Bug 5977 - too many FP's for RCVD_IN_BSP_TRUSTED
Summary: too many FP's for RCVD_IN_BSP_TRUSTED
Status: REOPENED
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Rules (Eval Tests) (show other bugs)
Version: 3.2.5
Hardware: Other All
: P5 enhancement
Target Milestone: Undefined
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
: 5978 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-09-16 10:07 UTC by Michael Scheidell
Modified: 2017-08-02 10:03 UTC (History)
3 users (show)


Attachment Type Modified Status Actions Submitter/CLA Status
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Scheidell 2008-09-16 10:07:49 UTC 
it is MORE like that having a bonded sender is more likely unwanted spam than not.

when we can get spammed to a 'group account' that could not have been found except by web site harvesting, this puts the whole 'bonded sender' program in question.

there should NOT be such a huge credit given for these 'bonded spammers'.

example:
spam received from 72.2.32.94 to a group address.
again, no are way there was any subscription.

host 94.32.2.72.sa-trusted.bondedsender.org
94.32.2.72.sa-trusted.bondedsender.org has address 127.0.0.10
Comment 1 mouss 2008-09-16 11:25:45 UTC 
so this is an FN, not an FP, right?

That said, I wouldn't be against removing habeas and bonded sender...
Comment 2 AXB 2008-09-16 12:20:02 UTC 
FWI: +1
Comment 3 Sidney Markowitz 2008-09-16 12:58:10 UTC 
The whole point of the bonded sender is that you have a place to make a complaint if you see something  like this, and the sender will lose real money and lose their bonded sender status if they are spamming and don't stop.

As long as that process does work then there is justification for keeping the rule as it will indicate that the sender is not likely to be spamming.

If you do report these people and do not receive a satisfactory result, then that would be a bug to report.

So far it is working as designed.
Comment 4 Theo Van Dinter 2008-09-16 13:25:28 UTC 
While I agree that the proper process is to report these and charge the senders money, one of the main issues right now seems to be that there's no obvious way to report the offenders.

The old complaint URL for bondedsender (http://www.bondedsender.org/complaint/) now goes to the generic marketing page.  Searching for a complaint or report page or address results in nothing, and there's nothing obvious on the return path site just going around.

So I think we need to reach out to them and find out why they've made it so difficult and what should people use as the reporting method/address.  If that results in nothing useful, then I'm +1 for removing them, but it's not appropriate to do that w/out some due diligence.

FWIW, from the last weekly net run, my results:

  0.089   0.0000   1.9826    0.000   0.62    0.00  RCVD_IN_BSP_TRUSTED

group results:

  0.101   0.0004   1.6258    0.000   0.72    0.00  RCVD_IN_BSP_TRUSTED

So things don't seem too outrageous from that perspective.
Comment 5 Sidney Markowitz 2008-09-16 14:11:33 UTC 
(reply to comment #4)

If the change in ownership has made it more difficult to report problems then I agree with keeping this bug open until these questions are resolved, and I am also +1 for dropping the rule if they are no longer doing their job.

Of course, someone has to follow up on the due diligence :-)
Comment 6 Matt Kettler 2008-09-16 19:10:31 UTC 
*** Bug 5978 has been marked as a duplicate of this bug. ***
Comment 7 Matt Kettler 2008-09-16 19:12:14 UTC 
I can go ahead and contact Tom Bartel from bug 5476, unless someone else would rather jump on it.

In my own investigations (including registering on the senderscore.org site) I could not find any way to report abuse.
Comment 8 Justin Mason 2008-09-17 02:07:01 UTC 
btw, it's called "sender score certified" these days.
http://www.returnpath.net/senderscore/receiver/feedback/ seems to suggest that a feedback loop is how they expect it to work, but that's only viable for ISPs.  We need a better way.
Comment 9 Matt Kettler 2008-09-17 18:19:55 UTC 
I've sent an email to Tom, cc'ing the PMC list. We'll see what we get back.
Comment 10 Karsten Bräckelmann 2009-02-06 06:52:10 UTC 
(In reply to comment #9)
> I've sent an email to Tom, cc'ing the PMC list. We'll see what we get back.

Matt, did that result in anything?
Comment 11 Matt Kettler 2009-02-06 15:40:19 UTC 
Neil Responded back to the PMC with:
---------------------
FYI sa-abuse@senderscorecertified.com is now tested, active and pointed at a
fresh new RT queue for our perusal. Fire away!

And please do inform your community. Thanks for your patience in this
regard. If you need anything else, by all means, let us know.
----------------------