Spam & NZ Anti Spam law issues.
Hi, I hope this email is not too far off List Topic, however i have a question that I would like some feedback for from NZ ISP's. (I believe its been raised before) A number of my customers run Email List Services which sends out various messages to a subscribed customer base (compliant with the NZ Anti Spam Laws etc). The issue we have is that while we have done ALL we can to adhere to good internet etiquette, we seem to be loosing the battle to send legitimate emails to our customers. In the last month ive been discussing these issues with many ISP's and the range of responses are "Sure heres how you can make it work" to "Go Away we dont want to deal with this". What I'm wondering is this. If we setup a whitelist service that had a set of guidelines, would ISP's look at adopting it in their Firewall/Spam filtering services. Some guidelines for such a service would be: - New Zealand Based List Servers Only - New Zealand Anti Spam law compliant - Correct DNS and Fixed IP Address configured - Agreed Email Delivery Speeds (i.e x number of messages per hour) - Agreed Email Volumes (i.e x number of bulk message sent per day) - Server/Service Administrator Details registered for contacting etc - Security Compliance etc.. Keen to hear any feedback and suggestions. I think i speak for a number of content providers when i say that we want to work with ISP's and provide a service that works for both our Customers and you guys as ISP's. Skip Parker skip(a)ignition.net.nz
- New Zealand Based List Servers Only - New Zealand Anti Spam law compliant - Correct DNS and Fixed IP Address configured - Agreed Email Delivery Speeds (i.e x number of messages per hour) - Agreed Email Volumes (i.e x number of bulk message sent per day) - Server/Service Administrator Details registered for contacting etc - Security Compliance etc..
What does "Security Compliance" mean? I'm not sure that many ISPs would be able to measure these things ( message rates, etc. ) What does your company do? Are you an IT provider, or some kind of hosting provider? What were the suggestions made to you, and why were you not able to meet them? ps. http://www.ignition.net.nz points to a Google apps start page, which (if I were an ISP evaluating whether to let your customers send unfiltered bulk mail to me or not) looks a bit.. well, I wouldn't give me great confidence that this was a legitimate company who can hold up their end of the bargain. I'm not saying that's the case, but first impressions etc. -- Nathan Ward
What does "Security Compliance" mean?
An informal idea which would need to be formalized. Along the lines of, Must be a server on its own IP address, Not behind a NAT solution. Must not be open relay etc
I'm not sure that many ISPs would be able to measure these things ( message rates, etc. )
Agreed.. Most ISP's dont measure this, however when you mention to them how many messages you are going to send them they start going into a minor flap, until you set some agreed speed of delivery. One ISP i know does limit the number of email messages from one server in an hour.. Kinda weird, but true. However the idea behind that is confidence for the ISP that any content provider on this service will not swamp their services with email messages.
What does your company do? Are you an IT provider, or some kind of hosting provider?
IT Consulting, however I also head up the Network Operations for a Broadcaster (Rhema Broadcasting Group), who is keen to extend its Internet presence, and so were exploring ways of doing this without annoying the heck out of ISP's
What were the suggestions made to you, and why were you not able to meet them?
We have implemented a number of suggestions from various ISP, however there are a few who just plain don't want to talk to us, making it hard to adhere to what ever policies they have. The last one we talked to suggested they wont speak to us as we were not a customer and that we needed to get their customers to call us.. Which seems a little ludicrous, some of our subscribers are 75 year old ladies who barely know how to surf, imagine the chaos of getting them to discuss SMTP Etiquette.
ps. http://www.ignition.net.nz points to a Google apps start page, which (if I were an ISP evaluating whether to let your customers send unfiltered bulk mail to me or not) looks a bit.. well, I wouldn't give me great confidence that this was a legitimate company who can hold up their end of the bargain. I'm not saying that's the case, but first impressions etc.
The Ignition domain space is purely a personal email address and is currently in use evaluating the Google Apps solution. As far as confidence and credibility of such a proposed service well, it would have to be built from the ground up, and i would add probably have some form of NZ ISP representation. Im keen to start working on something that can work for a wide range of people, however if there is just no interest in the concept then there is no point pursuing it. Hence the email. Regards Skip
Skip Parker wrote:
What does "Security Compliance" mean?
