrote one subscriber on the
Microsoft.public.msn.discussion newsgroup.
        EarthLink spokeswoman Carla Shaw said that there was a brief
period over the weekend when customer e-mail was prevented from
reaching MSN accounts, but the problem was fixed right away. She
said that MSN did not say that the problem was spam related.
EarthLink has about 5 million customers.
         The MSN spokeswoman said that it is not the company's
practice to block any other ISP's mail, but that the company
has "been very aggressive and proactive in protecting our MSN
Hotmail users from spam." Hotmail members, for example, can choose
from four levels of protection: off, low, high and exclusive (which
only allows mail from known senders).

--- In i_did_not_get_my_email@yahoogroups.com, "john_m_k_kwan
<johnkwan@v...>" <johnkwan@v...> wrote:

I replied just to the original poster initially. Can that default be
changed? Or I could just read to see who I am mailing...

Here's what I suggested, in reply to his questions in that post and
off list. I've paraphrased his questions, which I hope is okay with
John.

I suggested sending a link to the file hosted on a website.

Q: What if my customer don't have web-sites, or doesn't know how to
host files?

A: Perhaps they could employ someone who has these skills, or you
could provide web picture hosting on their behalf as part of your
service - just charge more for a new "tier" of service.

Q: My customers don't appreciate the difference between emailing the
program and emailing a link to the program. How can I convince them?

A: Show them the difference using a live demo. Let them appreciate
how it is different. Use a slow dial-up modem - sell them the
concept. Far too many businesses are on big fat internet connections,
and cause many minutes of pain to the poor dial-up user they send
their huge files to!

I appreciate that some customers will only have email access and no
web access (something that a lot of marketers fail to notice - "opt
out at our website, click here..."). In such cases a mailed CD
option, or even resorting to fax or printed text will do the job -
they always used to.

Q: How else might we be able to send such an attachment?

A: Sending as a .zip has already been suggested, but this file type is
also sometimes filtered - poorly configured "virus scanners" are to
blame here.

It might be a good idea to use a more neutral and portable document
format - ask yourself, can your EXEs run on a Mac, or under Linux?
Something like a Shockwave Flash presentation (SWF) might suit better
or embed the pictures in a Portable Document Format (PDF) document -
anything that doesn't have executable content, and is supported on
more than just Windows. Avoid Word Documents, since they are probably
as widely blocked as executables.

Q: Can Outlook users selectively allow otherwise banned file types?

Not that I know of, though I could be wrong. I believe that the
Outlook "security patch" that disables EXE and other executable file
types does so across the board. It essentially cripples your email
client, in the name of security. Ah well.

This page tells you what you are up against:

http://office.microsoft.com/Downloads/2000/Out2ksec.aspx

Hope you find the ideas useful.

--
http://spamlinks.net/

On Friday, February 28, I, along with many other Shagmail subscribers
received an e-mail from a Shagmail administrator concerning their
subscribers' failure to receive their mailings.  In this e-mail, the
administrator confirmed what many of us already knew:  that many of
our ISP's were blocking Shagmail's mailings.  Among the ISP's
involved in this censorship effort:  Earthlink/Mindspring,
AttbiComcast, Qwest, and MSNHotmail.  Many other ISP's are involved
as well, including my own, PeoplePC.  Shagmail is trying to resolve
the issue with these ISP's, but also urged us subscribers to
individually contact our ISP's.  The administrator included a copy of
an e-mail a subscriber sent to their ISP as an example.  I certainly
will be contacting my ISP by phone and e-mail, especially given that
my "membership" is up for renewal soon.

As a side note I find the inclusion of MSNHotmail to be something of
a bitter irony as I have found MSN to be very lame at filtering out
SPAM, especially of the pornographic type.  Typically, anywhere from
1/2 to 2/3's of the SPAM that ends up in my "Junk Mail" folder
advertises porn sites.  And yet, MSN thinks they're doing their
customers a favor when they block such publications as "Clean Laffs"
(a clean humor letter), "Cat Nips" (an e-zine about cats and cat
care), and "The Daily Tease" (a puzzle/trivia type letter).  And
these were publications I personally had subscribed to and flagged to
go to my Inbox, not the Junk Mail folder.  But when you do go to them
with a legitimate complaint, say, about a mailbomb, they basically
take a, "Sorry, there's nothing we can do about it" attitude approach
to your problem.  I'd say someone's got their head screwed on
backwards, to put it nicely.

The following correspondence by AOL to their members appears very
militant to me, and very irresponsible.

Note that AOL does not differentiate between opt-in newsletters,
etc. - even double opt-in - and UCE (porn, etc.) and specifically
tells its users not to unsubscribe, but instead to report as
SPAM!

Basically what AOL is saying here is that if one of their members has
subscribed (opted-in or even double opted-in) to receive, for
example, travel specials from American Airlines, United Airlines,
Orbitz Travel, or any newsletters or other online subscription
service, and for whatever reason no longer wishes to receive the
online information that the AOL member may have requested, that the
member should not unsubscribe, but instead report the sender of the
information that the member in fact subscribed to as SPAM.

