I don’t know how this happened, but for some reason the antispam community seem to have walked right into quicksand. Why? Well, consider this: If you existed to come up with ways to stop spam, you would think that implementing a way to establish trust relationships with sender would guarantee* that they wouldn’t send you spam.<\/p>\n
* – No there are no guarantees.<\/p>\n
Well recently a configuration option within SpamAssassin<\/a> caused me alarm since it was occurring more frequently in spams that were getting through to me. Looking into the RCVD_IN_BSP_TRUSTED score I found that spamassassin gave it a -4.3 weighting which unless the email is particularly spammy, it means the net score for that email will result it it being classified as non-spam. Trouble is – this is spam, so why is spamassassin being so nice to it?<\/p>\n Looking it up, I ended up at The Bonded Sender Program .org<\/a> (this is the Internet friendly face) which "turns the spam problem upside down by identifying legitimate email traffic". Oh? Further reading shows that the BSP has a corporate side<\/a> that companies pay the BSP (read: IronPort, who also happen to own and run SpamCop) so their emails get positively flagged as non-spam.<\/p>\n Am I the only one spotting the delicious conflict of interest? Now SpamCop, aka IronPort, aka BSP goes to spammer "Pay us a wodge of cash and we can make sure a) you don’t get flagged as spam, and b) your servers can’t get blacklisted". Sounds like a sweet deal. Why wouldn’t any spammer go for it?<\/p>\n In any other industry this would be blackmail. e.g. Mafia: "Pay us your insurance so you can be sure you or your shop doesn’t meet with an unfortunate accident".<\/p>\n Now the BSP apparently takes abuse of their system very seriously. I beg to differ. I reported an instance of abuse, to which the initial reply sounded positive, but that same customer is still spamming away. I shall post some example spams that BSP claim isn’t spam as comments.<\/p>\n So, anyone reading this. If you use Spamassassin, add this to your user_prefs: Companies or Email senders – if you hit this page whilst researching about using the BSP, then please don’t. It is a dirty way to get your message across – if anything it will make people like myself even more vehemently outspoken against you and your products.<\/p>\n BSP\/SpamCop\/IronPort – if you want to regain some credibility, perhaps you will take your abuse reports seriously and actually kill off those customers who do use you as a ticket to get spam through.<\/p>\n This is my personal opinion based on my experience of spam emails I have received via the Bonded Sender Program.<\/p>\n","protected":false},"excerpt":{"rendered":" I don’t know how this happened, but for some reason the antispam community seem to have walked right into quicksand. Why? Well, consider this: If you existed to come up with ways to stop spam, you would think that implementing a way to establish trust relationships with sender would guarantee* that they wouldn’t send you … <\/p>\n
1. Spamassassin catches spam
2. Users report spam to SpamCop
3. SpamCop blocks spammer.
4. Spammer has less success because their servers are blacklisted<\/p>\n
score RCVD_IN_BSP_OTHER 0
score RCVD_IN_BSP_TRUSTED 0<\/p>\n