An informal idea which would need to be formalized. Along the lines of, Must be a server on its own IP address, Not behind a NAT solution. Must not be open relay etc
This opens such a can of worms it's not funny, quite frankly, I'd drop this one in favor of 'not listed in any of the common Blacklists' [snippage about message rates]
What does your company do? Are you an IT provider, or some kind of hosting provider?
IT Consulting, however I also head up the Network Operations for a Broadcaster (Rhema Broadcasting Group), who is keen to extend its Internet presence, and so were exploring ways of doing this without annoying the heck out of ISP's
Why worry about the ISP's ? It's really the cusomers that you need to 'not piss off' and the way you do that is quite simple really. Make sure you have customers on your lists that (and this next bit is the killer here) actually signed up on these lists. This is really common sense when running any mailing list and is not terribly hard to do properly, I mean, look at this list as an example, I highly doubt that the University of Waikato gets too many complaints about 'NZ Network Operators Spamming Me !!!111!!!' and if they did I'm pretty sure that said person would be removed without too many issues or ISP's trying to blacklist the University mailing lists. If you follow some basic guidelines then no one really minds being on a mailing list, be up front, honest, provide easy to follow and use directions for removal and prove yourself to be trustworthy in this reguard and you wont have any issues, oh, and an _obviously_ confirmed opt in (not to use or be confused with the spammer term, 'double opt in') will also get you a load of respect from the ISP's in question - infact, if you went one further and kept copies of the e-mail confirmations, dates of confirmation and the like and made this available when faced with a complaint I don't think you will ever run foul of anyone (privacy laws would obviously need to be followed here)
What were the suggestions made to you, and why were you not able to meet them?
We have implemented a number of suggestions from various ISP, however there are a few who just plain don't want to talk to us, making it hard to adhere to what ever policies they have. The last one we talked to suggested they wont speak to us as we were not a customer and that we needed to get their customers to call us.. Which seems a little ludicrous, some of our subscribers are 75 year old ladies who barely know how to surf, imagine the chaos of getting them to discuss SMTP Etiquette.
See, and that's a really good way to avoid answering the question completely and this makes me look at your entire operation with an immediate suspicion. Nathan asked a really simple question, you answered it with "there were some suggestions" and then ran off on a tangent about little old ladies. If you are trying to be above board then be honest and answer the question, we cannot help you if you don't let us. -- Steve () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
I believe the only way something like this would work (whitelist) is if it were initiated by a reputable source such as InternetNZ or the likes. TelstraClear, Telecom and other big boys aren't going to start using a local RBL whitelist without knowing who they dealing with. Even so I doubt they would implement such a system for a reputable company unless it was Law or someone was paying for the implementation to the server, i.e. some sort of project. B
- New Zealand Based List Servers Only - New Zealand Anti Spam law compliant - Correct DNS and Fixed IP Address configured - Agreed Email Delivery Speeds (i.e x number of messages per hour) - Agreed Email Volumes (i.e x number of bulk message sent per day) - Server/Service Administrator Details registered for contacting etc - Security Compliance etc..
Keen to hear any feedback and suggestions. I think i speak for a number of content providers when i say that we want to work with ISP's and provide a service that works for both our Customers and you guys as ISP's.
Skip Parker skip(a)ignition.net.nz
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Barry Murphy wrote:
I believe the only way something like this would work (whitelist) is if it were initiated by a reputable source such as InternetNZ or the likes.
There was some talk about this last year and I offered development services for the effort, but interest / impetus dried up. It's a nice idea, but possibly irrelevant. I think the post that said 'whitelist .nz, run greylisting, subscribe to a few good RBLs' pretty much ended the discussion (I can't recall who posted it, and if I were a good nznog citizen I'd search the archive for it, but my dinner just arrived so I'm not going to...) Gerard
Thanks for the feedback. The main point of the email was to find some way where content providers (in this case List Managers) could work together with New Zealand ISP's to form some basis of understanding. Some Replies to comments :
Steve Philips Wrote : Why worry about the ISP's ? It's really the cusomers that you need to 'not piss off' and the way you do that is quite simple really. Make sure you have customers on your lists that (and this next bit is the killer here) actually signed up on these lists.
