Hello,
"hsc - news dot com" is listed at ws and multi.surbl.
This a very serious french security consulting group. Surely a false positive.
Can you remove it ?
They run a list but only subscription is **only** done when **explicitely** asked by recipients - I know as I'm one of their subscribers.
Best regards,
Jose-Marcio
On Monday, September 6, 2004, 7:07:43 AM, Jose Cruz wrote:
"hsc - news dot com" is listed at ws and multi.surbl.
This a very serious french security consulting group. Surely a false positive.
Can you remove it ?
They run a list but only subscription is **only** done when **explicitely** asked by recipients - I know as I'm one of their subscribers.
Best regards,
Jose-Marcio
Thanks for your report Joe. I have whitelisted some related domains:
hsc.fr hsc-labs.com hsc-news.com
Do they have any others?
ws folks please check into how it got on the list.
Thanks,
Jeff C.
On Mon, 06 Sep 2004 16:07:43 +0200, Jose Marcio Martins da Cruz wrote:
This a very serious french security consulting group. Surely a false positive.
Can you remove it ?
They run a list but only subscription is **only** done when **explicitely** asked by recipients - I know as I'm one of their subscribers.
I reported this via the web form at the end of last week after receiving two totally unsolicited invitations to join one of their mailing lists (and having received other similar spam from them in the past).
Still, if there are genuine subscribers to their lists then I guess this should be whitelisted, regardless of how dubious their methods for attracting subscribers may be. I'll add a local spamassassin rule instead if they persist...
John.
On Monday, September 6, 2004, 7:26:58 AM, John Wilcock wrote:
On Mon, 06 Sep 2004 16:07:43 +0200, Jose Marcio Martins da Cruz wrote:
This a very serious french security consulting group. Surely a false positive.
Can you remove it ?
They run a list but only subscription is **only** done when **explicitely** asked by recipients - I know as I'm one of their subscribers.
I reported this via the web form at the end of last week after receiving two totally unsolicited invitations to join one of their mailing lists (and having received other similar spam from them in the past).
Still, if there are genuine subscribers to their lists then I guess this should be whitelisted, regardless of how dubious their methods for attracting subscribers may be. I'll add a local spamassassin rule instead if they persist...
Several points:
1. Please report only domains that have no legitimate uses. Clearly this domain has many legitimate uses.
2. Chris or Dallas, can you update the SARE submission form to say that only 100% spammy domains with no legitimate use should be reported. I know this goes against your interest in greylist, but we must stop FPs at the source, or else you guys will probably drown in FPs.
3. Are we checking these before adding them to lists? It seems that even a cursory visit to the website of hsc.fr would show that it has potentially legitimate use since it's a network security consulting firm since 1989.
This is an example of FPs getting onto the lists which should not happen.
Jeff C.
On Monday, September 6, 2004, 7:43:55 AM, Jeff Chan wrote:
- Please report only domains that have no legitimate uses.
Clearly this domain has many legitimate uses.
This may be a little ambiguous. Perhaps a better way to say it would be to "include only domains that never appear in legitimate mail" to paraphrase Steve.
- Chris or Dallas, can you update the SARE submission form
to say that only 100% spammy domains with no legitimate use should be reported.
John Wilcock wrote:
On Mon, 06 Sep 2004 16:07:43 +0200, Jose Marcio Martins da Cruz wrote:
This a very serious french security consulting group. Surely a false positive.
Can you remove it ?
They run a list but only subscription is **only** done when **explicitely** asked by recipients - I know as I'm one of their subscribers.
I reported this via the web form at the end of last week after receiving two totally unsolicited invitations to join one of their mailing lists (and having received other similar spam from them in the past).
OK ! But their invitations were sent only to people who, by some means, were in the address book of their sales people. You should note that :
- for some reason you probably had some professional contact with them in the past.
- you weren't added to any mailing list. That was only an invitation to be inserted into. To be inserted, you should *explicitely* reply to confirm your inscription.
- you should also note that they use some authentication method, in a way to prevent someone other than you to subscribe to their lists.
Still, if there are genuine subscribers to their lists then I guess this should be whitelisted, regardless of how dubious their methods for attracting subscribers may be. I'll add a local spamassassin rule instead if they persist...
John.
I don't think you should consider they use a "dubious method". This is a very serious company. But as long as M. Schauer receives copy of this message, he will do the necessary to remove you from their records.
On Mon, 06 Sep 2004 16:49:40 +0200, Jose Marcio Martins da Cruz wrote:
OK ! But their invitations were sent only to people who, by some means, were in the address book of their sales people. You should note that :
- for some reason you probably had some professional contact with them
in the past.
Definitely not - I'd never even heard of them before. I'd be curious to know who they got my address from.
I don't think you should consider they use a "dubious method". This is a very serious company.
However reputable they may be, sending out unsolicited subscription invitations counts as dubious in my book. That and the very recent whois registration prompted me to submit the domain.
An established company with questionable e-mail practices - perfect candidates for the proposed "greylist" IMO.
John.
"Jose Marcio Martins da Cruz" wrote:
"hsc - news dot com" is listed at ws and multi.surbl.
This a very serious french security consulting group. Surely a false positive.
According to the whois data hsc-news.com was only registered on 10-aug-2004. I can see how seeing such a new domain used with a mailing list would raise red flags with some people.
Nevertheless this FP illustrates the need for hand checking of domains.
Joe
On Monday, September 6, 2004, 7:45:40 AM, Joe Wein wrote:
"Jose Marcio Martins da Cruz" wrote:
"hsc - news dot com" is listed at ws and multi.surbl.
This a very serious french security consulting group. Surely a false positive.
According to the whois data hsc-news.com was only registered on 10-aug-2004. I can see how seeing such a new domain used with a mailing list would raise red flags with some people.
Nevertheless this FP illustrates the need for hand checking of domains.
Joe
Indeed, when I hand-checked the domain I found it uses nameservers in hsc-labs.com and had registration contacts with address in hsc.fr. Those other domains are reasonably certainly associated with the same organization, and their registration addresses are similar, etc. While hsc-news.com is relatively new, the other domains are several years old.
Given the short lives of most spam domains and the increasing likelyhood that major spammer domains would tend to get noticed and shut down over time, the older a domain registration is, the less generally likely it's spammy.
Jeff C.
-
Jeff Chan -
Jeff Chan -
Joe Wein -
John Wilcock -
Jose Marcio Martins da Cruz