[SpamCop-List] Re: OT nanae SC/IronPort threads

[John E. Malmberg]

Berny wrote:
> 
> I do recall a thread here, some time ago about bonded sender spam, IIRC
> Ellen said they go in the block list like any others. I may have received
> one also once. But if SC users were regularly being spammed by Ironport
> BSers I'm sure we'd be hearing about it. Anti spammers tend to be a rather
> cranky lot you know.

A lot of speculation in the thread with no one quoting what Ellen said.

Their main gripe are apparently:

1. There are allegedly bonded senders that keep the bonded I.P. address 
clean, but run opt-out and other spamming on their other addresses.

2. Apparently a bonded sender I.P. address hit a SORBS spamtrap, which 
is very suspicious.

3. They claim that spamcop.net does not list or report bonded-senders, 
but have not produced any examples of this.

Add to that all the common and untrue spamcop.net myths are being 
reported over and over again, with no one pointing out the actual policies.

As I do not know what is in the SORBS spamtrap, and I do not know if 
anyone in commenting in the thread does either.  I also do not know if 
SORBS spamtraps list anything that falls into them.

The SORBS spamtraps tend to list a lot of multi-hop spam sources, so if 
a bonded sender had any security hole on their network, it would be 
quite easy for them to get listed with out the actual owner intending on 
spamming.

As such, they are not suitable for blocking unless you do not want to 
get e-mail from most large networks.  So it may be a long time before 
someone notices an e-mail rejected for that reason.

The main purpose of the bonded sender program is to go with policies 
similar to the apparent one of a large company I know of.

Anything that even slightly smells of spam is silently deleted with out 
notice.  Outgoing e-mail automatically whitelists incoming mail from 
that destination from that check.  Whitelisting is also silently done in 
response to trouble tickets, and the tickets get closed by stating the 
problem could not be reproduced.  No one at the company operating the 
mail server admits to that policy, it was determined by experimentation.

While some may think that is a bad policy, it works.  It keeps the 
people who think they want an uncensored feed happy because there is no 
evidence that is available to most people that the e-mail even reached 
the company.  It keeps company management happy because almost 0 spam 
reaches anyone's inbox.  And the auto-whitelisting really prevents most 
real e-mail from being blocked.

Oh, and the company prohibits non-business use of it's e-mail, so no one 
can complain if a non-business related item fails to reach them.

-John
wb8tyw at qsl.network
Personal Opinion Only