AW: [anti-abuse-wg] how to detect spambots - SPAMTrusted

Hello Sascha,

As soon as the requirement we don't block/blacklist any IP/ISP on your list
is removed we will implement to reduce the spam score emails get with spam
assassin in our setup. We use multiple blacklists to tag email with spam
assassin and some whitelists to lower the spam score on email. 

With kind regards,

Mark Scholten
Stream Service

-----Original Message-----
From: anti-abuse-wg-admin at ripe.net [mailto:anti-abuse-wg-admin at ripe.net] On
Behalf Of Sascha Wilms
Sent: woensdag 11 maart 2009 16:57
To: 'iane at sussex.ac.uk'; anti-abuse-wg at ripe.net
Subject: AW: AW: [anti-abuse-wg] how to detect spambots - SPAMTrusted


I know that for some it's a hard fact not to be allowed to block CSA
whitelisted entries any more. But because senders know exactly this, they
know what they have from being CSA whitelisted and what they stand to lose
if they get kicked off the list when not complying with the rules. It is
this huge leverage we gain. 


Currently, we have only significant German ISPs, but at least one major
European incumbent is about to join. We hope to extend the reach of our list
to other providers, so that we can increase the leverage. 
I have talked to some British providers, but so far no commitment (though
the British marketers are very keen on having something like the CSA in the
UK). 


As I said, it is really an industry standard we are promoting here, and the
more ISPs join, the better we are able to establish the standard on an
international level. If you guys have more feedback, you are welcome!

rgds
Sascha


-----Ursprüngliche Nachricht-----
Von: iane at sussex.ac.uk [mailto:iane at sussex.ac.uk] 
Gesendet: Mittwoch, 11. März 2009 16:21
An: Sascha Wilms; anti-abuse-wg at ripe.net
Betreff: Re: AW: [anti-abuse-wg] how to detect spambots - SPAMTrusted



--On 11 March 2009 15:44:04 +0100 Sascha Wilms <Sascha.Wilms at eco.de> wrote:

>
> Hi Ian, hi guys,
>
> we actually enforce rules regarding bulk emails through the Certified 
> Senders Alliance. Enforcement can naturally be applied only to those 
> senders participating in the CSA - however, in Germany our service has 
> become the de facto industry standard for email marketers, and the 
> amount of emails sent by certified senders is huge. Thus, we have 
> gained a very good leverage over this industry.

Well, that's all good. I see that in order to discover who's using your
service, I have to agree not to blacklist any of your users. That's not so
good. I'm not sure that I'd be interested in whitelisting anyone who's
signed up to improve their marketing outreach.

However, the fact that you require your users to publish SPF records is
good.

Are most of your members in Germany? This probably would be something I'd be
interested in if you had a significant number of UK members.

I do think that you need to get your English language documentation looked
at by a native English speaking lawyer.

> we at eco maintain a general complaints hotline, and I can't remember 
> having seen any complaint by users or ISPs about a missing opt-out 
> link only. Complaints are about UCEs, and not missing opt-out
possibilities.
> So I guess we are pretty much the only body dealing with the 
> enforcement of those rules like opt-out links, and we have effective 
> sanctions for not sticking to the rules (and opt-out is definitely one 
> of those rules!).
>
>
> Actually, our set of rules goes beyond the stipulations made by the EU 
> directive. And we keep on tightening the rules: SPF has now become 
> mandatory for senders (ISPs are left with the choice whether to use 
> this info); DKIM and double-opt-in, for example, are now recommended 
> criteria and will be turned into mandatory criteria with the next 
> revision of the admission criteria.
>
>
> We consider this industry standard approach more efficient than any 
> legislative approach.
>
> Rgds
> Sascha
> eco association
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: anti-abuse-wg-admin at ripe.net 
> [mailto:anti-abuse-wg-admin at ripe.net]
> Im Auftrag von Ian Eiloart Gesendet: Mittwoch, 11. März 2009 12:43
> An: peter h; anti-abuse-wg at ripe.net
> Betreff: Re: [anti-abuse-wg] how to detect spambots - SPAMTrusted
>
>
>
> --On 10 March 2009 20:17:50 +0100 peter h <peter at hk.ipsec.se> wrote:
>
>>
>> UCE or spam is illegal in some countries, however legal authorities 
>> does not seem willing to hunt and procecute.
>
> Under article 13 of EU DIRECTIVE 2002/58/EC, I think that the sending 
> of UCE is illegal in every member state of the EU, which exemption 
> where the recipient is an existing customer of the organisation sending
the email.
> Even then, the sender has to give an opt out option with every email, 
> and may only market "similar products or services".
>
> I don't know anywhere that this is properly enforced, though.
>
> --
> Ian Eiloart
> IT Services, University of Sussex
> x3148
>



--
Ian Eiloart
IT Services, University of Sussex
x3148