I suspect that AOL will at some point use some of this information to
lobby our Federal Government for SPAM legislation.  Without knowing
how the AOL data was derived, our elected officials may follow some
of AOL's suggested remedies without realizing that AOL, themselves,
have tainted and manipulated the data that AOL will use to promote
legislation.

Personally, I am encouraging anyone I know who uses AOL to report ANY
AND ALL messages from AOL to their members as SPAM.

-------------------------------------------

AOL's member communication re: SPAM


Dear Member:

Nothing we do is more important than listening to the people who make
AOL what it is -- our members. We recently asked you for your opinion
on how we can improve AOL.  The response was terrific, and we're
working harder than ever to address the issues that our members care
about the most.

When it comes to spam, we hear you. All of us at AOL are outraged by
the number of junk e-mails we get on a daily basis -- we get the same
amount and the same kind of spam that you do. Most of all, we are
outraged that our kids are being exposed to vile porn spam online.

We are fed up with spam and we HATE it as much as you do!

At AOL, spam is public enemy No. 1, and it's time for us to have a
candid talk with you about spam: what it is, why there's so much of
it, what we're doing about it at AOL, and most important, the things
you can do about it right now.

First, we want you to understand what spam is and why there is so
much of it. Spam is unsolicited bulk e-mail. Spam affects everyone on
the Internet, not just you and us. At AOL, we don't tolerate it, and
we don't like it any more than you do. It violates AOL's strict anti-
spam policies and is in most cases illegal.

Why is there so much more spam than ever before? In part, because
more people are online than ever before. Spammers are finding new,
fraudulent and illegal ways to get spam into your inbox and evade
AOL's anti-spam screens. For example, spammers are using technology
to "guess" what your e-mail address is to send you spam -- meaning
you'll see junk e-mail even if you never visit a Web site or give out
your e-mail address to anyone. Spammers are even creating fake e-mail
addresses to send you spam and hide their identity.

Second, we want you to know that AOL has been leading the fight
against spam for years, using every tactic we know, and coming up
with new ways all the time.

· AOL uses our own technology to block up to 780 million spam e-mails
every day. That's right, we prevent over three-quarters of a billion
spam e-mails from reaching our members every day. What does that mean
for you? It means we're already preventing an average of more than 22
unwanted e-mails per AOL account each day -- that's spam that will
never reach you!

· At the same time, AOL 8.0 offers improved and enhanced e-mail tools
to empower you to fight back against spam. In fact, just recently, we
greatly expanded Mail Controls and made it possible to block even
more addresses and domain names from sending you spam. In the coming
months, we will be rolling out even more anti-spam features -- giving
you a better, more spam-free e-mail experience.

· We've taken dozens and dozens of spammers to court -- winning court
orders to stop spammers from sending hundreds of millions more junk e-
mails to you, and winning million-dollar judgments to help put
spammers out of business.

· AOL is fighting for even tougher bipartisan legislation in Congress
and in state legislatures across the country to make fraudulent and
intrusive spamming a crime. At AOL, we believe the most egregious
spammers shouldn't be looking at computer screens, they should be
staring at jail bars.

· We are also increasing our commitment to an industry-wide effort:
working with federal enforcement agencies on ways we can further
protect consumers online and collaborating with other ISPs and
Internet companies to help fight spammers.

· Lastly, a team of senior AOL executives have been designated to
lead a special task force, whose job it is to find new ways on a
daily basis to combat and reduce your spam.

Despite these efforts, we know too much spam still gets through to
you. AOL is committed to making more improvements and giving you more
tools to fight spam. Every day.

Third, we need your help: We can't fight spam without you, but we CAN
turn back the tide of spam by working together. What can you do right
now to fight spam?

Here are some tips:

· Use our popular new "Report Spam" button located at the bottom of
your e-mail inbox in AOL 8.0. Members have already helped us identify
and stop tens of millions of spam sources. The bottom line is: If you
report it, we'll use your feedback to help block it. Every single
time you click the "Report Spam" button, we are becoming more and
more effective at fighting spam.

· Try out our flexible, customizable "Mail Controls" at AOL Keyword:
Mail Controls.

· Guard your e-mail address and do not unnecessarily give it out.

· Create a unique AOL password and never give it to anyone... because
a favorite spammer's tactic is to hijack an account and then use it
to send out thousands of spam e-mails.

· Never respond to spam by clicking on the "Unsubscribe" link in junk
e-mail you get; it generally does not work, and may actually result
in your getting even more spam.

· Create a special screen name (AOL gives you seven) to be used just
for online public areas and surfing the Internet, where spammers
often go to gather e-mail addresses.

· Go to AOL Keyword: Spam for online information on junk e-mail.

The unfortunate reality is that spammers are always going to be
around. Spam is always going to be a challenge for everyone on the
Internet. There's no "silver bullet" that will eliminate spam, but
our pledge to you is this: AOL is using every weapon at its disposal,
every minute of the day, to protect you from unwanted e-mail.
Battling spam is a 24-hour-a-day, seven-day-a-week operation at AOL.

