Slashdot Mirror

You may be thinking of Habeas.

I work for a financial services company who has a clients who are supposed to receive emails from us related to trades. Since I manage our web presence, email deliverability is also my problem.

Here are the places to start:

Free Certification
AOL: http://postmaster.aol.com/whitelist/
Yahoo: http://add.yahoo.com/fast/help/us/mail/cgi_bulkmai l
Verizon: http://www2.verizon.net/micro/whitelist/request_fo rm.asp?id=isp

Reporting
Spamcop: http://www.spamcop.net/w3m?action=ispsignupform
Hotmail: http://postmaster.msn.com/snds/
Senderbase: http://www.senderbase.org/

Email Signing
SPF: http://www.openspf.org/
DomainKeys: http://domainkeys.sourceforge.net/

Paid Certification
Bonded Sender: http://www.bondedsender.com/
Habeas: http://www.habeas.com/
Goodmail: http://www.goodmailsystems.com/

A lot of providers outside the US have many of their own rules and regulations to follow, which makes it quite difficult to achieve deliverability. At the end of the day, we try to follow all the rules that have been laid out from existing companies and then deal with individual providers on a needs basis. The more users that use that ISP, the more we are willing to obey their individual rules.

Unfortunately, I see paid certification becoming the way of the future. If I can pay to guarantee to have my clients email delivered rather then negotiate with ISPs every other week based on their varying criteria, I'm pretty sure my company will pay for it. I don't like it, but results are the bottom line.

As long as MoveOn and other organizations practice responsible mailing list management, their delivery will be unchanged from the way it is today. So they're not fighting what they think they're fighting.

This is a whitelist that bypasses filters, not a whitelist that is the only way to get through. Bulk mailers who don't pay up will still be able to send to AOL, and can still participate in AOL's other whitelists.

And Goodmail's service isn't a matter of "pay and we'll let you in" so much as it's "pay and we'll do a background check to see if you're a spammer, and if you pass our criteria we'll put you in the fast lane." Hmm, that sounds a lot like Bonded Sender and Habeas. Remember the controversy here on /. when Hotmail started using Bonded Sender two years ago? How exactly did that play out?

But why let the facts get in the way of a good knee-jerk reaction? We like placing AOL as the big corporate enemy. They often are, of course, but in this case? It's all overreaction and misinformation stemming from mistakes in the initial press.

Check out some of the commentary at Planet Antispam to get some views from the anti-spam community. You'll be surprised to find most of them siding with AOL on this one.

Meanwhile, charity groups, e-zines, and other legitimate free mailing lists that people sign up for will be screwed.

How?

No, really, how?

Where has AOL said that people who don't sign up for this list will be blocked?

This is a whitelist that bypasses filters, not a whitelist that is the only way to get through. Bulk mailers who don't pay up will still be able to send to AOL. Their mail will be subject to more scrutiny, sure. It'll be subject to as much scrutiny as... well, as it is today.

And as I recall, the Certified Email whitelist isn't a matter of "pay and we'll let you in" so much as it's "pay and we'll do a background check to see if you're a spammer, and if you pass our criteria we'll put you in the fast lane." Why, that sounds like Bonded Sender and Habeas. Remember the controversy here on /. when Hotmail started using Bonded Sender two years ago? How exactly did that play out?

But looking at it logically like this gets in the way of a good knee-jerk reaction.

And how is Goodmail any different from Bonded Sender or Habeas? And how many of these vendors is a company supposed to pay for the "privilege" of "bypassing" filters? It is extortion plain and simple. The only persons that are going to pay for these "services" are the ones that are not going to be spamming in the first place. Also how is the companies reputation affected by users who will go through the trouble of double-opt-in and still report the email as spam to the ISP; the highest number of these being AOL users by far, from my experience. Hell, I have several AOLers a day that report a confirmation for a submission that they signed up for as spam; let alone the number of complaints I receive from these morons after they confirm their subscription.

