This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Email Spam & Spam Abuse Definitions
- Previous message (by thread): [anti-abuse-wg] *** Re: Email Spam & Spam Abuse Definitions
- Next message (by thread): [anti-abuse-wg] Email Spam & Spam Abuse Definitions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ac
ac at main.me
Mon Apr 29 07:21:23 CEST 2019
Okay, so I am assuming then that my definitions of spam are accurate. In what phishing at storey.xxx said, the keyword was: "person has already hired" My point is that even "verify your email address" could be Spam Abuse. Recently I received around 14 "verify your email address" emails in the same 15 minutes... I would say that sending so many "verify" emails, in such a short time, is Spam Abuse And; my point is that even the first "verify your email" is Spam (it is or could be unsolicited), but that the first "verify" email in itself, is not Spam Abuse per se... This is a much under discussed issue, as there is no clear standard or acceptable "industry practise" with regards to how many spam emails in what amount of time, is considered "reasonable" In an attack against myself, personally (es, go figure, everyone does not love me :) ) I received a few "verify" emails from hundreds of legit services, websites and mailing lists... So, this is an attack vector, when looking to attack a victim... (Of course, I have, by now, figured out a method to deal with this type of attack and mitigate it, against myself, but for many people on this list, such a type of attack could prove to be challenging...) Is anyone willing to venture a number and time period for what would be considered 'fair' in terms of sending verification emails? Andre On Sun, 28 Apr 2019 07:09:04 +0200 ac <ac at main.me> wrote: > On Sat, 27 Apr 2019 20:54:40 -0700 > "Fi Shing" <phishing at storey.xxx> wrote: > > > > The twitter example is not advertising a product or service. It is > > conveying information about a product/service that the person has > > already hired. If twitter sends unsolicited emails to someone when > > they have not requested that service, or have indicated they no > > longer want the service, then it is spam. > > > > Does not matter if a spammer is advertising a product or a service or > stalking/harassing or sending 5000 emails in error. > > So, what I am saying is the 'intent' of the sender is not relevant at > all. > > What is relevant is that the recipient is receiving emails that they > did not as for, does not want and is causing them costs - as > recipients generally pay for the bandwidth to receive email. > > The point of the Twitter example is : Cyber criminal creates fake > Twitter account using random victim email address. > > Random victim now starts receiving copious amounts of spam from > Twitter. > > Do you agree? - and if not can you please explain with your own > example? > > Practically, at the moment and afaik, for the past few months, Twitter > is actually sending an initial email verification email...but, they > never used to before. > > And, in the rest of my post below, everything else is fine? > > Thanks :) > > Andre > > > > Spam & Spam Abuse Definitions From: "ac" <ac at main.me> > > Date: 4/27/19 4:22 am > > To: anti-abuse-wg at ripe.net > > > > Hi, > > > > From a recent rant in the WG, something of interest was posted; > > > > > opinions on the proper definition of spam. Mr. Andre's preferred > > > definition appears to allow for "one time" invitations to be > > > blasted to everyone in the universe. Nonetheless, in Mr. Andre's > > > considered opinion, "Email Spam is not the same as Spam Abuse" > > > and a "... one > > > > In my opinion, the sending of a confirmation email, from say > > Twitter, to confirm that the actual email address does indeed exist > > and that their further communications will be solicited - as well > > as including links to remove/stop further communications: > > > > Would be spam (it is still an unsolicited email) - but that single > > confirmation email is not abuse in itself. > > > > Even though Twitter may send 1000's of these to 1000's of different > > email addresses... > > > > I do not think that there is anyone, that works with actual spam > > abuse, in this WG that disagrees completely with my opinion above. > > > > Also, I wanted to add another useful resource link for anyone that > > is still learning about email abuse: > > > > https://www.ripe.net/publications/docs/ripe-409 > > > > What is frequently missed is that BULK EMAIL itself, is not the > > issue, but that the keyword is "unsolicited" - For example if you > > were to relay 1000 Invoices or 1000 status notifications or 1000 > > opted in mailing list recipients, this would/should not be > > considered spam or abuse. > > > > Then, of course, imnsho UBE itself is outdated as the spammers use > > 'drip' systems by spinning out 10000's of emails from 10000's of > > ip's Which various RBL cater for by speedily listing and de-listing > > resources and then there are all the shiny new tech things, which > > probably needs a new thread: > > > > Automated comment spam or AI based web form spam is a growing issue > > and is something that merits discussion and a watchful eye... > > > > Andre > >
- Previous message (by thread): [anti-abuse-wg] *** Re: Email Spam & Spam Abuse Definitions
- Next message (by thread): [anti-abuse-wg] Email Spam & Spam Abuse Definitions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]