Stay tuned: Even better news on spam fighting -- and even better
tools to fight it -- are on their way to you. Our plan is to keep you
informed as AOL works to earn your trust on spam.

Of course, e-mail from you -- our members -- is never unwanted. So
drop us a quick line and Tell Us What You Think about spam. We want
to know because we need and value your feedback.

-------------------------------------------

I loved the illustration about the horse and the flies!  But,
imagine if the horse could only rely on other barnyard animals to
keep the flies at bay!

In my opinion that's similar to what happens when we entrust spam
filtering to an ISP, 3rd party software, or an opt-in licensing
agent to make decisions as to what is and is NOT unwanted email.
(And notice the use of the word 'unwanted', hence some non-spam
email may still be unwanted, as is most spam email.)

I'm in full agreement regarding your concern with false-positives.
Unfortunately, with many of today's spam filtering solutions, the
hazard of false-positives is always going to be an issue since
there is no technology that is 100% accurate.

But the definition of UCE, "unwanted," or spam email is really a
personal definition held by each individual mailbox owner, in my
opinion.  I don't want an ISP, a client- or server-side "spam
filter" or any so-called opt-in licensing agents making the
decisions as to what is or is NOT unwanted email headed for my
mailbox - more than I want any other barnyard animals determining
which flies to swat for me.  That's my job, buddie.  Back off!

I say LET ME MAKE THE DECISIONS.  To that end, I use what I'm
loosely calling a reverse spam filter.  By that, I mean that ONLY
email that I have whitelisted, or Senders of email to me have
whitelisted, will be permitted into my mailbox.  Then, I'll make
the FINAL decision as to whether it's wanted or unwanted email.

Fair enough?

Any email that is filtered gets sent to temporary holding area,
which I call a spambox. From there, I can look at it, whitelist
the Sender and resend it to my mailbox, or just let my cleanup
script keep it cleaned out for me.

Of course, any email that is filtered get's a even shot at missing
my swatting attempts.  The Sender gets sent an authentication email
to at least prove he's human, and not a software program churning
out flies like there's a feast in the barnyard.  When he clicks the
authentication link in that email, it removes his previously-filtered
email from my spambox, and puts it back into my mailbox.

Then, I make the final decision if I want to receive future emails
from him.  If not, sorry Charlie, I'll never see his emails again
in my mailbox, or my spambox, for that matter.

So far, this solution is working GREAT.  It was a bite in the petunia
at first to build the whitelist, and a few folks got peeved that I
asked them to authenticate their email addresses.  Sorry, that's
price they have to pay if they want to talk to me.

Of course, all my favorite newsletters got filtered the first time
ONLY, and I promptly whitelisted them and now they NEVER get filtered,
unlike when SpamAssassin or my ISP find words in future issues of
those newsletters which THEY label as spam.  I made the decision to
whitelist them, and my decisions always stick!  Legitimate email
publisher have NOTHING to fear from my solution.

Another problem these days is that not only are ISPs filtering email,
they aren't even putting it in a temporary holding area, to let you
see if their decisions are correct or not.  That's going to land them
in legal hot water.

So, forget the tail swinging, head shaking, reliance on other
barnyard animals, etc. to keep the flies at bay.  My Senders do most
of it for me.  I just see the good stuff that I WANT to see, for the
most part.  And I spend the savings in time on other things I like to
do.

:-)

Joe Halbrook

Another article:

Email Marketing Results
February 27, 2003

False Spam Reports Block 15% of Permission Emails

According to Assurance Systems, ISP spam filters are blocking out an
average of 15% of legitimate email marketing messages. The company
runs a quarterly study on email blocking and filtering. The
percentage of blocked email varies according to ISP. The highest
block rates are:

NetZero 	        27%

Yahoo 	 22%

AOL 	 18%

Compuserve  14%

AT&T 	 12%

Views: It stinks, but you'd better get used to it

As mentioned in our comments on AOL's "Report Spam" system, the
increased use of filtering systems is causing significant problems
for permission email marketers and email publishers. It's upsetting
and aggravating, but I think it's just going to be a reality of
doing business online for the foreseeable future.

In no way would I say that the email communications medium has
been "ruined" by the spam arms race. But it certainly does increase
the cost of online marketing and adds to the arguments for a
permission marketing approach: Do everything you can to make sure
that the recipient of your email message does not view it as spam.
Filtering systems are moving in the direction of giving users more
control; if the recipient thinks your message is spam, they will
flag it that way, regardless of what you think.

Al Bredenberg

I have a LincSat setup (two way satellite internet)in the hills north
of Kingston, Ontario and the domain is direcway.com.

I subscribed to the list: Wings on the Internet which can be done
from the website: www.woti.org. The Direcway mail server things WOTI
messages are spam and bounces them back. Then the WOTI server sees
these bounced back messages and automatically unsubscribes me from
the list.