This is a business model marketed under the guise of protecting the consumer with the actual intent being to supplement income with regard to email. Nothing more nothing less.

We would. We do market research. We don't spam or harass people, but we get plenty of dumb users who can't figure out how to click on the "unsubscribe" link at the bottom of every email, and instead complain to their ISP. It only takes 2-3 of those per ISP before we're blacklisted, and we have to go rounds with their IT department to prove we're legit and non-spammers.

We already pay a company for something similar to what AOL & Yahoo are going to do... http://www.habeas.com/. Now, we don't pay per-email, but we do pay per server, and quite a bit.

I don't think these court "settlements" slow this guy down at all. He was also successfully sued and ordered to pay $104,104 this past April. You can read about that case here. I am wondering if it is the case that he makes so much money sending spam that these fines and settlements are no more than the cost of doing business.

If you tell SpamCop that you won't accept munged (their term for reports that have had the email address removed) reports then when someone submits a mail from you it will give them a choice of either not sending the complaint to you or sending it unmunged. That way you'll only get complaints with the email address intact so you can wash it out of your spam lists.

If you're claiming to be legit and someone reports you via SpamCop then just explain to them the situation and if they believe you they'll send a warning to the person who submitted the message. If you're signed up with Habeas then they'll definately warn the user. Too many warnings and the user will get cut off from the SpamCop service. I've noticed that a lot of lists I'm on have started sending out a message once every couple of months that contains no advertising material at all basically saying "Hey, you're signed up to this list. If you don't want to be here's how to unsubscribe.", somethign like that might add credence to claims that your not a spammer. The nature of the spam industry is that if what you do looks like it might be spam then the onus is on you to show that it's not, much like if you walk into a bank carrying a shot gun and wearing a mask the onus is on you to prove that you're not planning to rob it.

Stephen

Sounds like the Habeas Sender Warranted Email Solution would help here.

Basically you just have to include a special, copyrighted Haiku in your e-mail, and most spam filters will let your mail through. The Haiku warrants that your e-mail is not spam, because you have to license the usage of the Haiku, and the terms prevent from using it in spam mail.

I'm not sure if Hotmail respects the Habeas Haiku, but it might be worth a try.

Tell that to the people at Habeas, Inc. who have spent the last four months under attack by a spammer who works exclusively from hacked broadband hosts. Their latest update on this guy was posted april 6 promises legal action but STILL does not name the guy who's been doing this. Meanwhile my ISP changed the SpamAssassin score for Habeas to -16 because the only marked mail we get is drug spam.

AOL works with hebeas and they got a white list so i'd think that's an easier solution to the problem.
My IRC network sends mail verification to check the users' addresses to make sure you can mail them later, and we had dynamic ip which is hell for a mail sender, solution: tunnel though some great free server i.e. myrealbox.
I'm running mail servers for quite some time now and though AOL is one of the most aggressive stupid-policy enforcers out there, I've got some totally weird bounces from mail servers that hardly have the number of users we have on our network just because they don't like it, and no explanation, no policy, no abuse-support, nothing.
Hotmail however, nothing bad to say about it, not bouncing dyn, not ending up in junk, yahoo are pretty good too though spam filter sometimes is being a bit aggressive.

AND WHAT'S WITH THE POEM AT THE END?

Look at the headers, and report it to http://www.habeas.com/report/.

Basically, from what I've been able to gather, Habeas sells software that adds a haiku to your bulk e-mail to make it less likely to be blocked by spam filters, then adds special headers to make the message easy to identify. They sell the software to people who agree NOT to use it for spam, but only for legitimate (solicited) bulk e-mail. The term they use is "sender-warranted e-mail", i.e. the sender warrants that the message is not spam.

Not sure how effective their strategy is, but it's not a bad idea. The problem is, some spammer has gotten ahold of the Habeas software, and is using it to spam viagra/pharmacy crap. Habeas is trying to put a stop to this, but hasn't been able to so far.