Im thinking you missed the line in my initial email saying that we are compliant with the New Zealand Anti Spam law, which clearly requires an Opt in / Opt Out system. We, like many many other list services, have spent the last 5 plus months ensuring our lists only contain those who actually want to be on the list.
Steve Philips Wrote : See, and that's a really good way to avoid answering the question completely and this makes me look at your entire operation with an immediate suspicion.
Sorry ... There is no intention of misleading with that answer. There really just is one clear answer. We have complied with what ISP's have requested from us, we have left no stone unturned. However, some ISP's change their systems and when you do go back to dialogue about these changes they refuse to discuss them. The story about the little old lady is an example of what were dealing with at the moment.. And prompted this initial email discussion about the concept of a whitelist. I realize that i am probably preaching to the converted here, and appreciate that most ISP's have been helpful and open to discussions. However the idea for the whitelist came about more as a way that NZ ISP's and NZ based content providers could create a level of trust that would save us all a lot of work and hassle.. I do really appreciate everyones comments and time taken to read thru this. Skip Parker skip(a)ignition.net.nz On 5/11/2007, at 7:49 PM, Gerard Creamer wrote:
Barry Murphy wrote:
I believe the only way something like this would work (whitelist) is if it were initiated by a reputable source such as InternetNZ or the likes.
There was some talk about this last year and I offered development services for the effort, but interest / impetus dried up. It's a nice idea, but possibly irrelevant. I think the post that said 'whitelist .nz, run greylisting, subscribe to a few good RBLs' pretty much ended the discussion (I can't recall who posted it, and if I were a good nznog citizen I'd search the archive for it, but my dinner just arrived so I'm not going to...)
Gerard
Skip Parker wrote:
Im thinking you missed the line in my initial email saying that we are compliant with the New Zealand Anti Spam law, which clearly requires an Opt in / Opt Out system. We, like many many other list services, have spent the last 5 plus months ensuring our lists only contain those who actually want to be on the list.
Skip, The way you are tying to go about this is valid, but I don't think in this situation it's going to work. Let me tell you why. If someone like yourself comes to an ISP and says: "I want to develop a way to send more of your customers emails (which they really want), can you help me?" Then they are going to either ignore you, not help you, laugh at you, or all of the above. The main reason is that there is nothing in it for them. You're not paying them to deliver them. So spending any time on working with you isn't going to gain them anything. If on the other hand the request came from all their PAYING client base, then it might be a different situation. If 400 75yo grand-mothers all rang the helpdesk and said: "Hello Sonny (Yep they all talk like that). I can't get my emails from crochet-a-harley-davidson-motorbike-cover.co.nz. It says that it's a spam site, but it's really not. Can you please enable it?" See lots of calls from people who actually pay them money will always win over one request from someone who doesn't. There's just nothing in it for them. YOU not being able to send emails, to people who don't complain about it is like a tree falling in the forest with no one listening. To the ISPs it's a problem not happening =) So how do you fix this? Well. Find out where the money is coming from and follow that. Your content providers (List Managers as you refer to them as) must be paying you for a service. You in tern pay your ISP. So your ISP has a vested interest in keeping you happy. Get THEM to work with other providers on a financial and contractual level. That seems to be the best way to get this sort of thing done. If you can't convince your ISP (Who you pay money to) to go his/her peers and negotiate an email-(we swear it's not spam)-whitelist, then you have no show of convincing people who you have no relationship with. Hope this helps Dean
Skip Parker wrote:
Steve Philips Wrote : Why worry about the ISP's ? It's really the cusomers that you need to 'not piss off' and the way you do that is quite simple really. Make sure you have customers on your lists that (and this next bit is the killer here) actually signed up on these lists.
Im thinking you missed the line in my initial email saying that we are compliant with the New Zealand Anti Spam law, which clearly requires an Opt in / Opt Out system. We, like many many other list services, have spent the last 5 plus months ensuring our lists only contain those who actually want to be on the list.