I have subscribed using my dialup account (KOS.NET) and get all the
messages from the KOS.NET mail server while using the satellite
internet. But it's a pain because in order to post to the WOTI list,
I have to dialup KOS.NET using the (yuck!) telephone and reconfigure
my email program (Outlook) to send out through the KOS.NET server.

I don't know why Direcway.com doesn't like WOTI messages. KOS.NET's
spam filter doesn't seem to mind it.

Robert

Anyone else have experiences with SPEWS to share?


TYLER HAMILTON
TECHNOLOGY REPORTER
Toronto Star

February 24, 2003

Ever watch a horse in a barn as hundreds of flies buzz around its
ears and snout and eyes?

There's not much he can do, really, other than whip his tail around,
shake his head, or perhaps take a suicidal dive into a ravine. Pigs
and hippos prefer to submerge themselves in mud.

That's kind of the way I feel about spam, or what's more politely
referred to as unsolicited commercial e-mail.

I don't think I'm going out on a limb here by saying most Internet
users get spam, and most hate spam. The stuff takes time to delete.
It clogs in-boxes and Internet connections. It uses up the network
bandwidth of corporations and service providers. Generally, it's
offensive and obscene, which is particularly problematic when it
reaches children.

A recent survey from Internet security firm Symantec Corp. found
that 63 per cent of respondents received more than 50 spam messages
a week. That sounds a bit conservative to me — I get a weekly dose
of about 50 Nigerian scam e-mails alone — but whatever. The bottom
line is that spam is a menace to society.

There have been calls for legislation to curb the volume of spam.
Several U.S. states have such laws and Canada is currently looking
at that option as part of a discussion paper released last month.
Industry Canada is looking at shifting the burden to Internet
service providers and Web users themselves, who would presumably use
technologies such as spam-filtering software to combat the problem.

Indeed, there's a view out there that technology — not legislation —
will be the only effective answer to this problem, considering most
spam originates from unreachable overseas locations.

But is technology that panacea? I'm not convinced, at least not with
today's products and services. Neither is David Stark, director of
public affairs at NFO CF Group in Toronto.

NFO CF is a social and marketing research firm that conducts
surveys, asking Canadians what they think about banking, voting or
shopping over the Internet. It's the kind of information a
technology reporter such as myself would find valuable when writing
about our industry.

A typical survey might include 4,000 e-mail invitations sent to
people who have previously agreed to participate in such surveys. A
third may choose to respond, and their names are entered into a cash
sweepstake.

Recently company researchers have noticed an increasing number of e-
mail invitations being bounced back with error messages. In a batch
of 4,000, all 37 messages that went to Cogeco cable modem customers
were returned, as well as all 13 sent to AT&T Canada accounts and
three sent to Netcom.ca accounts.

A total of 97 out of 1,218 sent to Hotmail Web-based accounts were
also returned.

With the AT&T Canada accounts, the bounced-back messages read as
follows: "Error ... the delivery of this e-mail has been blocked by
AT&T's automated virus and unsolicited bulk e-mail filters."

Stark says that, as instructed, he sent an e-mail inquiry to AT&T
customer service but has yet to receive an appropriate reply.

"Sure, what they're doing is reducing the amount of spam, but it's
also reducing the amount of legitimate e-mail," he says. "Everything
we send is legitimate. Recipients have agreed to receive e-mails
from us, and through this technology, Internet service providers are
denying their customers from receiving communications they wish to
receive."

For its part, AT&T admits that, short of having somebody read each e-
mail message, the automated system it has in place isn't
perfect. "I'm told in general it's virtually impossible to filter
out only the bad ones and let in only the legitimate ones," said
company spokesperson May Chiarot.

This imperfection could easily begin to have a material impact on
NFO CF's business.

Stark admits that the absolute number of rejected e-mails isn't
huge — so far less than 1 per cent. But he wonders about the
potential for this problem to grow as more ISPs and individual
consumers begin arming themselves with anti-spam technologies, such
as McAfee's SpamKiller or freeware such as SpamAssassin.

It's a concern that's also shared by the Canadian Marketing
Association. Simply put, there is still too much room for these
technologies to keep out what's legit and let in real spam that has
been cleverly disguised as legitimate, opt-in marketing pitches.

Take SpamAssassin, which applies a base of rules to a "wide range of
heuristic tests on mail headers and body text to identify spam."
What are those rules? Well, if your e-mail mentions you have
a "privacy policy" or can "opt-out" or claims to be selling
anything, it is flagged as spam.

The reason these words are screened is because spammers
intentionally try to use these claims to disguise their messages as
legitimate. The flawed logic in this is obvious, particularly when
you consider that some privacy laws and self-regulatory
organizations require that companies highlight their privacy
policies.

"It just bothers me that we're doing the right thing, putting our
opt-out clause at the bottom of the e-mail, and yet those words are
being flagged," says Stark, pointing out spammers know how to get
around these rules.

There are also online blacklists that companies can use, such as
SPEWS, which stands for Spam Prevention Early Warning System. After
calling Cogeco with his concern, Stark discovered that the cable
company uses the SPEWS list to shut out spam.

He figured he could simply contact SPEWS.org and get his company's
Internet Protocol addresses removed from the screening list. What he
found is that SPEWS is just an automated system that is regularly
fed by systems administrators and ISP postmasters from around the
world. There's nobody, really, to contact. Consider it a kind of
star chamber that aims to oversee anarchy on the Internet — anti-
spam vigilantes doing their part for the greater good of the online
community.

Only problem is the judges of this "star chamber" can sometimes get
it wrong.

"They say too bad, tough for you, you can't contact us," says
Stark. "There's no way for somebody to take immediate action."

All of this doesn't make the debate on spam any easier. E-mail
filtering firm Brightmail Inc. claims that 41 per cent of the 40
billion e-mail messages it sifts through each month falls into the
spam category. How do we know for sure that those 16.4 billion
messages are truly unsolicited?

Is this a case where we hate spam so much we're forced to take the
lesser of two evils? Must legitimate companies become the
sacrificial lambs that keep the volcano of spam from erupting?

Maybe we should take the simple route, a lesson from the pigs and
hippos, by throwing ourselves into a pool of mud.

I would also like to add my voice to those whose Shagmail mailings
have been blocked.  I have been subscribed to three Shagmail
publications for nearly two years.  I subscribed to them myself after
my wife found them for after searching the net for some stuff I might
like.  Everything was fine up until a little over two weeks ago.  My
regular Friday mailings never arrived on the 7th of February.  At
first, I didn't think much about it, putting it off to some sort of
computer virus or network problem.  But when mailings had not resumed
within a week's time, I began to be curious.  First, I went to
Shagmail's web site.  Everything seemed fine there.  As a matter of
fact, I visited one e-zine's archives and found that they had
published throughout the week I was missing their mailings.  Figuring
I had been the victim of a list server problem, I tried to re-
subscribe using my normal ISP (PeoplePC) e-mail address.  Vainly I
waited for the subscription verification e-mails to come.  After
about an hour, I gave up and tried a different tack.  I subscribed to
my Shagmail publications through my MSN Hotmail account.  That worked-
-briefly.  I got the e-mail verifications, confirmed them, and got
about a week's worth before MSN shut them down.  And that really
surprised me because if anyone's a SPAM sieve, it's MSN.  Anyway, I
did some research on the net about Shagmail and was surprised to
learn that there are quite a number of people out there who believe
that Shagmail and it's parent company or a company associated with
them, PennMedia, are bigtime spammers.  And from the sound of it, it
looks like Shagmail may be on blocklists all over then Net.

Oh, and BTW, in the opinion of some anti-spam vigilantes, if you post
in this forum to complain about not receiving legitimate e-mails,
then you are considered either a spammer yourself or a spam
supporter.  I can provide a link to support that.  Just thought you
all might like to know that.

Hello I'm brand new to the Forum.

I am the owner of an e-marketing company.  My clients are schools,
doctors, and other brick and mortar.

I am constantly trying to keep up with what's going on out there in
spam world.  I do stricktly permission based newsletters for my
clients, and when parents of students do not receive their emails
they call the teachers and directors of the schools to find out why.

That's when I get calls.  Just try explaining this entire situation
to someone who has no understand of spam assasins and just want to
receive their child's school e-newsletter.

I had a 22% bounce rate thanks to MSN putting my ESP on a black list
for no known reason.

I'm here because my business depends on me having all of the answers
for my clients.

I am open to hearing from anyone.

Thanks

Hummm, add me to that list. I had forgotten that I wasn't
receiving their mail -- well, mostly not as I did receive a
couple of their offers, just none of the newsletters.

Unfortunately, don't have a clue as to why, but then I haven't
consulted either of your suggestions. :)


>>> For some reason known only to God and Microsoft (aren't they
pretty much the same?", I cannot recieve mail from Shagmail.  Do
any of you know what the problem could be?

This is not even a RBL. You are looking in the wrong direction to
solve your problem. The problem is this: you are providing an open
relay that could be abused and used to send UCE or worse. The relay
was proven to be open last night around midnight. Here are the
results of the relay test:

Return-Path:
Delivered-To: marvin@...
Received: from myloving.com (unknown [203.116.40.53])
         by BocksCar.ORDB.org (Postfix) with ESMTP id 17E7A5C33
         for ; Fri, 21 Feb 2003 00:25:40 +0000 (GMT)
Received: from localhost.localdomain [62.242.0.190] by myloving.com
with ESMTP
   (SMTPD32-5.08) id A56DB076E; Fri, 21 Feb 2003 08:35:57 +0800
From: postmaster@...
To: marvin@...
X-ORDB-Envelope-From: postmaster@...
X-ORDB-Envelope-To: marvin@...
Subject: ORDB.org check (0.03056643399192180.191631607)
ip=203.116.40.53
Message-Id: <20030221002540.17E7A5C33@...>
Date: Fri, 21 Feb 2003 00:25:40 +0000 (GMT)


You can clearly see that anyone can send mail from your server using
the postmaster account.