I set up a filter to mark every message containing the Habeas headers in a particular color. In the past few months, I haven't seen any legitimate mail containing the Habeas headers - only viagra/pharmacy spam. That doesn't mean Habeas isn't legit, only that I don't get mail from their customers, I guess.

Anyone know more about Habeas and can add anything?

Good point. I recently added rules for the Habeas headers, since the only emails I've ever seen them in have been spam.

Both habeas and bonded-sender are the stupidiest antispam ideas only beaten by this marvel. How can one expect spammers in non-US countries to abide US copyright rules is beyond me .. especially given that a half of the spam is sent from spoofed emails using hijacked machines or through open relays.

This is a challenge for the HABEAS idea (HABEAS uses a copyrighted poem to sue spammers who send spam). The pornspammers are quite obviously circumventing a security-measure. Based on the sending-IP address, aol/hotmail etc should be able to do some sueing.

Please report these to the company on their site. They have a form for reporting these, which is much like SpamCop's form. SpamCop reports the abuses to all ISPs involved. Additionally, reporting it to Habeas allows them to add the senders to their blacklist, which is already used by some mail blockers (SpamAssassin already uses it by default).

I got one of these emails last week, reported it right away, and haven't seen another since. Habeas may not be able to sue (yet|ever), but they've already fixed the problem to a great degree by providng the blacklist.

Peep.

As it is, there is no easy way to check if someone is a licensed user of the Habeas headers.

Habeas does have DNS whitelist that could be used to verify usage, but you have to go through the hassle of registering to use it. No thanks, I have enough administrivia to do.

It is trivial to fake habeas headers, and there is no easy way to verify. I give the service a short lifetime in its present form.

Compare Habeas with Bonded Sender. Instead of depending on pursuing spammers with copyright law, Bonded Sender runs on cash. The sender puts up a cash deposit, and when people complain of spam, they lose cash. And it's easy to check if the sender is on the bonded sender list.

And in a stroke of intelligence, Bonded Sender doesn't count AOL complaints as valid. You need to have a slight clue before your complaints count.

Uhh, they do have a whitelist of senders who've subscribed to their service. They also have a blacklist of IP addresses that've abused the SWE. Of course whitelisting requires that you can correctly figure out which IP connected to your MX (not always trivial).

Uhh, they do have a whitelist of senders who've subscribed to their service. They also have a blacklist of IP addresses that've abused the SWE. Of course whitelisting requires that you can correctly figure out which IP connected to your MX (not always trivial).

body PHARMAWHAREHOUSE /pharmawharehouse.biz/
describe PHARMAWHAREHOUSE Link to pharmawharehouse.biz

body PHARMACOURT /pharmacourt.biz/
describe PHARMACOURT Link to pharmacourt.biz

body VALUEPOINTMEDS /valuepointmeds.biz/
describe VALUEPOINTMEDS Link to valuepointmeds.biz

score PHARMAWHAREHOUSE 10
score PHARMACOURT 10
score VALUEPOINTMEDS 10

In theory the Habeas scheme is very clever. It's difficult to get spammers under any anti-spam law (where they exist), so change the ballgame so that you can prosecute under copyright law instead.

Unfortunately though, I suspect it's going to be difficult to track these people down, and even when Habeas do, they will need to mount a prosecution in another country - wherever that happens to be. The spammers may even win given that each country enforces copyright laws differently.

According to the statement given, the latest version of SpamAssassin should be able to filter these out. We're running what I think is the latest (2.61) and it still seems to be letting them through - thanks to the Habeas mark. I'm beginning to think I should just disable the Habeas rules completely and let these get scorded normally.

Which would have taken any semi-literate reporter or editor ten second to find on their site. I guess that would have spoiled the illusion of a breaking story though.

What about the HAEBUS anti-spam haikus?

Why not? Habeas tracks down and sues spammers for copyright infringement when they abuse the Habeas Haiku, this could be used in a similar way. Spamming is a legal grey area and it is risky trying to sue for damages, but copyright and patent infringement is a much safer prospect, and easier to prove too.

