Zum Inhalt springen.
Sympa Menü

it-securitynotifies - Re: [IT-SecNots] blacklisting Mailchimp and other spam sites

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

Re: [IT-SecNots] blacklisting Mailchimp and other spam sites


Chronologisch Thread 
  • From: Kris Deugau <kdeugau AT vianet.ca>
  • To: debian debian-isp <debian-isp AT lists.debian.org>
  • Subject: Re: [IT-SecNots] blacklisting Mailchimp and other spam sites
  • Date: Wed, 03 Aug 2016 11:02:53 -0400
  • List-archive: https://lists.debian.org/msgid-search/57A2079D.4010406 AT vianet.ca
  • List-id: <debian-isp.lists.debian.org>
  • List-url: <https://lists.debian.org/debian-isp/>
  • Old-return-path: <kdeugau AT vianet.ca>
  • Organization: Vianet Internet Solutions
  • Resent-date: Wed, 3 Aug 2016 15:30:17 +0000 (UTC)
  • Resent-from: debian-isp AT lists.debian.org
  • Resent-message-id: <TjRSUmXPkYB.A.nAF.J4goXB@bendel>
  • Resent-sender: debian-isp-request AT lists.debian.org

Daniel Pocock wrote:
> More and more companies seem to be taking the email addresses of
> customers and uploading them into sites like Mailchimp
>
> Even worse, I recently observed one free software project doing the same
> thing, taking all the email addresses from their mailing lists and
> dropping them into Mailchimp and sending reminders about their
> conference every week.
>
> Many users simply don't have time to keep on unsubscribing from these
> things and it is putting them off email.

If they've unsubscribed from a reputable ESP, they should not be
resubscribed without a confirmation. If they are, complain to the ESP -
chances are any action like that by the sender will earn them an
immediate account cancellation.

> What are the options to block all of these services, such as Mailchimp,
> Constant Contact,

If you really must do this, block by the rDNS on the connecting IP;
most ESPs send 99%+ of their mail from IPs with their own rDNS.

For a blanket block on various ESPs, looking up their IP ranges and
blocking entire IP ranges might also do what you're asking.

I wouldn't advise this unless you can confirm that your entire user base
really truly does not want to get any mail sent through these services.
In particular, you want to make **VERY** sure you don't block things
like MailChimp's "transactional mail" arm Mandrill, which sends things
like online purchase receipts or monthly account statement emails.

> Vision6 and keep the blacklist up to date whenever
> they start using new domains in the envelope?

Every ESP has their own methods and policies for sending; some will use
the sender's domain in the envelope, others will use a VERP address in
(one of) the ESP's domain(s). Some ESPs seem to have gigantic stables
of unique or mostly unique domains for each of their customers, others
seem to have figured out how to use just one.

However, I'd start by reporting the messages to the abuse contact at the
ESP; good ones take a very dim view of people just uploading a random
collection of email addresses. I'd also suggest contacting senders
attracting the most complaints and letting them know that they're at
risk of being blocked by adding people to their list without consent or
confirmation.

> I already have Amavis and Spamassassin packages installed but the
> default settings don't seem to be sufficient.

Well, no, most ISPs don't *want* to blanket-block ESPs serving largely
small to mid-sized businesses, because the ISP's customers will get
upset at *not* getting those emails.

On a more targeted scale, create rules for the rDNS on whichever ESP you
want to block, but score them very low, or zero, by default. Then add
per-user scores for those rules for those of your users who are
complaining. I'm not sure how well this works with Amavis though;
low-scored rules with a couple of extra sieve rules or procmail recipes
may be needed for it to work instead of zero-by-default and SA userpref
scores.

> I hear that Mailchimp was blocked for a while, apparently it was placed
> on the CASA CBL:
>
> http://www.startupsmart.com.au/news-analysis/local/mailchimp-newsletters-hitting-internet-blocks/

I've never heard of that list, but that doesn't mean much given the
number of small DNSBLs out there. I also note that article is from
2013, which is IIRC around the time I was seeing a flood of largish
(~400-500K) spams (consisting mainly of one huge HTML comment) coming
from what I didn't recognize until some time later as MailChimp. I
haven't seen what I would call "true" spam from them since.

-kgd




Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang