I don’t know how this happened, but for some reason the antispam community seem to have walked right into quicksand. Why? Well, consider this: If you existed to come up with ways to stop spam, you would think that implementing a way to establish trust relationships with sender would guarantee* that they wouldn’t send you spam.
* – No there are no guarantees.
Well recently a configuration option within SpamAssassin caused me alarm since it was occurring more frequently in spams that were getting through to me. Looking into the RCVD_IN_BSP_TRUSTED score I found that spamassassin gave it a -4.3 weighting which unless the email is particularly spammy, it means the net score for that email will result it it being classified as non-spam. Trouble is – this is spam, so why is spamassassin being so nice to it?
Looking it up, I ended up at The Bonded Sender Program .org (this is the Internet friendly face) which "turns the spam problem upside down by identifying legitimate email traffic". Oh? Further reading shows that the BSP has a corporate side that companies pay the BSP (read: IronPort, who also happen to own and run SpamCop) so their emails get positively flagged as non-spam.
Am I the only one spotting the delicious conflict of interest?
1. Spamassassin catches spam
2. Users report spam to SpamCop
3. SpamCop blocks spammer.
4. Spammer has less success because their servers are blacklisted
Now SpamCop, aka IronPort, aka BSP goes to spammer "Pay us a wodge of cash and we can make sure a) you don’t get flagged as spam, and b) your servers can’t get blacklisted". Sounds like a sweet deal. Why wouldn’t any spammer go for it?
In any other industry this would be blackmail. e.g. Mafia: "Pay us your insurance so you can be sure you or your shop doesn’t meet with an unfortunate accident".
Now the BSP apparently takes abuse of their system very seriously. I beg to differ. I reported an instance of abuse, to which the initial reply sounded positive, but that same customer is still spamming away. I shall post some example spams that BSP claim isn’t spam as comments.
So, anyone reading this. If you use Spamassassin, add this to your user_prefs:
score RCVD_IN_BSP_OTHER 0
score RCVD_IN_BSP_TRUSTED 0
Companies or Email senders – if you hit this page whilst researching about using the BSP, then please don’t. It is a dirty way to get your message across – if anything it will make people like myself even more vehemently outspoken against you and your products.
BSP/SpamCop/IronPort – if you want to regain some credibility, perhaps you will take your abuse reports seriously and actually kill off those customers who do use you as a ticket to get spam through.
This is my personal opinion based on my experience of spam emails I have received via the Bonded Sender Program.
Return-Path: <everSavebb@pdirectmail.net>
Received: from mta11.pdirectmail.net (66.151.226.18)
by plop.pgregg.com with SMTP; 13 Apr 2005 23:00:09 -0000
Received: by mta11.pdirectmail.net (PowerMTA(TM) v3.0r7) id hbmi0k0676ol; Wed, 1
3 Apr 2005 18:58:16 -0400 (envelope-from <everSavebb@pdirectmail.net>)
From: "ShopWise.com" <shopwise@advo.com>
To: "Paul" <xxxxxxxx@xxxxxx.com>
Subject: Test and keep Do-It-Yourself Products
Date: Wed, 13 Apr 2005 18:58:12 -0400
Message-ID: <SSEBC1.4.62104.8800787.2005041318581245SSEBC@pdirectmail.net>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="—-=_NextPart_29261111221450222618211"
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on plop.pgregg.com
X-Spam-Status: No, score=0.3 required=4.0 tests=AWL,BAYES_00,DCC_CHECK,
DIGEST_MULTIPLE,HTML_80_90,HTML_IMAGE_RATIO_04,HTML_MESSAGE,
HTML_SHOUTING3,HTML_WEB_BUGS,MIME_BOUND_NEXTPART,RAZOR2_CHECK,
RCVD_IN_BSP_TRUSTED,RISK_FREE,SPF_HELO_PASS,URIBL_WS_SURBL
autolearn=unavailable version=3.0.1
X-Spam-Level:
——=_NextPart_29261111221450222618211
Content-type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Dear Paul,
Visit ShopWise.com for great offers like today’s feature offer below.
Handyman Club of America
No Risk Free Trial Membership
Test and Keep Free Do-It-Yourself Products
hxxp://tx2.pdirectmail.net/trak.asp?xxxxxxxxxxx.30160
Become a Handyman Club of America Member, and Official
Product Tester, and you’ll be eligible to test and keep
great do-it-yourself products.Once you’ve activated your
membership be sure to fill out your Product Test Profile
Form and get in line to receive your first test product
today.
Click here for a complete list of benefits, a Free trial
Membership and a complimentary issue of HANDY Magazine.
hxxp://tx2.pdirectmail.net/trak.asp?xxxxxxxxxxxxxx.30160
__________________________________________________________________________
This service is just one more way that ShopWise.com delivers
savings and convenience.
Enjoy! Your friends at ShopWise.com
—-Important Subscription Information—-
We take your privacy very seriously and it is ShopWise.com’s policy
never to send unwanted email messages. To view our privacy policy,
click or paste the following link:
hxxp://tx2.pdirectmail.net/trak.asp?xxxxxxxxxxxxx.7987.websiteid=2&ref=xxxxxxxxxx
To cancel your subscription, click or paste this link:
hxxp://optout.email-advantage.com/service/consumers/OptOut.jsp?ref=xxxxxxxx&websiteid=2&source=handym041305sw
Copyright 2005 ShopWise.com. All Rights Reserved.
ShopWise.com
One Targeting Centre
Windsor, CT 06095