This is an instance of RBLs working. Without RBLs, this server could
sit untouched, since the administrator does not have the ability to
configure or test his own machine. The server, without RBLs, could
be used for UCE, or even worse, indefinitely.

Removing yourself from these blacklists is very simple. I performed
the same process just 2 weeks ago for a client. The process took
less than 4 hours to complete. To do this, first close the relay.
Test it from every angle to make sure it cannot be abused. This is
the most important thing that a mail server administrator can do,
and yet it is often overlooked. In fact, lack of administration is
probably the main reason that RBLs, and this group, even exist.

Next, once you are certain that your relay is closed, remove
yourself from ordb.org, and any other legitimate RBLs where you are
listed. Here is a link to ordb.org with your name on it:

http://www.ordb.org/lookup/?host=203.116.40.53

This should take no more than an hour. ordb.org is very timely at
removing a _properly_ configured mail server from their list. Once
that is done, schedule a retest at outblaze, and you will be off
their list in minutes. Its that simple.

This is an instance of RBLs working. Protecting consumers from
spam/uce, and protecting the Internet from poor administration.

I am not saying that RBLs are 100% good. There are inherent problems
with systems like this. I am very interested in discussing and
pursuing an alternative. I do not think, however, that posting
unfounded complaints against RBL maintainers and end users, provides
any benefits to this group or anyone else.


--- In i_did_not_get_my_email@yahoogroups.com, aUser wrote:
> This filter put my server 203.116.40.53 at open relay database,
> but my server never open email relay to public. it infect more
than
> 100 companies hosted in my server.
> http://spamblock.outblaze.com/spamchk.html
>
> I've write to them several times, by no one to solve the problem
>
> I recommand ISP service provider never engage this un responsible
filter
> service provider!

The only mail that really comes to mind as wrongly blocked in my case
is one I sent from home to my work account which had the subject line
"FEMA Guidelines" and contained a couple of PDF files which contained
guidelines issued by the Federal Emergency Management Agency for
reducing the risk of terrorist attacks.  This was blocked by their
content filter (I think it's SurfControl).  I've had other mails also
stopped by both the content filter and the virus sweeper.  The
funniest was when all my mails from an antivirus list I was one were
stopped because some idiot had put the names of every known virus into
the content filter.

I've been using an rDNS blacklist at home for about 4 months now and
in that time have had only one false positive. That one was a mail
from a small ISP that was hosting a number of active spammers on Pink
Contracts so was unavoidable by any system that had any hope of
blocking spam.  Before I used the list I was getting over 300 spams a
day (and about 150 real mails).  Now I still get 150-200 real mails a
day but less than a dozen spams.

I think rDNS blocklists are the way to go, content filters generate
too many false positives in my experience.  Ideally I think an ISP
should put blocked mails into a 'parking area' on the server that
users can skim through the subject lines and senders periodically,
maybe send the users a weekly mail with a list of the senders and
subject lines, with instructions on how to release false positives
should they occur.

However, I do think that the best tool against spam is not technical
but political.  If nations like the US would put real laws in place to
stop spam from their own entities and pressure on other countries to
do likewise then spam would slow to a trickle and we wouldn't need all
these technical solutions to stem the flow.  In the late 1980s and
early 90s those who commited cybercrime (which is what spam really is)
found themselves on the recieving end of FBI raids and saw their
harware carried off in trucks not to be seen again for months if at
all.  Close down ISPs who accept pink contracts, pressure other
countries to do the same and we're home and clear.  Legislate a
requirement for informed confirmed opt-in and put real penalties in
place for those who breach it (including those who get spammers to
spamvertise their product) and suddenly bandwidth waste will drop.

Stephen

About the only way I know of getting around the filters which look for
executable code is to make the file available for download on your web
site.  Then send an email with a hot link address to the customer for
downloading the file manually.

Not a very efficient procedure, but it works.


-----Original Message-----
From:

Sent: Wednesday, February 19, 2003 11:09 PM
To: i_did_not_get_my_email@yahoogroups.com
Subject: [i_did_not_get_my_email] Over active anti-virus software


Our business depends on sending VeriPic photo slide shows to clients.
The VeriPic Slide show is in the form of a self contained EXE file.
The file is an executable that runs on the recipient's end without
having to install anything.

We've been having problems with about 10% of the customers who are
running some sort of anti-virus software that picks out not only
viruses but stops all email attachements that are EXE files even if
they are clean. We've tried renaming the extension to something else
like TXT (and asking the recipient to change the name back when the
receive it) or even compressing the file in a ZIP file format. None
of this works.

Does anybody out there have any experience sending EXE files
successfully in these cases where the recipient REALLY wants this
file very badly but their system administrator for their installation
is running some sort of software that stops all EXE files both good
and bad ones? The recipient doesn't have a choice about the anti-
virus software because their sys admin won't permit them to
temporarily turn the anti-virus software off.

How are people supposed to be able to send executables to each other
with this kind of filtering in place? Sometimes you need to receive
executables in cases like patches or updates for software or other
purposes. It's a great dis-service to the email user if all of a
given type of file is blocked.

