Microsoft JMRP (Mail) Admin Needed
I'm trying to sign up for Microsoft's Junk Mail Reporting Program. Multiple representatives keep sending me more-or-less form responses saying they can't add my dynamic customer IP ranges because they're "included in...[a] third party block list". The list in question is the SpamHaus PBL. They clearly don't understand that the SpamHaus PBL (unlike other SpamHaus lists) is not a list of IPs that have sent spam. I'm looking for someone with a clue that can help me. Thanks, Richard Laager Wikstrom Telephone Company P.S. Even ignoring the PBL, this policy of not enrolling IP ranges that are listed on DNSBLs doesn't make a lot of sense to me. Even if the IPs had been sending spam, wouldn't Microsoft want the ISP's help in stopping that?
On 12/19/11 6:10 PM, Richard Laager wrote:
I'm trying to sign up for Microsoft's Junk Mail Reporting Program. Multiple representatives keep sending me more-or-less form responses saying they can't add my dynamic customer IP ranges because they're "included in...[a] third party block list". The list in question is the SpamHaus PBL.
They clearly don't understand that the SpamHaus PBL (unlike other SpamHaus lists) is not a list of IPs that have sent spam. I'm looking for someone with a clue that can help me.
Thanks, Richard Laager Wikstrom Telephone Company
P.S. Even ignoring the PBL, this policy of not enrolling IP ranges that are listed on DNSBLs doesn't make a lot of sense to me. Even if the IPs had been sending spam, wouldn't Microsoft want the ISP's help in stopping that?
Have you tried removing the addresses in question from the PBL first? ~Seth
On Dec 19, 2011, at 6:10 PM, Richard Laager wrote:
I'm trying to sign up for Microsoft's Junk Mail Reporting Program. Multiple representatives keep sending me more-or-less form responses saying they can't add my dynamic …
Stop right there. Are the IP addresses you are sending mail from Dynamic? Do you *own* those addresses? Why are they, "Dynamic"? Mail should never be coming from Dynamic IP addresses.
… customer IP ranges because they're "included in...[a] third party block list". The list in question is the SpamHaus PBL.
They clearly don't understand …
They clearly *DO* understand. They know exactly what the PBL is.
that the SpamHaus PBL (unlike other SpamHaus lists) is not a list of IPs that have sent spam. I'm looking for someone with a clue that can help me.
You need to understand why they are not interested in your traffic as you currently describe your ability to send it.
P.S. Even ignoring the PBL, this policy of not enrolling IP ranges that are listed on DNSBLs doesn't make a lot of sense to me. Even if the IPs had been sending spam, wouldn't Microsoft want the ISP's help in stopping that?
They *HAVE* stopped it. :) Already. Aloha, Michael. -- "Please have your Internet License and Usenet Registration handy..."
On Mon, 2011-12-19 at 20:41 -0800, Michael J Wise wrote:
On Dec 19, 2011, at 6:10 PM, Richard Laager wrote:
I'm trying to sign up for Microsoft's Junk Mail Reporting Program. Multiple representatives keep sending me more-or-less form responses saying they can't add my dynamic …
Stop right there. Are the IP addresses you are sending mail from Dynamic? Do you *own* those addresses?
We're an ISP. Let me use an example (with private IPs): We have 10.0.0.0/20 from ARIN. Of that, 10.0.0.0/24 is for our servers, and the rest is used for dynamic pools for residential customers. So we've listed the following ranges in the PBL: 10.0.1.0/24 10.0.2.0/23 10.0.4.0/22 10.0.8.0/21 I want to enroll 10.0.0.0/20 in Microsoft's JMRP. They give me a canned answer about 10.0.1.0-10.0.15.255 being "on a spam list".
Mail should never be coming from Dynamic IP addresses.
That's why I've listed my dynamic ranges in the PBL! So yes, nobody *should* be sending mail from these ranges. But if a customer sends spam from one of those ranges anyway, I still want to know about it, so I can notify them to cleanup their infected computer (and disconnect them if necessary). Also, there are a handful of individual IP exceptions to the PBL listings for specific customers with static addresses who are running their own mail servers. Because of that, and the fact that subnets get reassigned from time to time, it'd be best if Microsoft would accept the supernet listing from me, as it'd be one less thing to have to worry about updating every time we make an IP assignment change. <rant>I'm not sure why it's necessary to have all these individual "feedback loop" processes anyway. Why can't everyone just send spam reports to the Abuse handles on the relevant WHOIS record?</rant> Richard
"<rant>I'm not sure why it's necessary to have all these individual "feedback loop" processes anyway. Why can't everyone just send spam reports to the Abuse handles on the relevant WHOIS record?</rant>" Because that only works for organizations who actually do the right thing when they get complaints. That's a poor way to fight spam. On Mon, Dec 19, 2011 at 10:53 PM, Richard Laager <rlaager@wiktel.com> wrote:
On Mon, 2011-12-19 at 20:41 -0800, Michael J Wise wrote:
On Dec 19, 2011, at 6:10 PM, Richard Laager wrote:
I'm trying to sign up for Microsoft's Junk Mail Reporting Program. Multiple representatives keep sending me more-or-less form responses saying they can't add my dynamic …
Stop right there. Are the IP addresses you are sending mail from Dynamic? Do you *own* those addresses?
