September 28, 2012

L2.APEWS.ORG False Positive #17

Here is a newsletter that our user subscribed to but that ended up in the spam folder. User confirmed consent to receive this so the full email header is provided here for APEWS.org Admins to see and correct if they want to;

Wed 2012-09-26 11:55:27: [180:366] Accepting SMTP connection from [67.222.55.9]
Wed 2012-09-26 11:55:27: [180:366] Looking up PTR record for 67.222.55.9 (9.55.222.67.IN-ADDR.ARPA)
Wed 2012-09-26 11:55:28: [180:366] D=9.55.222.67.IN-ADDR.ARPA TTL=(1440) PTR=[oproxy7-pub.bluehost.com]
Wed 2012-09-26 11:55:28: [180:366] Gathering A-records for PTR hosts
Wed 2012-09-26 11:55:29: [180:366] D=oproxy7-pub.bluehost.com TTL=(240) A=[67.222.55.9]
Wed 2012-09-26 11:55:29: [180:366] --> 220 xxx.xxx.xxx ESMTP ; Wed, 26 Sep 2012 11:55:27 -0100
Wed 2012-09-26 11:55:29: [180:366] <-- HELO oproxy7-pub.bluehost.com
Wed 2012-09-26 11:55:29: [180:366] Performing reverse lookup on oproxy7-pub.bluehost.com (looking for 67.222.55.9)
Wed 2012-09-26 11:55:29: [180:366] D=oproxy7-pub.bluehost.com TTL=(239) A=[67.222.55.9]
Wed 2012-09-26 11:55:29: [180:366] --> 250 xxx.xxx.xxx Hello oproxy7-pub.bluehost.com, pleased to meet you
Wed 2012-09-26 11:55:29: [180:366] <-- MAIL FROM:<xxx@ box731.bluehost.com>
Wed 2012-09-26 11:55:29: [180:366] Performing reverse lookup on box731.bluehost.com (looking for 67.222.55.9)
Wed 2012-09-26 11:55:29: [180:366] D=box731.bluehost.com TTL=(240) A=[66.147.244.231]
Wed 2012-09-26 11:55:29: [180:366] Spam Blocker A-record resolution of [9.55.222.67.L2.APEWS.ORG] in progress...
Wed 2012-09-26 11:55:29: [180:366] Spam Blocker D=9.55.222.67.L2.APEWS.ORG TTL=(35) A=[127.0.0.2]
Wed 2012-09-26 11:55:29: [180:366] L2.APEWS.ORG LISTED
Wed 2012-09-26 11:55:29: [180:366] --> 250 <xxx@ box731.bluehost.com>, Sender ok
Wed 2012-09-26 11:55:29: [180:366] <-- RCPT TO:<xxx@ xxx.xxx>
Wed 2012-09-26 11:55:29: [180:366] 'Recipient unknown' given to divert future spam
Wed 2012-09-26 11:55:29: [180:366] --> 550 <xxx@ xxx.xxx>, Recipient unknown
Wed 2012-09-26 11:55:29: [180:366] <-- QUIT
Wed 2012-09-26 11:55:29: [180:366] --> 221 See ya in cyberspace
Wed 2012-09-26 11:55:29: [180:366] SMTP session successful, 124 bytes transferred.

Note for other posters here, we operate email servers that receive emails for our users, one has complained to us about this false positive, we are publishing it.

September 20, 2012

Still no False Positives

There simply haven't been any false positives to write about. A lot of people are requesting delisting and removal from Apews.org here but they are all email senders whereas this blog is aimed at receivers of email that use the apews.org data for filtering or blocking.

Anyone wanting a removal would do better to publish the email header from a receiver as we have done.

These days it's all about reputation and permission, even new allocations to existing ISPs that have a bad rep can expect to remain listed. Folks have had enough of snowshoe spamming out of newly acquired IP blocks.

IPv4 address space is nearly all allocated and most of it has been assessed by the apews.org team to great effect. Consistently trapping 95% or more of spam sent with less then 0.5% false positives is a great statistic so there can't be much wrong with the apews.org data. We encourage email receivers to publish errors here, prove the error with the full email headers, munge them for privacy if you want to. That way there is a public record of the error in your view, shame apews.org into fixing that error.

We can see that soon there will be no more IPv4 addresses for spammers to pollute, old existing allocations will have to be cleaned up in order to regain a good rep or stay listed. No residential IP address space needs to send email so outbound connections to port TCP 25 should be disallowed at the ISP firewall and it's so easy to do.

Right now there needs to be a 2 tier tariff for IP addresses, the price for apews.org listed IP address space should be dirt cheap to rent or even free since there is ad revenue from the http traffic. That is the usual business model, give free access with commercials which cover the costs incurred. ISPs are running all their user traffic through http proxy servers for ad tracking etc, try blocking their http server addresses at your firewall and you will lose your internet connection.

Clean IP address space that never gets listed by blacklists is obviously run professionally and volume email senders do so with the permission of the recipient. Their IP address space should command a premium in value and they deserve to earn more out of their email sending services e.g. providing smart hosts for clients. They won't take dirty email databases though :-) If you're really serious about inboxing then pay for a service from one of these guys.

Nice to see more email servers using the l2.apews.org for blocking as published on NANAE usenet newsgroup recently. Spam is no longer problem. We've had a lot of extra spare time for server maintenance and monitoring the whitelists, user complaints have stopped and the techs are up to date. In our server logs we've seen subscriptions to newsletter being honored, not bounced by using the apews dataset, what more can I say. Once we see the subscription process followed by an acceptance email we whitelist that enews server.