Gmail pilots new FBL

Yes, it’s true. Gmail announced last Thursday at M3AAWG that they were piloting a new Feedback loop.
The Gmail FBL is currently for ESPs only. The announcement during MAAWG was that only MAAWG ESP members were eligible. They are requiring a DKIM signature for the FBL, but ESPs using individual customer d= values can get a FBL based on IPs. They are also not providing ANY information that reveals the complainer. Gmail’s intention is only to give ESPs feedback so that ESPs can prevent abuse. They are not giving feedback so complainers can be removed.
The email has a .csv attachment that has 3 columns: date, identifier and complaint rate.
The identifier is an ESP provided customer identifier. One of the ESPs I talked to said they were adding an X-header into their emails.
I’ve heard from beta testers that there is a minimum of 100 complaints before you’ll get any report.
Reports are sent daily if there is sufficient traffic to trigger them.
If you’re a MAAWG member, check the senders list for the signup URL.

Related Posts

Phones part of SMS botnet

Spammers have been moving into the phone market for a long time. Just recently security firms have discovered an Android  botnet. This botnet sends viruses over SMS, and when a link in the SMS is clicked, the phone is infected with the virus which then sends more SMS.
The technology for blocking and reporting SMS spam is comparable to email blocking technology 10 or 12 years ago. There just aren’t many tools for people to use to control this spam. M3AAWG is addressing mobile spam, but it still seems that the volumes are increasing without much recourse. Even the 7726 reporting number doesn’t seem to stop the spam (nor remove per-text charges).
At least in the beginning of the email spam problem, we didn’t have botnets. Now, at the beginning of the curve for SMS spam, we already have self replicating botnets. I’m afraid the good guys might be behind on this issue.
Then again I might just be cranky because SMS spammers woke us up at 4:30 am.
Infoworld article
TNW article
PCWorld article

Read More

Lavabit and darkmail

The M3AAWG keynote address today was a talk from Ladar Levinson about the shut down of Lavabit mail service after receiving demands from the NSA to hand over their SSL keys.
@maawg tweeted different quotes from the session. There is a conflict between privacy and security, and these are questions we need to resolve.
Ladar talked about his potential new service called darkmail, which pushes encryption back to the user level. I think there is relevance to this, as many online services are used for political and other organizing. As someone said to me last night, some of the people using our service could be killed if we don’t protect their privacy. He wasn’t speaking of the US residents, but people in places like Ukraine or Arab countries or other places undergoing violent revolutions.
Privacy is important, how we treat privacy is important. Handing over SSL keys to governments strikes me as a big problem.

Read More

Problems with Yahoo FBL

There are a couple problems I’ve been alerted to with the Yahoo FBL today.
The first comes from Michael Ellis and is about broken FBL reporting at Yahoo.

Read More