We're an ISP. Let me use an example (with private IPs):
We have 10.0.0.0/20 from ARIN. Of that, 10.0.0.0/24 is for our servers, and the rest is used for dynamic pools for residential customers. So we've listed the following ranges in the PBL: 10.0.1.0/24 10.0.2.0/23 10.0.4.0/22 10.0.8.0/21
I want to enroll 10.0.0.0/20 in Microsoft's JMRP. They give me a canned answer about 10.0.1.0-10.0.15.255 being "on a spam list".
Mail should never be coming from Dynamic IP addresses.
That's why I've listed my dynamic ranges in the PBL!
So yes, nobody *should* be sending mail from these ranges. But if a customer sends spam from one of those ranges anyway, I still want to know about it, so I can notify them to cleanup their infected computer (and disconnect them if necessary).
Also, there are a handful of individual IP exceptions to the PBL listings for specific customers with static addresses who are running their own mail servers. Because of that, and the fact that subnets get reassigned from time to time, it'd be best if Microsoft would accept the supernet listing from me, as it'd be one less thing to have to worry about updating every time we make an IP assignment change.
<rant>I'm not sure why it's necessary to have all these individual "feedback loop" processes anyway. Why can't everyone just send spam reports to the Abuse handles on the relevant WHOIS record?</rant>
Richard
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
On Mon, 2011-12-19 at 22:58 -0800, Mike Hale wrote:
"<rant>I'm not sure why it's necessary to have all these individual "feedback loop" processes anyway. Why can't everyone just send spam reports to the Abuse handles on the relevant WHOIS record?</rant>"
Because that only works for organizations who actually do the right thing when they get complaints. That's a poor way to fight spam.
All* the feedback loop concept does is waste a lot of administrative time on both sides to avoid sending spam reports to organizations which have setup abuse handles but not signed up for that particular feedback loop. Given that sending complaint emails to the abuse handle is virtually cost free, I don't see what's gained by not sending them. What the organization does with those complaints when they receive them is unaffected by the mechanism that routes the complaints to them. Richard * I suspect that someone's lawyers would say that feedback loop processes allow organizations to require agreement to some set of terms (confidentiality, etc.) before receiving the reports and that this is a useful benefit. I disagree, given that you're sending the report to someone who almost certainly could've captured the original email as it transited their network.
On Tue, Dec 20, 2011 at 12:23 PM, Richard Laager <rlaager@wiktel.com> wrote:
<rant>I'm not sure why it's necessary to have all these individual "feedback loop" processes anyway. Why can't everyone just send spam reports to the Abuse handles on the relevant WHOIS record?</rant>
Feedback loops are sent in machine parseable formats like ARF (RFC 5965) to separate, dedicated mailboxes that are read by scripts which then process the reports to automate whatever action needs to be taken for AUP enforcement, filtering etc. Every single report spam click by a user on hotmail, yahoo etc is fed through their feedback loops (like JMRPP for hotmail) abuse mailboxes are read by ISP support staff and complaints are manually handled. -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Tue, 2011-12-20 at 12:39 +0530, Suresh Ramasubramanian wrote:
On Tue, Dec 20, 2011 at 12:23 PM, Richard Laager <rlaager@wiktel.com> wrote:
<rant>I'm not sure why it's necessary to have all these individual "feedback loop" processes anyway. Why can't everyone just send spam reports to the Abuse handles on the relevant WHOIS record?</rant>
Feedback loops are sent in machine parseable formats ... abuse mailboxes are read by ISP support staff and complaints are manually handled.
If the feedback loop complaints are machine parseable, then by definition a machine can parse the abuse mail stream and separate out the feedback loop complaints for automated handling before sending the rest to the human team.
Every single report spam click by a user on hotmail, yahoo etc is fed through their feedback loops (like JMRPP for hotmail)
I think the implied point here is that this can be a LOT of mail and that obtaining the recipient's consent is desirable before sending them this volume of mail? If so, I think that's a fair point. On the other hand, the complaints are in response to messages their network sent in the first place. Richard
Sure. But it is common courtesy to ask an abuse desk first, rather than, say, flood their ticketing system with automated alerts. On Tue, Dec 20, 2011 at 12:49 PM, Richard Laager <rlaager@wiktel.com> wrote:
I think the implied point here is that this can be a LOT of mail and that obtaining the recipient's consent is desirable before sending them this volume of mail? If so, I think that's a fair point. On the other hand, the complaints are in response to messages their network sent in the first place.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
participants (5)
-
Michael J Wise
-
Mike Hale
-
Richard Laager
-
Seth Mattinen
-
Suresh Ramasubramanian