"That means that some formerly-free list subscriptions are now going to cost you a penny a message. Deal with it; it's the price of killing spam."

I'm on quite a few mailing lists, due to my wide range of interests. I can receive 400-600 messages a day from these lists. So I should spend $4-$6 a day to fight spam, eh? The largest estimate of the cost to ISPs for dealing with spam has me paying about $8 a month.

Its a nice idea, but it just won't fly. Try again.

This sounds like it might actually work.

One of the most interesting/possibly effective methods of spam reduction i've read about is the Habeas system. I don't know much about it other then the company rhetoric, does anyonw have personal experience? It frightens me on some levels (i.e. dependence on a single company for my right to email) but it seems that it could be at least a stop-gap solution to reduce the profitablilty of spam. Mouth of the Beast Thoughts?

When I first complained that SpamAssassin blocked their newsletter, and merely asked if they could look into it, I was laughed at, and they tried to convince me that I needed to whitelist them or, in their words, "...learn how to use your spam blocking software".

Ironically, months later, they signed up for Habeas signatures on their emails.

It's interesting that NOW they decide to look into RSS as a solution. I wonder if it is because Habeas isn't working.

Yeah. There is a company that tried a copyrighted Haiku which you could filter on as a guarantee that your mail message was not spam. The trouble is, the only people that use it are the spammers.

Here is Habeas's FAQ. You'll may have difficulty refering to the part where Habeas refers to the fact that they've applied for a fricking patent to cover their method - it's only in the answer to the FIRST FRICKING QUESTION.

Yes, they do have a contract with the contract holder. They give away the right to use the trademark in e-mails for personal or ISP use.

habeas is a way to help prevent spam sent to you. By subscribing to Habeas, you have X-Habeas headers put into your email. You can filter based on these to help prevent more spam and know the email is legit.
Check it out. I don't use it personally, one of the mail lists I'm on uses it.

Anything in the machine could be copywrited.

First, read Sega v. Accolade (limited precential value because it came before the DMCA, but some nonetheless). Second, the broad Universal v. Reimerdes interpretation of 1201(a) is limited to one federal circuit; another circuit has acquitted a defendant (U.S. v. Elcomsoft), and an argument from 17 USC 117 and Sega may help. Third, ask your congresscritters to put their support behind the BALANCE Act.

Just like someone suggested a few months ago to use a (c) work for e-mail authentication

Though there is a copyrighted work involved in the Habeas system, it primarily relies on the HABEAS(tm) warrant mark.

Let's say no games will work unless they are somehow transformed by that piece of code, which is a transform of a copyrighted document

For one thing, the lockout on the Xbox is not an encrypted binary (the binary is stored as cleartext) but rather an encrypted hash; that may have some "last straw" legal weight. For another, the copyright in an Xbox program that doesn't use the Microsoft XDK libraries is owned not by Microsoft but by the author of the program (e.g. Linus Torvalds, Free Software Foundation, XFree86.org, etc), so it'd be completely "with the authority of the copyright owner" as described in the DMCA.

Of course, nothing you read on Slashdot is legal advice.

You could always sign up for Habeas SWE and put their little haiku "warrant" in your headers. This will stop most spam tools from filtering you out, unless of course you violate the terms and send UCE including the warrant.

Check out Habeas for adding headers to your email that certify you're not sending spam. Habeas' license policy restrict spammers from using them, thus spam filters allow emails Habeas headers through without problems. Let's hope it works! :)

Also this: forget not
that this lovely article
omits to quote them.

winter into spring
brightly anticipated
like Habeas SWE (tm)

Each line has a head
X-Habeas-SWE-n: where
n is 1, 2, 3

I can only guess
That "SWE" is sounded out "swee"
And "(tm)" sounds not.

Try h t t p
colon slash slash habeas
dot com. More info.