Here is a story about perhaps the most egregious sysadmin abuses I
have ever heard of in more than twenty years online.

The ISP was Veranet (formerly BiznessOnline--you always know a
company's status and reputation are in trouble when they change their
name for no reason), a provider out of Albany NY. A sysadmin,
ostensibly to fix a reported email delivery problem, modified the
user's email routing so that she would be cc-ed on all emails sent to
the user. After verifying that the problem was fixed, she forgot to
remove herself from the carbon copy routing. For several days, all of
the user's email found its way into HER mailbox.

As if this wasn't enough of an invasion of privacy and lame behavior
on the part of support staff, what follows is truly frightening.
Since the sysadmin did not recognize the addresses on any of the
emails she received that were intended for this user, she added ALL
of them to her spam block list. And since she was the sysadmin, HER
spam block list was the block list for the entire site configuration!
Thus, virtually every one of his personal contacts who regularly sent
him email was blocked from doing so, since email from these people
was blocked at the site level!

When this guy's wife called to complain that she couldn't send him
email, she was told that a "typo" must have accidentally added her
address to the block list. Funny, but only a day later her work email
address was "magically" also blocked, also (it was claimed) due to a
typo. When friends and colleagues also started getting bounced, they
called the provider directly. (Sending email to the provider didn't
work because, you guessed it, their addresses were blocked from doing
so!)

Almost a week later, the provider finally admitted the error. No
apologies, no remorse. When this guy asked to see the list of
addresses blocked, so he could get back to those who had tried to
contact him and mend any broken fences, Veranet refused to give it to
him. (What is the "security" hole in providing the list of supposedly
legitimately BLOCKED addresses? Clearly this was done to cover up the
lameness of their support staff.) When he asked for a refund of his
monthly charges, Veranet offered him a pittance instead.

When he dared to complain about this pitiful service, one of their
support staff set up a Yahoo account for him with a phony derogatory
name pointing to his email address. (The address they used wasn't
even the outside real world address he used publicly, but the
internal POP mailbox that only internal Veranet staff would know
about. This, coupled with the fact that the initiating IP address was
their internal site gateway, demonstrates that the accusation he made
that someone at Veranet did this was absolutely true. No action was
taken by Veranet management and again no apology was forthcoming.)
The level of technical and moral retardation present at Veranet is
astounding. Others have complained in the past about their amateur
hour technical support practices, but this goes far beyond the pale.

The moral here (aside from "Avoid Veranet like the plague") is that
the supposed vigilance against spammers is often misdirected and much
too often overzealously overapplied. Many people on the Net talk
about its frontier quality, the spirit of freedom, the absence of
foolish bureaucratic regulation, etc. But when that freedom gets
abused (as spammers do) and when the "free range" mentality results
in an inability to identify abusers, hold them accountable, and keep
them from engaging in further abuses, these same supposedly
libertarian pioneers clamp down on everyone with a big stick that
they don't know how to apply with precision and justice.

I've definitely seen stuff like this before. For example, in 2001, my
own corporate security software was bouncing messages addressed to a
person named "Melissa" - for obivious reasons...

--- In i_did_not_get_my_email@yahoogroups.com, aUser wrote:
> Below is one example of a very poor mail filter. I have had a
business
> email rejected for the sole fact that it contained the word
> 'refinancing'. Has anyone else seen anything like this?
>
>
> (reason: 554 5.7.1  Message was rejected because of SPAM restriction
> by System Administrator (Refinancing))
>
> <<< 554 5.7.1  Message was rejected because of SPAM restriction by
> System Administrator (Refinancing)
> 554 5.0.0 Service unavailable

I just had to delete about 10 email addresses mainly from mail.com
who now have a spam blocker and asked to be contacted by charter.net
administrators before they will let my newsletter through.

I also have one email address on the list that comes back via
autoresponder with no email address to be found so I can't even take
them off my list.  It comes from autobahn.com and you have to fill
out a form that asks for the email address you are sending to, which
is not shown, duh!  It also asks for your email address and a message
and then they will get in contact with party to see if they want your
email.  This is not only time consuming it is ridiculous in that they
don't provide the return address to put on the form.  How can I go
through 2400 emails to see which one it is?

I don't get it why do people signup for a newsletter and then give an
address that uses spam block so they will never get the newsletter?
It just doesn't make a whole lot of sense.  Although, I know some
ISPs don't let people know they have a spam block most of them do.

I am off my soap box now, but isn't suppression of Freedom of Speech
at play here or Big Brother who decides what mail should I let
through today?

Annoyed,
Patricia Creasy

Our business depends on sending VeriPic photo slide shows to clients.
The VeriPic Slide show is in the form of a self contained EXE file.
The file is an executable that runs on the recipient's end without
having to install anything.

We've been having problems with about 10% of the customers who are
running some sort of anti-virus software that picks out not only
viruses but stops all email attachements that are EXE files even if
they are clean. We've tried renaming the extension to something else
like TXT (and asking the recipient to change the name back when the
receive it) or even compressing the file in a ZIP file format. None
of this works.

