Recently I’ve been getting a lot of mail from the feedback loops I subscribe to indicating that someone has gotten a subscription confirmation message and they considered it spam.
After digging into my logs I noticed a few things …
- The subscription requests are being initiated from TOR exit nodes.
- The web requests that initiate the subscription have “mailbait.info” as their referrer.
This ‘mailbait.info’ service is supposed to allow you to fill your mailbox … why anyone would want to do this is beyond me … and it has absolutely ZERO protections against submitting someone else’s email address. As such, it just ends up generating spam. And a lot of the twits that are using this ‘service’ are hiding behind TOR nodes, which protects their IP address.
And you probably read in my last post … I had a problem getting mail setup my new Android phone.
I could receive mail fine … but it failed (with a totally useless message) whenever I tried to send mail. I was sure I had the settings right (userid, password, ssl, etc).
I have my mail server configured to do authenticated sending (as all good mail server admin’s should) … but for some reason the authentication wasn’t working correctly.
I tried various setting combinations to see what might be the problem … I verified the settings with my iPhone and Thunderbird. Everything matched up.
I really wish there was a way to indicate, in DNS, that a domain never sends mail.
That way, if a mail server recieves mail claiming to be from that domain, it can be discarded out of hand.
I’ve got a bunch of domains that JUST do web serving … they never send mail. If the web server that they are hosted on does send mail, it’s sent from via the midrange.com mail server (and is identified as such).
I saw a very interesting mail reject message today on one of my mailing lists …
You are receiving this message because you have attempted to send an e-mail containing confidential information. Examples of confidential information include, but are not limited to social security numbers, birth dates, account numbers, policy numbers, medical history, financial history, personal phone numbers and user IDs. Another example of sending confidential information would be combining any two or more of the following: name, address, identification numbers (employee number, phone number), organizational affiliation (place of employment). This information may be contained in the body of the message or any attachments.
I looked at the body of the message it was rejecting (which was included in it’s entirety), and noticed that the message referenced dummy social security numbers (the message discusses SQL techniques).
Of course, based on the warning message, it would probably reject ANY numeric text that was included in a message at all.
I suspect that the company, who’s server rejected the message, does not have a problem with email volume … since the majority of email sent to them is probably rejected.
I really wonder about companies that have such incredibly draconian content rules. How do they stay in business?
It’s nice that many of the major mail providers give you the ability to report a message you’ve received as spam … but some of them make it far TOO easy to report something as spam.
I’ve noticed that many of the big names put the “Report as spam” button way too close to the delete button.
Let’s take a look at some of the providers …
While doing a little searching, I found some information on email feedback loops for other major ISP’s.
A few months ago I commented on how much I liked the Yahoo Complaint Feedback Loop.
Well, I think I’m going to revise that statement slightly.