And I'm thinking that you seriously lack understanding about what the problem is with Spam, what people view as spam and why complying with laws, while stopping you being fined or thrown in jail, really doesn't make people view your 'spam' as anything other than.. well, spam. Opt in/Opt out systems are all fine and dandy, do people trust them ? hell no. As I said, Confirmed opt in is the _only_ way to run and quite frankly, anything else is an utter waste of time, whether its legal or not. If you want to get your mail through, make sure there are no complaints. As dean said, an ISP will _not_ listen to you, they will listen to the money (their customers), if you have peeved them off then the ISP will prevent you from sending _any_ of them mail. ISP's do not tend to sit and monitor their mail systems 24/7 looking for that one loan server that sends 200 of their users mail, they tend to be reactive rather than proactive, it seems you just found a way to stick your head above the radar. Learn not to peeve them off and you will do wonders (and as I said, look at lists such as these for a shining example) - Anything else, even if it IS legal, and you will simply, as Alastair likes to word it, FAIL. Legal does not mean they have to accept your mail.
Steve Philips Wrote : See, and that's a really good way to avoid answering the question completely and this makes me look at your entire operation with an immediate suspicion.
Sorry ... There is no intention of misleading with that answer. There really just is one clear answer. We have complied with what ISP's have requested from us, we have left no stone unturned. However, some ISP's change their systems and when you do go back to dialogue about these changes they refuse to discuss them.
Skip, you still didn't actually answer the question, and instead, avoided it. "we have complied" does not describe what you complied with. For all we know, the 'complied with' section was making the e-mails orcon purple. So, lets try again, from the original question.. <nathan> What were the suggestions made to you, and why were you not able to meet them? Try actually answering it and you may get a little more respect. ($5 says it was to do with the way you subscribe people to your lists.) -- Steve () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Skip Parker wrote:
Thanks for the feedback. The main point of the email was to find some way where content providers (in this case List Managers) could work together with New Zealand ISP's to form some basis of understanding.
Some Replies to comments :
Steve Philips Wrote : Why worry about the ISP's ? It's really the cusomers that you need to 'not piss off' and the way you do that is quite simple really. Make sure you have customers on your lists that (and this next bit is the killer here) actually signed up on these lists.
Im thinking you missed the line in my initial email saying that we are compliant with the New Zealand Anti Spam law, which clearly requires an Opt in / Opt Out system. We, like many many other list services, have spent the last 5 plus months ensuring our lists only contain those who actually want to be on the list.
Steve Philips Wrote : See, and that's a really good way to avoid answering the question completely and this makes me look at your entire operation with an immediate suspicion.
Sorry ... There is no intention of misleading with that answer. There really just is one clear answer. We have complied with what ISP's have requested from us, we have left no stone unturned. However, some ISP's change their systems and when you do go back to dialogue about these changes they refuse to discuss them.
The story about the little old lady is an example of what were dealing with at the moment.. And prompted this initial email discussion about the concept of a whitelist.
I realize that i am probably preaching to the converted here, and appreciate that most ISP's have been helpful and open to discussions. However the idea for the whitelist came about more as a way that NZ ISP's and NZ based content providers could create a level of trust that would save us all a lot of work and hassle..
I do really appreciate everyones comments and time taken to read thru this.
Skip Parker skip(a)ignition.net.nz
On 5/11/2007, at 7:49 PM, Gerard Creamer wrote:
Barry Murphy wrote:
I believe the only way something like this would work (whitelist) is if it were initiated by a reputable source such as InternetNZ or the likes.
There was some talk about this last year and I offered development services for the effort, but interest / impetus dried up. It's a nice idea, but possibly irrelevant. I think the post that said 'whitelist .nz, run greylisting, subscribe to a few good RBLs' pretty much ended the discussion (I can't recall who posted it, and if I were a good nznog citizen I'd search the archive for it, but my dinner just arrived so I'm not going to...)