Does anybody out there have any experience sending EXE files
successfully in these cases where the recipient REALLY wants this
file very badly but their system administrator for their installation
is running some sort of software that stops all EXE files both good
and bad ones? The recipient doesn't have a choice about the anti-
virus software because their sys admin won't permit them to
temporarily turn the anti-virus software off.

How are people supposed to be able to send executables to each other
with this kind of filtering in place? Sometimes you need to receive
executables in cases like patches or updates for software or other
purposes. It's a great dis-service to the email user if all of a
given type of file is blocked.

I have a secondary email account on "myrealbox.com", to which I used
to route a limited percentage of my Yahoo Groups subscriptions...
mostly low priority stuff. One day, I was looking through my Yahoo
Groups account info, and noticed that mail from myrealbox.com was
bouncing, due to a full mailbox or something like that.

It struck me as odd, since myrealbox.com gives you 10 megabytes of
email storage space for free... but I figured it might've happened at
one point or another, so I just sent a re-activation notice.

Waited 24 hours, didn't see any, went back to Yahoo, looked closer...
noticed that several notices had been sent. Odd... I hadn't seen any.

I sent another one.

Nothing showed up for a day.

Mucked around with it for several days, with all my notices going to
/dev/null without any details. Eventually, it occured to me that maybe
the problem wasn't with Yahoo, but with myrealbox.com. I dug around,
and found this notice:

Q:

I am on a Yahoo! Groups mailing list and have stopped receiving my
mail. What's wrong?

A:

The Yahoo! Groups mailing lists have been a major source of spam over
the last couple years and have been getting worse and worse. We have
tried to work with them many times but they have done nothing to
prevent the spam. We are sorry to tell you that because of this we no
longer accept any mail from Yahoo! Groups.

From my perspective, as someone subscribed to dozens of Yahoo Groups,
I very rarely see spam - and that only in groups that have been
essentially abandoned by their creators.

Similar blockages for services like Lyris and Topica are in place on
servers all over the internet... the messages being delivered aren't
even commercial opt-in email in many cases.

Spam threatens the integrity of Internet email as a medium.

Below is one example of a very poor mail filter. I have had a business
email rejected for the sole fact that it contained the word
'refinancing'. Has anyone else seen anything like this?


(reason: 554 5.7.1  Message was rejected because of SPAM restriction
by System Administrator (Refinancing))

<<< 554 5.7.1  Message was rejected because of SPAM restriction by
System Administrator (Refinancing)
554 5.0.0 Service unavailable

Has anyone else had their emails converted from HTML to
ASCII Text?

I know SPAM Assassin does this when identifying email as
potential SPAM and then it allows the email to go through
anyway?

For example, I am a Microsoft Provider and SPAM Assassin
destroyed their emails by converting them to ASCII Text.

This story, I believe, will help demonstrate the ultimate irony
of the flittering problem.

I belong to around 50 Yahoo Groups. At most, these will generate
50 messages per day, where the majority are set to digest. Not a
massive amount of mail.

In an effort to avoid exposing my ISP email address, I attempted
to subscribe with the free Yahoo.co.uk address that is attached
to my Yahoo Groups login and, which I'd specifically intended for
use with those Yahoo Groups. It's the same *family*, isn't it?

I'm online 16 + hours a day, so, with POP access, that address is
automatically checked every minute. No chance therefore that it
can be over limit and bouncing.

However, that's exactly what Yahoo Groups claimed. Yet not one
single message had ever got through from those ezines and groups
I'd chosen to subscribe to, not even confirmation emails!

I had to turn off the SPAM filter on Yahoo soon after it was
instituted because it started filtering out my electronically
delivered phone bill, I can't remember if it was Verizon or ATT, and
I got tired of retrieving it from the trash. Still, I do do not blame
Yahoo, who are only trying to solve the problem caused by
unscrupulous direct marketers. I had to give up on my AOL email
account because I was tired of wading through 20-30 pieces of spam a
day: in fact, I probably deleted more legit messages myself by
accident than the spam filters inadvertently filtered out.

I have also had trouble sending people messages from my hotmail
account, probably because it has been added to spam lists. Why, you
may ask? Because unscrupulous spammers (there is a redundacy for you)
have been using it as a bogus return address. Every week or so I get
a message from a Daemon mailer somewhere that messages I never sent
(usually to porn or mortgage sites) could not be delivered. Now there
is something I think just about everyone could agree should be
outlawed: sending unsolicited Email with someone else's return
address on it.

Hi!

I have a small etail website and few thousand customers. I sell
calling cards online. My customers rely on the emails that I'm
sending them after purchases, etc., but very often (especially when
Hotmail "improved" their spam filtering) they don't get it and it
costs me a lot to deal with such problems. Very soon, I'll have to
post a warning for all Hotmail customers and advise them to switch to
Yahoo!, because I repeat - it costs me a lot of money and these
inconveniences are a big problem for my customers too!