Gerard
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Hi Skip Half the problems you'll strike here are related to the different anti-spam filters that the various ISPs/XSPs have in place. While a whitelist of known "safe" senders may help, I doubt that $ISP will really want to turn off all their spam filtering just because you're in a "safe" list. You're still going to get denied from time to time by an over-zealous AS filter. There are already tools and techniques out there to reduce the number of false positives when sending outbound, including SPF (http://openspf.org), ensuring your MTA announces itself correctly (ie. it's A record) and that your forward & reverses match. Using a standards-compliant (ie. not Exchange) will also help as mailers these days tend to be picky about talking to hosts that don't follow RFCs. This is all pretty basic stuff and if you follow steps like this you'll stand a much better chance of getting your emails through. Having said that you're always going to get false positives, however if you steer away from blatant marketing language, again this should help reduce the number of false positives from AS software. Finally, I find your original comment about a certain ISP rate-limiting you being weird as well ... weird. This is normal. Your best bet is to wind down the number of concurrent sessions you open to them and also limit the number of connections per 10 minute period. A bit of testing from your side should show you which ISPs allow what amounts of traffic over certain time-frames. Extrapolate from there and you'll be able to build up a database of ISP MTA characteristics. Thom SMX Ltd
Skip, I think you are unlikely to get any major results out of doing this. Although you could create the whitelist even if you had the backing of InternetNZ or the NZ Marketing association, there is nothing compelling NZ ISP's to actually subscribe to it and you would likely find it very difficult to get any buy in internationally. In fact in all likelihood you would find that some administrators would use it as a relay Blacklist to block your subscribers, whether it is a whitelist or not smaller providers and businesses not up with your way of thinking would almost certainly do this. Anyway, as per Barry's comment below...
Even so I doubt they would implement such a system for a reputable company >unless it was Law or someone was paying for the implementation to the >server, i.e. somesort of project.
This is not the case, I have and will allow traffic to Telecom from anyone that can come up with a legitimate reason why it should be allowed. All the best Greg Soffe Mail Administrator Telecom NZ Ltd -----Original Message----- From: Barry Murphy [mailto:barry(a)unix.co.nz] Sent: Monday, 5 November 2007 6:53 p.m. To: Skip Parker Cc: nznog(a)list.waikato.ac.nz Subject: Re: [nznog] Spam & NZ Anti Spam law issues. I believe the only way something like this would work (whitelist) is if it were initiated by a reputable source such as InternetNZ or the likes. TelstraClear, Telecom and other big boys aren't going to start using a local RBL whitelist without knowing who they dealing with. Even so I doubt they would implement such a system for a reputable company unless it was Law or someone was paying for the implementation to the server, i.e. some sort of project. B
- New Zealand Based List Servers Only - New Zealand Anti Spam law compliant - Correct DNS and Fixed IP Address configured - Agreed Email Delivery Speeds (i.e x number of messages per hour) - Agreed Email Volumes (i.e x number of bulk message sent per day) - Server/Service Administrator Details registered for contacting etc - Security Compliance etc..
Keen to hear any feedback and suggestions. I think i speak for a number of content providers when i say that we want to work with ISP's and provide a service that works for both our Customers and you guys as ISP's.
Skip Parker skip(a)ignition.net.nz
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
On Mon, Nov 05, 2007 at 05:10:18PM +1300, Skip Parker wrote:
The issue we have is that while we have done ALL we can to adhere to good internet etiquette, we seem to be loosing the battle to send legitimate emails to our customers. In the last month ive been discussing these issues with many ISP's and the range of responses are "Sure heres how you can make it work" to "Go Away we dont want to deal with this".
So rather than trying to re-invent the wheel, why not give some details on the type of problems you're experiencing so that we can help fix them as a community? Clearly there's a number of email senders, both ISPs and otherwise, that are currently having problems with Yahoo/Xtra, but what problems have you had with other ISP/companies? Feel free to leave out the names if you want - but what is the real problem(s) you're trying to solve?
- New Zealand Based List Servers Only
Ho hum.. the moment you make is country specific you significantly limit yourself as to who will be interested in implementing it. Can you really seen Yahoo (Xtra) using the whitelist? What about all the other domains which are hosted overseas (in particular the Hotmails/Gmail/etc's of the world), or even the bigger players in NZ. The far better solution is simply to make an effort to keep your IP address and mail healthy. Stay off the various blacklists (www.robtex.com/rbl.html, or www.completewhois.com/rbl_lookup.htm if it ever comes back to life). Keep your reputation up (www.senderbase.org, www.trustedsource.org), make sure Reverse DNS is setup, public SFP records (if possible/relevent), sign messages with DK/DKIM, etc, etc. Scott
participants (9)
-
Barry Murphy -
Dean Pemberton -
Gerard Creamer -
Greg Soffe -
Nathan Ward -
Scott Howard -
Skip Parker -
Steve Phillips -
Thom Hooker